106.75.29.84 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Shanghai UCloud Information Technology Company Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	SSH login attempts.	2020-06-19 13:20:59
attackbotsspam	Jun 17 10:09:36 NPSTNNYC01T sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.84 Jun 17 10:09:38 NPSTNNYC01T sshd[8055]: Failed password for invalid user ubuntu from 106.75.29.84 port 57276 ssh2 Jun 17 10:12:29 NPSTNNYC01T sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.84 ...	2020-06-17 22:22:39

类型

评论内容

时间

attackspambots

SSH login attempts.

2020-06-19 13:20:59

attackbotsspam

Jun 17 10:09:36 NPSTNNYC01T sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.84
Jun 17 10:09:38 NPSTNNYC01T sshd[8055]: Failed password for invalid user ubuntu from 106.75.29.84 port 57276 ssh2
Jun 17 10:12:29 NPSTNNYC01T sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.84
...

2020-06-17 22:22:39

相同子网IP讨论:

IP	类型	评论内容	时间
106.75.29.209	spambotsattackproxy	106.75.29.209 powermailmarketingworld.info	2020-10-31 04:03:11
106.75.29.239	attackbots	Oct 9 14:58:09 ws26vmsma01 sshd[237593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.239 Oct 9 14:58:11 ws26vmsma01 sshd[237593]: Failed password for invalid user nagios from 106.75.29.239 port 48488 ssh2 ...	2020-10-10 02:55:51
106.75.29.239	attackbots	fail2ban -- 106.75.29.239 ...	2020-10-09 18:42:18

类型

评论内容

时间

106.75.29.209

spambotsattackproxy

106.75.29.209 powermailmarketingworld.info

2020-10-31 04:03:11

106.75.29.239

attackbots

Oct  9 14:58:09 ws26vmsma01 sshd[237593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.29.239
Oct  9 14:58:11 ws26vmsma01 sshd[237593]: Failed password for invalid user nagios from 106.75.29.239 port 48488 ssh2
...

2020-10-10 02:55:51

106.75.29.239

attackbots

fail2ban -- 106.75.29.239
...

2020-10-09 18:42:18

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.75.29.84
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62961
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.75.29.84.			IN	A

;; AUTHORITY SECTION:
.			304	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061700 1800 900 604800 86400

