14.29.234.12 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Guangdong Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	(sshd) Failed SSH login from 14.29.234.12 (CN/China/Guangdong/Guangzhou Shi/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 10:17:45 atlas sshd[20057]: Invalid user kharitina from 14.29.234.12 port 33142 Oct 11 10:17:47 atlas sshd[20057]: Failed password for invalid user kharitina from 14.29.234.12 port 33142 ssh2 Oct 11 10:40:56 atlas sshd[25784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.12 user=root Oct 11 10:40:58 atlas sshd[25784]: Failed password for root from 14.29.234.12 port 50992 ssh2 Oct 11 10:44:37 atlas sshd[26661]: Invalid user peotr from 14.29.234.12 port 33174	2020-10-12 03:45:21
attackspam	SSH/22 MH Probe, BF, Hack -	2020-10-11 19:41:24

类型

评论内容

时间

attack

(sshd) Failed SSH login from 14.29.234.12 (CN/China/Guangdong/Guangzhou Shi/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 10:17:45 atlas sshd[20057]: Invalid user kharitina from 14.29.234.12 port 33142
Oct 11 10:17:47 atlas sshd[20057]: Failed password for invalid user kharitina from 14.29.234.12 port 33142 ssh2
Oct 11 10:40:56 atlas sshd[25784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.12  user=root
Oct 11 10:40:58 atlas sshd[25784]: Failed password for root from 14.29.234.12 port 50992 ssh2
Oct 11 10:44:37 atlas sshd[26661]: Invalid user peotr from 14.29.234.12 port 33174

2020-10-12 03:45:21

attackspam

SSH/22 MH Probe, BF, Hack -

2020-10-11 19:41:24

相同子网IP讨论:

IP	类型	评论内容	时间
14.29.234.218	attackspam	Invalid user steffi from 14.29.234.218 port 47980	2020-05-30 06:01:57
14.29.234.218	attackbots	May 28 13:51:46 ns382633 sshd\[19302\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.218 user=root May 28 13:51:48 ns382633 sshd\[19302\]: Failed password for root from 14.29.234.218 port 33818 ssh2 May 28 14:03:49 ns382633 sshd\[21418\]: Invalid user ftpuser from 14.29.234.218 port 39898 May 28 14:03:49 ns382633 sshd\[21418\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.218 May 28 14:03:51 ns382633 sshd\[21418\]: Failed password for invalid user ftpuser from 14.29.234.218 port 39898 ssh2	2020-05-28 20:28:14
14.29.234.218	attackbots	Invalid user ozn from 14.29.234.218 port 39542	2020-05-21 20:04:29
14.29.234.218	attack	Ssh brute force	2020-05-09 18:39:01
14.29.234.218	attack	2020-04-03 UTC: (2x) - nproc,root	2020-04-04 18:19:42
14.29.234.218	attack	$f2bV_matches	2020-04-01 14:17:36
14.29.234.218	attack	2020-03-10T20:35:39.359151shield sshd\[18174\]: Invalid user kristof from 14.29.234.218 port 43637 2020-03-10T20:35:39.367135shield sshd\[18174\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.218 2020-03-10T20:35:41.518759shield sshd\[18174\]: Failed password for invalid user kristof from 14.29.234.218 port 43637 ssh2 2020-03-10T20:37:23.447260shield sshd\[18442\]: Invalid user user from 14.29.234.218 port 53636 2020-03-10T20:37:23.454403shield sshd\[18442\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.234.218	2020-03-11 09:28:28

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 14.29.234.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8244
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;14.29.234.12.			IN	A

;; AUTHORITY SECTION:
.			354	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020101002 1800 900 604800 86400

