106.13.28.99 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Beijing Baidu Netcom Science and Technology Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Search Engine Spider

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	" "	2020-05-02 05:02:01
attack	SSH brute force	2020-04-23 08:00:59
attack	Unauthorized SSH login attempts	2020-04-11 01:46:44
attackbots	(sshd) Failed SSH login from 106.13.28.99 (CN/China/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 28 22:37:28 ubnt-55d23 sshd[10758]: Invalid user jrp from 106.13.28.99 port 48180 Mar 28 22:37:31 ubnt-55d23 sshd[10758]: Failed password for invalid user jrp from 106.13.28.99 port 48180 ssh2	2020-03-29 06:45:48
attackbotsspam	Invalid user import from 106.13.28.99 port 34352	2020-03-19 17:37:46

Comments on same subnet:

IP	Type	Details	Datetime
106.13.28.108	attackbotsspam	Aug 11 09:03:59 Host-KLAX-C sshd[21646]: Did not receive identification string from 106.13.28.108 port 52032 ...	2020-08-12 02:16:56
106.13.28.108	attack	Aug 10 21:20:01 h2779839 sshd[11112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 user=root Aug 10 21:20:03 h2779839 sshd[11112]: Failed password for root from 106.13.28.108 port 49868 ssh2 Aug 10 21:22:04 h2779839 sshd[11143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 user=root Aug 10 21:22:07 h2779839 sshd[11143]: Failed password for root from 106.13.28.108 port 51582 ssh2 Aug 10 21:24:10 h2779839 sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 user=root Aug 10 21:24:12 h2779839 sshd[11157]: Failed password for root from 106.13.28.108 port 53296 ssh2 Aug 10 21:26:16 h2779839 sshd[11175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 user=root Aug 10 21:26:18 h2779839 sshd[11175]: Failed password for root from 106.13.28.108 port 55014 ssh2 Aug ...	2020-08-11 03:58:16
106.13.28.108	attack	SSH brute-force attempt	2020-08-07 02:07:26
106.13.28.108	attackspam	Jul 29 16:13:13 marvibiene sshd[28030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 Jul 29 16:13:15 marvibiene sshd[28030]: Failed password for invalid user epiconf from 106.13.28.108 port 36052 ssh2 Jul 29 16:17:30 marvibiene sshd[28249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108	2020-07-29 22:23:51
106.13.28.108	attackbots	2020-07-14T19:41:04.0720081495-001 sshd[9813]: Invalid user asgbrasil from 106.13.28.108 port 57968 2020-07-14T19:41:05.9447171495-001 sshd[9813]: Failed password for invalid user asgbrasil from 106.13.28.108 port 57968 ssh2 2020-07-14T19:43:45.6102951495-001 sshd[9961]: Invalid user sinusbot from 106.13.28.108 port 41554 2020-07-14T19:43:45.6134071495-001 sshd[9961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 2020-07-14T19:43:45.6102951495-001 sshd[9961]: Invalid user sinusbot from 106.13.28.108 port 41554 2020-07-14T19:43:47.2523101495-001 sshd[9961]: Failed password for invalid user sinusbot from 106.13.28.108 port 41554 ssh2 ...	2020-07-15 08:17:33
106.13.28.108	attackspambots	"fail2ban match"	2020-07-10 22:08:35
106.13.28.108	attackspam	Failed password for invalid user ubuntu from 106.13.28.108 port 35698 ssh2	2020-06-29 00:05:55
106.13.28.108	attackspambots	Jun 27 18:47:41 havingfunrightnow sshd[30929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 Jun 27 18:47:43 havingfunrightnow sshd[30929]: Failed password for invalid user lijia from 106.13.28.108 port 49872 ssh2 Jun 27 18:57:07 havingfunrightnow sshd[31086]: Failed password for root from 106.13.28.108 port 35158 ssh2 ...	2020-06-28 01:30:17
106.13.28.108	attack	(sshd) Failed SSH login from 106.13.28.108 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 9 05:43:15 amsweb01 sshd[31657]: Invalid user aida from 106.13.28.108 port 58252 Jun 9 05:43:17 amsweb01 sshd[31657]: Failed password for invalid user aida from 106.13.28.108 port 58252 ssh2 Jun 9 05:52:22 amsweb01 sshd[880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 user=root Jun 9 05:52:24 amsweb01 sshd[880]: Failed password for root from 106.13.28.108 port 59442 ssh2 Jun 9 05:55:57 amsweb01 sshd[1376]: Invalid user dm from 106.13.28.108 port 50156	2020-06-09 13:39:00
106.13.28.108	attackbotsspam	May 24 08:33:53 server sshd[6643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 May 24 08:33:55 server sshd[6643]: Failed password for invalid user vwz from 106.13.28.108 port 35280 ssh2 May 24 08:36:00 server sshd[6888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.108 ...	2020-05-24 15:03:17
106.13.28.108	attack	distributed sshd attacks	2020-04-17 14:13:03
106.13.28.16	attack	Unauthorized connection attempt detected from IP address 106.13.28.16 to port 2220 [J]	2020-01-07 15:13:30
106.13.28.16	attackbotsspam	Jan 1 07:29:23 * sshd[8863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.16 Jan 1 07:29:25 * sshd[8863]: Failed password for invalid user dud from 106.13.28.16 port 58188 ssh2	2020-01-01 15:04:05
106.13.28.62	attack	Aug 31 12:07:19 kapalua sshd\[15859\]: Invalid user daniel from 106.13.28.62 Aug 31 12:07:19 kapalua sshd\[15859\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.62 Aug 31 12:07:22 kapalua sshd\[15859\]: Failed password for invalid user daniel from 106.13.28.62 port 36554 ssh2 Aug 31 12:12:11 kapalua sshd\[16415\]: Invalid user pfdracin from 106.13.28.62 Aug 31 12:12:11 kapalua sshd\[16415\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.28.62	2019-09-01 06:30:26
106.13.28.62	attackbotsspam	"Fail2Ban detected SSH brute force attempt"	2019-08-25 09:09:11

