114.5.221.142 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Indonesia

运营商(isp): PT Indosat

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Mobile ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	[Wed Oct 30 10:48:27.264476 2019] [:error] [pid 7559:tid 140145034290944] [client 114.5.221.142:6521] [client 114.5.221.142] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/peta-instrumentasi"] [unique_id "XbkIC48ZrE8Gf@6lZT6dTQAAAAE"], referer: https://karangploso.jatim.bmkg.go.id/ ...	2019-10-30 18:28:28

类型

评论内容

时间

attackbots

[Wed Oct 30 10:48:27.264476 2019] [:error] [pid 7559:tid 140145034290944] [client 114.5.221.142:6521] [client 114.5.221.142] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/peta-instrumentasi"] [unique_id "XbkIC48ZrE8Gf@6lZT6dTQAAAAE"], referer: https://karangploso.jatim.bmkg.go.id/
...

2019-10-30 18:28:28

相同子网IP讨论:

IP	类型	评论内容	时间
114.5.221.85	attack	Unauthorized connection attempt from IP address 114.5.221.85 on Port 445(SMB)	2019-07-28 19:56:36

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 114.5.221.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 745
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;114.5.221.142.			IN	A

;; AUTHORITY SECTION:
.			593	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019103000 1800 900 604800 86400

;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 30 18:28:25 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

142.221.5.114.in-addr.arpa domain name pointer 114-5-221-142.resources.indosat.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
142.221.5.114.in-addr.arpa	name = 114-5-221-142.resources.indosat.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
81.168.53.251	attackbots	Automatic report - Port Scan Attack	2020-02-24 01:50:37
79.9.64.130	attackspambots	Honeypot attack, port: 5555, PTR: host130-64-static.9-79-b.business.telecomitalia.it.	2020-02-24 02:09:16
41.218.201.214	attackspam	20/2/23@08:26:08: FAIL: Alarm-Network address from=41.218.201.214 ...	2020-02-24 01:57:14
114.234.50.212	attackbots	Feb 23 14:26:02 grey postfix/smtpd\[8191\]: NOQUEUE: reject: RCPT from unknown\[114.234.50.212\]: 554 5.7.1 Service unavailable\; Client host \[114.234.50.212\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[114.234.50.212\]\; from=\ to=\ proto=SMTP helo=\ ...	2020-02-24 02:04:31
178.221.95.185	attackspambots	lfd: (smtpauth) Failed SMTP AUTH login from 178.221.95.185 (178-221-95-185.dynamic.isp.telekom.rs): 5 in the last 3600 secs - Tue Jun 19 16:50:50 2018	2020-02-24 01:47:45
78.67.151.76	attack	Honeypot attack, port: 5555, PTR: 78-67-151-76-no2500.tbcn.telia.com.	2020-02-24 02:18:10
148.240.235.240	attackspambots	Automatic report - Port Scan Attack	2020-02-24 01:55:32
120.132.22.143	attack	lfd: (smtpauth) Failed SMTP AUTH login from 120.132.22.143 (-): 5 in the last 3600 secs - Tue Jun 19 22:20:40 2018	2020-02-24 01:49:16
123.194.23.61	attack	Honeypot attack, port: 5555, PTR: 123-194-23-61.dynamic.kbronet.com.tw.	2020-02-24 02:12:44
175.19.42.221	attack	Brute force blocker - service: proftpd1 - aantal: 50 - Tue Jun 19 11:30:19 2018	2020-02-24 01:48:05
125.211.171.159	attackspam	Brute force blocker - service: proftpd1, proftpd2 - aantal: 139 - Tue Jun 19 00:15:16 2018	2020-02-24 02:07:09
5.188.207.21	attackbots	Brute force blocker - service: dovecot1 - aantal: 25 - Sun Jun 17 11:00:17 2018	2020-02-24 02:16:13
190.218.45.153	attackbots	Honeypot attack, port: 81, PTR: PTR record not found	2020-02-24 01:55:13
220.167.161.200	attackbots	Feb 23 10:11:28 ny01 sshd[24769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.167.161.200 Feb 23 10:11:30 ny01 sshd[24769]: Failed password for invalid user wrchang from 220.167.161.200 port 52552 ssh2 Feb 23 10:14:43 ny01 sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.167.161.200	2020-02-24 02:05:30
222.186.15.158	attackspam	Feb 23 17:59:11 IngegnereFirenze sshd[24559]: User root from 222.186.15.158 not allowed because not listed in AllowUsers ...	2020-02-24 01:59:27

最近上报的IP列表

167.115.113.148	244.122.117.87	138.110.213.133	14.214.177.106
163.81.0.138	205.221.120.199	152.247.206.188	164.28.64.127
150.240.151.71	94.0.58.167	25.124.129.18	147.245.86.98
144.61.45.180	178.69.233.129	3.183.126.107	100.185.227.21
8.61.43.182	77.135.165.230	51.238.133.208	122.51.107.182