39.106.1.137 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Aliyun Computing Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2020-03-10 04:54:43,392 fail2ban.actions: WARNING [ssh] Ban 39.106.1.137	2020-03-10 13:26:40
attackbotsspam	Mar 1 11:50:09 zn008 sshd[14226]: Invalid user jiandunwen from 39.106.1.137 Mar 1 11:50:09 zn008 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 Mar 1 11:50:11 zn008 sshd[14226]: Failed password for invalid user jiandunwen from 39.106.1.137 port 48602 ssh2 Mar 1 11:50:11 zn008 sshd[14226]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth] Mar 1 12:02:53 zn008 sshd[15511]: Invalid user admin from 39.106.1.137 Mar 1 12:02:53 zn008 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 Mar 1 12:02:55 zn008 sshd[15511]: Failed password for invalid user admin from 39.106.1.137 port 42608 ssh2 Mar 1 12:02:55 zn008 sshd[15511]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth] Mar 1 12:04:06 zn008 sshd[15531]: Invalid user test from 39.106.1.137 Mar 1 12:04:06 zn008 sshd[15531]: pam_unix(sshd:auth): authentication failur........ -------------------------------	2020-03-02 02:02:52

类型

评论内容

时间

attack

2020-03-10 04:54:43,392 fail2ban.actions: WARNING [ssh] Ban 39.106.1.137

2020-03-10 13:26:40

attackbotsspam

Mar  1 11:50:09 zn008 sshd[14226]: Invalid user jiandunwen from 39.106.1.137
Mar  1 11:50:09 zn008 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 
Mar  1 11:50:11 zn008 sshd[14226]: Failed password for invalid user jiandunwen from 39.106.1.137 port 48602 ssh2
Mar  1 11:50:11 zn008 sshd[14226]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth]
Mar  1 12:02:53 zn008 sshd[15511]: Invalid user admin from 39.106.1.137
Mar  1 12:02:53 zn008 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.1.137 
Mar  1 12:02:55 zn008 sshd[15511]: Failed password for invalid user admin from 39.106.1.137 port 42608 ssh2
Mar  1 12:02:55 zn008 sshd[15511]: Received disconnect from 39.106.1.137: 11: Bye Bye [preauth]
Mar  1 12:04:06 zn008 sshd[15531]: Invalid user test from 39.106.1.137
Mar  1 12:04:06 zn008 sshd[15531]: pam_unix(sshd:auth): authentication failur........
-------------------------------

2020-03-02 02:02:52

相同子网IP讨论:

