39.106.1.137 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Aliyun Computing Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2020-03-10 04:54:43,392 fail2ban.actions: WARNING [ssh] Ban 39.106.1.137	2020-03-10 13:26:40
attackbotsspam	Mar 1 11:50:09 zn008 sshd[14226]: Invalid user jiandunwen from 39.106.1.137 Mar 1 11:50:09 zn008 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 Mar 1 11:50:11 zn008 sshd[14226]: Failed password for invalid user jiandunwen from 39.106.1.137 port 48602 ssh2 Mar 1 11:50:11 zn008 sshd[14226]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth] Mar 1 12:02:53 zn008 sshd[15511]: Invalid user admin from 39.106.1.137 Mar 1 12:02:53 zn008 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 Mar 1 12:02:55 zn008 sshd[15511]: Failed password for invalid user admin from 39.106.1.137 port 42608 ssh2 Mar 1 12:02:55 zn008 sshd[15511]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth] Mar 1 12:04:06 zn008 sshd[15531]: Invalid user test from 39.106.1.137 Mar 1 12:04:06 zn008 sshd[15531]: pam_unix(sshd:auth): authentication failur........ -------------------------------	2020-03-02 02:02:52

类型

评论内容

时间

attack

2020-03-10 04:54:43,392 fail2ban.actions: WARNING [ssh] Ban 39.106.1.137

2020-03-10 13:26:40

attackbotsspam

Mar  1 11:50:09 zn008 sshd[14226]: Invalid user jiandunwen from 39.106.1.137
Mar  1 11:50:09 zn008 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 
Mar  1 11:50:11 zn008 sshd[14226]: Failed password for invalid user jiandunwen from 39.106.1.137 port 48602 ssh2
Mar  1 11:50:11 zn008 sshd[14226]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth]
Mar  1 12:02:53 zn008 sshd[15511]: Invalid user admin from 39.106.1.137
Mar  1 12:02:53 zn008 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 
Mar  1 12:02:55 zn008 sshd[15511]: Failed password for invalid user admin from 39.106.1.137 port 42608 ssh2
Mar  1 12:02:55 zn008 sshd[15511]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth]
Mar  1 12:04:06 zn008 sshd[15531]: Invalid user test from 39.106.1.137
Mar  1 12:04:06 zn008 sshd[15531]: pam_unix(sshd:auth): authentication failur........
-------------------------------

2020-03-02 02:02:52

相同子网IP讨论:

IP	类型	评论内容	时间
39.106.124.148	attack	20 attempts against mh-ssh on flare	2020-10-10 23:23:57
39.106.124.148	attack	20 attempts against mh-ssh on flare	2020-10-10 15:13:30
39.106.12.194	attackbotsspam	TCP (SYN) 39.106.12.194:47042 -> port 80, len 52	2020-09-04 03:59:07
39.106.12.194	attackspam	TCP (SYN) 39.106.12.194:47042 -> port 80, len 52	2020-09-03 19:36:40
39.106.141.132	attack	39.106.141.132 - - \[01/Sep/2020:19:57:44 +0200\] "GET /TP/public/index.php HTTP/1.1" 404 188 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:46 +0200\] "GET /TP/index.php HTTP/1.1" 404 183 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:48 +0200\] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 193 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" ...	2020-09-03 02:44:41
39.106.141.132	attackbotsspam	39.106.141.132 - - \[01/Sep/2020:19:57:44 +0200\] "GET /TP/public/index.php HTTP/1.1" 404 188 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:46 +0200\] "GET /TP/index.php HTTP/1.1" 404 183 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:48 +0200\] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 193 "-" "Mozilla/5.0 $Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2$ Gecko/20100115 Firefox/3.6\)" ...	2020-09-02 18:16:56
39.106.146.102	attackspambots	xmlrpc attack	2020-08-31 21:06:40
39.106.12.243	attackbots	[MK-VM4] Blocked by UFW	2020-08-31 08:57:57
39.106.135.224	attackbots	Jun 3 00:25:54 lukav-desktop sshd\[11435\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root Jun 3 00:25:56 lukav-desktop sshd\[11435\]: Failed password for root from 39.106.135.224 port 15817 ssh2 Jun 3 00:26:46 lukav-desktop sshd\[11464\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root Jun 3 00:26:48 lukav-desktop sshd\[11464\]: Failed password for root from 39.106.135.224 port 26989 ssh2 Jun 3 00:27:40 lukav-desktop sshd\[11468\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root	2020-06-03 07:02:39
39.106.119.75	attackbots	php vulnerability probing	2020-05-31 17:12:08
39.106.103.203	attackbots	Unauthorized connection attempt detected from IP address 39.106.103.203 to port 1987 [T]	2020-05-09 04:25:06
39.106.13.69	attackbots	Port scan detected on ports: 33893[TCP], 43389[TCP], 3392[TCP]	2020-05-02 07:05:08
39.106.101.83	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-03-28 01:43:27
39.106.101.83	attack	39.106.101.83 - - \[20/Mar/2020:14:09:12 +0100\] "POST /wp-login.php HTTP/1.0" 200 6978 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 39.106.101.83 - - \[20/Mar/2020:14:09:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 6947 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 39.106.101.83 - - \[20/Mar/2020:14:09:23 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-21 02:27:51
39.106.190.42	attackspambots	firewall-block, port(s): 1433/tcp, 6380/tcp, 7001/tcp, 7002/tcp, 9200/tcp	2020-03-18 19:15:42

