161.117.194.20

基本信息:

城市(city): Singapore

省份(region): unknown

国家(country): Singapore

运营商(isp): Alibaba.com Singapore E-Commerce Private Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Invalid user usuario from 161.117.194.20 port 34040	2020-01-20 04:22:42

相同子网IP讨论:

IP	类型	评论内容	时间
161.117.194.93	attackspam	[FriOct1105:53:38.8285612019][:error][pid21709:tid46955509540608][client161.117.194.93:58476][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(\?:/index\\\\\\\\.php/admin/catalog_category/save\\|\(\?:/admin/stats\\|/css/gallery-css\)\\\\\\\\.php\\\\\\\\\?1=1\\|/admin\\\\\\\\.php\\\\\\\\\?tile=mail\$\\|/catalog_category/save/key/\\|/\\\\\\\\\?op=admin_settings\\|\^/\\\\\\\\\?openpage=\\|\^/admin/extra\\|\^/node/[0-9] /edit\\\\\\\\\?destination=admin/content\\|\^/administ..."against"REQUEST_URI"required.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"321"][id"340145"][rev"43"][msg"Atomicorp.comWAFRules:AttackBlocked-SQLinjectionprobe"][data"1=1"][severity"CRITICAL"][tag"SQLi"][hostname"www.giornaledelticino.ch"][uri"/argomenti/regioni"][unique_id"XZ-8wotClja@L3K0CXes4AAAAAo"][FriOct1105:53:40.3159812019][:error][pid21710:tid46955501135616][client161.117.194.93:58502][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).detectedSQLiusin	2019-10-11 15:30:30

类型

评论内容

时间

161.117.194.93

attackspam

[FriOct1105:53:38.8285612019][:error][pid21709:tid46955509540608][client161.117.194.93:58476][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(\?:/index\\\\\\\\.php/admin/catalog_category/save\|\(\?:/admin/stats\|/css/gallery-css\)\\\\\\\\.php\\\\\\\\\?1=1\|/admin\\\\\\\\.php\\\\\\\\\?tile=mail\$\|/catalog_category/save/key/\|/\\\\\\\\\?op=admin_settings\|\^/\\\\\\\\\?openpage=\|\^/admin/extra\|\^/node/[0-9] /edit\\\\\\\\\?destination=admin/content\|\^/administ..."against"REQUEST_URI"required.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"321"][id"340145"][rev"43"][msg"Atomicorp.comWAFRules:AttackBlocked-SQLinjectionprobe"][data"1=1"][severity"CRITICAL"][tag"SQLi"][hostname"www.giornaledelticino.ch"][uri"/argomenti/regioni"][unique_id"XZ-8wotClja@L3K0CXes4AAAAAo"][FriOct1105:53:40.3159812019][:error][pid21710:tid46955501135616][client161.117.194.93:58502][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).detectedSQLiusin

2019-10-11 15:30:30

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 161.117.194.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41044
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;161.117.194.20.			IN	A

;; AUTHORITY SECTION:
.			213	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011900 1800 900 604800 86400

