1.56.207.131 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): China Unicom Heilongjiang Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Sep 2 15:43:34 eventyay sshd[2863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131 Sep 2 15:43:36 eventyay sshd[2863]: Failed password for invalid user www from 1.56.207.131 port 28113 ssh2 Sep 2 15:48:57 eventyay sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131 ...	2019-09-02 21:59:50
attackspam	Sep 1 16:03:11 yabzik sshd[17587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131 Sep 1 16:03:13 yabzik sshd[17587]: Failed password for invalid user user from 1.56.207.131 port 5407 ssh2 Sep 1 16:07:50 yabzik sshd[19352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131	2019-09-01 22:14:04
attackbotsspam	Aug 29 05:51:01 www5 sshd\[17938\]: Invalid user kai from 1.56.207.131 Aug 29 05:51:01 www5 sshd\[17938\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131 Aug 29 05:51:03 www5 sshd\[17938\]: Failed password for invalid user kai from 1.56.207.131 port 56049 ssh2 ...	2019-08-29 11:31:35
attack	Aug 27 03:04:51 SilenceServices sshd[20392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131 Aug 27 03:04:53 SilenceServices sshd[20392]: Failed password for invalid user test1 from 1.56.207.131 port 50891 ssh2 Aug 27 03:08:25 SilenceServices sshd[21787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.131	2019-08-27 09:21:39

相同子网IP讨论:

IP	类型	评论内容	时间
1.56.207.130	attack	SSH Brute Force	2020-10-14 06:04:23
1.56.207.130	attack	1.56.207.130 (CN/China/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 18 13:32:06 server sshd[29062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Sep 18 13:32:08 server sshd[29062]: Failed password for root from 1.56.207.130 port 56826 ssh2 Sep 18 13:35:07 server sshd[29603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.32.22 user=root Sep 18 13:36:10 server sshd[29787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.215.3 user=root Sep 18 13:35:09 server sshd[29603]: Failed password for root from 139.199.32.22 port 56352 ssh2 Sep 18 13:32:36 server sshd[29202]: Failed password for root from 62.148.142.202 port 48876 ssh2 IP Addresses Blocked:	2020-09-18 19:47:49
1.56.207.130	attackbotsspam	Sep 18 01:54:31 db sshd[27499]: User root from 1.56.207.130 not allowed because none of user's groups are listed in AllowGroups ...	2020-09-18 12:05:19
1.56.207.130	attackbots	Sep 17 16:57:02 localhost sshd\[21356\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Sep 17 16:57:04 localhost sshd\[21356\]: Failed password for root from 1.56.207.130 port 42405 ssh2 Sep 17 17:02:32 localhost sshd\[21500\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root ...	2020-09-18 02:18:33
1.56.207.130	attack	Aug 30 07:37:26 abendstille sshd\[30264\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 30 07:37:28 abendstille sshd\[30264\]: Failed password for root from 1.56.207.130 port 30383 ssh2 Aug 30 07:39:54 abendstille sshd\[400\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 30 07:39:57 abendstille sshd\[400\]: Failed password for root from 1.56.207.130 port 45500 ssh2 Aug 30 07:42:16 abendstille sshd\[2785\]: Invalid user zhongzheng from 1.56.207.130 Aug 30 07:42:16 abendstille sshd\[2785\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 ...	2020-08-30 15:18:35
1.56.207.130	attackbots	reported through recidive - multiple failed attempts(SSH)	2020-08-28 01:42:12
1.56.207.130	attackspam	Aug 3 10:49:30 plg sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 3 10:49:33 plg sshd[30692]: Failed password for invalid user root from 1.56.207.130 port 26890 ssh2 Aug 3 10:51:57 plg sshd[30745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 3 10:51:58 plg sshd[30745]: Failed password for invalid user root from 1.56.207.130 port 42416 ssh2 Aug 3 10:54:27 plg sshd[30796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 3 10:54:29 plg sshd[30796]: Failed password for invalid user root from 1.56.207.130 port 58015 ssh2 ...	2020-08-03 17:40:27
1.56.207.130	attackspam	Aug 2 14:54:02 dhoomketu sshd[2101047]: Failed password for root from 1.56.207.130 port 28512 ssh2 Aug 2 14:56:05 dhoomketu sshd[2101079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 2 14:56:07 dhoomketu sshd[2101079]: Failed password for root from 1.56.207.130 port 42122 ssh2 Aug 2 14:58:12 dhoomketu sshd[2101122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 user=root Aug 2 14:58:15 dhoomketu sshd[2101122]: Failed password for root from 1.56.207.130 port 55728 ssh2 ...	2020-08-02 17:37:04
1.56.207.130	attack	Jul 23 20:22:26 roki sshd[6478]: Invalid user demo from 1.56.207.130 Jul 23 20:22:26 roki sshd[6478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 Jul 23 20:22:29 roki sshd[6478]: Failed password for invalid user demo from 1.56.207.130 port 51970 ssh2 Jul 23 20:29:51 roki sshd[6983]: Invalid user jewel from 1.56.207.130 Jul 23 20:29:51 roki sshd[6983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.56.207.130 ...	2020-07-24 02:45:27
1.56.207.130	attackspam	" "	2020-07-19 21:43:57
1.56.207.130	attackbotsspam	Jun 23 19:32:11 debian-2gb-nbg1-2 kernel: \[15192200.745327\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=1.56.207.130 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=10274 PROTO=TCP SPT=35096 DPT=29814 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-24 04:24:15
1.56.207.130	attackbotsspam	TCP (SYN) 1.56.207.130:58719 -> port 614, len 44	2020-06-22 19:08:13
1.56.207.130	attack	SSH login attempts.	2020-06-17 19:05:34
1.56.207.130	attack	Invalid user oracle from 1.56.207.130 port 64216	2020-04-17 03:13:42
1.56.207.130	attackspam	Mar 30 17:06:04 server sshd[54783]: Failed password for root from 1.56.207.130 port 35181 ssh2 Mar 30 17:17:34 server sshd[57816]: Failed password for root from 1.56.207.130 port 13352 ssh2 Mar 30 17:21:31 server sshd[59268]: Failed password for root from 1.56.207.130 port 35102 ssh2	2020-03-31 05:48:39