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 39.106.1.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18123
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.106.1.137.			IN	A

;; AUTHORITY SECTION:
.			534	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030101 1800 900 604800 86400

;; Query time: 121 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 02 02:02:46 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 137.1.106.39.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 137.1.106.39.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
119.204.112.229	attack	$f2bV_matches	2020-10-07 23:56:07
93.91.172.78	attackspambots	SP-Scan 61644:445 detected 2020.10.06 14:48:55 blocked until 2020.11.25 06:51:42	2020-10-07 23:46:09
123.171.6.219	attackbots	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-08 00:00:06
186.10.94.93	attackbots	RDP Brute-Force (honeypot 13)	2020-10-07 23:45:46
115.206.155.238	attackbotsspam	SSH Brute Force	2020-10-07 23:25:05
118.163.135.18	attack	[munged]::443 118.163.135.18 - - [07/Oct/2020:10:45:08 +0200] "POST /[munged]: HTTP/1.1" 200 15676 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 118.163.135.18 - - [07/Oct/2020:10:45:11 +0200] "POST /[munged]: HTTP/1.1" 200 11878 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 118.163.135.18 - - [07/Oct/2020:10:45:12 +0200] "POST /[munged]: HTTP/1.1" 200 11878 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 118.163.135.18 - - [07/Oct/2020:10:45:14 +0200] "POST /[munged]: HTTP/1.1" 200 11878 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 118.163.135.18 - - [07/Oct/2020:10:45:15 +0200] "POST /[munged]: HTTP/1.1" 200 11878 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 118.163.135.18 - - [07/Oct/202	2020-10-07 23:50:40
142.44.242.38	attackbotsspam	Invalid user albert123 from 142.44.242.38 port 60018	2020-10-07 23:35:15
125.72.106.205	attackbotsspam	Oct 6 23:37:46 tuotantolaitos sshd[42644]: Failed password for root from 125.72.106.205 port 39320 ssh2 ...	2020-10-08 00:02:34
51.158.145.216	attackspambots	51.158.145.216 - - [07/Oct/2020:09:43:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2596 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.158.145.216 - - [07/Oct/2020:09:43:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2580 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.158.145.216 - - [07/Oct/2020:09:43:03 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-07 23:52:22
45.142.120.149	attackbots	Oct 7 17:38:16 srv01 postfix/smtpd\[15033\]: warning: unknown\[45.142.120.149\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 7 17:38:22 srv01 postfix/smtpd\[15013\]: warning: unknown\[45.142.120.149\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 7 17:38:23 srv01 postfix/smtpd\[15041\]: warning: unknown\[45.142.120.149\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 7 17:38:25 srv01 postfix/smtpd\[14934\]: warning: unknown\[45.142.120.149\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 7 17:38:27 srv01 postfix/smtpd\[15033\]: warning: unknown\[45.142.120.149\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-10-07 23:43:56
61.177.172.89	attack	Oct 7 17:31:28 vps647732 sshd[21329]: Failed password for root from 61.177.172.89 port 8602 ssh2 Oct 7 17:31:42 vps647732 sshd[21329]: error: maximum authentication attempts exceeded for root from 61.177.172.89 port 8602 ssh2 [preauth] ...	2020-10-07 23:41:58
222.79.60.253	attackbots	Oct 7 01:28:04 pve1 sshd[3360]: Failed password for root from 222.79.60.253 port 9522 ssh2 ...	2020-10-07 23:42:46
182.71.46.37	attack	SSH/22 MH Probe, BF, Hack -	2020-10-07 23:33:09
94.242.171.166	attackspam	1602016923 - 10/06/2020 22:42:03 Host: 94.242.171.166/94.242.171.166 Port: 445 TCP Blocked ...	2020-10-07 23:31:01
51.210.183.246	attack	51.210.183.246 - - [07/Oct/2020:10:42:07 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.210.183.246 - - [07/Oct/2020:10:42:08 +0200] "POST /wp-login.php HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.210.183.246 - - [07/Oct/2020:10:42:08 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.210.183.246 - - [07/Oct/2020:10:42:08 +0200] "POST /wp-login.php HTTP/1.1" 200 2672 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.210.183.246 - - [07/Oct/2020:10:42:08 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.210.183.246 - - [07/Oct/2020:10:42:09 +0200] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-10-07 23:42:27

最近上报的IP列表

17.156.133.22	44.146.145.156	120.39.231.25	89.103.79.83
206.251.84.91	156.50.110.8	4.144.77.12	154.86.220.124
50.74.113.130	14.251.97.234	148.65.239.100	190.2.143.60
14.247.130.36	126.75.243.222	101.255.116.44	179.104.228.39
82.78.209.53	180.246.140.11	94.99.22.51	140.136.210.146