106.75.45.180 - IPInfo

基本信息:

城市(city): unknown

省份(region): Shanghai

国家(country): China

运营商(isp): Shanghai UCloud Information Technology Company Limited

主机名(hostname): unknown

机构(organization): China Unicom Beijing Province Network

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Jun 7 06:39:22 PorscheCustomer sshd[28561]: Failed password for root from 106.75.45.180 port 37985 ssh2 Jun 7 06:41:08 PorscheCustomer sshd[28631]: Failed password for root from 106.75.45.180 port 49576 ssh2 ...	2020-06-07 12:50:05
attackbots	May 11 05:41:25 ns392434 sshd[24695]: Invalid user cvs from 106.75.45.180 port 53948 May 11 05:41:25 ns392434 sshd[24695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 May 11 05:41:25 ns392434 sshd[24695]: Invalid user cvs from 106.75.45.180 port 53948 May 11 05:41:27 ns392434 sshd[24695]: Failed password for invalid user cvs from 106.75.45.180 port 53948 ssh2 May 11 05:46:42 ns392434 sshd[24793]: Invalid user postgres from 106.75.45.180 port 55774 May 11 05:46:42 ns392434 sshd[24793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 May 11 05:46:42 ns392434 sshd[24793]: Invalid user postgres from 106.75.45.180 port 55774 May 11 05:46:45 ns392434 sshd[24793]: Failed password for invalid user postgres from 106.75.45.180 port 55774 ssh2 May 11 05:51:34 ns392434 sshd[24952]: Invalid user goon from 106.75.45.180 port 55735	2020-05-11 16:33:49
attackspam	SSH Brute Force	2020-05-01 19:05:38
attackbots	Apr 17 11:31:30 ovpn sshd\[32264\]: Invalid user guoq from 106.75.45.180 Apr 17 11:31:30 ovpn sshd\[32264\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Apr 17 11:31:32 ovpn sshd\[32264\]: Failed password for invalid user guoq from 106.75.45.180 port 54635 ssh2 Apr 17 11:47:15 ovpn sshd\[3880\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 user=root Apr 17 11:47:17 ovpn sshd\[3880\]: Failed password for root from 106.75.45.180 port 55599 ssh2	2020-04-17 17:59:39
attackbots	Apr 11 05:35:46 mail sshd\[43501\]: Invalid user MGR from 106.75.45.180 Apr 11 05:35:46 mail sshd\[43501\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 ...	2020-04-11 18:51:22
attack	Apr 5 01:22:49 pve sshd[25953]: Failed password for root from 106.75.45.180 port 41231 ssh2 Apr 5 01:26:05 pve sshd[26509]: Failed password for root from 106.75.45.180 port 40231 ssh2	2020-04-05 09:07:28
attackbots	Invalid user xxo from 106.75.45.180 port 44995	2020-03-30 06:24:09
attack	Mar 29 01:41:23 firewall sshd[29545]: Invalid user tgg from 106.75.45.180 Mar 29 01:41:25 firewall sshd[29545]: Failed password for invalid user tgg from 106.75.45.180 port 56438 ssh2 Mar 29 01:46:12 firewall sshd[29718]: Invalid user rqn from 106.75.45.180 ...	2020-03-29 13:04:50
attackbotsspam	Mar 21 13:55:36 eventyay sshd[6952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Mar 21 13:55:39 eventyay sshd[6952]: Failed password for invalid user ubuntu from 106.75.45.180 port 38186 ssh2 Mar 21 13:59:54 eventyay sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 ...	2020-03-21 21:13:12
attack	Sep 12 11:28:28 yabzik sshd[24702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Sep 12 11:28:29 yabzik sshd[24702]: Failed password for invalid user minecraft123 from 106.75.45.180 port 38341 ssh2 Sep 12 11:34:22 yabzik sshd[26652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180	2019-09-12 22:24:32
attack	Invalid user user from 106.75.45.180 port 54347	2019-09-11 11:10:45
attack	Sep 6 19:15:07 auw2 sshd\[19879\]: Invalid user vagrant from 106.75.45.180 Sep 6 19:15:07 auw2 sshd\[19879\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Sep 6 19:15:09 auw2 sshd\[19879\]: Failed password for invalid user vagrant from 106.75.45.180 port 44184 ssh2 Sep 6 19:20:53 auw2 sshd\[20290\]: Invalid user testftp from 106.75.45.180 Sep 6 19:20:53 auw2 sshd\[20290\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180	2019-09-07 13:27:31
attackbotsspam	Sep 6 16:38:06 ny01 sshd[3840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Sep 6 16:38:08 ny01 sshd[3840]: Failed password for invalid user ts3 from 106.75.45.180 port 42345 ssh2 Sep 6 16:43:30 ny01 sshd[4828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180	2019-09-07 05:04:05
attackbotsspam	Jul 15 03:15:31 aat-srv002 sshd[5175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Jul 15 03:15:33 aat-srv002 sshd[5175]: Failed password for invalid user sw from 106.75.45.180 port 58129 ssh2 Jul 15 03:19:24 aat-srv002 sshd[5264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Jul 15 03:19:26 aat-srv002 sshd[5264]: Failed password for invalid user proftpd from 106.75.45.180 port 47111 ssh2 ...	2019-07-15 20:26:34
attack	Jun 25 08:58:55 ovpn sshd\[3650\]: Invalid user unreal from 106.75.45.180 Jun 25 08:58:55 ovpn sshd\[3650\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180 Jun 25 08:58:57 ovpn sshd\[3650\]: Failed password for invalid user unreal from 106.75.45.180 port 42044 ssh2 Jun 25 09:05:12 ovpn sshd\[3752\]: Invalid user shang from 106.75.45.180 Jun 25 09:05:12 ovpn sshd\[3752\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.180	2019-06-25 15:39:32
attack	24.06.2019 19:24:29 SSH access blocked by firewall	2019-06-25 03:31:09
attackbots	Invalid user dayz from 106.75.45.180 port 35670	2019-06-24 13:44:05

