106.75.99.173 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Shanghai UCloud Information Technology Company Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-04-17 06:22:21

Comments on same subnet:

IP	Type	Details	Datetime
106.75.99.198	attack	4840/tcp 23392/tcp 5530/tcp... [2020-06-22/07-07]108pkt,19pt.(tcp)	2020-07-08 21:18:37
106.75.99.198	attack	Multiple SSH authentication failures from 106.75.99.198	2020-07-01 13:16:25
106.75.99.198	attack	(sshd) Failed SSH login from 106.75.99.198 (CN/China/-): 5 in the last 3600 secs	2020-06-24 12:28:46
106.75.99.198	attack	2020-06-17T14:51:52.333230lavrinenko.info sshd[15120]: Failed password for invalid user postgres from 106.75.99.198 port 59001 ssh2 2020-06-17T14:54:49.214997lavrinenko.info sshd[15403]: Invalid user user from 106.75.99.198 port 38248 2020-06-17T14:54:49.224504lavrinenko.info sshd[15403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.99.198 2020-06-17T14:54:49.214997lavrinenko.info sshd[15403]: Invalid user user from 106.75.99.198 port 38248 2020-06-17T14:54:51.601263lavrinenko.info sshd[15403]: Failed password for invalid user user from 106.75.99.198 port 38248 ssh2 ...	2020-06-17 19:57:47
106.75.99.198	attack	Apr 25 15:34:40 itv-usvr-02 sshd[17951]: Invalid user ronjones from 106.75.99.198 port 31822 Apr 25 15:34:40 itv-usvr-02 sshd[17951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.99.198 Apr 25 15:34:40 itv-usvr-02 sshd[17951]: Invalid user ronjones from 106.75.99.198 port 31822 Apr 25 15:34:42 itv-usvr-02 sshd[17951]: Failed password for invalid user ronjones from 106.75.99.198 port 31822 ssh2 Apr 25 15:39:10 itv-usvr-02 sshd[18156]: Invalid user tom123 from 106.75.99.198 port 31401	2020-04-25 17:11:36
106.75.99.198	attack	Unauthorized connection attempt detected from IP address 106.75.99.198 to port 3382 [T]	2020-04-22 13:22:36
106.75.99.198	attack	SSH Bruteforce attack	2020-04-18 05:06:15

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.75.99.173
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58738
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.75.99.173.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041603 1800 900 604800 86400