IP	类型	评论内容	时间
39.106.124.148	attack	20 attempts against mh-ssh on flare	2020-10-10 23:23:57
39.106.124.148	attack	20 attempts against mh-ssh on flare	2020-10-10 15:13:30
39.106.12.194	attackbotsspam	TCP (SYN) 39.106.12.194:47042 -> port 80, len 52	2020-09-04 03:59:07
39.106.12.194	attackspam	TCP (SYN) 39.106.12.194:47042 -> port 80, len 52	2020-09-03 19:36:40
39.106.141.132	attack	39.106.141.132 - - \[01/Sep/2020:19:57:44 +0200\] "GET /TP/public/index.php HTTP/1.1" 404 188 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:46 +0200\] "GET /TP/index.php HTTP/1.1" 404 183 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:48 +0200\] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 193 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" ...	2020-09-03 02:44:41
39.106.141.132	attackbotsspam	39.106.141.132 - - \[01/Sep/2020:19:57:44 +0200\] "GET /TP/public/index.php HTTP/1.1" 404 188 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:46 +0200\] "GET /TP/index.php HTTP/1.1" 404 183 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" 39.106.141.132 - - \[01/Sep/2020:19:57:48 +0200\] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 193 "-" "Mozilla/5.0 \(Windows\; U\; Windows NT 6.0\;en-US\; rv:1.9.2\) Gecko/20100115 Firefox/3.6\)" ...	2020-09-02 18:16:56
39.106.146.102	attackspambots	xmlrpc attack	2020-08-31 21:06:40
39.106.12.243	attackbots	[MK-VM4] Blocked by UFW	2020-08-31 08:57:57
39.106.135.224	attackbots	Jun 3 00:25:54 lukav-desktop sshd\[11435\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root Jun 3 00:25:56 lukav-desktop sshd\[11435\]: Failed password for root from 39.106.135.224 port 15817 ssh2 Jun 3 00:26:46 lukav-desktop sshd\[11464\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root Jun 3 00:26:48 lukav-desktop sshd\[11464\]: Failed password for root from 39.106.135.224 port 26989 ssh2 Jun 3 00:27:40 lukav-desktop sshd\[11468\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.106.135.224 user=root	2020-06-03 07:02:39
39.106.119.75	attackbots	php vulnerability probing	2020-05-31 17:12:08
39.106.103.203	attackbots	Unauthorized connection attempt detected from IP address 39.106.103.203 to port 1987 [T]	2020-05-09 04:25:06
39.106.13.69	attackbots	Port scan detected on ports: 33893[TCP], 43389[TCP], 3392[TCP]	2020-05-02 07:05:08
39.106.101.83	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-03-28 01:43:27
39.106.101.83	attack	39.106.101.83 - - \[20/Mar/2020:14:09:12 +0100\] "POST /wp-login.php HTTP/1.0" 200 6978 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 39.106.101.83 - - \[20/Mar/2020:14:09:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 6947 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 39.106.101.83 - - \[20/Mar/2020:14:09:23 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-03-21 02:27:51
39.106.190.42	attackspambots	firewall-block, port(s): 1433/tcp, 6380/tcp, 7001/tcp, 7002/tcp, 9200/tcp	2020-03-18 19:15:42

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 39.106.1.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18123
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.106.1.137.			IN	A

;; AUTHORITY SECTION:
.			534	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030101 1800 900 604800 86400