;; Query time: 48 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jan 20 04:22:39 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 20.194.117.161.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 20.194.117.161.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
103.80.210.80	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-11 17:38:25,387 INFO [amun_request_handler] PortScan Detected on Port: 445 (103.80.210.80)	2019-09-12 08:21:52
144.76.125.155	attack	honeypot	2019-09-12 07:53:08
203.95.212.41	attack	Sep 11 12:22:39 php2 sshd\[10499\]: Invalid user deploy123 from 203.95.212.41 Sep 11 12:22:39 php2 sshd\[10499\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.95.212.41 Sep 11 12:22:41 php2 sshd\[10499\]: Failed password for invalid user deploy123 from 203.95.212.41 port 36223 ssh2 Sep 11 12:29:56 php2 sshd\[11515\]: Invalid user a1b1c3 from 203.95.212.41 Sep 11 12:29:56 php2 sshd\[11515\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.95.212.41	2019-09-12 08:07:51
95.222.252.254	attack	Sep 11 17:50:18 vps200512 sshd\[11182\]: Invalid user 1234qwer from 95.222.252.254 Sep 11 17:50:18 vps200512 sshd\[11182\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.222.252.254 Sep 11 17:50:19 vps200512 sshd\[11182\]: Failed password for invalid user 1234qwer from 95.222.252.254 port 39061 ssh2 Sep 11 17:56:10 vps200512 sshd\[11274\]: Invalid user oracle!@\# from 95.222.252.254 Sep 11 17:56:10 vps200512 sshd\[11274\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.222.252.254	2019-09-12 07:43:18
117.50.46.229	attack	Sep 12 01:19:32 eventyay sshd[16760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.46.229 Sep 12 01:19:34 eventyay sshd[16760]: Failed password for invalid user ubuntu from 117.50.46.229 port 53284 ssh2 Sep 12 01:24:10 eventyay sshd[16887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.46.229 ...	2019-09-12 07:41:00
211.148.135.196	attack	Sep 11 21:55:49 vps691689 sshd[2950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.148.135.196 Sep 11 21:55:51 vps691689 sshd[2950]: Failed password for invalid user itadmin from 211.148.135.196 port 55764 ssh2 ...	2019-09-12 08:20:51
174.233.134.163	attackspambots	Port Scan: TCP/443	2019-09-12 08:07:11
129.204.90.220	attackspam	Sep 11 21:54:55 vmanager6029 sshd\[23869\]: Invalid user mcguitaruser from 129.204.90.220 port 54158 Sep 11 21:54:55 vmanager6029 sshd\[23869\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.90.220 Sep 11 21:54:57 vmanager6029 sshd\[23869\]: Failed password for invalid user mcguitaruser from 129.204.90.220 port 54158 ssh2	2019-09-12 08:22:39
45.136.109.36	attack	Sep 11 22:44:02 TCP Attack: SRC=45.136.109.36 DST=[Masked] LEN=40 TOS=0x08 PREC=0x20 TTL=240 PROTO=TCP SPT=44601 DPT=4714 WINDOW=1024 RES=0x00 SYN URGP=0	2019-09-12 07:59:13
218.92.0.175	attack	[ssh] SSH attack	2019-09-12 08:16:51
95.143.120.218	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-11 18:20:44,243 INFO [amun_request_handler] PortScan Detected on Port: 445 (95.143.120.218)	2019-09-12 07:55:15
119.51.245.32	attackbotsspam	Reported by AbuseIPDB proxy server.	2019-09-12 08:19:34
51.255.49.92	attackbotsspam	Sep 12 02:43:38 yabzik sshd[17923]: Failed password for ftp from 51.255.49.92 port 53255 ssh2 Sep 12 02:49:14 yabzik sshd[20790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.49.92 Sep 12 02:49:16 yabzik sshd[20790]: Failed password for invalid user test from 51.255.49.92 port 58152 ssh2	2019-09-12 07:58:40
118.89.35.168	attackspambots	Sep 11 21:24:04 legacy sshd[26672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.35.168 Sep 11 21:24:06 legacy sshd[26672]: Failed password for invalid user mysql from 118.89.35.168 port 38564 ssh2 Sep 11 21:28:04 legacy sshd[26785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.35.168 ...	2019-09-12 07:44:01
34.70.205.167	attack	PHPF.US: file_upload: revslider.zip/{MD5}php.malware.fopo.11427.UNOFFICIAL	2019-09-12 08:20:00

最近上报的IP列表

209.107.253.24	122.225.22.230	46.78.189.125	212.118.150.107
191.225.250.159	103.106.136.71	174.193.181.225	114.231.207.4
212.154.214.111	107.221.26.200	88.67.176.223	174.147.167.66
91.239.160.124	90.248.132.92	84.193.112.171	91.75.59.36
209.253.22.152	50.30.176.38	59.52.76.216	31.154.214.215