106.12.5.148 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Beijing Baidu Netcom Science and Technology Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Search Engine Spider

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Invalid user backup from 106.12.5.148 port 35062	2019-11-22 04:56:23
attackbots	Nov 15 19:20:04 OPSO sshd\[22209\]: Invalid user leslie from 106.12.5.148 port 41014 Nov 15 19:20:04 OPSO sshd\[22209\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.5.148 Nov 15 19:20:06 OPSO sshd\[22209\]: Failed password for invalid user leslie from 106.12.5.148 port 41014 ssh2 Nov 15 19:24:05 OPSO sshd\[22622\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.5.148 user=root Nov 15 19:24:07 OPSO sshd\[22622\]: Failed password for root from 106.12.5.148 port 47838 ssh2	2019-11-16 05:22:25

类型

评论内容

时间

attackspambots

Invalid user backup from 106.12.5.148 port 35062

2019-11-22 04:56:23

attackbots

Nov 15 19:20:04 OPSO sshd\[22209\]: Invalid user leslie from 106.12.5.148 port 41014
Nov 15 19:20:04 OPSO sshd\[22209\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.5.148
Nov 15 19:20:06 OPSO sshd\[22209\]: Failed password for invalid user leslie from 106.12.5.148 port 41014 ssh2
Nov 15 19:24:05 OPSO sshd\[22622\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.5.148  user=root
Nov 15 19:24:07 OPSO sshd\[22622\]: Failed password for root from 106.12.5.148 port 47838 ssh2

2019-11-16 05:22:25

相同子网IP讨论:

IP	类型	评论内容	时间
106.12.52.154	attack	invalid login attempt (adelina)	2020-10-12 21:00:39
106.12.52.154	attack	2020-10-11T18:45:54.859781linuxbox-skyline sshd[36908]: Invalid user asdfgh from 106.12.52.154 port 52364 ...	2020-10-12 12:30:10
106.12.56.41	attack	(sshd) Failed SSH login from 106.12.56.41 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 09:20:58 jbs1 sshd[24687]: Invalid user martin from 106.12.56.41 Oct 11 09:20:58 jbs1 sshd[24687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41 Oct 11 09:21:00 jbs1 sshd[24687]: Failed password for invalid user martin from 106.12.56.41 port 52952 ssh2 Oct 11 09:36:02 jbs1 sshd[29711]: Invalid user hermann from 106.12.56.41 Oct 11 09:36:02 jbs1 sshd[29711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41	2020-10-12 01:51:15
106.12.55.57	attack	19219/tcp 162/tcp 23912/tcp... [2020-08-11/10-07]35pkt,35pt.(tcp)	2020-10-08 06:12:54
106.12.55.57	attack	Found on 106.12.0.0/15 Dark List de / proto=6 . srcport=40207 . dstport=19219 . (1001)	2020-10-07 22:32:07
106.12.55.57	attack	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-07 14:33:43
106.12.56.41	attackbots	$f2bV_matches	2020-10-06 03:34:02
106.12.56.41	attackbots	(sshd) Failed SSH login from 106.12.56.41 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 5 01:20:47 optimus sshd[1119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41 user=root Oct 5 01:20:48 optimus sshd[1119]: Failed password for root from 106.12.56.41 port 35886 ssh2 Oct 5 01:25:01 optimus sshd[2543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41 user=root Oct 5 01:25:03 optimus sshd[2543]: Failed password for root from 106.12.56.41 port 32852 ssh2 Oct 5 01:29:13 optimus sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41 user=root	2020-10-05 19:27:47
106.12.57.165	attackbots	24852/tcp 16010/tcp 25739/tcp... [2020-08-04/10-03]25pkt,25pt.(tcp)	2020-10-04 05:59:22
106.12.57.165	attackspam	24852/tcp 16010/tcp 25739/tcp... [2020-08-04/10-03]25pkt,25pt.(tcp)	2020-10-03 21:59:01
106.12.57.165	attack	" "	2020-10-03 13:43:29
106.12.56.41	attackbotsspam	Oct 1 10:42:58 propaganda sshd[16972]: Connection from 106.12.56.41 port 37440 on 10.0.0.161 port 22 rdomain "" Oct 1 10:43:00 propaganda sshd[16972]: Connection closed by 106.12.56.41 port 37440 [preauth]	2020-10-02 05:24:30
106.12.56.41	attackspambots	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-01 21:43:56
106.12.56.41	attack	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-01 14:00:41
106.12.56.41	attack	Oct 1 00:12:44 ws26vmsma01 sshd[9072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.41 Oct 1 00:12:46 ws26vmsma01 sshd[9072]: Failed password for invalid user edgar from 106.12.56.41 port 54692 ssh2 ...	2020-10-01 08:35:21