;; Query time: 53 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 11 19:41:19 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 12.234.29.14.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 12.234.29.14.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
218.103.131.205	attackbotsspam	Automatic report - Banned IP Access	2020-09-20 12:38:23
35.234.143.159	attack	2020-09-19 02:07:58,902 fail2ban.actions [730]: NOTICE [sshd] Ban 35.234.143.159 2020-09-19 19:10:12,291 fail2ban.actions [497755]: NOTICE [sshd] Ban 35.234.143.159 2020-09-19 22:11:54,461 fail2ban.actions [596888]: NOTICE [sshd] Ban 35.234.143.159	2020-09-20 12:30:27
222.186.180.147	attack	Sep 19 18:05:48 hanapaa sshd\[12238\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.147 user=root Sep 19 18:05:49 hanapaa sshd\[12238\]: Failed password for root from 222.186.180.147 port 4826 ssh2 Sep 19 18:05:52 hanapaa sshd\[12238\]: Failed password for root from 222.186.180.147 port 4826 ssh2 Sep 19 18:05:55 hanapaa sshd\[12238\]: Failed password for root from 222.186.180.147 port 4826 ssh2 Sep 19 18:05:58 hanapaa sshd\[12238\]: Failed password for root from 222.186.180.147 port 4826 ssh2	2020-09-20 12:12:36
193.218.118.130	attackspam	2020-09-20T04:39[Censored Hostname] sshd[7950]: Failed password for root from 193.218.118.130 port 55870 ssh2 2020-09-20T04:39[Censored Hostname] sshd[7950]: Failed password for root from 193.218.118.130 port 55870 ssh2 2020-09-20T04:40[Censored Hostname] sshd[7950]: Failed password for root from 193.218.118.130 port 55870 ssh2[...]	2020-09-20 12:43:38
218.92.0.208	attackspam	2020-09-20T00:16:35.583138xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:16:32.952699xentho-1 sshd[872810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208 user=root 2020-09-20T00:16:35.583138xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:16:38.572224xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:16:32.952699xentho-1 sshd[872810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208 user=root 2020-09-20T00:16:35.583138xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:16:38.572224xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:16:42.098028xentho-1 sshd[872810]: Failed password for root from 218.92.0.208 port 44987 ssh2 2020-09-20T00:18:13.477799xent ...	2020-09-20 12:26:23
134.90.254.48	attack	Lines containing failures of 134.90.254.48 Sep 19 18:48:32 smtp-out sshd[10508]: Invalid user admin from 134.90.254.48 port 39444 Sep 19 18:48:33 smtp-out sshd[10508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.90.254.48 Sep 19 18:48:35 smtp-out sshd[10508]: Failed password for invalid user admin from 134.90.254.48 port 39444 ssh2 Sep 19 18:48:39 smtp-out sshd[10508]: Connection closed by invalid user admin 134.90.254.48 port 39444 [preauth] Sep 19 18:48:41 smtp-out sshd[10511]: Invalid user admin from 134.90.254.48 port 39449 Sep 19 18:48:42 smtp-out sshd[10511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.90.254.48 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=134.90.254.48	2020-09-20 12:16:23
51.89.136.104	attackspambots	Sep 20 01:12:56 rotator sshd\[29710\]: Address 51.89.136.104 maps to ip-51-89-136.eu, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Sep 20 01:12:56 rotator sshd\[29710\]: Invalid user alex from 51.89.136.104Sep 20 01:12:58 rotator sshd\[29710\]: Failed password for invalid user alex from 51.89.136.104 port 58790 ssh2Sep 20 01:18:52 rotator sshd\[30525\]: Address 51.89.136.104 maps to ip-51-89-136.eu, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Sep 20 01:18:52 rotator sshd\[30525\]: Invalid user admin from 51.89.136.104Sep 20 01:18:54 rotator sshd\[30525\]: Failed password for invalid user admin from 51.89.136.104 port 42248 ssh2 ...	2020-09-20 12:18:13
171.249.138.140	attack	Failed password for invalid user from 171.249.138.140 port 33220 ssh2	2020-09-20 12:20:23
177.100.244.79	attackbots	2020-09-19 11:57:35.885403-0500 localhost smtpd[24990]: NOQUEUE: reject: RCPT from unknown[177.100.244.79]: 554 5.7.1 Service unavailable; Client host [177.100.244.79] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS / https://www.spamhaus.org/query/ip/177.100.244.79; from= to= proto=ESMTP helo=	2020-09-20 12:30:46
101.133.174.69	attackbotsspam	101.133.174.69 - - [20/Sep/2020:03:14:23 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 101.133.174.69 - - [20/Sep/2020:03:29:17 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-20 12:27:34
212.227.203.132	attack	212.227.203.132 - - [20/Sep/2020:05:30:41 +0200] "POST /xmlrpc.php HTTP/1.1" 403 10766 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 212.227.203.132 - - [20/Sep/2020:05:38:41 +0200] "POST /xmlrpc.php HTTP/1.1" 403 8487 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-20 12:11:17
118.89.120.110	attackbots	Sep 20 02:28:16 icinga sshd[23026]: Failed password for root from 118.89.120.110 port 52142 ssh2 Sep 20 02:44:01 icinga sshd[48570]: Failed password for root from 118.89.120.110 port 56756 ssh2 ...	2020-09-20 12:30:11
122.14.200.231	attackspambots	10 attempts against mh-pma-try-ban on river	2020-09-20 12:44:11
42.98.45.163	attackspam	Sep 19 19:06:26 ssh2 sshd[37854]: User root from 42-98-45-163.static.netvigator.com not allowed because not listed in AllowUsers Sep 19 19:06:27 ssh2 sshd[37854]: Failed password for invalid user root from 42.98.45.163 port 50228 ssh2 Sep 19 19:06:27 ssh2 sshd[37854]: Connection closed by invalid user root 42.98.45.163 port 50228 [preauth] ...	2020-09-20 12:40:27
198.23.148.137	attack	$f2bV_matches	2020-09-20 12:11:42

最近上报的IP列表

106.225.147.63	222.139.245.120	121.131.96.13	45.153.203.180
106.75.97.16	93.106.214.223	94.224.37.149	218.88.29.99
115.60.63.150	222.128.5.135	87.103.95.89	37.54.239.184
188.131.156.125	119.45.207.135	95.172.2.234	125.42.121.91
119.45.142.38	94.233.94.146	41.204.24.170	111.40.23.239