161.117.194.20

基本信息:

城市(city): Singapore

省份(region): unknown

国家(country): Singapore

运营商(isp): Alibaba.com Singapore E-Commerce Private Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Invalid user usuario from 161.117.194.20 port 34040	2020-01-20 04:22:42

相同子网IP讨论:

IP	类型	评论内容	时间
161.117.194.93	attackspam	[FriOct1105:53:38.8285612019][:error][pid21709:tid46955509540608][client161.117.194.93:58476][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(\?:/index\\\\\\\\.php/admin/catalog_category/save\\|\(\?:/admin/stats\\|/css/gallery-css\)\\\\\\\\.php\\\\\\\\\?1=1\\|/admin\\\\\\\\.php\\\\\\\\\?tile=mail\$\\|/catalog_category/save/key/\\|/\\\\\\\\\?op=admin_settings\\|\^/\\\\\\\\\?openpage=\\|\^/admin/extra\\|\^/node/[0-9] /edit\\\\\\\\\?destination=admin/content\\|\^/administ..."against"REQUEST_URI"required.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"321"][id"340145"][rev"43"][msg"Atomicorp.comWAFRules:AttackBlocked-SQLinjectionprobe"][data"1=1"][severity"CRITICAL"][tag"SQLi"][hostname"www.giornaledelticino.ch"][uri"/argomenti/regioni"][unique_id"XZ-8wotClja@L3K0CXes4AAAAAo"][FriOct1105:53:40.3159812019][:error][pid21710:tid46955501135616][client161.117.194.93:58502][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).detectedSQLiusin	2019-10-11 15:30:30

类型

评论内容

时间

161.117.194.93

attackspam

[FriOct1105:53:38.8285612019][:error][pid21709:tid46955509540608][client161.117.194.93:58476][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(\?:/index\\\\\\\\.php/admin/catalog_category/save\|\(\?:/admin/stats\|/css/gallery-css\)\\\\\\\\.php\\\\\\\\\?1=1\|/admin\\\\\\\\.php\\\\\\\\\?tile=mail\$\|/catalog_category/save/key/\|/\\\\\\\\\?op=admin_settings\|\^/\\\\\\\\\?openpage=\|\^/admin/extra\|\^/node/[0-9] /edit\\\\\\\\\?destination=admin/content\|\^/administ..."against"REQUEST_URI"required.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"321"][id"340145"][rev"43"][msg"Atomicorp.comWAFRules:AttackBlocked-SQLinjectionprobe"][data"1=1"][severity"CRITICAL"][tag"SQLi"][hostname"www.giornaledelticino.ch"][uri"/argomenti/regioni"][unique_id"XZ-8wotClja@L3K0CXes4AAAAAo"][FriOct1105:53:40.3159812019][:error][pid21710:tid46955501135616][client161.117.194.93:58502][client161.117.194.93]ModSecurity:Accessdeniedwithcode403\(phase2\).detectedSQLiusin

2019-10-11 15:30:30

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 161.117.194.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41044
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;161.117.194.20.			IN	A

;; AUTHORITY SECTION:
.			213	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011900 1800 900 604800 86400

