163.53.252.89 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): India

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
163.53.252.13	attack	[Fri Sep 06 00:59:13.294193 2019] [:error] [pid 200348] [client 163.53.252.13:47384] [client 163.53.252.13] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 21)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "XXHZkaDElfbcirD75ea4ZwAAAAc"] ...	2019-09-06 12:39:39

类型

评论内容

时间

163.53.252.13

attack

[Fri Sep 06 00:59:13.294193 2019] [:error] [pid 200348] [client 163.53.252.13:47384] [client 163.53.252.13] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 21)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "XXHZkaDElfbcirD75ea4ZwAAAAc"]
...

2019-09-06 12:39:39

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 163.53.252.89
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28108
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;163.53.252.89.			IN	A

;; AUTHORITY SECTION:
.			327	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021301 1800 900 604800 86400

;; Query time: 66 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 14 07:18:23 CST 2022
;; MSG SIZE  rcvd: 106

HOST信息:

Host 89.252.53.163.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 89.252.53.163.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
62.90.235.90	attack	Unauthorized connection attempt detected from IP address 62.90.235.90 to port 2220 [J]	2020-01-05 00:51:33
115.76.254.202	attackbots	Unauthorized connection attempt detected from IP address 115.76.254.202 to port 81 [J]	2020-01-05 01:14:09
81.198.64.100	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2020-01-05 00:51:10
196.43.196.108	attackbotsspam	Unauthorized connection attempt detected from IP address 196.43.196.108 to port 2220 [J]	2020-01-05 01:11:01
159.65.137.23	attack	Unauthorized connection attempt detected from IP address 159.65.137.23 to port 2220 [J]	2020-01-05 01:04:36
80.211.78.155	attackbots	(sshd) Failed SSH login from 80.211.78.155 (IT/Italy/host155-78-211-80.serverdedicati.aruba.it): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jan 4 13:00:03 svr sshd[3894567]: Invalid user dwm from 80.211.78.155 port 49990 Jan 4 13:00:06 svr sshd[3894567]: Failed password for invalid user dwm from 80.211.78.155 port 49990 ssh2 Jan 4 13:21:00 svr sshd[3959588]: Invalid user qpo from 80.211.78.155 port 53246 Jan 4 13:21:02 svr sshd[3959588]: Failed password for invalid user qpo from 80.211.78.155 port 53246 ssh2 Jan 4 13:24:06 svr sshd[3969480]: Invalid user sanjeev from 80.211.78.155 port 56784	2020-01-05 00:57:42
178.62.76.138	attackspam	fail2ban honeypot	2020-01-05 01:12:19
41.102.169.17	attackbots	Jan 4 19:37:44 gw1 sshd[11714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.102.169.17 Jan 4 19:37:46 gw1 sshd[11714]: Failed password for invalid user admin from 41.102.169.17 port 54196 ssh2 ...	2020-01-05 01:16:10
112.203.232.34	attackbots	Unauthorised access (Jan 4) SRC=112.203.232.34 LEN=52 TTL=119 ID=13719 DF TCP DPT=445 WINDOW=8192 SYN	2020-01-05 00:58:57
106.54.48.29	attack	Unauthorized connection attempt detected from IP address 106.54.48.29 to port 2220 [J]	2020-01-05 01:02:41
120.29.81.99	attackbotsspam	Jan 4 13:11:08 system,error,critical: login failure for user admin from 120.29.81.99 via telnet Jan 4 13:11:09 system,error,critical: login failure for user supervisor from 120.29.81.99 via telnet Jan 4 13:11:10 system,error,critical: login failure for user root from 120.29.81.99 via telnet Jan 4 13:11:12 system,error,critical: login failure for user root from 120.29.81.99 via telnet Jan 4 13:11:13 system,error,critical: login failure for user root from 120.29.81.99 via telnet Jan 4 13:11:14 system,error,critical: login failure for user root from 120.29.81.99 via telnet Jan 4 13:11:16 system,error,critical: login failure for user root from 120.29.81.99 via telnet Jan 4 13:11:17 system,error,critical: login failure for user service from 120.29.81.99 via telnet Jan 4 13:11:18 system,error,critical: login failure for user admin from 120.29.81.99 via telnet Jan 4 13:11:20 system,error,critical: login failure for user root from 120.29.81.99 via telnet	2020-01-05 01:07:19
165.227.199.200	attackbotsspam	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-01-05 00:37:18
41.138.88.3	attack	Jan 4 15:54:30 legacy sshd[1872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.88.3 Jan 4 15:54:32 legacy sshd[1872]: Failed password for invalid user kass from 41.138.88.3 port 59566 ssh2 Jan 4 15:58:22 legacy sshd[2044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.88.3 ...	2020-01-05 01:11:21
159.65.182.99	attack	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-01-05 00:52:22
69.94.158.95	attack	Jan 4 15:03:23 grey postfix/smtpd\[5563\]: NOQUEUE: reject: RCPT from cheap.swingthelamp.com\[69.94.158.95\]: 554 5.7.1 Service unavailable\; Client host \[69.94.158.95\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[69.94.158.95\]\; from=\ to=\ proto=ESMTP helo=\ ...	2020-01-05 00:58:20

最近上报的IP列表

163.53.253.202	163.53.255.226	163.53.255.43	163.53.83.167
163.53.83.68	163.53.254.125	164.132.225.54	164.132.147.29
164.163.180.82	164.160.119.94	164.177.176.33	164.52.203.171
164.163.147.225	164.163.2.111	164.39.73.92	164.155.77.193
164.215.198.114	164.215.221.107	164.52.223.163	164.68.100.228