120.132.12.136

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): China Netcom Broadband Corporation Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Jul 26 14:14:13 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: Invalid user ambari from 120.132.12.136 Jul 26 14:14:13 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.136 Jul 26 14:14:15 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: Failed password for invalid user ambari from 120.132.12.136 port 57954 ssh2 Jul 26 14:25:25 Ubuntu-1404-trusty-64-minimal sshd\[27165\]: Invalid user kal from 120.132.12.136 Jul 26 14:25:25 Ubuntu-1404-trusty-64-minimal sshd\[27165\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.136	2020-07-26 20:40:22
attackbotsspam	Invalid user guest from 120.132.12.136 port 50218	2020-07-26 16:35:33

类型

评论内容

时间

attackspam

Jul 26 14:14:13 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: Invalid user ambari from 120.132.12.136
Jul 26 14:14:13 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.136
Jul 26 14:14:15 Ubuntu-1404-trusty-64-minimal sshd\[21298\]: Failed password for invalid user ambari from 120.132.12.136 port 57954 ssh2
Jul 26 14:25:25 Ubuntu-1404-trusty-64-minimal sshd\[27165\]: Invalid user kal from 120.132.12.136
Jul 26 14:25:25 Ubuntu-1404-trusty-64-minimal sshd\[27165\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.136

2020-07-26 20:40:22

attackbotsspam

Invalid user guest from 120.132.12.136 port 50218

2020-07-26 16:35:33

相同子网IP讨论:

IP	类型	评论内容	时间
120.132.124.179	attackbots	TCP (SYN) 120.132.124.179:14367 -> port 1433, len 40	2020-09-30 00:03:21
120.132.124.179	attack	TCP (SYN) 120.132.124.179:14367 -> port 1433, len 40	2020-09-29 16:20:06
120.132.12.162	attack	Aug 22 15:08:03 NPSTNNYC01T sshd[312]: Failed password for root from 120.132.12.162 port 40186 ssh2 Aug 22 15:09:34 NPSTNNYC01T sshd[461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.162 Aug 22 15:09:36 NPSTNNYC01T sshd[461]: Failed password for invalid user g from 120.132.12.162 port 50616 ssh2 ...	2020-08-23 03:15:02
120.132.12.162	attackspam	$f2bV_matches	2020-08-14 12:26:01
120.132.12.162	attackbots	failed root login	2020-08-10 23:08:53
120.132.12.162	attackbots	k+ssh-bruteforce	2020-08-07 22:50:03
120.132.12.162	attackbotsspam	SSH Brute Force	2020-07-29 15:19:13
120.132.12.162	attack	Invalid user ginelle from 120.132.12.162 port 57431	2020-07-24 19:58:48
120.132.124.179	attackbots	Unauthorized connection attempt detected from IP address 120.132.124.179 to port 1433	2020-07-07 03:57:03
120.132.12.162	attackspambots	Jun 30 00:01:54 ovpn sshd\[29377\]: Invalid user ids from 120.132.12.162 Jun 30 00:01:54 ovpn sshd\[29377\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.162 Jun 30 00:01:56 ovpn sshd\[29377\]: Failed password for invalid user ids from 120.132.12.162 port 56831 ssh2 Jun 30 00:05:19 ovpn sshd\[30160\]: Invalid user black from 120.132.12.162 Jun 30 00:05:19 ovpn sshd\[30160\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.12.162	2020-06-30 07:36:50
120.132.120.7	attack	Jun 29 13:29:45 raspberrypi sshd[14522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.120.7 Jun 29 13:29:46 raspberrypi sshd[14522]: Failed password for invalid user zzg from 120.132.120.7 port 43716 ssh2 ...	2020-06-30 02:00:51
120.132.124.179	attack	port scan and connect, tcp 1433 (ms-sql-s)	2020-06-27 22:41:46
120.132.120.7	attackbots	Jun 24 01:25:33 lnxweb61 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.120.7	2020-06-24 08:02:50
120.132.124.179	attackspam	Unauthorized connection attempt from IP address 120.132.124.179 on Port 445(SMB)	2020-06-20 19:45:52
120.132.12.162	attackbotsspam	Invalid user rabie from 120.132.12.162 port 40985	2020-06-19 08:23:33

