139.162.116.133

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Netherlands

运营商(isp): Linode LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Malicious brute force vulnerability hacking attacks	2020-10-14 07:39:12
attackspambots	Automatic report - Banned IP Access	2020-09-08 04:27:28
attackspam	srvr2: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/06 18:45:21 [error] 75202#0: 153186 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159941072171.478932"] [ref "o0,14v21,14"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-07 20:06:17
attack	srvr1: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/29 15:49:44 [error] 27704#0: 112472 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "15987161847.535630"] [ref "o0,13v21,13"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-30 03:07:41
attackspambots	Automatic report - Banned IP Access	2020-07-24 15:27:46
attackspam	...	2019-12-13 19:21:25
attackspambots	port scan and connect, tcp 443 (https)	2019-10-22 03:23:48
attack	Port scan and direct access per IP instead of hostname	2019-07-28 16:20:45

相同子网IP讨论:

IP	类型	评论内容	时间
139.162.116.22	attackbotsspam	TCP (SYN) 139.162.116.22:35955 -> port 1755, len 44	2020-09-26 06:20:18
139.162.116.22	attackspam	TCP port : 1755	2020-09-25 23:22:16
139.162.116.22	attackspam	Found on Alienvault / proto=6 . srcport=45465 . dstport=1755 . (3629)	2020-09-25 15:00:43
139.162.116.230	attack	Unauthorized connection attempt detected from IP address 139.162.116.230 to port 8443 [T]	2020-08-29 21:15:35
139.162.116.230	attack	Hit honeypot r.	2020-08-16 18:21:09
139.162.116.22	attack	firewall-block, port(s): 1755/tcp	2020-08-15 03:38:20
139.162.116.22	attack	Jul 19 05:55:52 debian-2gb-nbg1-2 kernel: \[17389498.532185\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=139.162.116.22 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50139 DPT=1755 WINDOW=65535 RES=0x00 SYN URGP=0	2020-07-19 14:59:10
139.162.116.230	attackbotsspam	Tried our host z.	2020-07-19 07:21:42
139.162.116.22	attackspam	firewall-block, port(s): 1755/tcp	2020-05-01 06:55:12
139.162.116.22	attackbotsspam	Apr 26 13:58:33 debian-2gb-nbg1-2 kernel: \[10161249.278369\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=139.162.116.22 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33767 DPT=1755 WINDOW=65535 RES=0x00 SYN URGP=0	2020-04-27 04:17:32
139.162.116.230	attackspambots	port scan and connect, tcp 8443 (https-alt)	2020-04-09 01:39:49
139.162.116.22	attack	Hits on port : 1755	2020-04-05 08:26:18
139.162.116.230	attackbotsspam	Unauthorized connection attempt detected from IP address 139.162.116.230 to port 8443	2020-04-03 00:49:59
139.162.116.22	attackbotsspam	unauthorized connection attempt	2020-03-06 19:04:08
139.162.116.22	attackbotsspam	unauthorized connection attempt	2020-02-15 14:06:56

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.162.116.133
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10163
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.162.116.133.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019042701 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Apr 27 17:39:32 +08 2019
;; MSG SIZE  rcvd: 119

HOST信息:

