106.12.131.132

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Beijing Baidu Netcom Science and Technology Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Search Engine Spider

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2019-10-09T10:47:16.6651991495-001 sshd\[42982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132 user=root 2019-10-09T10:47:18.9393011495-001 sshd\[42982\]: Failed password for root from 106.12.131.132 port 40070 ssh2 2019-10-09T10:53:06.9935991495-001 sshd\[43430\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132 user=root 2019-10-09T10:53:09.3180741495-001 sshd\[43430\]: Failed password for root from 106.12.131.132 port 46138 ssh2 2019-10-09T10:59:02.9795591495-001 sshd\[43941\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132 user=root 2019-10-09T10:59:04.5065891495-001 sshd\[43941\]: Failed password for root from 106.12.131.132 port 52202 ssh2 ...	2019-10-09 23:10:46

类型

评论内容

时间

attack

2019-10-09T10:47:16.6651991495-001 sshd\[42982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132  user=root
2019-10-09T10:47:18.9393011495-001 sshd\[42982\]: Failed password for root from 106.12.131.132 port 40070 ssh2
2019-10-09T10:53:06.9935991495-001 sshd\[43430\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132  user=root
2019-10-09T10:53:09.3180741495-001 sshd\[43430\]: Failed password for root from 106.12.131.132 port 46138 ssh2
2019-10-09T10:59:02.9795591495-001 sshd\[43941\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.132  user=root
2019-10-09T10:59:04.5065891495-001 sshd\[43941\]: Failed password for root from 106.12.131.132 port 52202 ssh2
...

2019-10-09 23:10:46

相同子网IP讨论:

IP	类型	评论内容	时间
106.12.131.161	attackbots	Jul 13 16:28:14 Host-KEWR-E sshd[15003]: Disconnected from invalid user aa 106.12.131.161 port 50096 [preauth] ...	2020-07-14 08:40:50
106.12.131.230	attackspambots	Unauthorised access (Jun 26) SRC=106.12.131.230 LEN=52 TOS=0x02 TTL=115 ID=11357 DF TCP DPT=445 WINDOW=8192 CWR ECE SYN	2020-06-27 03:23:37
106.12.131.161	attackspam	Jun 24 07:50:03 rotator sshd\[2076\]: Invalid user suporte from 106.12.131.161Jun 24 07:50:04 rotator sshd\[2076\]: Failed password for invalid user suporte from 106.12.131.161 port 60644 ssh2Jun 24 07:51:49 rotator sshd\[2869\]: Failed password for root from 106.12.131.161 port 53204 ssh2Jun 24 07:53:28 rotator sshd\[2881\]: Failed password for root from 106.12.131.161 port 45758 ssh2Jun 24 07:55:10 rotator sshd\[3027\]: Invalid user testuser from 106.12.131.161Jun 24 07:55:12 rotator sshd\[3027\]: Failed password for invalid user testuser from 106.12.131.161 port 38316 ssh2 ...	2020-06-24 19:37:52
106.12.131.36	attackspambots	sshd jail - ssh hack attempt	2020-05-13 06:03:14
