106.52.249.148

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Port probing on unauthorized port 6379	2020-09-04 01:32:18
attackbots	Port probing on unauthorized port 6379	2020-09-03 16:54:25

相同子网IP讨论:

IP	类型	评论内容	时间
106.52.249.134	attack	2020-10-12T17:54:30+0000 Failed SSH Authentication/Brute Force Attack. (Server 6)	2020-10-13 02:18:11
106.52.249.134	attack	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-12 17:44:02
106.52.249.134	attack	detected by Fail2Ban	2020-10-03 22:23:05
106.52.249.134	attackbots	(sshd) Failed SSH login from 106.52.249.134 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 30 13:40:58 server sshd[1408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.249.134 user=root Sep 30 13:40:59 server sshd[1408]: Failed password for root from 106.52.249.134 port 38720 ssh2 Sep 30 13:46:00 server sshd[2118]: Invalid user user8 from 106.52.249.134 Sep 30 13:46:00 server sshd[2118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.249.134 Sep 30 13:46:01 server sshd[2118]: Failed password for invalid user user8 from 106.52.249.134 port 51694 ssh2	2020-10-01 02:29:05
106.52.249.134	attackbotsspam	106.52.249.134 (CN/China/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 30 03:24:54 server5 sshd[28464]: Failed password for root from 84.255.249.179 port 51096 ssh2 Sep 30 03:27:43 server5 sshd[29747]: Failed password for root from 91.134.157.246 port 24415 ssh2 Sep 30 03:18:14 server5 sshd[25495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.129.197.98 user=root Sep 30 03:18:16 server5 sshd[25495]: Failed password for root from 203.129.197.98 port 34274 ssh2 Sep 30 03:24:38 server5 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.249.134 user=root Sep 30 03:24:40 server5 sshd[28446]: Failed password for root from 106.52.249.134 port 60688 ssh2 IP Addresses Blocked: 84.255.249.179 (SI/Slovenia/-) 91.134.157.246 (FR/France/-) 203.129.197.98 (IN/India/-)	2020-09-30 18:38:19

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.52.249.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62938
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.52.249.148.			IN	A

;; AUTHORITY SECTION:
.			413	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090300 1800 900 604800 86400

;; Query time: 42 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 03 16:54:18 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 148.249.52.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		100.100.2.138
Address:	100.100.2.138#53

