106.13.49.2 - IPInfo

Basic Info

City: unknown

Region: Beijing

Country: China

Internet Service Provider: Beijing Baidu Netcom Science and Technology Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Search Engine Spider

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH login attempts with user root at 2020-01-02.	2020-01-03 03:25:06

Comments on same subnet:

IP	Type	Details	Datetime
106.13.49.133	attackbots	TCP (SYN) 106.13.49.133:58977 -> port 3694, len 44	2020-08-14 01:21:53
106.13.49.233	attackspambots	SSH Brute Force	2020-04-29 12:54:57
106.13.49.133	attack	Apr 20 13:08:56 ip-172-31-62-245 sshd\[32266\]: Failed password for root from 106.13.49.133 port 38328 ssh2\ Apr 20 13:12:59 ip-172-31-62-245 sshd\[32359\]: Invalid user cu from 106.13.49.133\ Apr 20 13:13:01 ip-172-31-62-245 sshd\[32359\]: Failed password for invalid user cu from 106.13.49.133 port 56798 ssh2\ Apr 20 13:16:45 ip-172-31-62-245 sshd\[32389\]: Invalid user admin from 106.13.49.133\ Apr 20 13:16:47 ip-172-31-62-245 sshd\[32389\]: Failed password for invalid user admin from 106.13.49.133 port 47030 ssh2\	2020-04-21 02:05:08
106.13.49.133	attackspambots	Apr 19 11:54:03 ip-172-31-62-245 sshd\[13860\]: Invalid user test from 106.13.49.133\ Apr 19 11:54:04 ip-172-31-62-245 sshd\[13860\]: Failed password for invalid user test from 106.13.49.133 port 60186 ssh2\ Apr 19 11:58:38 ip-172-31-62-245 sshd\[13960\]: Invalid user pc from 106.13.49.133\ Apr 19 11:58:40 ip-172-31-62-245 sshd\[13960\]: Failed password for invalid user pc from 106.13.49.133 port 59856 ssh2\ Apr 19 12:03:27 ip-172-31-62-245 sshd\[14019\]: Invalid user tf from 106.13.49.133\	2020-04-19 22:30:19
106.13.49.133	attack	Apr 15 16:03:18 sigma sshd\[11128\]: Invalid user user from 106.13.49.133Apr 15 16:03:20 sigma sshd\[11128\]: Failed password for invalid user user from 106.13.49.133 port 60880 ssh2 ...	2020-04-15 23:07:55
106.13.49.213	attackbots	2020-04-11T04:12:57.924601shield sshd\[11514\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.49.213 user=root 2020-04-11T04:12:59.840031shield sshd\[11514\]: Failed password for root from 106.13.49.213 port 50002 ssh2 2020-04-11T04:17:15.636195shield sshd\[11986\]: Invalid user ben from 106.13.49.213 port 52898 2020-04-11T04:17:15.638828shield sshd\[11986\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.49.213 2020-04-11T04:17:17.639484shield sshd\[11986\]: Failed password for invalid user ben from 106.13.49.213 port 52898 ssh2	2020-04-11 13:43:02
106.13.49.133	attackspambots	20 attempts against mh-ssh on cloud	2020-04-09 06:15:51
106.13.49.213	attackbotsspam	Attempted connection to port 22.	2020-04-08 03:12:26
106.13.49.133	attackbots	$f2bV_matches	2020-04-05 13:56:18
106.13.49.213	attackbots	Mar 30 01:19:13 lock-38 sshd[317063]: Failed password for invalid user undernet from 106.13.49.213 port 34830 ssh2 Mar 30 01:27:27 lock-38 sshd[317289]: Invalid user hxh from 106.13.49.213 port 39402 Mar 30 01:27:27 lock-38 sshd[317289]: Invalid user hxh from 106.13.49.213 port 39402 Mar 30 01:27:27 lock-38 sshd[317289]: Failed password for invalid user hxh from 106.13.49.213 port 39402 ssh2 Mar 30 01:30:29 lock-38 sshd[317369]: Invalid user test from 106.13.49.213 port 54014 ...	2020-03-30 08:49:12
106.13.49.213	attack	Fail2Ban Ban Triggered (2)	2020-03-29 13:10:32
106.13.49.213	attackspambots	Invalid user www from 106.13.49.213 port 38908	2020-03-29 09:12:07
106.13.49.213	attackbots	detected by Fail2Ban	2020-03-19 20:58:07
106.13.49.7	attackbots	Feb 27 06:46:15 serwer sshd\[25695\]: User ftpuser from 106.13.49.7 not allowed because not listed in AllowUsers Feb 27 06:46:15 serwer sshd\[25695\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.49.7 user=ftpuser Feb 27 06:46:17 serwer sshd\[25695\]: Failed password for invalid user ftpuser from 106.13.49.7 port 49912 ssh2 ...	2020-02-27 16:39:31
106.13.49.7	attack	Brute-force attempt banned	2020-02-08 21:51:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.13.49.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55107
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.13.49.2.			IN	A