106.12.131.36	attackbotsspam	Apr 11 22:20:01 server1 sshd\[16503\]: Failed password for invalid user zabbix from 106.12.131.36 port 58126 ssh2 Apr 11 22:26:44 server1 sshd\[18296\]: Invalid user default from 106.12.131.36 Apr 11 22:26:44 server1 sshd\[18296\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.36 Apr 11 22:26:47 server1 sshd\[18296\]: Failed password for invalid user default from 106.12.131.36 port 50572 ssh2 Apr 11 22:29:29 server1 sshd\[19106\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.36 user=root ...	2020-04-12 13:23:54
106.12.131.161	attackspambots	Apr 10 13:12:01 scw-6657dc sshd[11120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.161 Apr 10 13:12:01 scw-6657dc sshd[11120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.161 Apr 10 13:12:03 scw-6657dc sshd[11120]: Failed password for invalid user postgres from 106.12.131.161 port 39277 ssh2 ...	2020-04-10 21:27:37
106.12.131.36	attack	(sshd) Failed SSH login from 106.12.131.36 (CN/China/-): 5 in the last 3600 secs	2020-04-10 14:16:26
106.12.131.161	attackbotsspam	Apr 8 14:32:00 xeon sshd[36691]: Failed password for invalid user user from 106.12.131.161 port 42381 ssh2	2020-04-09 00:58:37
106.12.131.36	attackspam	Apr 2 23:48:35 silence02 sshd[17341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.36 Apr 2 23:48:37 silence02 sshd[17341]: Failed password for invalid user epiconf from 106.12.131.36 port 56670 ssh2 Apr 2 23:52:28 silence02 sshd[17716]: Failed password for root from 106.12.131.36 port 50662 ssh2	2020-04-03 06:35:39
106.12.131.36	attack	Apr 1 06:38:15 *** sshd[10718]: Invalid user zoe from 106.12.131.36	2020-04-01 19:15:55
106.12.131.162	attack	Feb 22 14:39:42 vps647732 sshd[22068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.162 Feb 22 14:39:43 vps647732 sshd[22068]: Failed password for invalid user noc from 106.12.131.162 port 59248 ssh2 ...	2020-02-22 22:22:51
106.12.131.162	attack	Feb 6 17:35:42 silence02 sshd[4156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.162 Feb 6 17:35:44 silence02 sshd[4156]: Failed password for invalid user fsn from 106.12.131.162 port 36446 ssh2 Feb 6 17:38:41 silence02 sshd[4449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.131.162	2020-02-07 03:41:26
106.12.131.204	attackspambots	Unauthorized connection attempt detected from IP address 106.12.131.204 to port 2220 [J]	2020-02-02 19:05:46
106.12.131.162	attackspambots	Unauthorized connection attempt detected from IP address 106.12.131.162 to port 2220 [J]	2020-01-31 16:16:26
106.12.131.162	attackbots	Unauthorized connection attempt detected from IP address 106.12.131.162 to port 2220 [J]	2020-01-26 04:41:44