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.56.207.131
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5771
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.56.207.131.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082601 1800 900 604800 86400

;; Query time: 240 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Aug 27 09:21:32 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

Host 131.207.56.1.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 131.207.56.1.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
107.170.237.129	attack	Portscan or hack attempt detected by psad/fwsnort	2019-07-22 18:47:38
104.236.175.127	attack	$f2bV_matches	2019-07-22 19:00:16
125.161.6.122	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-22 02:47:29,786 INFO [amun_request_handler] PortScan Detected on Port: 445 (125.161.6.122)	2019-07-22 18:33:53
186.37.75.154	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-20 14:49:58,375 INFO [shellcode_manager] (186.37.75.154) no match, writing hexdump (716202d3e95501160e8ef8219a86ff6c :15036) - SMB (Unknown)	2019-07-22 18:52:34
121.142.111.214	attackspambots	Unauthorized SSH login attempts	2019-07-22 19:01:20
113.22.62.94	attackbots	Unauthorized connection attempt from IP address 113.22.62.94 on Port 445(SMB)	2019-07-22 19:04:07
104.227.2.141	attackbotsspam	[portscan] Port scan	2019-07-22 18:50:41
113.160.140.27	attackspambots	Unauthorized connection attempt from IP address 113.160.140.27 on Port 445(SMB)	2019-07-22 18:12:33
1.55.175.17	attackspam	Unauthorized connection attempt from IP address 1.55.175.17 on Port 445(SMB)	2019-07-22 18:40:02
40.77.167.81	attackspam	Automatic report - Banned IP Access	2019-07-22 18:24:42
180.104.75.64	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2019-07-22 19:00:42
183.80.10.17	attackspambots	Unauthorized connection attempt from IP address 183.80.10.17 on Port 445(SMB)	2019-07-22 18:56:02
157.230.110.11	attack	Jul 22 14:57:31 areeb-Workstation sshd\[6335\]: Invalid user ftp from 157.230.110.11 Jul 22 14:57:31 areeb-Workstation sshd\[6335\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.110.11 Jul 22 14:57:33 areeb-Workstation sshd\[6335\]: Failed password for invalid user ftp from 157.230.110.11 port 34650 ssh2 ...	2019-07-22 18:05:52
36.66.124.145	attackspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-22 02:46:36,075 INFO [amun_request_handler] PortScan Detected on Port: 445 (36.66.124.145)	2019-07-22 18:48:20
184.186.217.122	attackspambots	Unauthorized connection attempt from IP address 184.186.217.122 on Port 445(SMB)	2019-07-22 18:28:29

最近上报的IP列表

52.163.82.162	183.151.107.159	195.231.70.115	191.254.134.245
47.53.189.216	179.217.118.237	89.35.73.255	60.184.182.67
177.196.54.94	140.127.218.200	110.138.151.182	51.75.13.156
175.170.16.75	51.254.121.129	193.22.15.199	112.119.192.24
207.244.117.213	114.42.68.20	223.100.156.75	92.53.119.43