133.116.162.139.in-addr.arpa domain name pointer scan-66.security.ipip.net.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
133.116.162.139.in-addr.arpa	name = scan-66.security.ipip.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
88.238.66.134	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/88.238.66.134/ TR - 1H : (83) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : TR NAME ASN : ASN9121 IP : 88.238.66.134 CIDR : 88.238.64.0/19 PREFIX COUNT : 4577 UNIQUE IP COUNT : 6868736 ATTACKS DETECTED ASN9121 : 1H - 3 3H - 3 6H - 11 12H - 28 24H - 66 DateTime : 2019-10-28 04:55:11 INFO : HACK ! - Looking for resource vulnerabilities Scan Detected and Blocked by ADMIN - data recovery	2019-10-28 12:50:31
110.247.8.148	attackbotsspam	37215/tcp 37215/tcp [2019-10-16/28]2pkt	2019-10-28 12:41:55
110.240.29.164	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/110.240.29.164/ CN - 1H : (1022) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4837 IP : 110.240.29.164 CIDR : 110.240.0.0/12 PREFIX COUNT : 1262 UNIQUE IP COUNT : 56665856 ATTACKS DETECTED ASN4837 : 1H - 10 3H - 47 6H - 82 12H - 157 24H - 317 DateTime : 2019-10-28 04:55:41 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-28 12:14:23
80.17.178.54	attackbots	Oct 28 00:07:31 TORMINT sshd\[25727\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.17.178.54 user=root Oct 28 00:07:33 TORMINT sshd\[25727\]: Failed password for root from 80.17.178.54 port 61729 ssh2 Oct 28 00:11:43 TORMINT sshd\[25946\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.17.178.54 user=root ...	2019-10-28 12:18:38
222.186.175.202	attackspambots	Oct 28 05:40:40 dedicated sshd[5008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.202 user=root Oct 28 05:40:43 dedicated sshd[5008]: Failed password for root from 222.186.175.202 port 59680 ssh2	2019-10-28 12:44:02
74.208.252.136	attack	Oct 28 04:55:11 jane sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.208.252.136 Oct 28 04:55:13 jane sshd[25295]: Failed password for invalid user proxy123123 from 74.208.252.136 port 49854 ssh2 ...	2019-10-28 12:48:49
131.161.156.51	attackbotsspam	445/tcp 445/tcp 445/tcp... [2019-08-27/10-28]17pkt,1pt.(tcp)	2019-10-28 12:48:02
122.152.208.242	attackspambots	Oct 28 05:35:22 vps691689 sshd[18610]: Failed password for root from 122.152.208.242 port 41516 ssh2 Oct 28 05:40:01 vps691689 sshd[18677]: Failed password for root from 122.152.208.242 port 50346 ssh2 ...	2019-10-28 12:51:38
113.190.55.82	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 28-10-2019 03:55:24.	2019-10-28 12:39:29
106.13.107.106	attackspambots	Oct 27 18:09:41 sachi sshd\[5437\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.107.106 user=root Oct 27 18:09:43 sachi sshd\[5437\]: Failed password for root from 106.13.107.106 port 59696 ssh2 Oct 27 18:14:38 sachi sshd\[5840\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.107.106 user=root Oct 27 18:14:41 sachi sshd\[5840\]: Failed password for root from 106.13.107.106 port 40616 ssh2 Oct 27 18:19:22 sachi sshd\[6233\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.107.106 user=root	2019-10-28 12:24:21
217.68.217.129	attackbotsspam	slow and persistent scanner	2019-10-28 12:20:58
60.188.189.38	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 28-10-2019 03:55:30.	2019-10-28 12:28:05
122.115.35.144	attack	1433/tcp 1433/tcp 1433/tcp... [2019-10-11/28]6pkt,1pt.(tcp)	2019-10-28 12:40:27
170.210.60.30	attack	Oct 28 03:53:45 hcbbdb sshd\[21045\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30 user=root Oct 28 03:53:48 hcbbdb sshd\[21045\]: Failed password for root from 170.210.60.30 port 50363 ssh2 Oct 28 03:58:31 hcbbdb sshd\[21560\]: Invalid user college from 170.210.60.30 Oct 28 03:58:31 hcbbdb sshd\[21560\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.210.60.30 Oct 28 03:58:33 hcbbdb sshd\[21560\]: Failed password for invalid user college from 170.210.60.30 port 41936 ssh2	2019-10-28 12:31:43
84.22.50.82	attackbots	445/tcp 445/tcp [2019-10-12/28]2pkt	2019-10-28 12:16:01

最近上报的IP列表

41.205.13.126	103.119.154.158	103.84.46.16	202.62.45.21
112.64.174.14	190.138.223.249	121.157.249.89	116.209.54.85
221.56.120.86	160.155.15.13	15.133.25.82	52.36.222.214
189.129.8.21	146.151.32.195	85.174.7.14	84.172.224.108
220.143.200.15	103.240.206.254	80.117.231.178	49.204.89.210