131.100.134.244

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Brazil

运营商(isp): Associacao Vista Bella Ribeirao Preto

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	unauthorized connection attempt	2020-02-19 13:29:05
attack	[Tue Sep 24 19:45:15.082086 2019] [:error] [pid 557:tid 139859343623936] [client 131.100.134.244:54632] [client 131.100.134.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.1.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XYoP2xQw9A2OMwDcDThOAwAAAJM"] ...	2019-09-24 22:09:05

类型

评论内容

时间

attack

unauthorized connection attempt

2020-02-19 13:29:05

attack

[Tue Sep 24 19:45:15.082086 2019] [:error] [pid 557:tid 139859343623936] [client 131.100.134.244:54632] [client 131.100.134.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.1.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XYoP2xQw9A2OMwDcDThOAwAAAJM"]
...

2019-09-24 22:09:05

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 131.100.134.244
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14131
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;131.100.134.244.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019052900 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed May 29 14:19:39 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

244.134.100.131.in-addr.arpa domain name pointer 131-100-134-244.radiobrastelecom.com.br.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
244.134.100.131.in-addr.arpa	name = 131-100-134-244.radiobrastelecom.com.br.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
188.122.133.113	attack	[portscan] tcp/23 [TELNET] [scan/connect: 6 time(s)] *(RWIN=50613)(08041230)	2019-08-05 04:26:56
34.65.133.254	attack	Aug 3 19:28:05 db01 sshd[21973]: Invalid user oracle from 34.65.133.254 Aug 3 19:28:06 db01 sshd[21973]: Failed password for invalid user oracle from 34.65.133.254 port 37690 ssh2 Aug 3 19:28:06 db01 sshd[21973]: Received disconnect from 34.65.133.254: 11: Bye Bye [preauth] Aug 3 19:28:06 db01 sshd[21975]: Invalid user nagios from 34.65.133.254 Aug 3 19:28:09 db01 sshd[21975]: Failed password for invalid user nagios from 34.65.133.254 port 50380 ssh2 Aug 3 19:28:09 db01 sshd[21975]: Received disconnect from 34.65.133.254: 11: Bye Bye [preauth] Aug 3 19:28:09 db01 sshd[21977]: Invalid user ghostname from 34.65.133.254 Aug 3 19:28:12 db01 sshd[21977]: Failed password for invalid user ghostname from 34.65.133.254 port 36886 ssh2 Aug 3 19:28:12 db01 sshd[21977]: Received disconnect from 34.65.133.254: 11: Bye Bye [preauth] Aug 3 19:28:12 db01 sshd[21979]: Invalid user hadoop from 34.65.133.254 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=34.65.133.2	2019-08-05 04:58:48
61.53.15.202	attackspambots	[portscan] tcp/23 [TELNET] *(RWIN=13122)(08041230)	2019-08-05 04:41:59
95.31.44.139	attackspambots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08041230)	2019-08-05 04:37:28
112.216.241.20	attackspambots	[portscan] tcp/23 [TELNET] *(RWIN=42644)(08041230)	2019-08-05 04:35:14
122.169.74.149	attack	[portscan] tcp/23 [TELNET] *(RWIN=52378)(08041230)	2019-08-05 04:33:35
103.64.13.14	attackbots	[SMB remote code execution attempt: port tcp/445] *(RWIN=63443)(08041230)	2019-08-05 04:15:50
64.79.70.13	attackspambots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08041230)	2019-08-05 04:19:45
77.87.77.54	attackbotsspam	08/04/2019-14:13:31.854589 77.87.77.54 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2019-08-05 04:19:10
170.130.187.50	attack	Honeypot attack, port: 81, PTR: PTR record not found	2019-08-05 04:49:58
105.246.25.84	attack	[portscan] tcp/23 [TELNET] *(RWIN=6326)(08041230)	2019-08-05 04:13:39
122.137.80.105	attackbotsspam	[portscan] tcp/23 [TELNET] *(RWIN=51039)(08041230)	2019-08-05 04:34:11
1.6.156.237	attackspambots	[portscan] tcp/139 [NetBIOS Session Service] *(RWIN=1024)(08041230)	2019-08-05 04:45:06
103.22.249.198	attackspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=8192)(08041230)	2019-08-05 04:51:42
185.118.152.2	attackspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=8192)(08041230)	2019-08-05 04:28:54

最近上报的IP列表

243.83.168.205	77.247.110.99	250.219.222.17	188.43.159.50
164.22.150.228	163.179.125.253	118.60.123.222	136.233.20.196
238.182.171.0	150.183.14.251	113.172.21.156	239.188.197.78
115.94.166.212	145.8.223.165	5.138.60.52	254.52.240.122
187.144.117.213	238.140.156.69	236.198.95.94	176.107.208.9