113.204.1.6 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): JiangBei Node Access User Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	07/27/2020-07:53:58.069550 113.204.1.6 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-07-27 23:09:37

相同子网IP讨论:

IP	类型	评论内容	时间
113.204.131.18	attack	" "	2020-06-04 23:40:33
113.204.148.2	attack	Port scanning [3 denied]	2020-06-01 15:52:45
113.204.148.2	attackbots	Unauthorized connection attempt detected from IP address 113.204.148.2 to port 6378	2020-05-25 05:13:09
113.204.147.26	attackbotsspam	Unauthorized IMAP connection attempt	2020-05-22 15:14:27
113.204.148.2	attack	Unauthorized connection attempt detected from IP address 113.204.148.2 to port 6379 [T]	2020-05-20 12:26:08
113.204.148.2	attackspambots	Port scan(s) (3) denied	2020-05-13 07:02:05
113.204.147.26	attack	Brute force attempt	2020-02-12 06:17:23
113.204.131.18	attackbots	Unauthorized connection attempt detected from IP address 113.204.131.18 to port 1433 [J]	2020-01-29 03:40:40
113.204.131.18	attackbots	Unauthorized connection attempt detected from IP address 113.204.131.18 to port 1433 [T]	2020-01-24 07:09:22
113.204.147.26	attackbotsspam	IMAP	2019-11-10 23:47:02
113.204.131.18	attackspam	11/06/2019-07:28:44.072192 113.204.131.18 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2019-11-06 16:00:11
113.204.195.98	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-02 02:43:50
113.204.147.26	attack	(mod_security) mod_security (id:230011) triggered by 113.204.147.26 (CN/China/-): 5 in the last 3600 secs	2019-10-20 05:35:52
113.204.147.26	attackbots	Brute force attempt	2019-10-13 13:27:59
113.204.147.26	attack	[munged]::443 113.204.147.26 - - [10/Oct/2019:22:05:36 +0200] "POST /[munged]: HTTP/1.1" 200 8165 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 113.204.147.26 - - [10/Oct/2019:22:05:38 +0200] "POST /[munged]: HTTP/1.1" 200 4388 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 113.204.147.26 - - [10/Oct/2019:22:05:41 +0200] "POST /[munged]: HTTP/1.1" 200 4388 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 113.204.147.26 - - [10/Oct/2019:22:05:43 +0200] "POST /[munged]: HTTP/1.1" 200 4388 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 113.204.147.26 - - [10/Oct/2019:22:05:44 +0200] "POST /[munged]: HTTP/1.1" 200 4388 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 113.204.147.26 - - [10/Oct/2019:22:	2019-10-11 07:28:39

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.204.1.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.204.1.6.			IN	A

;; AUTHORITY SECTION:
.			333	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072700 1800 900 604800 86400

;; Query time: 35 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jul 27 23:09:29 CST 2020
;; MSG SIZE  rcvd: 115

HOST信息:

