City: unknown
Region: unknown
Country: China
Internet Service Provider: Shanghai UCloud Information Technology Company Limited
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackspambots | W 5701,/var/log/auth.log,-,- |
2020-05-05 04:31:50 |
| attackbots | Invalid user postgres from 106.75.90.200 port 44228 |
2020-04-12 16:44:35 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 106.75.90.101 | attackbots | Lines containing failures of 106.75.90.101 Apr 23 17:55:53 kmh-sql-001-nbg01 sshd[31252]: Invalid user ib from 106.75.90.101 port 37244 Apr 23 17:55:53 kmh-sql-001-nbg01 sshd[31252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.90.101 Apr 23 17:55:56 kmh-sql-001-nbg01 sshd[31252]: Failed password for invalid user ib from 106.75.90.101 port 37244 ssh2 Apr 23 17:55:57 kmh-sql-001-nbg01 sshd[31252]: Received disconnect from 106.75.90.101 port 37244:11: Bye Bye [preauth] Apr 23 17:55:57 kmh-sql-001-nbg01 sshd[31252]: Disconnected from invalid user ib 106.75.90.101 port 37244 [preauth] Apr 23 18:14:17 kmh-sql-001-nbg01 sshd[2891]: Invalid user wx from 106.75.90.101 port 52978 Apr 23 18:14:17 kmh-sql-001-nbg01 sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.90.101 Apr 23 18:14:19 kmh-sql-001-nbg01 sshd[2891]: Failed password for invalid user wx from 106.75.90.101 port........ ------------------------------ |
2020-04-24 12:45:39 |
| 106.75.90.101 | attackbotsspam | SSH auth scanning - multiple failed logins |
2020-04-24 05:09:01 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.75.90.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8424
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.75.90.200. IN A
;; AUTHORITY SECTION:
. 488 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020041200 1800 900 604800 86400
;; Query time: 117 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 12 16:44:27 CST 2020
;; MSG SIZE rcvd: 117Host 200.90.75.106.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 200.90.75.106.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 51.254.37.192 | attackspam | Sep 11 07:01:28 ny01 sshd[31617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.37.192 Sep 11 07:01:30 ny01 sshd[31617]: Failed password for invalid user git from 51.254.37.192 port 53586 ssh2 Sep 11 07:07:09 ny01 sshd[32543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.37.192 |
2019-09-11 19:19:45 |
| 45.80.65.76 | attack | Sep 11 06:14:03 plusreed sshd[9498]: Invalid user al3x from 45.80.65.76 ... |
2019-09-11 18:16:37 |
| 114.236.8.101 | attackspambots | Sep 11 09:54:53 mail sshd\[18967\]: Invalid user admin from 114.236.8.101 Sep 11 09:54:53 mail sshd\[18967\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.236.8.101 Sep 11 09:54:55 mail sshd\[18967\]: Failed password for invalid user admin from 114.236.8.101 port 42400 ssh2 ... |
2019-09-11 19:25:07 |
| 192.241.136.237 | attackspam | miraniessen.de 192.241.136.237 \[11/Sep/2019:09:55:58 +0200\] "POST /wp-login.php HTTP/1.1" 200 5972 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" miraniessen.de 192.241.136.237 \[11/Sep/2019:09:55:59 +0200\] "POST /wp-login.php HTTP/1.1" 200 5972 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" |
2019-09-11 18:19:05 |
| 42.104.97.228 | attackspambots | Sep 11 13:07:08 yabzik sshd[32023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.104.97.228 Sep 11 13:07:10 yabzik sshd[32023]: Failed password for invalid user postgres from 42.104.97.228 port 53063 ssh2 Sep 11 13:12:44 yabzik sshd[1791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.104.97.228 |
2019-09-11 18:18:00 |
| 113.134.62.4 | attackspam | 2019-09-11T15:02:12.793103enmeeting.mahidol.ac.th sshd\[28543\]: User root from 113.134.62.4 not allowed because not listed in AllowUsers 2019-09-11T15:02:12.914139enmeeting.mahidol.ac.th sshd\[28543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.134.62.4 user=root 2019-09-11T15:02:14.981220enmeeting.mahidol.ac.th sshd\[28543\]: Failed password for invalid user root from 113.134.62.4 port 47247 ssh2 ... |
2019-09-11 18:24:26 |
| 182.147.243.50 | attack | recursive dns scanner |