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 120.132.12.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19741
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;120.132.12.136.			IN	A

;; AUTHORITY SECTION:
.			515	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072600 1800 900 604800 86400

;; Query time: 38 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 26 16:35:27 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 136.12.132.120.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 136.12.132.120.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
159.203.201.64	attack	ET DROP Dshield Block Listed Source group 1 - port: 389 proto: TCP cat: Misc Attack	2019-10-26 07:50:45
209.17.96.218	attack	Brute force attack stopped by firewall	2019-10-26 08:03:01
185.176.27.166	attackspam	Excessive Port-Scanning	2019-10-26 08:05:33
183.2.202.41	attackbots	25.10.2019 23:42:43 Connection to port 5060 blocked by firewall	2019-10-26 08:09:11
185.156.73.34	attack	50130/tcp 50128/tcp 50129/tcp... [2019-10-17/25]765pkt,213pt.(tcp)	2019-10-26 07:44:35
83.97.20.47	attackbots	firewall-block, port(s): 17/tcp, 143/tcp, 873/tcp, 6668/tcp	2019-10-26 07:56:29
185.156.73.11	attackspam	41884/tcp 41886/tcp 41885/tcp... [2019-10-17/25]763pkt,213pt.(tcp)	2019-10-26 07:46:40
80.82.70.239	attackbotsspam	10/25/2019-18:17:01.309146 80.82.70.239 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-26 07:59:06
164.132.200.54	attack	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2019-10-26 07:49:00
185.156.73.3	attackbotsspam	20119/tcp 20120/tcp 20121/tcp... [2019-10-17/25]756pkt,213pt.(tcp)	2019-10-26 07:47:04
81.22.45.48	attack	10/25/2019-19:19:46.266157 81.22.45.48 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-26 07:58:17
193.32.161.48	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 2323 proto: TCP cat: Misc Attack	2019-10-26 08:03:32
45.141.84.29	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 31 - port: 5900 proto: TCP cat: Misc Attack	2019-10-26 08:00:04
183.110.242.142	attack	183.110.242.142 (KR/South Korea/-) blocked for port scanning Time: Fri Oct 25 14:36:25 2019 +0000 IP: 183.110.242.142 (KR/South Korea/-) Hits: 20 Blocked: Temporary Block for 3600 seconds [PS_LIMIT] Sample of block hits: Oct 25 14:34:51 server kernel: [739270.758878] Firewall: Port Flood IN=eth0 OUT= MAC=0a:df:4c:a0:a6:86:0a:b2:a6:f2:cb:7a:08:00 SRC=183.110.242.142 DST=172.31.47.249 LEN=40 TOS=0x08 PREC=0x20 TTL=72 ID=5992 DF PROTO=TCP SPT=36310 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 25 14:34:52 server kernel: [739271.679701] Firewall: Port Flood IN=eth0 OUT= MAC=0a:df:4c:a0:a6:86:0a:b2:a6:f2:cb:7a:08:00 SRC=183.110.242.142 DST=172.31.47.249 LEN=40 TOS=0x08 PREC=0x20 TTL=64 ID=7056 DF PROTO=TCP SPT=51825 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 etc	2019-10-26 07:50:33
185.176.27.54	attack	firewall-block, port(s): 10385/tcp, 10386/tcp, 40135/tcp, 40136/tcp, 40137/tcp, 47185/tcp	2019-10-26 08:06:05

最近上报的IP列表

94.143.197.57	85.115.153.154	223.46.59.133	77.230.168.228
114.205.55.82	37.148.102.59	168.121.106.2	13.211.218.195
161.189.108.119	202.95.10.7	225.27.70.115	62.112.11.86
37.170.145.198	147.199.29.150	231.145.225.102	231.102.150.238
219.14.212.97	14.104.20.221	98.6.220.199	79.135.133.247