114.5.221.142 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Indonesia

运营商(isp): PT Indosat

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Mobile ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	[Wed Oct 30 10:48:27.264476 2019] [:error] [pid 7559:tid 140145034290944] [client 114.5.221.142:6521] [client 114.5.221.142] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/peta-instrumentasi"] [unique_id "XbkIC48ZrE8Gf@6lZT6dTQAAAAE"], referer: https://karangploso.jatim.bmkg.go.id/ ...	2019-10-30 18:28:28

类型

评论内容

时间

attackbots

[Wed Oct 30 10:48:27.264476 2019] [:error] [pid 7559:tid 140145034290944] [client 114.5.221.142:6521] [client 114.5.221.142] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/peta-instrumentasi"] [unique_id "XbkIC48ZrE8Gf@6lZT6dTQAAAAE"], referer: https://karangploso.jatim.bmkg.go.id/
...

2019-10-30 18:28:28

相同子网IP讨论:

IP	类型	评论内容	时间
114.5.221.85	attack	Unauthorized connection attempt from IP address 114.5.221.85 on Port 445(SMB)	2019-07-28 19:56:36

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 114.5.221.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 745
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;114.5.221.142.			IN	A

;; AUTHORITY SECTION:
.			593	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019103000 1800 900 604800 86400

;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 30 18:28:25 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

142.221.5.114.in-addr.arpa domain name pointer 114-5-221-142.resources.indosat.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
142.221.5.114.in-addr.arpa	name = 114-5-221-142.resources.indosat.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
94.28.62.6	attack	[portscan] Port scan	2019-12-06 17:25:24
61.250.146.12	attackbots	Dec 6 02:51:10 TORMINT sshd\[25339\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.250.146.12 user=root Dec 6 02:51:12 TORMINT sshd\[25339\]: Failed password for root from 61.250.146.12 port 59640 ssh2 Dec 6 02:59:38 TORMINT sshd\[26059\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.250.146.12 user=root ...	2019-12-06 16:58:26
118.97.77.114	attack	2019-12-06T08:54:11.908969abusebot-7.cloudsearch.cf sshd\[994\]: Invalid user test from 118.97.77.114 port 50762	2019-12-06 17:02:59
181.112.153.106	attackbots	Unauthorised access (Dec 6) SRC=181.112.153.106 LEN=40 TTL=242 ID=20407 DF TCP DPT=8080 WINDOW=14600 SYN	2019-12-06 17:29:52
112.85.42.176	attackspambots	Dec 6 10:01:15 herz-der-gamer sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.176 user=root Dec 6 10:01:16 herz-der-gamer sshd[32060]: Failed password for root from 112.85.42.176 port 44803 ssh2 ...	2019-12-06 17:01:51
31.31.77.80	attackspambots	Dec 6 07:15:55 ns382633 sshd\[19008\]: Invalid user guest from 31.31.77.80 port 46359 Dec 6 07:15:55 ns382633 sshd\[19008\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.31.77.80 Dec 6 07:15:58 ns382633 sshd\[19008\]: Failed password for invalid user guest from 31.31.77.80 port 46359 ssh2 Dec 6 07:27:44 ns382633 sshd\[20830\]: Invalid user xxx from 31.31.77.80 port 35769 Dec 6 07:27:44 ns382633 sshd\[20830\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.31.77.80	2019-12-06 17:13:04
112.169.152.105	attackspam	Dec 6 08:42:44 hcbbdb sshd\[29183\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.169.152.105 user=root Dec 6 08:42:46 hcbbdb sshd\[29183\]: Failed password for root from 112.169.152.105 port 33270 ssh2 Dec 6 08:49:00 hcbbdb sshd\[29913\]: Invalid user tamil from 112.169.152.105 Dec 6 08:49:00 hcbbdb sshd\[29913\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.169.152.105 Dec 6 08:49:02 hcbbdb sshd\[29913\]: Failed password for invalid user tamil from 112.169.152.105 port 43774 ssh2	2019-12-06 17:03:11
80.227.12.38	attackbots	Dec 6 09:37:17 MK-Soft-Root2 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.227.12.38 Dec 6 09:37:19 MK-Soft-Root2 sshd[26687]: Failed password for invalid user aliyah from 80.227.12.38 port 40528 ssh2 ...	2019-12-06 17:14:30
222.186.180.17	attack	Dec 6 14:38:26 areeb-Workstation sshd[7432]: Failed password for root from 222.186.180.17 port 28386 ssh2 Dec 6 14:38:44 areeb-Workstation sshd[7432]: error: maximum authentication attempts exceeded for root from 222.186.180.17 port 28386 ssh2 [preauth] ...	2019-12-06 17:08:53
5.249.131.161	attack	Dec 6 10:14:41 vps647732 sshd[20625]: Failed password for root from 5.249.131.161 port 61295 ssh2 ...	2019-12-06 17:27:41
89.105.202.97	attackspam	Dec 6 09:44:32 ns3042688 sshd\[28354\]: Invalid user guest from 89.105.202.97 Dec 6 09:44:32 ns3042688 sshd\[28354\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.105.202.97 Dec 6 09:44:34 ns3042688 sshd\[28354\]: Failed password for invalid user guest from 89.105.202.97 port 44104 ssh2 Dec 6 09:50:46 ns3042688 sshd\[30474\]: Invalid user wylie from 89.105.202.97 Dec 6 09:50:46 ns3042688 sshd\[30474\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.105.202.97 ...	2019-12-06 16:59:27
63.81.87.148	attackspam	Dec 6 08:23:02 grey postfix/smtpd\[25173\]: NOQUEUE: reject: RCPT from packet.jcnovel.com\[63.81.87.148\]: 554 5.7.1 Service unavailable\; Client host \[63.81.87.148\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[63.81.87.148\]\; from=\ to=\ proto=ESMTP helo=\ ...	2019-12-06 17:34:44
201.244.120.226	attackbots	Automatic report - Banned IP Access	2019-12-06 17:05:59
129.28.166.212	attack	2019-12-06T08:51:09.279496abusebot-6.cloudsearch.cf sshd\[3678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.166.212 user=root	2019-12-06 17:03:25
54.37.159.50	attackspam	Dec 6 05:38:35 firewall sshd[31363]: Failed password for invalid user mysql from 54.37.159.50 port 42978 ssh2 Dec 6 05:43:58 firewall sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.159.50 user=root Dec 6 05:44:00 firewall sshd[31524]: Failed password for root from 54.37.159.50 port 53948 ssh2 ...	2019-12-06 17:20:32

最近上报的IP列表

167.115.113.148	244.122.117.87	138.110.213.133	14.214.177.106
163.81.0.138	205.221.120.199	152.247.206.188	164.28.64.127
150.240.151.71	94.0.58.167	25.124.129.18	147.245.86.98
144.61.45.180	178.69.233.129	3.183.126.107	100.185.227.21
8.61.43.182	77.135.165.230	51.238.133.208	122.51.107.182