49.234.106.97 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	May 14 23:34:32 h2829583 sshd[16299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.97	2020-05-15 07:55:50
attackspambots	SSH_attack	2020-05-11 18:28:27
attackspambots	May 9 04:43:54 server sshd[21031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.97 May 9 04:43:56 server sshd[21031]: Failed password for invalid user test from 49.234.106.97 port 34028 ssh2 May 9 04:47:29 server sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.97 ...	2020-05-10 02:19:21
attackbotsspam	May 9 04:43:54 server sshd[21031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.97 May 9 04:43:56 server sshd[21031]: Failed password for invalid user test from 49.234.106.97 port 34028 ssh2 May 9 04:47:29 server sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.97 ...	2020-05-09 13:23:36

相同子网IP讨论:

IP	类型	评论内容	时间
49.234.106.172	attackbotsspam	Automatic report - SSH Brute-Force Attack	2019-09-05 03:52:40
49.234.106.172	attack	Sep 4 02:07:40 yabzik sshd[31241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.172 Sep 4 02:07:41 yabzik sshd[31241]: Failed password for invalid user bsmith from 49.234.106.172 port 44998 ssh2 Sep 4 02:12:19 yabzik sshd[564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.172	2019-09-04 07:30:30
49.234.106.172	attackbotsspam	Invalid user www from 49.234.106.172 port 59800	2019-08-04 09:18:45
49.234.106.172	attack	[Aegis] @ 2019-07-28 12:18:26 0100 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	2019-07-29 03:17:19
49.234.106.172	attackbotsspam	Jul 27 03:16:06 localhost sshd\[44362\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.172 user=root Jul 27 03:16:08 localhost sshd\[44362\]: Failed password for root from 49.234.106.172 port 41938 ssh2 Jul 27 03:20:40 localhost sshd\[44513\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.172 user=root Jul 27 03:20:42 localhost sshd\[44513\]: Failed password for root from 49.234.106.172 port 56932 ssh2 Jul 27 03:25:11 localhost sshd\[44644\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.106.172 user=root ...	2019-07-27 11:34:30

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.234.106.97
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38933
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.234.106.97.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050900 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 09 13:23:32 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 97.106.234.49.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 97.106.234.49.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
37.252.78.39	attack	Automatic report - Port Scan Attack	2019-07-14 02:23:42
190.230.170.191	attackspambots	TCP port 445 (SMB) attempt blocked by firewall. [2019-07-13 17:11:50]	2019-07-14 02:20:52
222.186.15.110	attackspam	Jul 13 20:07:57 dev0-dcde-rnet sshd[10520]: Failed password for root from 222.186.15.110 port 57870 ssh2 Jul 13 20:08:05 dev0-dcde-rnet sshd[10522]: Failed password for root from 222.186.15.110 port 39738 ssh2	2019-07-14 02:10:36
189.101.129.222	attack	Jul 13 19:10:52 localhost sshd\[10864\]: Invalid user rabbitmq from 189.101.129.222 port 46232 Jul 13 19:10:52 localhost sshd\[10864\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.101.129.222 ...	2019-07-14 02:24:58
104.248.78.42	attack	DATE:2019-07-13 17:12:50, IP:104.248.78.42, PORT:ssh brute force auth on SSH service (patata)	2019-07-14 02:40:14
140.143.151.93	attackspam	2019-07-13T18:18:33.031433abusebot-8.cloudsearch.cf sshd\[3477\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.151.93 user=root	2019-07-14 02:48:19
31.202.101.40	attackspambots	This IP address was blacklisted for the following reason: / @ 2019-07-13T18:28:35+02:00.	2019-07-14 02:46:30
93.122.239.141	attack	Automatic report - Port Scan Attack	2019-07-14 02:53:13
93.175.63.90	attack	Automatic report - Port Scan Attack	2019-07-14 02:29:55
104.248.185.25	attack	" "	2019-07-14 02:26:22
153.36.242.114	attackbotsspam	2019-07-14T00:56:08.044972enmeeting.mahidol.ac.th sshd\[21459\]: User root from 153.36.242.114 not allowed because not listed in AllowUsers 2019-07-14T00:56:08.257509enmeeting.mahidol.ac.th sshd\[21459\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.114 user=root 2019-07-14T00:56:09.947049enmeeting.mahidol.ac.th sshd\[21459\]: Failed password for invalid user root from 153.36.242.114 port 60928 ssh2 ...	2019-07-14 02:14:12
201.233.220.125	attackspambots	Jul 13 20:42:14 localhost sshd\[26092\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.233.220.125 user=root Jul 13 20:42:16 localhost sshd\[26092\]: Failed password for root from 201.233.220.125 port 59550 ssh2 Jul 13 20:48:04 localhost sshd\[26877\]: Invalid user erp from 201.233.220.125 port 33002 Jul 13 20:48:04 localhost sshd\[26877\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.233.220.125	2019-07-14 02:52:07
119.160.118.54	attack	TCP Port: 25 _ invalid blocked dnsbl-sorbs abuseat-org _ _ _ _ (436)	2019-07-14 02:19:00
190.224.215.104	attackbotsspam	Automatic report - Port Scan Attack	2019-07-14 02:56:23
188.165.242.200	attack	Fail2Ban Ban Triggered	2019-07-14 02:34:29

最近上报的IP列表

20.120.4.44	103.145.13.17	103.54.250.163	104.211.54.133
64.188.1.188	92.50.230.55	61.190.70.130	1.173.79.89
22.120.240.88	157.55.87.102	198.100.145.105	34.121.152.202
178.154.200.125	200.96.133.161	223.149.254.44	152.242.89.102
45.248.68.189	45.11.99.161	203.147.81.74	202.63.202.37