;; Query time: 121 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 02 02:02:46 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 137.1.106.39.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 137.1.106.39.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.96.69.215	attack	Unauthorized SSH login attempts	2019-08-02 04:11:27
120.63.14.27	attack	Automatic report - Port Scan Attack	2019-08-02 03:47:07
213.182.94.121	attackspambots	Aug 1 17:10:51 heissa sshd\[17255\]: Invalid user hot from 213.182.94.121 port 39564 Aug 1 17:10:51 heissa sshd\[17255\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.182.94.121 Aug 1 17:10:54 heissa sshd\[17255\]: Failed password for invalid user hot from 213.182.94.121 port 39564 ssh2 Aug 1 17:15:27 heissa sshd\[17702\]: Invalid user bsd2 from 213.182.94.121 port 37103 Aug 1 17:15:27 heissa sshd\[17702\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.182.94.121	2019-08-02 03:39:56
114.33.117.208	attack	scan z	2019-08-02 04:14:43
179.108.240.192	attackbots	failed_logins	2019-08-02 04:16:11
197.253.6.249	attackspam	2019-08-01T19:10:04.310575abusebot-2.cloudsearch.cf sshd\[19942\]: Invalid user jboss from 197.253.6.249 port 52657	2019-08-02 03:49:36
58.221.91.74	attackbots	Jul 31 14:58:17 ovpn sshd[12148]: Invalid user modifications from 58.221.91.74 Jul 31 14:58:17 ovpn sshd[12148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.221.91.74 Jul 31 14:58:19 ovpn sshd[12148]: Failed password for invalid user modifications from 58.221.91.74 port 54699 ssh2 Jul 31 14:58:19 ovpn sshd[12148]: Received disconnect from 58.221.91.74 port 54699:11: Bye Bye [preauth] Jul 31 14:58:19 ovpn sshd[12148]: Disconnected from 58.221.91.74 port 54699 [preauth] Jul 31 18:32:22 ovpn sshd[4285]: Invalid user invhostnamee from 58.221.91.74 Jul 31 18:32:22 ovpn sshd[4285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.221.91.74 Jul 31 18:32:23 ovpn sshd[4285]: Failed password for invalid user invhostnamee from 58.221.91.74 port 45506 ssh2 Jul 31 18:32:24 ovpn sshd[4285]: Received disconnect from 58.221.91.74 port 45506:11: Bye Bye [preauth] Jul 31 18:32:24 ovpn sshd[4285]: Disc........ ------------------------------	2019-08-02 04:15:54
177.130.161.173	attack	failed_logins	2019-08-02 04:14:15
218.92.0.182	attack	Aug 1 18:47:00 h2177944 sshd\[26144\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.182 user=root Aug 1 18:47:02 h2177944 sshd\[26144\]: Failed password for root from 218.92.0.182 port 47980 ssh2 Aug 1 18:47:05 h2177944 sshd\[26144\]: Failed password for root from 218.92.0.182 port 47980 ssh2 Aug 1 18:47:08 h2177944 sshd\[26144\]: Failed password for root from 218.92.0.182 port 47980 ssh2 ...	2019-08-02 04:17:53
201.148.247.142	attackbotsspam	Try access to SMTP/POP/IMAP server.	2019-08-02 04:18:30
111.231.63.14	attackbotsspam	Aug 1 10:25:19 vps200512 sshd\[19051\]: Invalid user password123 from 111.231.63.14 Aug 1 10:25:19 vps200512 sshd\[19051\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.63.14 Aug 1 10:25:21 vps200512 sshd\[19051\]: Failed password for invalid user password123 from 111.231.63.14 port 58060 ssh2 Aug 1 10:30:25 vps200512 sshd\[19098\]: Invalid user mk@123 from 111.231.63.14 Aug 1 10:30:25 vps200512 sshd\[19098\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.63.14	2019-08-02 03:54:01
109.102.158.14	attack	Jul 30 22:25:42 xb3 sshd[31593]: Failed password for invalid user charles from 109.102.158.14 port 53184 ssh2 Jul 30 22:25:42 xb3 sshd[31593]: Received disconnect from 109.102.158.14: 11: Bye Bye [preauth] Jul 30 22:56:54 xb3 sshd[27735]: Failed password for invalid user um from 109.102.158.14 port 43202 ssh2 Jul 30 22:56:54 xb3 sshd[27735]: Received disconnect from 109.102.158.14: 11: Bye Bye [preauth] Jul 30 23:01:25 xb3 sshd[25324]: Failed password for invalid user dev from 109.102.158.14 port 40112 ssh2 Jul 30 23:01:25 xb3 sshd[25324]: Received disconnect from 109.102.158.14: 11: Bye Bye [preauth] Jul 30 23:05:48 xb3 sshd[22277]: Failed password for invalid user test1 from 109.102.158.14 port 36796 ssh2 Jul 30 23:05:48 xb3 sshd[22277]: Received disconnect from 109.102.158.14: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=109.102.158.14	2019-08-02 03:48:54
148.72.65.10	attackspambots	Aug 1 09:44:25 aat-srv002 sshd[12848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.65.10 Aug 1 09:44:27 aat-srv002 sshd[12848]: Failed password for invalid user train5 from 148.72.65.10 port 37982 ssh2 Aug 1 09:48:52 aat-srv002 sshd[12906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.65.10 Aug 1 09:48:54 aat-srv002 sshd[12906]: Failed password for invalid user test from 148.72.65.10 port 33272 ssh2 ...	2019-08-02 03:48:31
180.149.125.168	attack	Honeypot hit.	2019-08-02 03:52:32
189.91.3.145	attackspambots	failed_logins	2019-08-02 03:35:31

最近上报的IP列表

17.156.133.22	44.146.145.156	120.39.231.25	89.103.79.83
206.251.84.91	156.50.110.8	4.144.77.12	154.86.220.124
50.74.113.130	14.251.97.234	148.65.239.100	190.2.143.60
14.247.130.36	126.75.243.222	101.255.116.44	179.104.228.39
82.78.209.53	180.246.140.11	94.99.22.51	140.136.210.146