2019-09-11 18:52:20 |
| 106.248.19.115 | attack | Sep 11 12:16:51 mail sshd\[8611\]: Invalid user 12345 from 106.248.19.115 port 57556 Sep 11 12:16:51 mail sshd\[8611\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.248.19.115 Sep 11 12:16:53 mail sshd\[8611\]: Failed password for invalid user 12345 from 106.248.19.115 port 57556 ssh2 Sep 11 12:24:16 mail sshd\[9899\]: Invalid user server from 106.248.19.115 port 36226 Sep 11 12:24:16 mail sshd\[9899\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.248.19.115 |
2019-09-11 18:27:17 |
| 92.118.37.74 | attackspambots | Sep 11 11:04:32 mail kernel: [3281482.577939] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24715 PROTO=TCP SPT=46525 DPT=21293 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 11 11:07:10 mail kernel: [3281641.060112] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8774 PROTO=TCP SPT=46525 DPT=17532 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 11 11:07:13 mail kernel: [3281643.777407] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4616 PROTO=TCP SPT=46525 DPT=56923 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 11 11:08:29 mail kernel: [3281720.221090] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=65315 PROTO=TCP SPT=46525 DPT=61292 WINDOW=1024 RES=0x00 SYN UR |
2019-09-11 19:29:43 |
| 51.83.78.109 | attackspambots | Sep 11 11:45:41 SilenceServices sshd[26931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.78.109 Sep 11 11:45:42 SilenceServices sshd[26931]: Failed password for invalid user manager from 51.83.78.109 port 41666 ssh2 Sep 11 11:51:45 SilenceServices sshd[29183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.78.109 |
2019-09-11 18:05:52 |
| 114.7.164.26 | attackspam | Sep 11 01:08:56 sachi sshd\[7785\]: Invalid user smbuser from 114.7.164.26 Sep 11 01:08:56 sachi sshd\[7785\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.7.164.26 Sep 11 01:08:58 sachi sshd\[7785\]: Failed password for invalid user smbuser from 114.7.164.26 port 60180 ssh2 Sep 11 01:18:13 sachi sshd\[8671\]: Invalid user oracle from 114.7.164.26 Sep 11 01:18:13 sachi sshd\[8671\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.7.164.26 |
2019-09-11 19:20:16 |
| 167.71.109.239 | attack | Sep 11 12:58:42 vps691689 sshd[28243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.109.239 Sep 11 12:58:44 vps691689 sshd[28243]: Failed password for invalid user testing from 167.71.109.239 port 46844 ssh2 ... |
2019-09-11 19:05:35 |
| 106.12.11.160 | attack | Sep 11 01:10:30 hiderm sshd\[17484\]: Invalid user ubuntu from 106.12.11.160 Sep 11 01:10:30 hiderm sshd\[17484\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.11.160 Sep 11 01:10:32 hiderm sshd\[17484\]: Failed password for invalid user ubuntu from 106.12.11.160 port 59514 ssh2 Sep 11 01:18:02 hiderm sshd\[18180\]: Invalid user hadoop from 106.12.11.160 Sep 11 01:18:02 hiderm sshd\[18180\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.11.160 |
2019-09-11 19:29:19 |
| 189.78.106.198 | attack | Sep 10 22:31:13 eddieflores sshd\[5514\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.78.106.198 user=mysql Sep 10 22:31:15 eddieflores sshd\[5514\]: Failed password for mysql from 189.78.106.198 port 41842 ssh2 Sep 10 22:38:12 eddieflores sshd\[6149\]: Invalid user postgres from 189.78.106.198 Sep 10 22:38:12 eddieflores sshd\[6149\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.78.106.198 Sep 10 22:38:14 eddieflores sshd\[6149\]: Failed password for invalid user postgres from 189.78.106.198 port 45490 ssh2 |
2019-09-11 17:41:53 |
| 172.81.204.249 | attack | Sep 11 12:04:10 mail sshd\[6290\]: Invalid user pass123 from 172.81.204.249 port 58202 Sep 11 12:04:10 mail sshd\[6290\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.81.204.249 Sep 11 12:04:12 mail sshd\[6290\]: Failed password for invalid user pass123 from 172.81.204.249 port 58202 ssh2 Sep 11 12:09:34 mail sshd\[7268\]: Invalid user 123456 from 172.81.204.249 port 44668 Sep 11 12:09:34 mail sshd\[7268\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.81.204.249 |
2019-09-11 18:25:34 |