106.12.196.19 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Beijing Baidu Netcom Science and Technology Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Search Engine Spider

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Jun 21 12:17:27 fwweb01 sshd[20826]: Invalid user maintainer from 106.12.196.19 Jun 21 12:17:27 fwweb01 sshd[20826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.19 Jun 21 12:17:30 fwweb01 sshd[20826]: Failed password for invalid user maintainer from 106.12.196.19 port 40722 ssh2 Jun 21 12:17:30 fwweb01 sshd[20826]: Received disconnect from 106.12.196.19: 11: Bye Bye [preauth] Jun 21 12:35:03 fwweb01 sshd[21987]: Invalid user user1 from 106.12.196.19 Jun 21 12:35:03 fwweb01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.19 Jun 21 12:35:05 fwweb01 sshd[21987]: Failed password for invalid user user1 from 106.12.196.19 port 35428 ssh2 Jun 21 12:35:05 fwweb01 sshd[21987]: Received disconnect from 106.12.196.19: 11: Bye Bye [preauth] Jun 21 12:38:20 fwweb01 sshd[22206]: Invalid user kai from 106.12.196.19 Jun 21 12:38:20 fwweb01 sshd[22206]: pam_unix(sshd:........ -------------------------------	2020-06-21 23:07:16

类型

评论内容

时间

attackspam

Jun 21 12:17:27 fwweb01 sshd[20826]: Invalid user maintainer from 106.12.196.19
Jun 21 12:17:27 fwweb01 sshd[20826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.19 
Jun 21 12:17:30 fwweb01 sshd[20826]: Failed password for invalid user maintainer from 106.12.196.19 port 40722 ssh2
Jun 21 12:17:30 fwweb01 sshd[20826]: Received disconnect from 106.12.196.19: 11: Bye Bye [preauth]
Jun 21 12:35:03 fwweb01 sshd[21987]: Invalid user user1 from 106.12.196.19
Jun 21 12:35:03 fwweb01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.19 
Jun 21 12:35:05 fwweb01 sshd[21987]: Failed password for invalid user user1 from 106.12.196.19 port 35428 ssh2
Jun 21 12:35:05 fwweb01 sshd[21987]: Received disconnect from 106.12.196.19: 11: Bye Bye [preauth]
Jun 21 12:38:20 fwweb01 sshd[22206]: Invalid user kai from 106.12.196.19
Jun 21 12:38:20 fwweb01 sshd[22206]: pam_unix(sshd:........
-------------------------------

2020-06-21 23:07:16

相同子网IP讨论:

IP	类型	评论内容	时间
106.12.196.118	attackbotsspam	Oct 12 14:10:41 host sshd[17786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 user=root Oct 12 14:10:43 host sshd[17786]: Failed password for root from 106.12.196.118 port 38322 ssh2 ...	2020-10-13 00:29:44
106.12.196.118	attack	Invalid user informix from 106.12.196.118 port 41438	2020-10-12 15:51:32
106.12.196.118	attack	2020-10-11T15:47:05.520064kitsunetech sshd[17599]: Invalid user admin from 106.12.196.118 port 37394	2020-10-12 07:43:20
106.12.196.118	attackbotsspam	(sshd) Failed SSH login from 106.12.196.118 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 01:35:39 server5 sshd[21225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 user=root Oct 11 01:35:41 server5 sshd[21225]: Failed password for root from 106.12.196.118 port 56116 ssh2 Oct 11 01:36:12 server5 sshd[21554]: Invalid user openvpn from 106.12.196.118 Oct 11 01:36:12 server5 sshd[21554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 Oct 11 01:36:14 server5 sshd[21554]: Failed password for invalid user openvpn from 106.12.196.118 port 59952 ssh2	2020-10-12 00:00:17
106.12.196.118	attackbotsspam	(sshd) Failed SSH login from 106.12.196.118 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 01:35:39 server5 sshd[21225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 user=root Oct 11 01:35:41 server5 sshd[21225]: Failed password for root from 106.12.196.118 port 56116 ssh2 Oct 11 01:36:12 server5 sshd[21554]: Invalid user openvpn from 106.12.196.118 Oct 11 01:36:12 server5 sshd[21554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 Oct 11 01:36:14 server5 sshd[21554]: Failed password for invalid user openvpn from 106.12.196.118 port 59952 ssh2	2020-10-11 15:59:14
106.12.196.118	attack	Oct 11 02:23:19 h2829583 sshd[29641]: Failed password for root from 106.12.196.118 port 49538 ssh2	2020-10-11 09:16:37
106.12.196.118	attack	Bruteforce detected by fail2ban	2020-10-06 06:35:13
106.12.196.118	attack	Bruteforce detected by fail2ban	2020-10-05 22:42:14
106.12.196.118	attackspambots	SSH / Telnet Brute Force Attempts on Honeypot	2020-10-05 14:37:23
106.12.196.38	attackspambots	Sep 27 17:42:13 serwer sshd\[7008\]: Invalid user brian from 106.12.196.38 port 41874 Sep 27 17:42:13 serwer sshd\[7008\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.38 Sep 27 17:42:15 serwer sshd\[7008\]: Failed password for invalid user brian from 106.12.196.38 port 41874 ssh2 Sep 27 17:58:18 serwer sshd\[8557\]: Invalid user mongodb from 106.12.196.38 port 60976 Sep 27 17:58:18 serwer sshd\[8557\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.38 Sep 27 17:58:20 serwer sshd\[8557\]: Failed password for invalid user mongodb from 106.12.196.38 port 60976 ssh2 ...	2020-09-29 03:01:11
106.12.196.38	attack	fail2ban	2020-09-28 19:10:01
106.12.196.118	attackspambots	106.12.196.118 (CN/China/-), 6 distributed sshd attacks on account [test] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 27 12:28:35 server5 sshd[18033]: Failed password for invalid user test from 106.54.205.236 port 51262 ssh2 Sep 27 12:53:04 server5 sshd[30548]: Invalid user test from 138.204.100.70 Sep 27 12:53:06 server5 sshd[30548]: Failed password for invalid user test from 138.204.100.70 port 36118 ssh2 Sep 27 13:08:18 server5 sshd[4951]: Invalid user test from 106.12.196.118 Sep 27 12:35:15 server5 sshd[21107]: Invalid user test from 115.223.34.141 Sep 27 12:28:33 server5 sshd[18033]: Invalid user test from 106.54.205.236 IP Addresses Blocked: 106.54.205.236 (CN/China/-) 138.204.100.70 (BR/Brazil/-)	2020-09-28 01:58:33
106.12.196.118	attack	Invalid user laravel from 106.12.196.118 port 34382	2020-09-27 18:02:28
106.12.196.118	attackspam	SSH / Telnet Brute Force Attempts on Honeypot	2020-09-25 08:31:28
106.12.196.118	attackbots	2020-08-17T21:30:45.064290abusebot-4.cloudsearch.cf sshd[20905]: Invalid user drop from 106.12.196.118 port 37874 2020-08-17T21:30:45.071874abusebot-4.cloudsearch.cf sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 2020-08-17T21:30:45.064290abusebot-4.cloudsearch.cf sshd[20905]: Invalid user drop from 106.12.196.118 port 37874 2020-08-17T21:30:47.511155abusebot-4.cloudsearch.cf sshd[20905]: Failed password for invalid user drop from 106.12.196.118 port 37874 ssh2 2020-08-17T21:36:48.845494abusebot-4.cloudsearch.cf sshd[21109]: Invalid user maria from 106.12.196.118 port 53938 2020-08-17T21:36:48.852272abusebot-4.cloudsearch.cf sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.196.118 2020-08-17T21:36:48.845494abusebot-4.cloudsearch.cf sshd[21109]: Invalid user maria from 106.12.196.118 port 53938 2020-08-17T21:36:50.789957abusebot-4.cloudsearch.cf sshd[21109]: Fa ...	2020-08-18 06:05:36

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.196.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61681
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.196.19.			IN	A

;; AUTHORITY SECTION:
.			283	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020062100 1800 900 604800 86400