Host 6.1.204.113.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 6.1.204.113.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
113.132.11.206	attackspam	Lines containing failures of 113.132.11.206 Jun 16 20:33:32 nxxxxxxx sshd[28591]: Invalid user luiz from 113.132.11.206 port 14942 Jun 16 20:33:32 nxxxxxxx sshd[28591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.132.11.206 Jun 16 20:33:34 nxxxxxxx sshd[28591]: Failed password for invalid user luiz from 113.132.11.206 port 14942 ssh2 Jun 16 20:33:35 nxxxxxxx sshd[28591]: Received disconnect from 113.132.11.206 port 14942:11: Bye Bye [preauth] Jun 16 20:33:35 nxxxxxxx sshd[28591]: Disconnected from invalid user luiz 113.132.11.206 port 14942 [preauth] Jun 16 20:36:07 nxxxxxxx sshd[29155]: Invalid user nagios from 113.132.11.206 port 15025 Jun 16 20:36:07 nxxxxxxx sshd[29155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.132.11.206 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=113.132.11.206	2020-06-18 03:10:38
103.40.248.84	attack	Lines containing failures of 103.40.248.84 Jun 16 21:36:48 kmh-wmh-001-nbg01 sshd[20802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.248.84 user=mysql Jun 16 21:36:49 kmh-wmh-001-nbg01 sshd[20802]: Failed password for mysql from 103.40.248.84 port 40468 ssh2 Jun 16 21:36:50 kmh-wmh-001-nbg01 sshd[20802]: Received disconnect from 103.40.248.84 port 40468:11: Bye Bye [preauth] Jun 16 21:36:50 kmh-wmh-001-nbg01 sshd[20802]: Disconnected from authenticating user mysql 103.40.248.84 port 40468 [preauth] Jun 16 21:47:33 kmh-wmh-001-nbg01 sshd[22059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.248.84 user=r.r Jun 16 21:47:35 kmh-wmh-001-nbg01 sshd[22059]: Failed password for r.r from 103.40.248.84 port 34764 ssh2 Jun 16 21:47:37 kmh-wmh-001-nbg01 sshd[22059]: Received disconnect from 103.40.248.84 port 34764:11: Bye Bye [preauth] Jun 16 21:47:37 kmh-wmh-001-nbg01 sshd[22059........ ------------------------------	2020-06-18 03:48:42
220.195.3.57	attackspam	Lines containing failures of 220.195.3.57 Jun 16 22:34:22 shared03 sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.195.3.57 user=r.r Jun 16 22:34:25 shared03 sshd[5231]: Failed password for r.r from 220.195.3.57 port 38396 ssh2 Jun 16 22:34:25 shared03 sshd[5231]: Received disconnect from 220.195.3.57 port 38396:11: Bye Bye [preauth] Jun 16 22:34:25 shared03 sshd[5231]: Disconnected from authenticating user r.r 220.195.3.57 port 38396 [preauth] Jun 16 22:58:02 shared03 sshd[13443]: Invalid user ramya from 220.195.3.57 port 51493 Jun 16 22:58:02 shared03 sshd[13443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.195.3.57 Jun 16 22:58:04 shared03 sshd[13443]: Failed password for invalid user ramya from 220.195.3.57 port 51493 ssh2 Jun 16 22:58:04 shared03 sshd[13443]: Received disconnect from 220.195.3.57 port 51493:11: Bye Bye [preauth] Jun 16 22:58:04 shared03 sshd[1344........ ------------------------------	2020-06-18 03:38:06
183.62.49.212	attack	Jun 17 20:54:12 home sshd[30436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.49.212 Jun 17 20:54:13 home sshd[30436]: Failed password for invalid user wrh from 183.62.49.212 port 46228 ssh2 Jun 17 20:56:59 home sshd[30754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.49.212 ...	2020-06-18 03:22:22
67.205.149.136	attack	Jun 17 15:34:09 ws24vmsma01 sshd[134319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.149.136 Jun 17 15:34:11 ws24vmsma01 sshd[134319]: Failed password for invalid user demo from 67.205.149.136 port 50566 ssh2 ...	2020-06-18 03:14:20
157.230.147.252	attack	xmlrpc attack	2020-06-18 03:43:33
181.13.197.4	attackspambots	Invalid user testftp from 181.13.197.4 port 35716	2020-06-18 03:42:22
54.39.238.79	attackbotsspam	2020-06-18T01:45:28.281948billing sshd[1160]: Invalid user shane from 54.39.238.79 port 32810 2020-06-18T01:45:30.203035billing sshd[1160]: Failed password for invalid user shane from 54.39.238.79 port 32810 ssh2 2020-06-18T01:48:47.359797billing sshd[7216]: Invalid user user from 54.39.238.79 port 35230 ...	2020-06-18 03:15:25
123.145.93.166	attackbotsspam	Jun 17 18:00:31 h2646465 sshd[29182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.145.93.166 user=root Jun 17 18:00:33 h2646465 sshd[29182]: Failed password for root from 123.145.93.166 port 46081 ssh2 Jun 17 18:14:54 h2646465 sshd[30279]: Invalid user maciej from 123.145.93.166 Jun 17 18:14:54 h2646465 sshd[30279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.145.93.166 Jun 17 18:14:54 h2646465 sshd[30279]: Invalid user maciej from 123.145.93.166 Jun 17 18:14:56 h2646465 sshd[30279]: Failed password for invalid user maciej from 123.145.93.166 port 34977 ssh2 Jun 17 18:30:44 h2646465 sshd[31204]: Invalid user contas from 123.145.93.166 Jun 17 18:30:44 h2646465 sshd[31204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.145.93.166 Jun 17 18:30:44 h2646465 sshd[31204]: Invalid user contas from 123.145.93.166 Jun 17 18:30:46 h2646465 sshd[31204]: Failed password for invalid	2020-06-18 03:08:36
200.207.68.118	attack	Jun 17 20:48:27 DAAP sshd[14344]: Invalid user lxd from 200.207.68.118 port 46219 Jun 17 20:48:27 DAAP sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.207.68.118 Jun 17 20:48:27 DAAP sshd[14344]: Invalid user lxd from 200.207.68.118 port 46219 Jun 17 20:48:30 DAAP sshd[14344]: Failed password for invalid user lxd from 200.207.68.118 port 46219 ssh2 Jun 17 20:54:39 DAAP sshd[14528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.207.68.118 user=root Jun 17 20:54:41 DAAP sshd[14528]: Failed password for root from 200.207.68.118 port 50604 ssh2 ...	2020-06-18 03:20:52
122.51.136.128	attackbots	Jun 17 19:58:19 mail sshd\[20514\]: Invalid user zxl from 122.51.136.128 Jun 17 19:58:19 mail sshd\[20514\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.136.128 Jun 17 19:58:21 mail sshd\[20514\]: Failed password for invalid user zxl from 122.51.136.128 port 56426 ssh2 ...	2020-06-18 03:25:41
165.22.52.181	attack	Auto Fail2Ban report, multiple SSH login attempts.	2020-06-18 03:42:49
64.227.100.251	attack	Invalid user ome from 64.227.100.251 port 46812	2020-06-18 03:14:47
216.126.58.224	attackspambots	SSH/22 MH Probe, BF, Hack -	2020-06-18 03:19:28
138.219.129.150	attack	Jun 17 16:29:04 marvibiene sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.219.129.150 user=root Jun 17 16:29:06 marvibiene sshd[9538]: Failed password for root from 138.219.129.150 port 48120 ssh2 Jun 17 16:40:19 marvibiene sshd[9817]: Invalid user admin from 138.219.129.150 port 53624 ...	2020-06-18 03:44:37

最近上报的IP列表

186.204.113.165	136.181.59.49	172.85.246.10	228.162.213.140
222.56.252.132	36.85.46.124	61.221.214.138	103.68.22.79
5.14.144.0	183.165.152.173	209.217.12.195	57.92.168.73
55.5.180.15	84.13.171.239	47.93.239.160	145.99.43.224
190.51.205.91	81.120.186.250	154.160.14.187	185.161.209.205