;; Query time: 99 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jun 17 22:22:34 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 84.29.75.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 84.29.75.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.214.237.98	attackbotsspam	Sep 8 10:11:09 mail.srvfarm.net postfix/smtpd[1712849]: warning: unknown[180.214.237.98]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 8 10:11:09 mail.srvfarm.net postfix/smtpd[1712849]: lost connection after AUTH from unknown[180.214.237.98] Sep 8 10:11:16 mail.srvfarm.net postfix/smtpd[1712852]: warning: unknown[180.214.237.98]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 8 10:11:16 mail.srvfarm.net postfix/smtpd[1712852]: lost connection after AUTH from unknown[180.214.237.98] Sep 8 10:11:27 mail.srvfarm.net postfix/smtpd[1700079]: warning: unknown[180.214.237.98]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-09-12 02:07:17
192.99.175.86	attackbots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-12 02:33:14
193.169.255.46	attackspambots	Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518773]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518771]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518765]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518764]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518769]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518770]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 11 18:55:21 web01.agentur-b-2.de postfix/smtps/smtpd[1518768]: warning: unknown[193.169.255.46]: SASL LOGIN authentication failed:	2020-09-12 02:05:45
103.75.101.59	attackbots	"Unauthorized connection attempt on SSHD detected"	2020-09-12 02:31:50
114.104.227.102	attackbotsspam	Sep 10 20:07:52 srv01 postfix/smtpd\[30416\]: warning: unknown\[114.104.227.102\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 10 20:11:18 srv01 postfix/smtpd\[4799\]: warning: unknown\[114.104.227.102\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 10 20:11:30 srv01 postfix/smtpd\[4799\]: warning: unknown\[114.104.227.102\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 10 20:11:46 srv01 postfix/smtpd\[4799\]: warning: unknown\[114.104.227.102\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 10 20:12:05 srv01 postfix/smtpd\[4799\]: warning: unknown\[114.104.227.102\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-09-12 02:02:25
200.1.216.20	attack	Sep 7 23:23:29 mail.srvfarm.net postfix/smtpd[1282730]: NOQUEUE: reject: RCPT from unknown[200.1.216.20]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Sep 7 23:23:29 mail.srvfarm.net postfix/smtpd[1282730]: NOQUEUE: reject: RCPT from unknown[200.1.216.20]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Sep 7 23:23:29 mail.srvfarm.net postfix/smtpd[1282730]: NOQUEUE: reject: RCPT from unknown[200.1.216.20]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Sep 7 23:23:29 mail.srvfarm.net postfix/smtpd[1282730]: NOQUEUE: reject: RCPT from unknown[200.1.216.20]: 450 4.7.1 : Helo command rejected: Host not found; from= to=	2020-09-12 02:03:08
94.102.57.137	attackbots	Sep 11 19:53:22 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session= Sep 11 19:53:28 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session= Sep 11 19:54:00 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session= Sep 11 19:54:16 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.57.137, lip=185.118.198.210, session= Sep 11 19:54:32 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=9	2020-09-12 02:12:39
113.186.218.44	attack	1599756737 - 09/10/2020 18:52:17 Host: 113.186.218.44/113.186.218.44 Port: 445 TCP Blocked ...	2020-09-12 02:00:18
45.5.131.83	attackbotsspam	Sep 7 12:45:33 mail.srvfarm.net postfix/smtps/smtpd[1054165]: warning: unknown[45.5.131.83]: SASL PLAIN authentication failed: Sep 7 12:45:33 mail.srvfarm.net postfix/smtps/smtpd[1054165]: lost connection after AUTH from unknown[45.5.131.83] Sep 7 12:48:42 mail.srvfarm.net postfix/smtpd[1058612]: warning: unknown[45.5.131.83]: SASL PLAIN authentication failed: Sep 7 12:48:43 mail.srvfarm.net postfix/smtpd[1058612]: lost connection after AUTH from unknown[45.5.131.83] Sep 7 12:53:31 mail.srvfarm.net postfix/smtpd[1053369]: warning: unknown[45.5.131.83]: SASL PLAIN authentication failed:	2020-09-12 02:19:05
88.79.208.11	attack	TCP (SYN) 88.79.208.11:42499 -> port 445, len 44	2020-09-12 02:24:26
91.235.0.104	attackbotsspam	Sep 8 20:37:36 mail.srvfarm.net postfix/smtps/smtpd[1957217]: warning: 91-235-0-104.static.ip.netia.com.pl[91.235.0.104]: SASL PLAIN authentication failed: Sep 8 20:37:36 mail.srvfarm.net postfix/smtps/smtpd[1957217]: lost connection after AUTH from 91-235-0-104.static.ip.netia.com.pl[91.235.0.104] Sep 8 20:38:13 mail.srvfarm.net postfix/smtpd[1954569]: warning: 91-235-0-104.static.ip.netia.com.pl[91.235.0.104]: SASL PLAIN authentication failed: Sep 8 20:38:13 mail.srvfarm.net postfix/smtpd[1954569]: lost connection after AUTH from 91-235-0-104.static.ip.netia.com.pl[91.235.0.104] Sep 8 20:43:50 mail.srvfarm.net postfix/smtpd[1954281]: warning: 91-235-0-104.static.ip.netia.com.pl[91.235.0.104]: SASL PLAIN authentication failed:	2020-09-12 02:13:26
24.137.101.210	attack	Sep 11 17:01:02 vps639187 sshd\[11315\]: Invalid user admin from 24.137.101.210 port 46037 Sep 11 17:01:02 vps639187 sshd\[11315\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.137.101.210 Sep 11 17:01:05 vps639187 sshd\[11315\]: Failed password for invalid user admin from 24.137.101.210 port 46037 ssh2 ...	2020-09-12 01:59:06
195.54.161.122	attackspambots	Fail2Ban Ban Triggered	2020-09-12 02:21:46
176.109.0.30	attackspam	Lines containing failures of 176.109.0.30 Sep 9 13:30:23 shared03 sshd[6732]: Invalid user fileserver from 176.109.0.30 port 54224 Sep 9 13:30:23 shared03 sshd[6732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.0.30 Sep 9 13:30:25 shared03 sshd[6732]: Failed password for invalid user fileserver from 176.109.0.30 port 54224 ssh2 Sep 9 13:30:25 shared03 sshd[6732]: Received disconnect from 176.109.0.30 port 54224:11: Bye Bye [preauth] Sep 9 13:30:25 shared03 sshd[6732]: Disconnected from invalid user fileserver 176.109.0.30 port 54224 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=176.109.0.30	2020-09-12 02:35:14
45.224.161.251	attackbots	Sep 7 12:57:08 mail.srvfarm.net postfix/smtps/smtpd[1056821]: warning: unknown[45.224.161.251]: SASL PLAIN authentication failed: Sep 7 12:57:09 mail.srvfarm.net postfix/smtps/smtpd[1056821]: lost connection after AUTH from unknown[45.224.161.251] Sep 7 13:00:12 mail.srvfarm.net postfix/smtps/smtpd[1056821]: warning: unknown[45.224.161.251]: SASL PLAIN authentication failed: Sep 7 13:00:13 mail.srvfarm.net postfix/smtps/smtpd[1056821]: lost connection after AUTH from unknown[45.224.161.251] Sep 7 13:00:37 mail.srvfarm.net postfix/smtps/smtpd[1056821]: warning: unknown[45.224.161.251]: SASL PLAIN authentication failed:	2020-09-12 02:15:07

最近上报的IP列表

210.190.60.213	128.116.147.172	103.113.90.128	58.214.16.198
94.233.234.16	27.22.31.235	222.247.8.195	61.7.188.63
188.70.9.165	117.92.92.54	87.121.109.174	34.76.47.142
111.250.152.248	110.93.240.71	109.94.171.132	93.184.88.95
177.43.78.58	94.25.175.158	118.70.171.183	219.139.184.241