106.12.90.50 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Beijing Baidu Netcom Science and Technology Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Search Engine Spider

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Feb 17 20:12:47 firewall sshd[24433]: Invalid user jboss from 106.12.90.50 Feb 17 20:12:49 firewall sshd[24433]: Failed password for invalid user jboss from 106.12.90.50 port 38642 ssh2 Feb 17 20:15:33 firewall sshd[24554]: Invalid user megha from 106.12.90.50 ...	2020-02-18 08:03:29
attack	Jan 20 13:22:17 kmh-sql-001-nbg01 sshd[19252]: Invalid user pracownik from 106.12.90.50 port 56468 Jan 20 13:22:17 kmh-sql-001-nbg01 sshd[19252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.50 Jan 20 13:22:18 kmh-sql-001-nbg01 sshd[19252]: Failed password for invalid user pracownik from 106.12.90.50 port 56468 ssh2 Jan 20 13:22:19 kmh-sql-001-nbg01 sshd[19252]: Received disconnect from 106.12.90.50 port 56468:11: Bye Bye [preauth] Jan 20 13:22:19 kmh-sql-001-nbg01 sshd[19252]: Disconnected from 106.12.90.50 port 56468 [preauth] Jan 20 13:44:58 kmh-sql-001-nbg01 sshd[22113]: Connection closed by 106.12.90.50 port 51898 [preauth] Jan 20 13:50:04 kmh-sql-001-nbg01 sshd[22726]: Invalid user vboxadmin from 106.12.90.50 port 46624 Jan 20 13:50:04 kmh-sql-001-nbg01 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.50 Jan 20 13:50:05 kmh-sql-001-nbg01 sshd[22726]: ........ -------------------------------	2020-01-20 22:44:05

Type

Details

Datetime

attack

Feb 17 20:12:47 firewall sshd[24433]: Invalid user jboss from 106.12.90.50
Feb 17 20:12:49 firewall sshd[24433]: Failed password for invalid user jboss from 106.12.90.50 port 38642 ssh2
Feb 17 20:15:33 firewall sshd[24554]: Invalid user megha from 106.12.90.50
...

2020-02-18 08:03:29

attack

Jan 20 13:22:17 kmh-sql-001-nbg01 sshd[19252]: Invalid user pracownik from 106.12.90.50 port 56468
Jan 20 13:22:17 kmh-sql-001-nbg01 sshd[19252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.50
Jan 20 13:22:18 kmh-sql-001-nbg01 sshd[19252]: Failed password for invalid user pracownik from 106.12.90.50 port 56468 ssh2
Jan 20 13:22:19 kmh-sql-001-nbg01 sshd[19252]: Received disconnect from 106.12.90.50 port 56468:11: Bye Bye [preauth]
Jan 20 13:22:19 kmh-sql-001-nbg01 sshd[19252]: Disconnected from 106.12.90.50 port 56468 [preauth]
Jan 20 13:44:58 kmh-sql-001-nbg01 sshd[22113]: Connection closed by 106.12.90.50 port 51898 [preauth]
Jan 20 13:50:04 kmh-sql-001-nbg01 sshd[22726]: Invalid user vboxadmin from 106.12.90.50 port 46624
Jan 20 13:50:04 kmh-sql-001-nbg01 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.50
Jan 20 13:50:05 kmh-sql-001-nbg01 sshd[22726]: ........
-------------------------------

2020-01-20 22:44:05

Comments on same subnet:

