206.132.109.246

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): Level 3 Communications Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Jan 13 17:56:57 meumeu sshd[28000]: Failed password for root from 206.132.109.246 port 51174 ssh2 Jan 13 18:02:25 meumeu sshd[29253]: Failed password for root from 206.132.109.246 port 37770 ssh2 Jan 13 18:05:03 meumeu sshd[29719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.132.109.246 ...	2020-01-14 01:17:02

类型

评论内容

时间

attack

Jan 13 17:56:57 meumeu sshd[28000]: Failed password for root from 206.132.109.246 port 51174 ssh2
Jan 13 18:02:25 meumeu sshd[29253]: Failed password for root from 206.132.109.246 port 37770 ssh2
Jan 13 18:05:03 meumeu sshd[29719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.132.109.246 
...

2020-01-14 01:17:02

相同子网IP讨论:

IP	类型	评论内容	时间
206.132.109.108	attackspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-05-21 05:56:40
206.132.109.106	attackspambots	206.132.109.106 - - \[19/Feb/2020:07:42:54 -0800\] "POST /index.php/admin/ HTTP/1.1" 404 20574206.132.109.106 - - \[19/Feb/2020:07:42:54 -0800\] "POST /index.php/admin/index/ HTTP/1.1" 404 20598206.132.109.106 - - \[19/Feb/2020:07:42:54 -0800\] "POST /index.php/admin HTTP/1.1" 404 20570 ...	2020-02-20 04:18:36
206.132.109.106	attack	1576252728 - 12/13/2019 16:58:48 Host: 206.132.109.106/206.132.109.106 Port: 445 TCP Blocked	2019-12-14 01:24:07
206.132.109.102	attackspambots	Unauthorised access (Oct 29) SRC=206.132.109.102 LEN=52 TOS=0x10 PREC=0x40 TTL=107 ID=5206 DF TCP DPT=445 WINDOW=8192 SYN	2019-10-30 02:53:27
206.132.109.91	attackbotsspam	Unauthorized connection attempt from IP address 206.132.109.91 on Port 445(SMB)	2019-07-25 08:55:06

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 206.132.109.246
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35967
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;206.132.109.246.		IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011300 1800 900 604800 86400

;; Query time: 93 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jan 14 01:16:59 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

