5.104.108.4 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): myLoc managed IT AG

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Automated report - ssh fail2ban: Jul 18 21:48:23 Disconnected from authenticating user root 5.104.108.4 port=34383 [preauth] Jul 18 21:49:39 Connection closed by 5.104.108.4 port=35692 [preauth] Jul 18 21:50:41 Connection closed by 5.104.108.4 port=37001 [preauth] Jul 18 21:51:52 Connection closed by 5.104.108.4 port=38309 [preauth]	2020-07-19 04:21:35
attackbots	2019-12-10T17:59:38.447234abusebot-2.cloudsearch.cf sshd\[13813\]: Invalid user vagner from 5.104.108.4 port 45375	2019-12-11 02:08:17

类型

评论内容

时间

attackbots

Automated report - ssh fail2ban:
Jul 18 21:48:23 Disconnected from authenticating user root 5.104.108.4 port=34383 [preauth]
Jul 18 21:49:39 Connection closed by 5.104.108.4 port=35692 [preauth]
Jul 18 21:50:41 Connection closed by 5.104.108.4 port=37001 [preauth]
Jul 18 21:51:52 Connection closed by 5.104.108.4 port=38309 [preauth]

2020-07-19 04:21:35

attackbots

2019-12-10T17:59:38.447234abusebot-2.cloudsearch.cf sshd\[13813\]: Invalid user vagner from 5.104.108.4 port 45375

2019-12-11 02:08:17

相同子网IP讨论:

IP	类型	评论内容	时间
5.104.108.151	attackspambots	Invalid user suresh from 5.104.108.151 port 36344	2020-05-01 16:38:56
5.104.108.18	attack	Unauthorized connection attempt detected from IP address 5.104.108.18 to port 2220 [J]	2020-02-01 15:27:43
5.104.108.132	attackbotsspam	abuse-sasl	2019-07-17 02:05:38

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 5.104.108.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 687
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.104.108.4.			IN	A

;; AUTHORITY SECTION:
.			405	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121001 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Dec 11 02:08:14 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