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.131.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31313
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.131.132.			IN	A

;; AUTHORITY SECTION:
.			450	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100900 1800 900 604800 86400

;; Query time: 51 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 09 23:10:34 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 132.131.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 132.131.12.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
115.90.219.20	attackspambots	Jul 10 20:26:09 XXX sshd[2985]: Invalid user nb from 115.90.219.20 port 53708	2019-07-11 05:15:56
153.36.242.114	attackbots	2019-07-11T03:12:06.738241enmeeting.mahidol.ac.th sshd\[7039\]: User root from 153.36.242.114 not allowed because not listed in AllowUsers 2019-07-11T03:12:06.944540enmeeting.mahidol.ac.th sshd\[7039\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.114 user=root 2019-07-11T03:12:09.276708enmeeting.mahidol.ac.th sshd\[7039\]: Failed password for invalid user root from 153.36.242.114 port 60990 ssh2 ...	2019-07-11 04:28:48
182.70.253.202	attackspam	Jul 10 21:05:44 apollo sshd\[30138\]: Invalid user project from 182.70.253.202Jul 10 21:05:46 apollo sshd\[30138\]: Failed password for invalid user project from 182.70.253.202 port 37255 ssh2Jul 10 21:08:05 apollo sshd\[30188\]: Invalid user readonly from 182.70.253.202 ...	2019-07-11 04:28:16
176.109.115.219	attack	Automatic report - Web App Attack	2019-07-11 05:12:35
206.189.166.172	attackspambots	Jul 10 22:18:23 ArkNodeAT sshd\[4455\]: Invalid user no from 206.189.166.172 Jul 10 22:18:23 ArkNodeAT sshd\[4455\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.166.172 Jul 10 22:18:26 ArkNodeAT sshd\[4455\]: Failed password for invalid user no from 206.189.166.172 port 41732 ssh2	2019-07-11 04:37:36
54.222.204.1	attack	Jul 10 21:07:08 mail sshd\[21191\]: Invalid user la from 54.222.204.1 Jul 10 21:07:08 mail sshd\[21191\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.222.204.1 Jul 10 21:07:10 mail sshd\[21191\]: Failed password for invalid user la from 54.222.204.1 port 51136 ssh2 ...	2019-07-11 04:56:46
193.187.174.70	attackbots	Jul 10 20:57:22 mail1 sshd[7088]: Invalid user control from 193.187.174.70 port 46898 Jul 10 20:57:22 mail1 sshd[7088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.187.174.70 Jul 10 20:57:25 mail1 sshd[7088]: Failed password for invalid user control from 193.187.174.70 port 46898 ssh2 Jul 10 20:57:25 mail1 sshd[7088]: Received disconnect from 193.187.174.70 port 46898:11: Bye Bye [preauth] Jul 10 20:57:25 mail1 sshd[7088]: Disconnected from 193.187.174.70 port 46898 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=193.187.174.70	2019-07-11 04:40:06
84.3.2.59	attackbotsspam	SSH bruteforce	2019-07-11 04:50:08
85.118.244.13	attackspam	[WedJul1021:07:56.8049182019][:error][pid25115:tid47213065598720][client85.118.244.13:41294][client85.118.244.13]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"415"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules:MaliciousBotBlocked$FakeMozillaUserAgentStringDetected$"][severity"CRITICAL"][hostname"swisservers.com"][uri"/wp-content/plugins/nex-forms-express-wp-form-builder/js/jquery.raty-fa.js"][unique_id"XSY3jDSS6VpTw4tMI1KfzwAAAFg"]\,referer:swisservers.com[WedJul1021:07:57.1946692019][:error][pid24961:tid47212956645120][client85.118.244.13:48682][client85.118.244.13]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"415"][id"	2019-07-11 04:32:36
222.186.15.217	attack	2019-07-10T18:28:57.850010Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 222.186.15.217:61909 $107.175.91.48:22$ \[session: 1d8bf6f7599f\] 2019-07-10T20:49:16.959308Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 222.186.15.217:24249 $107.175.91.48:22$ \[session: 28463ad177b7\] ...	2019-07-11 05:08:59
175.19.204.202	attackspam	'IP reached maximum auth failures for a one day block'	2019-07-11 04:31:17
123.206.190.82	attack	Jul 10 21:07:35 xeon sshd[17917]: Failed password for invalid user shao from 123.206.190.82 port 43144 ssh2	2019-07-11 04:29:45
85.243.49.130	attackbotsspam	php WP PHPmyadamin ABUSE blocked for 12h	2019-07-11 05:07:29
197.253.6.249	attackbotsspam	[ssh] SSH attack	2019-07-11 04:57:03
62.129.4.157	attackbotsspam	Jul 10 22:10:57 fr01 sshd[18531]: Invalid user admin from 62.129.4.157 Jul 10 22:10:57 fr01 sshd[18531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.129.4.157 Jul 10 22:10:57 fr01 sshd[18531]: Invalid user admin from 62.129.4.157 Jul 10 22:10:59 fr01 sshd[18531]: Failed password for invalid user admin from 62.129.4.157 port 43625 ssh2 Jul 10 22:15:27 fr01 sshd[19288]: Invalid user ubuntu from 62.129.4.157 ...	2019-07-11 04:33:07

最近上报的IP列表

191.101.119.146	149.62.158.170	81.180.119.230	212.1.102.234
51.77.116.47	181.48.134.65	196.189.56.200	104.197.148.36
89.245.89.135	89.221.58.112	218.62.90.168	201.111.123.103
171.114.170.175	122.241.200.5	94.54.224.179	54.39.10.160
112.84.90.163	113.247.114.74	121.46.129.158	37.58.110.150