;; AUTHORITY SECTION:
.			336	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020010200 1800 900 604800 86400

;; Query time: 88 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jan 03 03:25:01 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 2.49.13.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.49.13.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
46.38.150.37	attackspambots	Jul 15 00:43:03 v22019058497090703 postfix/smtpd[28398]: warning: unknown[46.38.150.37]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 15 00:44:07 v22019058497090703 postfix/smtpd[28398]: warning: unknown[46.38.150.37]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 15 00:45:07 v22019058497090703 postfix/smtpd[28398]: warning: unknown[46.38.150.37]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-15 06:46:50
103.85.19.81	attackbotsspam	103.85.19.81 - - [14/Jul/2020:19:17:22 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 103.85.19.81 - - [14/Jul/2020:19:17:26 +0100] "POST /wp-login.php HTTP/1.1" 200 7828 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 103.85.19.81 - - [14/Jul/2020:19:25:50 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ...	2020-07-15 06:39:41
118.160.77.8	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-07-15 06:37:56
193.169.212.93	attack	SpamScore above: 10.0	2020-07-15 06:33:51
222.186.180.6	attackspambots	Jul 15 00:08:18 nas sshd[22662]: Failed password for root from 222.186.180.6 port 14010 ssh2 Jul 15 00:08:24 nas sshd[22662]: Failed password for root from 222.186.180.6 port 14010 ssh2 Jul 15 00:08:29 nas sshd[22662]: Failed password for root from 222.186.180.6 port 14010 ssh2 Jul 15 00:08:33 nas sshd[22662]: Failed password for root from 222.186.180.6 port 14010 ssh2 ...	2020-07-15 06:12:22
112.49.52.58	attackspambots	Jul 14 22:59:19 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=112.49.52.58 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=41527 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 14 23:12:54 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=112.49.52.58 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=39234 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 14 23:43:46 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=112.49.52.58 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=36612 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 15 00:07:15 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=112.49.52.58 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54758 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 15 00:40:20 hidden kernel: [UF ...	2020-07-15 06:46:21
190.43.85.235	attack	Jul 14 20:25:47 mellenthin postfix/smtpd[19048]: NOQUEUE: reject: RCPT from unknown[190.43.85.235]: 554 5.7.1 Service unavailable; Client host [190.43.85.235] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/190.43.85.235 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[190.43.85.235]>	2020-07-15 06:45:09
220.174.24.4	attackbots	SSH Brute Force	2020-07-15 06:20:08
192.99.36.177	attackbotsspam	192.99.36.177 - - [14/Jul/2020:23:03:21 +0100] "POST /wp-login.php HTTP/1.1" 200 5249 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.36.177 - - [14/Jul/2020:23:05:26 +0100] "POST /wp-login.php HTTP/1.1" 200 5249 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.36.177 - - [14/Jul/2020:23:07:29 +0100] "POST /wp-login.php HTTP/1.1" 200 5256 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" ...	2020-07-15 06:12:50
187.103.73.133	attack	Jul 14 20:47:07 web8 sshd\[805\]: Invalid user user from 187.103.73.133 Jul 14 20:47:07 web8 sshd\[805\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.103.73.133 Jul 14 20:47:10 web8 sshd\[805\]: Failed password for invalid user user from 187.103.73.133 port 39578 ssh2 Jul 14 20:50:41 web8 sshd\[2608\]: Invalid user manager from 187.103.73.133 Jul 14 20:50:41 web8 sshd\[2608\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.103.73.133	2020-07-15 06:43:01
111.231.54.212	attackbots	SSH Brute-Force reported by Fail2Ban	2020-07-15 06:27:55
180.76.242.233	attack	k+ssh-bruteforce	2020-07-15 06:14:47
180.64.214.48	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-07-15 06:17:28
2.32.82.50	attack	SSH Invalid Login	2020-07-15 06:25:42
3.124.117.123	attackspambots	Jul 15 00:00:28 vserver sshd\[19842\]: Invalid user kristen from 3.124.117.123Jul 15 00:00:31 vserver sshd\[19842\]: Failed password for invalid user kristen from 3.124.117.123 port 56536 ssh2Jul 15 00:05:39 vserver sshd\[19906\]: Invalid user rodrigo from 3.124.117.123Jul 15 00:05:41 vserver sshd\[19906\]: Failed password for invalid user rodrigo from 3.124.117.123 port 38666 ssh2 ...	2020-07-15 06:38:29

Recently Reported IPs

106.13.114.2	1.235.32.78	102.39.162.60	72.234.112.247
96.240.220.21	106.12.69.2	166.128.60.172	177.55.66.72
61.80.7.254	106.12.211.2	180.211.29.17	216.200.61.93
12.94.56.45	31.249.78.255	106.12.3.1	188.52.245.179
106.12.100.1	139.168.232.26	176.250.43.254	68.12.249.188