106.12.144.57 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Beijing Baidu Netcom Science and Technology Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Search Engine Spider

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Fail2Ban Ban Triggered	2020-09-15 20:58:12
attackspambots	$f2bV_matches	2020-09-15 12:56:58
attackspambots	$f2bV_matches	2020-09-15 05:07:16

Comments on same subnet:

IP	Type	Details	Datetime
106.12.144.219	attack	Aug 16 05:49:50 db sshd[20752]: User root from 106.12.144.219 not allowed because none of user's groups are listed in AllowGroups ...	2020-08-16 17:39:46
106.12.144.219	attack	frenzy	2020-08-15 16:29:10
106.12.144.219	attackspam	Aug 14 22:37:05 * sshd[4886]: Failed password for root from 106.12.144.219 port 55166 ssh2	2020-08-15 04:51:31
106.12.144.219	attack	B: Abusive ssh attack	2020-08-08 18:49:29
106.12.144.219	attackspambots	Jul 23 22:05:48 rocket sshd[17881]: Failed password for mysql from 106.12.144.219 port 56770 ssh2 Jul 23 22:15:14 rocket sshd[19345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.219 ...	2020-07-24 05:49:25
106.12.144.249	attackspambots	SSH Attack	2020-06-30 23:33:44
106.12.144.249	attack	Jun 27 22:42:51 gestao sshd[25134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 Jun 27 22:42:53 gestao sshd[25134]: Failed password for invalid user songlin from 106.12.144.249 port 57120 ssh2 Jun 27 22:45:58 gestao sshd[25203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 ...	2020-06-28 08:13:07
106.12.144.219	attackbots	Invalid user liwen from 106.12.144.219 port 37978	2020-06-25 17:56:49
106.12.144.219	attackspam	Jun 20 09:01:11 ns382633 sshd\[27390\]: Invalid user tst from 106.12.144.219 port 43414 Jun 20 09:01:11 ns382633 sshd\[27390\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.219 Jun 20 09:01:13 ns382633 sshd\[27390\]: Failed password for invalid user tst from 106.12.144.219 port 43414 ssh2 Jun 20 09:07:58 ns382633 sshd\[28418\]: Invalid user scanner from 106.12.144.219 port 36700 Jun 20 09:07:58 ns382633 sshd\[28418\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.219	2020-06-20 17:18:02
106.12.144.249	attack	Jun 18 14:57:37 localhost sshd\[23571\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 user=root Jun 18 14:57:39 localhost sshd\[23571\]: Failed password for root from 106.12.144.249 port 33032 ssh2 Jun 18 15:01:25 localhost sshd\[23822\]: Invalid user sonny from 106.12.144.249 Jun 18 15:01:25 localhost sshd\[23822\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 Jun 18 15:01:27 localhost sshd\[23822\]: Failed password for invalid user sonny from 106.12.144.249 port 51140 ssh2 ...	2020-06-18 21:23:30
106.12.144.249	attackbots	Jun 14 15:13:05 eventyay sshd[15380]: Failed password for root from 106.12.144.249 port 36146 ssh2 Jun 14 15:16:47 eventyay sshd[15558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 Jun 14 15:16:49 eventyay sshd[15558]: Failed password for invalid user sarwar from 106.12.144.249 port 57488 ssh2 ...	2020-06-14 23:19:14
106.12.144.219	attackbotsspam	Jun 11 16:00:42 vpn01 sshd[12400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.219 Jun 11 16:00:44 vpn01 sshd[12400]: Failed password for invalid user msek4 from 106.12.144.219 port 44090 ssh2 ...	2020-06-12 03:51:06
106.12.144.249	attack	2020-06-07T05:44:47.972447amanda2.illicoweb.com sshd\[47624\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 user=root 2020-06-07T05:44:50.147405amanda2.illicoweb.com sshd\[47624\]: Failed password for root from 106.12.144.249 port 36136 ssh2 2020-06-07T05:47:07.836171amanda2.illicoweb.com sshd\[47970\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 user=root 2020-06-07T05:47:09.564438amanda2.illicoweb.com sshd\[47970\]: Failed password for root from 106.12.144.249 port 38030 ssh2 2020-06-07T05:49:09.685554amanda2.illicoweb.com sshd\[48064\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.144.249 user=root ...	2020-06-07 18:08:22
106.12.144.249	attack	$f2bV_matches	2020-06-06 19:28:47
106.12.144.249	attack	2020-06-01 05:02:00 server sshd[96901]: Failed password for invalid user root from 106.12.144.249 port 33836 ssh2	2020-06-02 00:40:12

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.144.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58964
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.144.57.			IN	A

;; AUTHORITY SECTION:
.			588	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091402 1800 900 604800 86400