IP	Type	Details	Datetime
106.12.90.45	attack	Oct 13 18:22:00 DAAP sshd[5899]: Invalid user weblogic from 106.12.90.45 port 43088 Oct 13 18:22:00 DAAP sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 Oct 13 18:22:00 DAAP sshd[5899]: Invalid user weblogic from 106.12.90.45 port 43088 Oct 13 18:22:02 DAAP sshd[5899]: Failed password for invalid user weblogic from 106.12.90.45 port 43088 ssh2 Oct 13 18:26:47 DAAP sshd[6160]: Invalid user xerox from 106.12.90.45 port 38756 ...	2020-10-14 04:20:26
106.12.90.45	attack	Invalid user laura from 106.12.90.45 port 49220	2020-10-13 19:45:37
106.12.90.29	attackspambots	(sshd) Failed SSH login from 106.12.90.29 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 4 15:08:28 elude sshd[9968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root Oct 4 15:08:29 elude sshd[9968]: Failed password for root from 106.12.90.29 port 36086 ssh2 Oct 4 15:21:34 elude sshd[12010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root Oct 4 15:21:36 elude sshd[12010]: Failed password for root from 106.12.90.29 port 35472 ssh2 Oct 4 15:26:07 elude sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root	2020-10-05 01:03:10
106.12.90.29	attack	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "train1" at 2020-10-04T05:07:45Z	2020-10-04 16:45:16
106.12.90.45	attackbotsspam	Sep 27 18:03:54 hidden sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 Sep 27 18:03:56 hidden sshd[25858]: Failed password for invalid user aaa from 106.12.90.45 port 33534 ssh2 Sep 27 18:05:12 hidden sshd[26077]: Invalid user ceph from 106.12.90.45 port 41844	2020-09-30 04:42:06
106.12.90.45	attackbots	SSH Brute-Force reported by Fail2Ban	2020-09-29 20:50:56
106.12.90.45	attackbots	SSH Brute-Force reported by Fail2Ban	2020-09-29 13:01:23
106.12.90.45	attackbotsspam	$f2bV_matches	2020-09-20 01:26:08
106.12.90.45	attackspam	Sep 18 19:57:19 localhost sshd[2384091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 Sep 18 19:57:19 localhost sshd[2384091]: Invalid user alex from 106.12.90.45 port 57436 Sep 18 19:57:21 localhost sshd[2384091]: Failed password for invalid user alex from 106.12.90.45 port 57436 ssh2 Sep 18 20:01:41 localhost sshd[2393309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 user=root Sep 18 20:01:43 localhost sshd[2393309]: Failed password for root from 106.12.90.45 port 35296 ssh2 ...	2020-09-19 17:14:53
106.12.90.29	attackbotsspam	Invalid user raul from 106.12.90.29 port 35692	2020-08-25 14:32:17
106.12.90.45	attackbotsspam	2020-08-20T17:15:30.5916871495-001 sshd[64753]: Invalid user mcserver from 106.12.90.45 port 55932 2020-08-20T17:15:30.5955961495-001 sshd[64753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 2020-08-20T17:15:30.5916871495-001 sshd[64753]: Invalid user mcserver from 106.12.90.45 port 55932 2020-08-20T17:15:32.4010331495-001 sshd[64753]: Failed password for invalid user mcserver from 106.12.90.45 port 55932 ssh2 2020-08-20T17:19:11.7010831495-001 sshd[64974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.45 user=root 2020-08-20T17:19:13.5116091495-001 sshd[64974]: Failed password for root from 106.12.90.45 port 51146 ssh2 ...	2020-08-21 06:40:46
106.12.90.29	attackspambots	Fail2Ban	2020-08-15 05:48:01
106.12.90.29	attackbots	Aug 13 00:05:52 ns382633 sshd\[29530\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root Aug 13 00:05:54 ns382633 sshd\[29530\]: Failed password for root from 106.12.90.29 port 55610 ssh2 Aug 13 00:18:11 ns382633 sshd\[31832\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root Aug 13 00:18:13 ns382633 sshd\[31832\]: Failed password for root from 106.12.90.29 port 53290 ssh2 Aug 13 00:22:04 ns382633 sshd\[32558\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.90.29 user=root	2020-08-13 07:40:13
106.12.90.63	attack	Aug 5 22:36:17 ip106 sshd[3900]: Failed password for root from 106.12.90.63 port 39598 ssh2 ...	2020-08-06 08:01:02
106.12.90.29	attackspambots	Failed password for root from 106.12.90.29 port 45534 ssh2	2020-08-04 19:30:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.90.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48191
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.90.50.			IN	A

;; AUTHORITY SECTION:
.			579	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020012000 1800 900 604800 86400