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.5.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11373
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.5.148.			IN	A

;; AUTHORITY SECTION:
.			412	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111502 1800 900 604800 86400

;; Query time: 98 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Nov 16 05:22:21 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

Host 148.5.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 148.5.12.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
74.120.14.16	attackbotsspam	TCP (SYN) 74.120.14.16:59312 -> port 3306, len 44	2020-10-08 18:09:45
41.65.68.70	attack	Icarus honeypot on github	2020-10-08 17:52:15
200.29.120.94	attackspambots	sshd: Failed password for .... from 200.29.120.94 port 56106 ssh2 (8 attempts)	2020-10-08 18:06:17
176.213.140.45	attackspambots	TCP (SYN) 176.213.140.45:18402 -> port 23, len 44	2020-10-08 18:24:55
27.206.53.98	attack	DATE:2020-10-07 22:38:49, IP:27.206.53.98, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-10-08 18:25:54
82.100.177.127	attackbotsspam	20/10/7@16:41:42: FAIL: Alarm-Intrusion address from=82.100.177.127 ...	2020-10-08 18:21:47
212.124.119.74	attackspambots	Oct 8 11:51:55 b-vps wordpress(rreb.cz)[11355]: Authentication attempt for unknown user barbora from 212.124.119.74 ...	2020-10-08 18:28:09
77.40.3.141	attackbots	(smtpauth) Failed SMTP AUTH login from 77.40.3.141 (RU/Russia/141.3.dialup.mari-el.ru): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-10-08 00:12:06 plain authenticator failed for (localhost) [77.40.3.141]: 535 Incorrect authentication data (set_id=devnull@goltexgroup.com)	2020-10-08 17:53:23
183.134.104.172	attackbotsspam	[MultiHost/MultiPort scan (8)] tcp/1433, tcp/21, tcp/22, tcp/23, tcp/465, tcp/554, tcp/993, udp/5353 [scan/connect: 8 time(s)] in blocklist.de:'listed [unkn]' *(RWIN=8192,-)(10080947)	2020-10-08 18:21:02
194.5.177.67	attack	Lines containing failures of 194.5.177.67 Oct 7 20:37:48 nodeA4 sshd[17651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.5.177.67 user=r.r Oct 7 20:37:50 nodeA4 sshd[17651]: Failed password for r.r from 194.5.177.67 port 47458 ssh2 Oct 7 20:37:50 nodeA4 sshd[17651]: Received disconnect from 194.5.177.67 port 47458:11: Bye Bye [preauth] Oct 7 20:37:50 nodeA4 sshd[17651]: Disconnected from authenticating user r.r 194.5.177.67 port 47458 [preauth] Oct 7 20:46:00 nodeA4 sshd[18539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.5.177.67 user=r.r Oct 7 20:46:02 nodeA4 sshd[18539]: Failed password for r.r from 194.5.177.67 port 59788 ssh2 Oct 7 20:46:02 nodeA4 sshd[18539]: Received disconnect from 194.5.177.67 port 59788:11: Bye Bye [preauth] Oct 7 20:46:02 nodeA4 sshd[18539]: Disconnected from authenticating user r.r 194.5.177.67 port 59788 [preauth] Oct 7 20:50:47 nodeA4 ........ ------------------------------	2020-10-08 18:13:26
180.167.126.126	attackspambots	Oct 8 08:30:13 serwer sshd\[29861\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.167.126.126 user=root Oct 8 08:30:15 serwer sshd\[29861\]: Failed password for root from 180.167.126.126 port 38080 ssh2 Oct 8 08:33:45 serwer sshd\[30220\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.167.126.126 user=root ...	2020-10-08 18:01:17
75.119.215.210	attackspam	75.119.215.210 - - [08/Oct/2020:10:24:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 75.119.215.210 - - [08/Oct/2020:10:24:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2207 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 75.119.215.210 - - [08/Oct/2020:10:24:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2204 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-08 18:09:21
171.246.52.48	attackspambots	TCP (SYN) 171.246.52.48:8124 -> port 23, len 44	2020-10-08 18:23:58
165.22.232.94	attack	non-SMTP command used ...	2020-10-08 18:04:56
167.248.133.16	attackspambots	Found on Github Combined on 3 lists / proto=6 . srcport=2175 . dstport=2 . (1055)	2020-10-08 18:07:02

最近上报的IP列表

36.90.21.190	192.166.47.75	84.185.24.205	160.178.0.137
52.34.24.33	177.107.187.210	61.130.199.254	49.233.171.112
180.167.121.42	49.232.163.32	198.126.164.37	112.35.36.16
55.143.99.199	29.58.164.39	106.146.157.119	79.141.105.205
170.78.96.133	127.89.0.135	215.148.243.130	178.159.57.162