Host 246.109.132.206.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 246.109.132.206.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.76.119.182	attackbotsspam	Apr 6 14:33:40 sip sshd[6613]: Failed password for root from 180.76.119.182 port 56678 ssh2 Apr 6 14:43:10 sip sshd[10252]: Failed password for root from 180.76.119.182 port 40072 ssh2	2020-04-06 22:02:40
185.166.223.81	attack	Fail2Ban Ban Triggered	2020-04-06 21:29:52
45.63.107.23	attack	Automatically reported by fail2ban report script (mx1)	2020-04-06 22:13:42
164.68.112.178	attack	SIP/5060 Probe, BF, Hack -	2020-04-06 22:05:13
176.118.216.170	attack	Unauthorized connection attempt from IP address 176.118.216.170 on Port 445(SMB)	2020-04-06 22:19:56
190.148.50.92	attackbots	Unauthorized connection attempt from IP address 190.148.50.92 on Port 445(SMB)	2020-04-06 22:01:00
103.219.112.63	attack	Apr 5 23:00:21 host sshd[544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.219.112.63 user=r.r Apr 5 23:00:24 host sshd[544]: Failed password for r.r from 103.219.112.63 port 39228 ssh2 Apr 5 23:00:24 host sshd[544]: Received disconnect from 103.219.112.63: 11: Bye Bye [preauth] Apr 5 23:13:12 host sshd[9858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.219.112.63 user=r.r Apr 5 23:13:14 host sshd[9858]: Failed password for r.r from 103.219.112.63 port 37374 ssh2 Apr 5 23:13:14 host sshd[9858]: Received disconnect from 103.219.112.63: 11: Bye Bye [preauth] Apr 5 23:22:01 host sshd[4293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.219.112.63 user=r.r Apr 5 23:22:03 host sshd[4293]: Failed password for r.r from 103.219.112.63 port 55930 ssh2 Apr 5 23:22:03 host sshd[4293]: Received disconnect from 103.219.112.63: 11: ........ -------------------------------	2020-04-06 22:18:23
24.146.62.34	attack	Draytek Vigor Remote Command Execution Vulnerability	2020-04-06 21:37:42
37.99.48.101	attack	Unauthorized connection attempt from IP address 37.99.48.101 on Port 445(SMB)	2020-04-06 21:30:30
156.96.148.33	attackbots	Apr 6 05:45:14 rs-7 sshd[43551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.96.148.33 user=r.r Apr 6 05:45:16 rs-7 sshd[43551]: Failed password for r.r from 156.96.148.33 port 48624 ssh2 Apr 6 05:45:16 rs-7 sshd[43551]: Received disconnect from 156.96.148.33 port 48624:11: Bye Bye [preauth] Apr 6 05:45:16 rs-7 sshd[43551]: Disconnected from 156.96.148.33 port 48624 [preauth] Apr 6 05:59:56 rs-7 sshd[46426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.96.148.33 user=r.r Apr 6 05:59:58 rs-7 sshd[46426]: Failed password for r.r from 156.96.148.33 port 52008 ssh2 Apr 6 05:59:59 rs-7 sshd[46426]: Received disconnect from 156.96.148.33 port 52008:11: Bye Bye [preauth] Apr 6 05:59:59 rs-7 sshd[46426]: Disconnected from 156.96.148.33 port 52008 [preauth] Apr 6 06:08:46 rs-7 sshd[50241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhos........ -------------------------------	2020-04-06 21:49:16
178.176.30.211	attack	Apr 6 14:27:53 dev0-dcde-rnet sshd[18264]: Failed password for root from 178.176.30.211 port 41958 ssh2 Apr 6 14:38:10 dev0-dcde-rnet sshd[18297]: Failed password for root from 178.176.30.211 port 33074 ssh2	2020-04-06 21:46:04
5.114.163.245	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 06-04-2020 13:45:12.	2020-04-06 22:11:08
206.189.205.124	attackbots	Apr 6 15:41:28 sticky sshd\[9464\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.124 user=root Apr 6 15:41:30 sticky sshd\[9464\]: Failed password for root from 206.189.205.124 port 58178 ssh2 Apr 6 15:45:23 sticky sshd\[9478\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.124 user=root Apr 6 15:45:25 sticky sshd\[9478\]: Failed password for root from 206.189.205.124 port 41166 ssh2 Apr 6 15:49:14 sticky sshd\[9486\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.205.124 user=root ...	2020-04-06 22:11:38
222.186.15.10	attackbots	2020-04-06T13:54:41.703771dmca.cloudsearch.cf sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.10 user=root 2020-04-06T13:54:43.587739dmca.cloudsearch.cf sshd[1661]: Failed password for root from 222.186.15.10 port 21550 ssh2 2020-04-06T13:54:46.649803dmca.cloudsearch.cf sshd[1661]: Failed password for root from 222.186.15.10 port 21550 ssh2 2020-04-06T13:54:41.703771dmca.cloudsearch.cf sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.10 user=root 2020-04-06T13:54:43.587739dmca.cloudsearch.cf sshd[1661]: Failed password for root from 222.186.15.10 port 21550 ssh2 2020-04-06T13:54:46.649803dmca.cloudsearch.cf sshd[1661]: Failed password for root from 222.186.15.10 port 21550 ssh2 2020-04-06T13:54:41.703771dmca.cloudsearch.cf sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.10 user=root 2020-04-06T13:5 ...	2020-04-06 21:58:55
14.215.51.241	attack	Lines containing failures of 14.215.51.241 (max 1000) Apr 6 00:16:29 localhost sshd[26168]: User r.r from 14.215.51.241 not allowed because listed in DenyUsers Apr 6 00:16:29 localhost sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.215.51.241 user=r.r Apr 6 00:16:31 localhost sshd[26168]: Failed password for invalid user r.r from 14.215.51.241 port 37654 ssh2 Apr 6 00:16:33 localhost sshd[26168]: Received disconnect from 14.215.51.241 port 37654:11: Bye Bye [preauth] Apr 6 00:16:33 localhost sshd[26168]: Disconnected from invalid user r.r 14.215.51.241 port 37654 [preauth] Apr 6 00:29:48 localhost sshd[29864]: User r.r from 14.215.51.241 not allowed because listed in DenyUsers Apr 6 00:29:48 localhost sshd[29864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.215.51.241 user=r.r Apr 6 00:29:51 localhost sshd[29864]: Failed password for invalid user r.r from 14......... ------------------------------	2020-04-06 22:07:02

最近上报的IP列表

206.189.139.179	249.193.189.130	42.220.204.31	210.132.162.245
139.254.193.181	190.149.61.230	51.198.24.187	103.47.126.122
17.73.252.3	94.76.134.223	77.72.133.137	102.182.249.117
12.113.149.53	103.84.133.79	106.12.180.215	190.87.196.100
90.102.8.161	136.230.116.169	179.203.120.129	224.51.250.233