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.13.28.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45660
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.13.28.99.			IN	A

;; AUTHORITY SECTION:
.			225	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031900 1800 900 604800 86400

;; Query time: 106 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 19 17:37:39 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 99.28.13.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 99.28.13.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
162.241.215.221	attackbotsspam	162.241.215.221 - - [01/Sep/2020:08:49:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2234 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.241.215.221 - - [01/Sep/2020:08:49:56 +0100] "POST /wp-login.php HTTP/1.1" 200 2231 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.241.215.221 - - [01/Sep/2020:08:49:57 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-01 16:07:19
119.6.105.3	attackspam	Icarus honeypot on github	2020-09-01 16:21:18
191.34.162.186	attackbotsspam	Sep 1 09:40:16 server sshd[27283]: User root from 191.34.162.186 not allowed because listed in DenyUsers Sep 1 09:40:18 server sshd[27283]: Failed password for invalid user root from 191.34.162.186 port 58786 ssh2 Sep 1 09:40:16 server sshd[27283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.34.162.186 user=root Sep 1 09:40:16 server sshd[27283]: User root from 191.34.162.186 not allowed because listed in DenyUsers Sep 1 09:40:18 server sshd[27283]: Failed password for invalid user root from 191.34.162.186 port 58786 ssh2 ...	2020-09-01 15:56:51
62.215.6.11	attack	2020-09-01T09:46:38.957338vps773228.ovh.net sshd[5378]: Invalid user ha from 62.215.6.11 port 41580 2020-09-01T09:46:38.971071vps773228.ovh.net sshd[5378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=out02-tec.fasttelco.net 2020-09-01T09:46:38.957338vps773228.ovh.net sshd[5378]: Invalid user ha from 62.215.6.11 port 41580 2020-09-01T09:46:41.101901vps773228.ovh.net sshd[5378]: Failed password for invalid user ha from 62.215.6.11 port 41580 ssh2 2020-09-01T09:50:53.915366vps773228.ovh.net sshd[5434]: Invalid user informix from 62.215.6.11 port 43551 ...	2020-09-01 16:14:41
152.136.98.80	attackspambots	Sep 1 08:05:54 scw-6657dc sshd[22964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.98.80 Sep 1 08:05:54 scw-6657dc sshd[22964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.98.80 Sep 1 08:05:56 scw-6657dc sshd[22964]: Failed password for invalid user vinci from 152.136.98.80 port 52684 ssh2 ...	2020-09-01 16:25:35
189.35.91.154	attackspam	Sep 1 08:15:29 mailserver sshd\[24327\]: Invalid user admin from 189.35.91.154 ...	2020-09-01 16:16:16
218.92.0.202	attack	2020-09-01T10:01:55.098303rem.lavrinenko.info sshd[15301]: refused connect from 218.92.0.202 (218.92.0.202) 2020-09-01T10:03:01.179100rem.lavrinenko.info sshd[15303]: refused connect from 218.92.0.202 (218.92.0.202) 2020-09-01T10:04:03.027017rem.lavrinenko.info sshd[15305]: refused connect from 218.92.0.202 (218.92.0.202) 2020-09-01T10:05:04.995011rem.lavrinenko.info sshd[15306]: refused connect from 218.92.0.202 (218.92.0.202) 2020-09-01T10:06:07.787226rem.lavrinenko.info sshd[15307]: refused connect from 218.92.0.202 (218.92.0.202) ...	2020-09-01 16:18:47
