122.114.131.13

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Zhengzhou Giant Computer Network Technology Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2020-04-17T07:28:11.6419851495-001 sshd[35885]: Invalid user ftpadmin from 122.114.131.13 port 49417 2020-04-17T07:28:13.8507891495-001 sshd[35885]: Failed password for invalid user ftpadmin from 122.114.131.13 port 49417 ssh2 2020-04-17T07:38:04.4195811495-001 sshd[36151]: Invalid user admin from 122.114.131.13 port 49417 2020-04-17T07:38:04.4225801495-001 sshd[36151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.131.13 2020-04-17T07:38:04.4195811495-001 sshd[36151]: Invalid user admin from 122.114.131.13 port 49417 2020-04-17T07:38:06.0352591495-001 sshd[36151]: Failed password for invalid user admin from 122.114.131.13 port 49417 ssh2 ...	2020-04-17 20:03:11

类型

评论内容

时间

attack

2020-04-17T07:28:11.6419851495-001 sshd[35885]: Invalid user ftpadmin from 122.114.131.13 port 49417
2020-04-17T07:28:13.8507891495-001 sshd[35885]: Failed password for invalid user ftpadmin from 122.114.131.13 port 49417 ssh2
2020-04-17T07:38:04.4195811495-001 sshd[36151]: Invalid user admin from 122.114.131.13 port 49417
2020-04-17T07:38:04.4225801495-001 sshd[36151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.131.13
2020-04-17T07:38:04.4195811495-001 sshd[36151]: Invalid user admin from 122.114.131.13 port 49417
2020-04-17T07:38:06.0352591495-001 sshd[36151]: Failed password for invalid user admin from 122.114.131.13 port 49417 ssh2
...

2020-04-17 20:03:11

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 122.114.131.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;122.114.131.13.			IN	A

;; AUTHORITY SECTION:
.			569	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041701 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Apr 17 20:03:05 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 13.131.114.122.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 13.131.114.122.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
208.109.54.139	attack	208.109.54.139 - - [26/Sep/2020:07:54:50 +0100] "POST /wp-login.php HTTP/1.1" 200 2348 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.54.139 - - [26/Sep/2020:07:54:52 +0100] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.54.139 - - [26/Sep/2020:07:54:53 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-26 15:57:24
185.147.215.8	attack	[2020-09-26 04:25:09] NOTICE[1159] chan_sip.c: Registration from '' failed for '185.147.215.8:60393' - Wrong password [2020-09-26 04:25:09] SECURITY[1198] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-26T04:25:09.011-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2433",SessionID="0x7fcaa02091e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.8/60393",Challenge="1158ae22",ReceivedChallenge="1158ae22",ReceivedHash="594657ed92611f8cc8e8283aff2ef0ba" [2020-09-26 04:25:35] NOTICE[1159] chan_sip.c: Registration from '' failed for '185.147.215.8:54895' - Wrong password [2020-09-26 04:25:35] SECURITY[1198] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-26T04:25:35.720-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="1899",SessionID="0x7fcaa0092e98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.8 ...	2020-09-26 16:33:14
41.165.88.132	attack	Sep 26 04:32:11 scw-6657dc sshd[30318]: Failed password for mysql from 41.165.88.132 port 32852 ssh2 Sep 26 04:32:11 scw-6657dc sshd[30318]: Failed password for mysql from 41.165.88.132 port 32852 ssh2 Sep 26 04:35:47 scw-6657dc sshd[30461]: Invalid user matrix from 41.165.88.132 port 56260 ...	2020-09-26 16:13:46
176.56.237.242	attackspam	Invalid user edward from 176.56.237.242 port 53276	2020-09-26 16:03:24
62.234.80.115	attackbots	$f2bV_matches	2020-09-26 16:12:17
18.208.202.194	attackspam	[Sat Sep 26 03:37:03.134341 2020] [:error] [pid 16536:tid 140694825400064] [client 18.208.202.194:40472] [client 18.208.202.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){6})" at ARGS:id. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1457"] [id "942431"] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)"] [data "Matched Data: :prakiraan-cuaca-daerah-malang-dan- found within ARGS:id: 82:prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [ ...	2020-09-26 16:10:36
121.69.89.78	attackbots	(sshd) Failed SSH login from 121.69.89.78 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 26 00:16:16 cvps sshd[11050]: Invalid user laravel from 121.69.89.78 Sep 26 00:16:16 cvps sshd[11050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.69.89.78 Sep 26 00:16:18 cvps sshd[11050]: Failed password for invalid user laravel from 121.69.89.78 port 47804 ssh2 Sep 26 00:27:21 cvps sshd[15075]: Invalid user ftpusr from 121.69.89.78 Sep 26 00:27:21 cvps sshd[15075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.69.89.78	2020-09-26 16:11:26
181.40.76.162	attackspambots	Invalid user dev from 181.40.76.162 port 41952	2020-09-26 16:26:22
193.70.38.187	attack	Sep 26 10:15:11 * sshd[1984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.38.187 Sep 26 10:15:13 * sshd[1984]: Failed password for invalid user admin from 193.70.38.187 port 43058 ssh2	2020-09-26 16:27:44
173.249.28.43	attackbotsspam	173.249.28.43 - - [26/Sep/2020:07:09:35 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 173.249.28.43 - - [26/Sep/2020:07:09:35 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 173.249.28.43 - - [26/Sep/2020:07:09:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-26 16:26:57
36.189.253.226	attackbotsspam	Sep 26 09:50:12 dhoomketu sshd[3378763]: Invalid user soft from 36.189.253.226 port 47274 Sep 26 09:50:12 dhoomketu sshd[3378763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.189.253.226 Sep 26 09:50:12 dhoomketu sshd[3378763]: Invalid user soft from 36.189.253.226 port 47274 Sep 26 09:50:14 dhoomketu sshd[3378763]: Failed password for invalid user soft from 36.189.253.226 port 47274 ssh2 Sep 26 09:54:19 dhoomketu sshd[3378825]: Invalid user its from 36.189.253.226 port 38857 ...	2020-09-26 15:57:03
157.0.134.164	attack	SSH-BruteForce	2020-09-26 15:57:48
119.122.115.41	attackspambots	Listed on barracudaCentral plus zen-spamhaus / proto=6 . srcport=35876 . dstport=445 . (3540)	2020-09-26 16:16:49
121.133.94.205	attackbotsspam	4564/udp 23171/udp 7992/udp... [2020-09-15/25]6pkt,6pt.(udp)	2020-09-26 16:02:35
54.37.153.80	attackspam	SSH Brute-force	2020-09-26 16:16:04

最近上报的IP列表

142.88.37.209	13.84.201.159	47.118.165.115	125.75.98.105
66.187.161.112	66.181.166.128	102.166.1.235	180.250.95.154
106.6.98.201	115.213.227.168	91.218.88.128	115.220.5.198
64.196.212.96	9.105.88.80	14.244.63.163	161.105.103.175
182.61.52.46	103.85.11.11	93.38.115.177	62.210.143.6