;; Query time: 48 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jan 20 04:22:39 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 20.194.117.161.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 20.194.117.161.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
103.145.13.20	attackbots	"sipvicious";tag=3533393765393339313363340133303639353039383938	2020-09-18 23:47:56
110.141.249.250	attackbotsspam	Portscan detected	2020-09-18 23:49:38
51.254.173.47	attackbots	Date: Thu, 17 Sep 2020 15:52:19 -0000 Message-ID: Reply-To: Dan Edwards From: Dan Edwards	2020-09-18 23:52:40
45.55.237.182	attackbots	(sshd) Failed SSH login from 45.55.237.182 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 18 11:40:31 optimus sshd[23345]: Invalid user gitlab-psql from 45.55.237.182 Sep 18 11:40:31 optimus sshd[23345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.237.182 Sep 18 11:40:33 optimus sshd[23345]: Failed password for invalid user gitlab-psql from 45.55.237.182 port 56824 ssh2 Sep 18 11:50:00 optimus sshd[26674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.237.182 user=root Sep 18 11:50:02 optimus sshd[26674]: Failed password for root from 45.55.237.182 port 46696 ssh2	2020-09-18 23:59:14
106.12.201.16	attack	Sep 18 16:13:00 web-main sshd[3146273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.201.16 Sep 18 16:13:00 web-main sshd[3146273]: Invalid user mac from 106.12.201.16 port 49846 Sep 18 16:13:01 web-main sshd[3146273]: Failed password for invalid user mac from 106.12.201.16 port 49846 ssh2	2020-09-18 23:25:22
46.105.163.8	attackbots	Sep 18 12:59:58 ip106 sshd[1516]: Failed password for root from 46.105.163.8 port 52552 ssh2 ...	2020-09-18 23:26:21
200.194.14.7	attackbotsspam	Automatic report - Port Scan Attack	2020-09-19 00:00:10
78.190.248.7	attackspambots	Port Scan ...	2020-09-18 23:37:37
212.33.199.172	attack	Sep 18 12:14:55 ucs sshd\[15648\]: Invalid user ansible from 212.33.199.172 port 43692 Sep 18 12:16:18 ucs sshd\[16223\]: Invalid user ubuntu from 212.33.199.172 port 44510 Sep 18 12:16:46 ucs sshd\[16355\]: Invalid user test from 212.33.199.172 port 39190 ...	2020-09-18 23:27:51
206.189.38.105	attackbotsspam	Sep 18 11:20:51 ws22vmsma01 sshd[240855]: Failed password for root from 206.189.38.105 port 48162 ssh2 ...	2020-09-18 23:24:10
213.238.180.13	attackbots	xmlrpc attack	2020-09-18 23:53:05
185.108.106.250	attackbotsspam	[2020-09-18 11:10:09] NOTICE[1239] chan_sip.c: Registration from '' failed for '185.108.106.250:62888' - Wrong password [2020-09-18 11:10:09] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-18T11:10:09.509-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="1138",SessionID="0x7f4d48488fa8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.108.106.250/62888",Challenge="6da47016",ReceivedChallenge="6da47016",ReceivedHash="f5c18e1e808ecae5e6943486fe571b05" [2020-09-18 11:11:51] NOTICE[1239] chan_sip.c: Registration from '' failed for '185.108.106.250:57796' - Wrong password [2020-09-18 11:11:51] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-18T11:11:51.612-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="318",SessionID="0x7f4d4843fec8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.108.1 ...	2020-09-18 23:20:31
167.99.75.240	attack	(sshd) Failed SSH login from 167.99.75.240 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 18 11:12:13 optimus sshd[13550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.75.240 user=root Sep 18 11:12:15 optimus sshd[13550]: Failed password for root from 167.99.75.240 port 41982 ssh2 Sep 18 11:16:30 optimus sshd[14863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.75.240 user=root Sep 18 11:16:32 optimus sshd[14863]: Failed password for root from 167.99.75.240 port 50168 ssh2 Sep 18 11:20:52 optimus sshd[16520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.75.240 user=root	2020-09-18 23:40:23
87.251.75.145	attackspam	Scanning an empty webserver with deny all robots.txt	2020-09-18 23:30:25
106.13.163.236	attack	Port scan: Attack repeated for 24 hours	2020-09-18 23:31:59

最近上报的IP列表

209.107.253.24	122.225.22.230	46.78.189.125	212.118.150.107
191.225.250.159	103.106.136.71	174.193.181.225	114.231.207.4
212.154.214.111	107.221.26.200	88.67.176.223	174.147.167.66
91.239.160.124	90.248.132.92	84.193.112.171	91.75.59.36
209.253.22.152	50.30.176.38	59.52.76.216	31.154.214.215