;; Query time: 159 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jan 20 22:43:58 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 50.90.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 50.90.12.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
2.58.12.31	attackbotsspam	Registration form abuse	2020-08-18 06:53:49
172.81.251.60	attackspam	Aug 17 15:26:04 s158375 sshd[30373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.81.251.60	2020-08-18 06:40:16
178.121.67.47	attackspambots	178.121.67.47 - - \[17/Aug/2020:23:25:55 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 $Windows NT 6.1\; Win64\; x64$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/59.0.3071.109 Safari/537.36" "-" 178.121.67.47 - - \[17/Aug/2020:23:25:59 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 $Windows NT 6.1\; Win64\; x64$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/59.0.3071.109 Safari/537.36" "-" ...	2020-08-18 06:44:06
64.225.67.104	attack	Unauthorized connection attempt detected from IP address 64.225.67.104 to port 53 [T]	2020-08-18 06:47:55
103.39.30.248	attack	Aug 17 22:07:34 mxgate1 postfix/postscreen[26787]: CONNECT from [103.39.30.248]:26798 to [176.31.12.44]:25 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26806]: addr 103.39.30.248 listed by domain zen.spamhaus.org as 127.0.0.11 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26806]: addr 103.39.30.248 listed by domain zen.spamhaus.org as 127.0.0.4 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26806]: addr 103.39.30.248 listed by domain zen.spamhaus.org as 127.0.0.3 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26804]: addr 103.39.30.248 listed by domain cbl.abuseat.org as 127.0.0.2 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26808]: addr 103.39.30.248 listed by domain bl.spamcop.net as 127.0.0.2 Aug 17 22:07:34 mxgate1 postfix/dnsblog[26807]: addr 103.39.30.248 listed by domain b.barracudacentral.org as 127.0.0.2 Aug 17 22:07:40 mxgate1 postfix/postscreen[26787]: DNSBL rank 5 for [103.39.30.248]:26798 Aug x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=103.39.30.248	2020-08-18 06:36:20
106.54.11.39	attackspam	Aug1722:45:30server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:44:58server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1723:25:51server4pure-ftpd:$\?@106.54.11.39$[WARNING]Authenticationfailedforuser[user]Aug1722:45:16server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:09server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:40server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:45server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:25server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:04server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:20server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]Aug1722:45:35server4pure-ftpd:$\?@103.226.250.79$[WARNING]Authenticationfailedforuser[user]IPA	2020-08-18 06:59:11
49.234.70.189	attackspam	SSH Invalid Login	2020-08-18 06:50:16
106.55.13.61	attack	SSH Invalid Login	2020-08-18 06:35:48
123.126.106.88	attackspam	2020-08-18T00:00:59.487137ks3355764 sshd[1966]: Failed password for root from 123.126.106.88 port 41792 ssh2 2020-08-18T00:04:57.231163ks3355764 sshd[1993]: Invalid user egor from 123.126.106.88 port 44976 ...	2020-08-18 07:02:31
185.220.102.252	attackspambots	Aug 18 00:56:26 santamaria sshd\[4186\]: Invalid user admin from 185.220.102.252 Aug 18 00:56:27 santamaria sshd\[4186\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.252 Aug 18 00:56:29 santamaria sshd\[4186\]: Failed password for invalid user admin from 185.220.102.252 port 27442 ssh2 ...	2020-08-18 06:56:53
89.19.67.17	spambotsattackproxynormal	89.19.67.17 do anything u want to that	2020-08-18 06:38:30
37.59.224.39	attackspam	Aug 17 17:44:58 Tower sshd[26334]: Connection from 37.59.224.39 port 54873 on 192.168.10.220 port 22 rdomain "" Aug 17 17:44:59 Tower sshd[26334]: Invalid user admin from 37.59.224.39 port 54873 Aug 17 17:44:59 Tower sshd[26334]: error: Could not get shadow information for NOUSER Aug 17 17:44:59 Tower sshd[26334]: Failed password for invalid user admin from 37.59.224.39 port 54873 ssh2 Aug 17 17:44:59 Tower sshd[26334]: Received disconnect from 37.59.224.39 port 54873:11: Bye Bye [preauth] Aug 17 17:44:59 Tower sshd[26334]: Disconnected from invalid user admin 37.59.224.39 port 54873 [preauth]	2020-08-18 07:03:55
94.176.189.133	attackspam	SpamScore above: 10.0	2020-08-18 07:04:56
112.238.160.39	attack	TCP (SYN) 112.238.160.39:46561 -> port 8080, len 40	2020-08-18 06:49:26
62.234.153.213	attack	Aug 18 00:04:23 pkdns2 sshd\[48749\]: Invalid user lyq from 62.234.153.213Aug 18 00:04:25 pkdns2 sshd\[48749\]: Failed password for invalid user lyq from 62.234.153.213 port 55540 ssh2Aug 18 00:07:14 pkdns2 sshd\[48919\]: Invalid user sysadmin from 62.234.153.213Aug 18 00:07:16 pkdns2 sshd\[48919\]: Failed password for invalid user sysadmin from 62.234.153.213 port 58566 ssh2Aug 18 00:10:05 pkdns2 sshd\[49062\]: Invalid user lsfadmin from 62.234.153.213Aug 18 00:10:07 pkdns2 sshd\[49062\]: Failed password for invalid user lsfadmin from 62.234.153.213 port 33370 ssh2 ...	2020-08-18 06:44:48

Recently Reported IPs

121.123.86.65	120.41.187.150	118.172.48.27	116.208.214.152
205.180.144.27	120.236.53.196	101.68.202.22	92.245.116.59
58.187.172.142	43.192.187.18	46.191.138.59	42.119.181.41
42.118.73.23	42.117.20.137	42.113.229.156	34.84.171.34
1.54.180.254	1.54.134.144	1.20.179.87	223.206.39.189