4.108.104.5.in-addr.arpa domain name pointer ve1039.venus.fastwebserver.de.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
4.108.104.5.in-addr.arpa	name = ve1039.venus.fastwebserver.de.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
103.82.235.10	attack	"POST /FCKeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F HTTP/1.1" 404 "POST /admin_aspcms/_system/AspCms_SiteSetting.asp HTTP/1.1" 404 "POST /plus/90sec.php HTTP/1.1" 404 "POST /utility/convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 404 "POST /utility/convert/data/config.inc.php HTTP/1.1" 404 "POST /uploads/dede/sys_verifies.php?action=down HTTP/1.1" 404 "POST /index.php/api/Uploadify/preview HTTP/1.1" 404 "POST /fdgq.php HTTP/1.1" 404 "POST /xbodk.php HTTP/1.1" 404 "POST /ysyqq.php HTTP/1.1" 404	2019-10-31 01:26:07
213.136.80.245	attack	Oct 30 00:25:03 dax sshd[3047]: Invalid user oracle from 213.136.80.245 Oct 30 00:25:05 dax sshd[3047]: Failed password for invalid user oracle from 213.136.80.245 port 54596 ssh2 Oct 30 00:25:05 dax sshd[3047]: Received disconnect from 213.136.80.245: 11: Bye Bye [preauth] Oct 30 00:30:51 dax sshd[3999]: Failed password for r.r from 213.136.80.245 port 56754 ssh2 Oct 30 00:30:51 dax sshd[3999]: Received disconnect from 213.136.80.245: 11: Bye Bye [preauth] Oct 30 00:34:18 dax sshd[4372]: Failed password for r.r from 213.136.80.245 port 40510 ssh2 Oct 30 00:34:18 dax sshd[4372]: Received disconnect from 213.136.80.245: 11: Bye Bye [preauth] Oct 30 00:37:39 dax sshd[4997]: Invalid user vision from 213.136.80.245 Oct 30 00:37:41 dax sshd[4997]: Failed password for invalid user vision from 213.136.80.245 port 52492 ssh2 Oct 30 00:37:41 dax sshd[4997]: Received disconnect from 213.136.80.245: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=	2019-10-31 01:46:23
218.92.0.193	attackspam	Oct 30 11:29:55 TORMINT sshd\[24810\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.193 user=root Oct 30 11:29:57 TORMINT sshd\[24810\]: Failed password for root from 218.92.0.193 port 35916 ssh2 Oct 30 11:30:14 TORMINT sshd\[24819\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.193 user=root ...	2019-10-31 01:45:57
201.238.239.151	attackspambots	Oct 30 13:52:05 ns381471 sshd[12486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.238.239.151 Oct 30 13:52:07 ns381471 sshd[12486]: Failed password for invalid user q1w2e3r4t from 201.238.239.151 port 44086 ssh2	2019-10-31 01:40:25
50.35.30.243	attack	SSHAttack	2019-10-31 01:44:02
119.165.3.67	attack	scan z	2019-10-31 01:28:03
72.176.195.115	attackbotsspam	Automatic report - Banned IP Access	2019-10-31 01:20:31
139.59.46.243	attack	Oct 30 06:56:08 eddieflores sshd\[32533\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.46.243 user=root Oct 30 06:56:10 eddieflores sshd\[32533\]: Failed password for root from 139.59.46.243 port 53218 ssh2 Oct 30 07:00:35 eddieflores sshd\[422\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.46.243 user=root Oct 30 07:00:37 eddieflores sshd\[422\]: Failed password for root from 139.59.46.243 port 35958 ssh2 Oct 30 07:05:13 eddieflores sshd\[857\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.46.243 user=root	2019-10-31 01:18:51
34.92.243.251	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/34.92.243.251/ US - 1H : (237) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : US NAME ASN : ASN15169 IP : 34.92.243.251 CIDR : 34.92.0.0/14 PREFIX COUNT : 602 UNIQUE IP COUNT : 8951808 ATTACKS DETECTED ASN15169 : 1H - 1 3H - 3 6H - 3 12H - 3 24H - 57 DateTime : 2019-10-30 14:28:27 INFO : Port SSH 22 Scan Detected and Blocked by ADMIN - data recovery	2019-10-31 01:52:55
121.237.167.157	attack	Oct 29 17:07:52 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 57512 ssh2 (target: 158.69.100.143:22, password: r.r) Oct 29 17:07:52 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 58466 ssh2 (target: 158.69.100.154:22, password: r.r) Oct 29 17:07:52 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 37386 ssh2 (target: 158.69.100.153:22, password: r.r) Oct 29 17:07:53 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 48416 ssh2 (target: 158.69.100.140:22, password: r.r) Oct 29 17:07:53 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 50164 ssh2 (target: 158.69.100.157:22, password: r.r) Oct 29 17:07:53 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121.237.167.157 port 39202 ssh2 (target: 158.69.100.155:22, password: r.r) Oct 29 17:07:53 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 121........ ------------------------------	2019-10-31 01:27:38
80.178.115.146	attackbots	Oct 30 15:31:33 vmanager6029 sshd\[19066\]: Invalid user git from 80.178.115.146 port 50783 Oct 30 15:31:33 vmanager6029 sshd\[19066\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.178.115.146 Oct 30 15:31:35 vmanager6029 sshd\[19066\]: Failed password for invalid user git from 80.178.115.146 port 50783 ssh2	2019-10-31 01:34:58
117.135.131.123	attackspambots	Oct 30 18:43:14 gw1 sshd[22966]: Failed password for root from 117.135.131.123 port 50124 ssh2 ...	2019-10-31 01:12:15
163.172.207.104	attack	\[2019-10-30 13:38:17\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-30T13:38:17.607-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011972595725636",SessionID="0x7fdf2cc7a718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/59163",ACLName="no_extension_match" \[2019-10-30 13:41:12\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-30T13:41:12.208-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011972592277524",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/51736",ACLName="no_extension_match" \[2019-10-30 13:45:11\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-30T13:45:11.474-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0011972592277524",SessionID="0x7fdf2cc7a718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/58040",ACLName	2019-10-31 01:51:35
159.203.117.137	attackspam	159.203.117.137 - - [30/Oct/2019:16:34:28 +0400] "POST /GponForm/diag_Form?style/ HTTP/1.1" 502 157 "-" "curl/7.3.2" ...	2019-10-31 01:17:24
149.202.75.205	attack	Automatic report - Banned IP Access	2019-10-31 01:43:40

最近上报的IP列表

65.111.78.232	162.58.23.126	130.84.31.249	160.166.7.133
19.106.211.37	179.66.13.48	39.75.47.56	107.199.124.207
31.69.186.48	41.55.187.65	230.17.153.135	171.109.120.211
116.239.106.193	89.97.0.61	177.214.1.40	106.75.76.139
223.111.150.115	61.118.238.68	111.68.98.152	126.9.86.143