** server can't find 148.249.52.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
115.84.121.80	attackbotsspam	Jul 23 12:12:55 meumeu sshd[27763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.84.121.80 Jul 23 12:12:57 meumeu sshd[27763]: Failed password for invalid user dbms from 115.84.121.80 port 35184 ssh2 Jul 23 12:17:37 meumeu sshd[10097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.84.121.80 ...	2019-07-23 18:17:52
68.183.83.7	attackspambots	[munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:15 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:17 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:19 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:21 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:23 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 68.183.83.7 - - [23/Jul/2019:11:23:25 +0200] "POST /[munged]: HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x8	2019-07-23 17:41:44
192.99.70.12	attackspambots	Jul 23 11:04:52 microserver sshd[51268]: Invalid user btsync from 192.99.70.12 port 41040 Jul 23 11:04:52 microserver sshd[51268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.70.12 Jul 23 11:04:53 microserver sshd[51268]: Failed password for invalid user btsync from 192.99.70.12 port 41040 ssh2 Jul 23 11:08:40 microserver sshd[51855]: Invalid user admin from 192.99.70.12 port 56974 Jul 23 11:08:40 microserver sshd[51855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.70.12 Jul 23 11:19:56 microserver sshd[53206]: Invalid user pp from 192.99.70.12 port 48268 Jul 23 11:19:56 microserver sshd[53206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.70.12 Jul 23 11:19:57 microserver sshd[53206]: Failed password for invalid user pp from 192.99.70.12 port 48268 ssh2 Jul 23 11:23:41 microserver sshd[53780]: Invalid user simon from 192.99.70.12 port 35944 Jul 23 11:23:41 mi	2019-07-23 17:53:04
109.105.10.176	attackspam	PHI,WP GET /wp-login.php GET /wp-login.php	2019-07-23 17:36:44
111.40.50.116	attack	Jul 22 16:19:38 sanyalnet-awsem3-1 sshd[17256]: Connection from 111.40.50.116 port 56156 on 172.30.0.184 port 22 Jul 22 16:19:40 sanyalnet-awsem3-1 sshd[17256]: Invalid user discordbot from 111.40.50.116 Jul 22 16:19:40 sanyalnet-awsem3-1 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.40.50.116 Jul 22 16:19:43 sanyalnet-awsem3-1 sshd[17256]: Failed password for invalid user discordbot from 111.40.50.116 port 56156 ssh2 Jul 22 16:19:43 sanyalnet-awsem3-1 sshd[17256]: Received disconnect from 111.40.50.116: 11: Bye Bye [preauth] Jul 22 18:29:06 sanyalnet-awsem3-1 sshd[22678]: Connection from 111.40.50.116 port 47832 on 172.30.0.184 port 22 Jul 22 18:29:09 sanyalnet-awsem3-1 sshd[22678]: Invalid user j from 111.40.50.116 Jul 22 18:29:09 sanyalnet-awsem3-1 sshd[22678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.40.50.116 Jul 22 18:29:11 sanyalnet-awsem3-1 sshd[22678]........ -------------------------------	2019-07-23 17:20:15
5.188.216.138	attackbots	Automatic report - Banned IP Access	2019-07-23 17:42:44
41.210.128.37	attackspambots	2019-07-23T09:54:02.834331abusebot-5.cloudsearch.cf sshd\[31434\]: Invalid user admin from 41.210.128.37 port 51366	2019-07-23 18:12:50
205.144.208.246	attackspambots	scan z	2019-07-23 17:27:40
222.173.30.130	attack	Jul 23 11:23:40 meumeu sshd[27293]: Failed password for root from 222.173.30.130 port 52657 ssh2 Jul 23 11:27:06 meumeu sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.173.30.130 Jul 23 11:27:08 meumeu sshd[11647]: Failed password for invalid user rabbitmq from 222.173.30.130 port 56577 ssh2 ...	2019-07-23 17:43:10
37.49.225.175	attackbotsspam	Bruteforce on smtp	2019-07-23 17:21:31
104.248.74.238	attackbots	Jul 23 11:36:32 meumeu sshd[8593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.74.238 Jul 23 11:36:34 meumeu sshd[8593]: Failed password for invalid user simo from 104.248.74.238 port 46050 ssh2 Jul 23 11:40:56 meumeu sshd[7335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.74.238 ...	2019-07-23 17:46:03
45.32.5.101	attack	Jul 22 18:21:47 roadrisk sshd[28011]: reveeclipse mapping checking getaddrinfo for 45.32.5.101.vultr.com [45.32.5.101] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 22 18:21:50 roadrisk sshd[28011]: Failed password for invalid user guang from 45.32.5.101 port 59608 ssh2 Jul 22 18:21:50 roadrisk sshd[28011]: Received disconnect from 45.32.5.101: 11: Bye Bye [preauth] Jul 22 18:32:04 roadrisk sshd[28129]: reveeclipse mapping checking getaddrinfo for 45.32.5.101.vultr.com [45.32.5.101] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 22 18:32:06 roadrisk sshd[28129]: Failed password for invalid user teste from 45.32.5.101 port 38600 ssh2 Jul 22 18:32:06 roadrisk sshd[28129]: Received disconnect from 45.32.5.101: 11: Bye Bye [preauth] Jul 22 18:37:20 roadrisk sshd[28204]: reveeclipse mapping checking getaddrinfo for 45.32.5.101.vultr.com [45.32.5.101] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 22 18:37:20 roadrisk sshd[28204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=........ -------------------------------	2019-07-23 17:57:28
182.254.145.29	attackspambots	Jul 23 05:08:29 aat-srv002 sshd[8050]: Failed password for root from 182.254.145.29 port 60376 ssh2 Jul 23 05:12:51 aat-srv002 sshd[8144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.145.29 Jul 23 05:12:52 aat-srv002 sshd[8144]: Failed password for invalid user git from 182.254.145.29 port 49383 ssh2 ...	2019-07-23 18:23:59
188.166.190.172	attackbotsspam	Jul 23 15:39:34 vibhu-HP-Z238-Microtower-Workstation sshd\[5859\]: Invalid user team from 188.166.190.172 Jul 23 15:39:34 vibhu-HP-Z238-Microtower-Workstation sshd\[5859\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.190.172 Jul 23 15:39:36 vibhu-HP-Z238-Microtower-Workstation sshd\[5859\]: Failed password for invalid user team from 188.166.190.172 port 50176 ssh2 Jul 23 15:44:48 vibhu-HP-Z238-Microtower-Workstation sshd\[6000\]: Invalid user andries from 188.166.190.172 Jul 23 15:44:48 vibhu-HP-Z238-Microtower-Workstation sshd\[6000\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.190.172 ...	2019-07-23 18:28:22
218.92.0.202	attackspam	Jul 23 11:21:31 eventyay sshd[16885]: Failed password for root from 218.92.0.202 port 39712 ssh2 Jul 23 11:23:16 eventyay sshd[17377]: Failed password for root from 218.92.0.202 port 39480 ssh2 ...	2019-07-23 17:29:38

最近上报的IP列表

45.154.255.68	104.33.60.133	206.72.197.102	45.185.135.47
81.19.214.35	59.55.36.234	179.99.225.199	122.117.109.86
168.70.32.117	212.115.235.71	58.153.128.154	208.107.65.125
190.79.108.45	46.59.37.195	58.153.182.219	99.30.247.150
172.236.229.12	187.189.198.118	59.210.64.178	138.160.82.203