185.182.59.40	attackbotsspam	/wp-login.php	2020-09-01 16:19:26
41.105.27.119	attackspam	41.105.27.119 - - \[01/Sep/2020:06:51:32 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 \(Windows NT 6.1\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/59.0.3071.109 Safari/537.36" "-" 41.105.27.119 - - \[01/Sep/2020:06:51:35 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 \(Windows NT 6.1\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/59.0.3071.109 Safari/537.36" "-" ...	2020-09-01 15:51:39
208.109.53.185	attackbotsspam	Automatic report - Banned IP Access	2020-09-01 16:13:01
84.22.49.174	attackbotsspam	Sep 1 09:49:19 server sshd[19729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.49.174 Sep 1 09:49:19 server sshd[19729]: Invalid user admin from 84.22.49.174 port 47968 Sep 1 09:49:21 server sshd[19729]: Failed password for invalid user admin from 84.22.49.174 port 47968 ssh2 Sep 1 10:01:45 server sshd[7404]: Invalid user team from 84.22.49.174 port 49098 Sep 1 10:01:45 server sshd[7404]: Invalid user team from 84.22.49.174 port 49098 ...	2020-09-01 16:23:18
51.116.169.53	attackbotsspam	2020-09-01 09:58:12 dovecot_login authenticator failed for \(ADMIN\) \[51.116.169.53\]: 535 Incorrect authentication data \(set_id=support@opso.it\) 2020-09-01 09:59:27 dovecot_login authenticator failed for \(ADMIN\) \[51.116.169.53\]: 535 Incorrect authentication data \(set_id=support@opso.it\) 2020-09-01 10:00:43 dovecot_login authenticator failed for \(ADMIN\) \[51.116.169.53\]: 535 Incorrect authentication data \(set_id=support@opso.it\) 2020-09-01 10:02:00 dovecot_login authenticator failed for \(ADMIN\) \[51.116.169.53\]: 535 Incorrect authentication data \(set_id=support@opso.it\) 2020-09-01 10:03:16 dovecot_login authenticator failed for \(ADMIN\) \[51.116.169.53\]: 535 Incorrect authentication data \(set_id=support@opso.it\)	2020-09-01 16:11:40
45.95.168.96	attackspambots	2020-09-01 10:07:48 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@nopcommerce.it\) 2020-09-01 10:09:29 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@opso.it\) 2020-09-01 10:09:38 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@nophost.com\) 2020-09-01 10:13:30 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@nopcommerce.it\) 2020-09-01 10:15:14 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@nophost.com\) 2020-09-01 10:15:14 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=news@opso.it\)	2020-09-01 16:24:03
54.246.43.110	attackbotsspam	01.09.2020 05:51:02 - Wordpress fail Detected by ELinOX-ALM	2020-09-01 16:15:43
222.186.30.35	attack	Unauthorized connection attempt detected from IP address 222.186.30.35 to port 22 [T]	2020-09-01 15:57:44

Recently Reported IPs

222.112.30.116	156.203.92.59	107.85.33.9	137.220.175.158
52.191.114.173	82.97.201.55	181.139.172.222	81.10.20.171
50.253.173.62	192.241.238.224	141.152.60.17	226.81.67.197
111.17.247.174	13.82.101.220	42.231.81.243	116.72.52.84
119.204.133.9	200.56.44.192	80.19.66.179	189.112.179.115