;; Query time: 73 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 15 05:07:13 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 57.144.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.144.12.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.147.215.13	attackspam	[2020-03-20 16:23:12] NOTICE[1148] chan_sip.c: Registration from '' failed for '185.147.215.13:53017' - Wrong password [2020-03-20 16:23:12] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-20T16:23:12.242-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="224",SessionID="0x7fd82c530768",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.13/53017",Challenge="65d21db1",ReceivedChallenge="65d21db1",ReceivedHash="d296fd1dbe99c5b8276fed680f751d52" [2020-03-20 16:33:02] NOTICE[1148] chan_sip.c: Registration from '' failed for '185.147.215.13:52926' - Wrong password [2020-03-20 16:33:02] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-20T16:33:02.620-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="70",SessionID="0x7fd82c40aa58",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.13/5 ...	2020-03-21 05:34:28
183.109.79.253	attack	Mar 20 22:27:21 icinga sshd[49680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.109.79.253 Mar 20 22:27:22 icinga sshd[49680]: Failed password for invalid user karla from 183.109.79.253 port 62586 ssh2 Mar 20 22:38:59 icinga sshd[62081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.109.79.253 ...	2020-03-21 05:43:56
119.29.252.252	attack	Mar 20 16:52:25 hosting180 sshd[7373]: Invalid user ou from 119.29.252.252 port 41362 ...	2020-03-21 05:33:37
185.79.115.147	attack	185.79.115.147 - - [20/Mar/2020:21:46:15 +0100] "GET /wp-login.php HTTP/1.1" 200 6136 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.79.115.147 - - [20/Mar/2020:21:46:17 +0100] "POST /wp-login.php HTTP/1.1" 200 7014 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.79.115.147 - - [20/Mar/2020:21:46:18 +0100] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-21 05:44:38
192.241.233.246	attackspambots	TCP port 3306: Scan and connection	2020-03-21 05:50:55
86.47.220.193	attackbots	Attempted connection to port 22.	2020-03-21 05:32:10
92.63.111.139	attackspambots	scan r	2020-03-21 05:43:34
176.31.255.223	attackbots	Invalid user vboxuser from 176.31.255.223 port 47702	2020-03-21 05:58:03
89.186.108.69	attackbots	Automatic report - Port Scan Attack	2020-03-21 05:51:48
173.211.31.234	attackspam	(From aundreawoodworth@imail.party) Hello, I have not received an update regarding measures you're taking to combat COVID-19. I hope you'll assure us that you are following all recently released guidelines and taking every precaution to protect our community? I'm very concerned that countless young people are not taking COVID-19 seriously (ex. the Spring Break beaches are still packed). I think the only way to combat this 'whatever attitude' is by sharing as much information as possible. I hope you will add an alert banner with a link to the CDC's coronavirus page (https://www.cdc.gov/coronavirus/2019-ncov/index.html) or the WHO's page. More importantly, please consider copy & pasting this Creative Commons 4.0 (free to re-publish) article to your site (http://coronaviruspost.info). Without strict measures and an educated community, the number of cases will increase exponentially throughout the global population! Stay safe, Aundrea	2020-03-21 05:30:53
5.239.244.252	attack	Mar 20 17:39:09 firewall sshd[18325]: Invalid user aj from 5.239.244.252 Mar 20 17:39:11 firewall sshd[18325]: Failed password for invalid user aj from 5.239.244.252 port 33506 ssh2 Mar 20 17:46:17 firewall sshd[18905]: Invalid user casidhe from 5.239.244.252 ...	2020-03-21 05:46:46
159.89.172.133	attack	Invalid user wp from 159.89.172.133 port 46158	2020-03-21 05:35:17
62.171.157.22	attackspam	Mar 20 18:29:35 nginx sshd[81929]: Invalid user hadoop3 from 62.171.157.22 Mar 20 18:29:35 nginx sshd[81929]: Received disconnect from 62.171.157.22 port 49450:11: Normal Shutdown, Thank you for playing [preauth]	2020-03-21 05:54:43
138.197.136.72	attackspam	138.197.136.72 - - \[20/Mar/2020:20:58:19 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.197.136.72 - - \[20/Mar/2020:20:58:21 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.197.136.72 - - \[20/Mar/2020:20:58:22 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 802 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-21 05:25:05
45.237.181.213	attack	1584709442 - 03/20/2020 14:04:02 Host: 45.237.181.213/45.237.181.213 Port: 445 TCP Blocked	2020-03-21 05:22:33

Recently Reported IPs

54.248.31.8	2.211.59.135	136.27.61.210	177.117.119.113
178.249.119.82	56.46.33.239	142.227.232.66	125.153.187.148
26.21.86.30	132.247.201.200	20.166.146.191	60.245.102.202
142.196.2.147	53.18.118.103	122.129.141.64	138.255.168.242
135.177.40.171	104.201.141.31	164.171.128.227	137.66.86.197