203.148.84.6 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Indonesia

运营商(isp): PT. Indotrans Data

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Unauthorized connection attempt from IP address 203.148.84.6 on Port 445(SMB)	2020-06-23 02:17:48

相同子网IP讨论:

IP	类型	评论内容	时间
203.148.84.118	attack	Scanning random ports - tries to find possible vulnerable services	2020-02-21 08:29:20
203.148.84.118	attackspam	Unauthorized connection attempt from IP address 203.148.84.118 on Port 445(SMB)	2019-11-19 05:37:25

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 203.148.84.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53144
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;203.148.84.6.			IN	A

;; AUTHORITY SECTION:
.			238	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020062201 1800 900 604800 86400

;; Query time: 57 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jun 23 02:17:44 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

6.84.148.203.in-addr.arpa domain name pointer dist-cmg.indotrans.net.id.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
6.84.148.203.in-addr.arpa	name = dist-cmg.indotrans.net.id.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
123.127.107.70	attackspam	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-04-07 20:57:34
209.159.157.72	attackbotsspam	2020/04/07 14:10:22 [error] 17205#17205: *110790 open() "/srv/automx/instance/cgi-bin/ViewLog.asp" failed (2: No such file or directory), client: 209.159.157.72, server: autoconfig.tuxlinux.eu, request: "POST /cgi-bin/ViewLog.asp HTTP/1.1", host: "127.0.0.1" ...	2020-04-07 20:20:32
182.53.213.132	attackspambots	Unauthorized connection attempt from IP address 182.53.213.132 on Port 445(SMB)	2020-04-07 20:12:28
43.242.74.39	attackspam	Apr 7 04:25:52 Tower sshd[18104]: Connection from 43.242.74.39 port 42144 on 192.168.10.220 port 22 rdomain "" Apr 7 04:25:56 Tower sshd[18104]: Invalid user testftp from 43.242.74.39 port 42144 Apr 7 04:25:56 Tower sshd[18104]: error: Could not get shadow information for NOUSER Apr 7 04:25:56 Tower sshd[18104]: Failed password for invalid user testftp from 43.242.74.39 port 42144 ssh2 Apr 7 04:25:56 Tower sshd[18104]: Received disconnect from 43.242.74.39 port 42144:11: Bye Bye [preauth] Apr 7 04:25:56 Tower sshd[18104]: Disconnected from invalid user testftp 43.242.74.39 port 42144 [preauth]	2020-04-07 20:14:22
80.82.77.33	attack	scans once in preceeding hours on the ports (in chronological order) 4800 resulting in total of 44 scans from 80.82.64.0/20 block.	2020-04-07 20:26:53
113.181.174.235	attackspambots	Unauthorized connection attempt from IP address 113.181.174.235 on Port 445(SMB)	2020-04-07 20:27:42
66.181.169.90	attackbots	Unauthorized connection attempt from IP address 66.181.169.90 on Port 445(SMB)	2020-04-07 20:14:03
200.178.168.101	attackbotsspam	Attempted connection to port 1433.	2020-04-07 20:33:46
122.114.157.7	attackspam	Apr 7 10:31:16 ns382633 sshd\[4840\]: Invalid user node from 122.114.157.7 port 54796 Apr 7 10:31:16 ns382633 sshd\[4840\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.157.7 Apr 7 10:31:18 ns382633 sshd\[4840\]: Failed password for invalid user node from 122.114.157.7 port 54796 ssh2 Apr 7 10:59:01 ns382633 sshd\[12920\]: Invalid user es from 122.114.157.7 port 45360 Apr 7 10:59:01 ns382633 sshd\[12920\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.157.7	2020-04-07 20:40:18
106.12.54.13	attackbotsspam	Apr 7 18:30:48 f sshd\[3557\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.54.13 user=root Apr 7 18:30:50 f sshd\[3557\]: Failed password for root from 106.12.54.13 port 56428 ssh2 Apr 7 18:41:27 f sshd\[3800\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.54.13 ...	2020-04-07 20:40:45
115.87.151.141	attackspam	Fail2Ban Ban Triggered	2020-04-07 20:55:10
113.254.34.5	attackbots	Honeypot attack, port: 5555, PTR: 5-34-254-113-on-nets.com.	2020-04-07 20:55:41
149.56.132.202	attackbots	SSH login attempts.	2020-04-07 20:17:17
159.203.82.101	attack	Apr 6 11:51:03 mail01 postfix/postscreen[16165]: CONNECT from [159.203.82.101]:49289 to [94.130.181.95]:25 Apr 6 11:51:09 mail01 postfix/postscreen[16165]: PASS NEW [159.203.82.101]:49289 Apr 6 11:51:10 mail01 postfix/smtpd[16169]: connect from metallurgymetalworking.com[159.203.82.101] Apr x@x Apr 6 11:51:11 mail01 postfix/smtpd[16169]: disconnect from metallurgymetalworking.com[159.203.82.101] ehlo=2 starttls=1 mail=1 rcpt=0/1 quhostname=1 commands=5/6 Apr 6 11:54:31 mail01 postfix/anvil[16170]: statistics: max connection rate 1/60s for (smtpd:159.203.82.101) at Apr 6 11:51:10 Apr 6 11:54:31 mail01 postfix/anvil[16170]: statistics: max connection count 1 for (smtpd:159.203.82.101) at Apr 6 11:51:10 Apr 6 12:07:35 mail01 postfix/postscreen[16272]: CONNECT from [159.203.82.101]:55923 to [94.130.181.95]:25 Apr 6 12:07:35 mail01 postfix/postscreen[16272]: PASS OLD [159.203.82.101]:55923 Apr 6 12:07:36 mail01 postfix/smtpd[16277]: connect from metallurgymetalwor........ -------------------------------	2020-04-07 20:21:37
175.140.138.193	attackbotsspam	Apr 7 14:46:18 localhost sshd\[23617\]: Invalid user test from 175.140.138.193 Apr 7 14:46:18 localhost sshd\[23617\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.140.138.193 Apr 7 14:46:20 localhost sshd\[23617\]: Failed password for invalid user test from 175.140.138.193 port 26485 ssh2 Apr 7 14:51:30 localhost sshd\[23950\]: Invalid user app from 175.140.138.193 Apr 7 14:51:30 localhost sshd\[23950\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.140.138.193 ...	2020-04-07 20:53:18

最近上报的IP列表

216.104.200.22	213.145.136.20	13.232.61.181	125.212.148.51
16.134.237.78	91.124.80.9	82.114.124.210	178.90.218.29
114.232.110.193	109.166.89.3	110.25.88.123	52.142.55.36
123.125.115.229	179.232.159.158	117.240.182.194	196.43.147.212
195.16.97.243	42.84.77.235	202.21.113.210	36.112.108.195