;; Query time: 133 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Apr 17 06:22:18 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 173.99.75.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 173.99.75.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.143.12.26	attackbotsspam	Nov 17 21:18:27 serwer sshd\[17485\]: Invalid user biblioteca from 203.143.12.26 port 2519 Nov 17 21:18:27 serwer sshd\[17485\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.143.12.26 Nov 17 21:18:30 serwer sshd\[17485\]: Failed password for invalid user biblioteca from 203.143.12.26 port 2519 ssh2 ...	2019-11-18 05:28:27
79.9.108.59	attack	Nov 17 16:50:51 server sshd\[26584\]: Invalid user 12345 from 79.9.108.59 port 57389 Nov 17 16:50:51 server sshd\[26584\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.9.108.59 Nov 17 16:50:53 server sshd\[26584\]: Failed password for invalid user 12345 from 79.9.108.59 port 57389 ssh2 Nov 17 16:54:47 server sshd\[31464\]: Invalid user santandrea from 79.9.108.59 port 63256 Nov 17 16:54:47 server sshd\[31464\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.9.108.59	2019-11-18 05:46:06
141.98.81.117	attackspam	ET SCAN Potential SSH Scan - port: 22 proto: TCP cat: Attempted Information Leak	2019-11-18 05:53:54
148.70.101.245	attackspambots	Nov 17 14:29:15 marvibiene sshd[4215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.101.245 user=sshd Nov 17 14:29:17 marvibiene sshd[4215]: Failed password for sshd from 148.70.101.245 port 37064 ssh2 Nov 17 14:35:24 marvibiene sshd[4240]: Invalid user apache from 148.70.101.245 port 44706 ...	2019-11-18 05:48:12
187.188.251.219	attack	Nov 17 18:43:42 vmanager6029 sshd\[14172\]: Invalid user pcap from 187.188.251.219 port 56598 Nov 17 18:43:42 vmanager6029 sshd\[14172\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.188.251.219 Nov 17 18:43:44 vmanager6029 sshd\[14172\]: Failed password for invalid user pcap from 187.188.251.219 port 56598 ssh2	2019-11-18 05:51:53
122.14.208.106	attack	Nov 17 18:02:35 nextcloud sshd\[12559\]: Invalid user ftpuser from 122.14.208.106 Nov 17 18:02:35 nextcloud sshd\[12559\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.14.208.106 Nov 17 18:02:37 nextcloud sshd\[12559\]: Failed password for invalid user ftpuser from 122.14.208.106 port 54112 ssh2 ...	2019-11-18 05:50:36
62.234.222.101	attackbots	Nov 17 17:36:23 server sshd\[884\]: Invalid user test from 62.234.222.101 Nov 17 17:36:23 server sshd\[884\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.222.101 Nov 17 17:36:24 server sshd\[884\]: Failed password for invalid user test from 62.234.222.101 port 51414 ssh2 Nov 17 17:56:42 server sshd\[5990\]: Invalid user ubuntu from 62.234.222.101 Nov 17 17:56:42 server sshd\[5990\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.222.101 ...	2019-11-18 05:35:50
64.246.178.34	attack	Automatic report - Banned IP Access	2019-11-18 05:27:56
14.250.45.154	attackbotsspam	port scan and connect, tcp 23 (telnet)	2019-11-18 06:03:05
139.155.33.169	attack	2019-11-17T09:25:00.7456401495-001 sshd\[45380\]: Failed password for invalid user prangley from 139.155.33.169 port 49204 ssh2 2019-11-17T10:28:33.2069521495-001 sshd\[47640\]: Invalid user lehne from 139.155.33.169 port 45926 2019-11-17T10:28:33.2134631495-001 sshd\[47640\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.33.169 2019-11-17T10:28:34.9290741495-001 sshd\[47640\]: Failed password for invalid user lehne from 139.155.33.169 port 45926 ssh2 2019-11-17T10:34:34.7123901495-001 sshd\[47846\]: Invalid user aldinger from 139.155.33.169 port 50774 2019-11-17T10:34:34.7202411495-001 sshd\[47846\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.33.169 ...	2019-11-18 05:33:54
182.1.99.41	attackbotsspam	[Sun Nov 17 21:35:45.131681 2019] [:error] [pid 6329:tid 139864164169472] [client 182.1.99.41:43112] [client 182.1.99.41] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "761"] [id "941101"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker.js?appId=cc4b4b58-d602-4719-be42-28414d733f7f found within REQUEST_HEADERS:Referer: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker.js?appId=cc4b4b58-d602-4719-be42-28414d733f7f"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [tag "paranoia-level/2"] [hostname "karangploso.jatim ...	2019-11-18 05:32:47
182.113.224.14	attackspambots	Telnet/23 MH Probe, BF, Hack -	2019-11-18 05:36:09
114.35.59.240	attackspam	WordPress login Brute force / Web App Attack on client site.	2019-11-18 05:55:55
152.136.34.52	attackbotsspam	Nov 17 17:42:25 jane sshd[19611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.34.52 Nov 17 17:42:28 jane sshd[19611]: Failed password for invalid user kadosh from 152.136.34.52 port 52418 ssh2 ...	2019-11-18 05:55:40
220.181.108.111	attackbotsspam	REQUESTED PAGE: /xmlrpc.php?rsd	2019-11-18 05:51:06

Recently Reported IPs

101.83.252.212	71.117.12.248	156.177.122.82	132.69.207.173
12.236.113.115	208.18.236.82	102.62.246.188	65.188.179.25
90.40.174.125	111.41.130.43	94.217.45.96	128.171.8.126
98.111.173.193	42.84.69.144	118.136.160.219	118.136.160.221
92.23.175.5	108.65.99.215	18.237.137.153	138.220.136.40