相同子网IP讨论:

IP	类型	评论内容	时间
106.75.45.177	attackbots	2020-03-19T16:15:36.643984shield sshd\[1665\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.177 user=root 2020-03-19T16:15:38.382874shield sshd\[1665\]: Failed password for root from 106.75.45.177 port 59671 ssh2 2020-03-19T16:20:05.102449shield sshd\[3252\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.177 user=root 2020-03-19T16:20:06.433082shield sshd\[3252\]: Failed password for root from 106.75.45.177 port 46240 ssh2 2020-03-19T16:24:15.041465shield sshd\[4666\]: Invalid user icinga from 106.75.45.177 port 32810	2020-03-20 03:31:18

类型

评论内容

时间

106.75.45.177

attackbots

2020-03-19T16:15:36.643984shield sshd\[1665\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.177  user=root
2020-03-19T16:15:38.382874shield sshd\[1665\]: Failed password for root from 106.75.45.177 port 59671 ssh2
2020-03-19T16:20:05.102449shield sshd\[3252\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.45.177  user=root
2020-03-19T16:20:06.433082shield sshd\[3252\]: Failed password for root from 106.75.45.177 port 46240 ssh2
2020-03-19T16:24:15.041465shield sshd\[4666\]: Invalid user icinga from 106.75.45.177 port 32810

2020-03-20 03:31:18

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.75.45.180
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50151
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.75.45.180.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040903 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Wed Apr 10 08:01:19 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 180.45.75.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 180.45.75.106.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
206.189.182.217	attack	scans 2 times in preceeding hours on the ports (in chronological order) 20961 20961 resulting in total of 22 scans from 206.189.0.0/16 block.	2020-04-25 23:04:01
83.97.20.31	attack	ET DROP Dshield Block Listed Source group 1 - port: 8080 proto: TCP cat: Misc Attack	2020-04-25 22:45:49
192.241.239.202	attackspambots	scans once in preceeding hours on the ports (in chronological order) 3050 resulting in total of 25 scans from 192.241.128.0/17 block.	2020-04-25 23:10:23
80.82.77.234	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 69 - port: 55315 proto: TCP cat: Misc Attack	2020-04-25 22:47:16
192.241.239.62	attackspam	Port scan: Attack repeated for 24 hours	2020-04-25 23:11:23
45.143.220.175	attackbots	GPL RPC xdmcp info query - port: 177 proto: UDP cat: Attempted Information Leak	2020-04-25 22:59:19
51.77.192.7	attackspam	scans 2 times in preceeding hours on the ports (in chronological order) 8545 8545	2020-04-25 22:56:56
167.172.172.70	attack	scans once in preceeding hours on the ports (in chronological order) 5076 resulting in total of 13 scans from 167.172.0.0/16 block.	2020-04-25 23:24:04
37.49.225.166	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 17 - port: 30718 proto: UDP cat: Misc Attack	2020-04-25 23:01:55
192.241.239.50	attackspam	ET DROP Dshield Block Listed Source group 1 - port: 44818 proto: TCP cat: Misc Attack	2020-04-25 23:11:37
206.189.172.76	attack	scans once in preceeding hours on the ports (in chronological order) 1174 resulting in total of 22 scans from 206.189.0.0/16 block.	2020-04-25 23:07:25
206.189.65.107	attack	Apr 25 17:08:08 debian-2gb-nbg1-2 kernel: \[10086228.097995\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=206.189.65.107 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20153 PROTO=TCP SPT=48569 DPT=25973 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-25 23:09:42
167.172.152.143	attackspam	04/25/2020-08:53:34.739706 167.172.152.143 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-04-25 23:25:10
192.241.238.18	attackspam	ET SCAN Suspicious inbound to mySQL port 3306 - port: 3306 proto: TCP cat: Potentially Bad Traffic	2020-04-25 23:14:08
185.176.27.102	attackspam	Apr 25 16:35:03 debian-2gb-nbg1-2 kernel: \[10084242.504517\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.102 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29369 PROTO=TCP SPT=40682 DPT=30281 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-25 23:19:50

最近上报的IP列表

60.12.249.230	18.219.54.109	179.96.62.29	190.56.4.44
182.18.162.136	45.67.15.154	58.242.83.28	39.104.67.3
165.227.212.86	148.70.10.178	180.246.62.191	190.2.149.27
61.220.128.67	104.199.214.147	201.250.164.223	122.21.142.247
51.15.106.195	183.87.134.100	58.221.55.148	37.195.105.57