;; Query time: 35 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jun 21 23:07:13 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 19.196.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 19.196.12.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
140.206.223.56	attackspambots	2020-09-22T21:38:38+0200 Failed SSH Authentication/Brute Force Attack. (Server 9)	2020-09-23 08:55:57
89.248.171.89	attack	Sep 23 05:11:09 web01.agentur-b-2.de postfix/smtps/smtpd[1657557]: warning: unknown[89.248.171.89]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 23 05:12:34 web01.agentur-b-2.de postfix/smtps/smtpd[1657557]: warning: unknown[89.248.171.89]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 23 05:13:41 web01.agentur-b-2.de postfix/smtps/smtpd[1657557]: warning: unknown[89.248.171.89]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 23 05:17:12 web01.agentur-b-2.de postfix/smtps/smtpd[1660211]: warning: unknown[89.248.171.89]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 23 05:18:04 web01.agentur-b-2.de postfix/smtps/smtpd[1660211]: warning: unknown[89.248.171.89]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-09-23 12:26:37
51.77.148.7	attackspam	ssh brute force	2020-09-23 12:07:04
31.209.21.17	attack	Sep 23 06:09:09 vpn01 sshd[31232]: Failed password for root from 31.209.21.17 port 46244 ssh2 ...	2020-09-23 12:19:45
136.179.21.73	attackspam	2020-09-23T03:07:26.094397Z 35e4a99f9409 New connection: 136.179.21.73:59745 (172.17.0.5:2222) [session: 35e4a99f9409] 2020-09-23T04:02:17.346704Z 0e14bc810971 New connection: 136.179.21.73:42435 (172.17.0.5:2222) [session: 0e14bc810971]	2020-09-23 12:03:08
188.246.226.71	attackbotsspam	Fail2Ban Ban Triggered	2020-09-23 09:03:23
132.232.66.238	attackbots	2020-09-22T19:02:18.658885correo.[domain] sshd[1947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.66.238 2020-09-22T19:02:18.649888correo.[domain] sshd[1947]: Invalid user git from 132.232.66.238 port 42004 2020-09-22T19:02:20.632875correo.[domain] sshd[1947]: Failed password for invalid user git from 132.232.66.238 port 42004 ssh2 ...	2020-09-23 12:08:24
177.8.154.48	attackbotsspam	Brute force attempt	2020-09-23 12:23:50
77.120.172.196	attackbots	20/9/22@15:04:24: FAIL: Alarm-Network address from=77.120.172.196 ...	2020-09-23 08:58:48
202.143.111.42	attackbots	$f2bV_matches	2020-09-23 12:07:27
194.150.215.78	attackbotsspam	Sep 23 06:00:21 web01.agentur-b-2.de postfix/smtpd[1659745]: NOQUEUE: reject: RCPT from unknown[194.150.215.78]: 450 4.7.1 : Helo command rejected: Host not found; from=<> to= proto=ESMTP helo= Sep 23 06:01:22 web01.agentur-b-2.de postfix/smtpd[1666341]: NOQUEUE: reject: RCPT from unknown[194.150.215.78]: 450 4.7.1 : Helo command rejected: Host not found; from=<> to= proto=ESMTP helo= Sep 23 06:02:29 web01.agentur-b-2.de postfix/smtpd[1659745]: NOQUEUE: reject: RCPT from unknown[194.150.215.78]: 450 4.7.1 : Helo command rejected: Host not found; from=<> to= proto=ESMTP helo= Sep 23 06:03:29 web01.agentur-b-2.de postfix/smtpd[1666341]: NOQUEUE: reject: RCPT from unknown[194.150.215.78]: 450 4.7.1 : Helo command rejected: Host not found; from=<> to= proto=ESMTP helo=	2020-09-23 12:22:11
62.210.194.9	attack	Sep 23 06:00:28 mail.srvfarm.net postfix/smtpd[4076691]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 23 06:00:39 mail.srvfarm.net postfix/smtpd[4076692]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 23 06:03:26 mail.srvfarm.net postfix/smtpd[4073268]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 23 06:03:39 mail.srvfarm.net postfix/smtpd[4073260]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 23 06:05:56 mail.srvfarm.net postfix/smtpd[4076689]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9]	2020-09-23 12:27:50
222.237.104.20	attackbotsspam	Sep 22 20:56:40 dignus sshd[4125]: Invalid user sa from 222.237.104.20 port 57436 Sep 22 20:56:40 dignus sshd[4125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.237.104.20 Sep 22 20:56:42 dignus sshd[4125]: Failed password for invalid user sa from 222.237.104.20 port 57436 ssh2 Sep 22 21:00:47 dignus sshd[4458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.237.104.20 user=root Sep 22 21:00:49 dignus sshd[4458]: Failed password for root from 222.237.104.20 port 40694 ssh2 ...	2020-09-23 12:08:50
91.212.38.68	attack	Sep 22 20:39:49 r.ca sshd[26332]: Failed password for invalid user tomcat from 91.212.38.68 port 42618 ssh2	2020-09-23 12:01:32
177.86.105.71	attackspam	Sep 23 02:15:57 mail.srvfarm.net postfix/smtps/smtpd[3999516]: warning: 177-86-105-71.tubaron.net.br[177.86.105.71]: SASL PLAIN authentication failed: Sep 23 02:15:57 mail.srvfarm.net postfix/smtps/smtpd[3999516]: lost connection after AUTH from 177-86-105-71.tubaron.net.br[177.86.105.71] Sep 23 02:19:04 mail.srvfarm.net postfix/smtps/smtpd[4001400]: warning: 177-86-105-71.tubaron.net.br[177.86.105.71]: SASL PLAIN authentication failed: Sep 23 02:19:04 mail.srvfarm.net postfix/smtps/smtpd[4001400]: lost connection after AUTH from 177-86-105-71.tubaron.net.br[177.86.105.71] Sep 23 02:22:44 mail.srvfarm.net postfix/smtps/smtpd[4001707]: warning: 177-86-105-71.tubaron.net.br[177.86.105.71]: SASL PLAIN authentication failed:	2020-09-23 12:23:28

最近上报的IP列表

57.106.154.230	176.98.65.43	180.141.140.50	237.221.47.99
184.22.113.207	135.88.253.251	92.206.38.116	67.79.62.91
96.248.160.43	131.238.136.33	189.57.198.41	55.201.199.236
180.202.74.216	45.153.242.163	90.162.15.160	193.250.127.187
190.191.83.0	250.94.19.101	124.66.54.80	208.76.15.29