181.46.164.106

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Argentina

运营商(isp): Telecentro S.A. - Clientes Residenciales

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-17 15:22:17

相同子网IP讨论:

IP	类型	评论内容	时间
181.46.164.9	attackbots	(cxs) cxs mod_security triggered by 181.46.164.9 (AR/Argentina/cpe-181-46-164-9.telecentro-reversos.com.ar): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_CXS; Logs: [Thu Sep 10 18:55:20.401814 2020] [:error] [pid 3943566:tid 47466712020736] [client 181.46.164.9:17461] [client 181.46.164.9] ModSecurity: Access denied with code 403 (phase 2). File "/tmp/20200910-185518-X1padp1cg7rkBOBCfBdcDgAAAA0-file-JRUfUL" rejected by the approver script "/etc/cxs/cxscgi.sh": 0 [file "/etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf"] [line "7"] [id "1010101"] [msg "ConfigServer Exploit Scanner (cxs) triggered"] [severity "CRITICAL"] [hostname "gastro-ptuj.si"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "X1padp1cg7rkBOBCfBdcDgAAAA0"], referer: http://gastro-ptuj.si/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php	2020-09-11 23:34:52
181.46.164.9	attackspambots	(cxs) cxs mod_security triggered by 181.46.164.9 (AR/Argentina/cpe-181-46-164-9.telecentro-reversos.com.ar): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_CXS; Logs: [Thu Sep 10 18:55:20.401814 2020] [:error] [pid 3943566:tid 47466712020736] [client 181.46.164.9:17461] [client 181.46.164.9] ModSecurity: Access denied with code 403 (phase 2). File "/tmp/20200910-185518-X1padp1cg7rkBOBCfBdcDgAAAA0-file-JRUfUL" rejected by the approver script "/etc/cxs/cxscgi.sh": 0 [file "/etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf"] [line "7"] [id "1010101"] [msg "ConfigServer Exploit Scanner (cxs) triggered"] [severity "CRITICAL"] [hostname "gastro-ptuj.si"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "X1padp1cg7rkBOBCfBdcDgAAAA0"], referer: http://gastro-ptuj.si/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php	2020-09-11 15:37:05
181.46.164.9	attack	(cxs) cxs mod_security triggered by 181.46.164.9 (AR/Argentina/cpe-181-46-164-9.telecentro-reversos.com.ar): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_CXS; Logs: [Thu Sep 10 18:55:20.401814 2020] [:error] [pid 3943566:tid 47466712020736] [client 181.46.164.9:17461] [client 181.46.164.9] ModSecurity: Access denied with code 403 (phase 2). File "/tmp/20200910-185518-X1padp1cg7rkBOBCfBdcDgAAAA0-file-JRUfUL" rejected by the approver script "/etc/cxs/cxscgi.sh": 0 [file "/etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf"] [line "7"] [id "1010101"] [msg "ConfigServer Exploit Scanner (cxs) triggered"] [severity "CRITICAL"] [hostname "gastro-ptuj.si"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "X1padp1cg7rkBOBCfBdcDgAAAA0"], referer: http://gastro-ptuj.si/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php	2020-09-11 07:48:40
181.46.164.4	attack	2019-11-08T23:35:40.284638 X postfix/smtpd[49872]: NOQUEUE: reject: RCPT from unknown[181.46.164.4]: 554 5.7.1 Service unavailable; Client host [181.46.164.4] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/181.46.164.4; from= to= proto=ESMTP helo=	2019-11-09 07:26:35

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 181.46.164.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22745
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;181.46.164.106.			IN	A

;; AUTHORITY SECTION:
.			317	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081700 1800 900 604800 86400

;; Query time: 70 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Aug 17 15:22:10 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

106.164.46.181.in-addr.arpa domain name pointer cpe-181-46-164-106.telecentro-reversos.com.ar.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
106.164.46.181.in-addr.arpa	name = cpe-181-46-164-106.telecentro-reversos.com.ar.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
213.32.105.167	attackbotsspam	Sep 8 11:03:52 lcprod sshd\[16757\]: Invalid user oracle from 213.32.105.167 Sep 8 11:03:52 lcprod sshd\[16757\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.105.167 Sep 8 11:03:54 lcprod sshd\[16757\]: Failed password for invalid user oracle from 213.32.105.167 port 59400 ssh2 Sep 8 11:08:59 lcprod sshd\[17319\]: Invalid user temp from 213.32.105.167 Sep 8 11:08:59 lcprod sshd\[17319\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.105.167	2019-09-09 05:11:20
207.46.13.197	attackspambots	[Aegis] @ 2019-09-08 20:32:34 0100 -> A web attack returned code 200 (success).	2019-09-09 05:06:59
181.49.164.253	attackbots	Sep 8 22:34:24 s64-1 sshd[18061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.164.253 Sep 8 22:34:26 s64-1 sshd[18061]: Failed password for invalid user cloud from 181.49.164.253 port 52567 ssh2 Sep 8 22:40:05 s64-1 sshd[18144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.164.253 ...	2019-09-09 04:46:07
86.43.103.111	attackbots	Invalid user Br4pbr4p from 86.43.103.111 port 41295 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.43.103.111 Failed password for invalid user Br4pbr4p from 86.43.103.111 port 41295 ssh2 Invalid user ts3serv from 86.43.103.111 port 43494 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.43.103.111	2019-09-09 04:38:26
85.209.0.11	attack	Port scan on 19 port(s): 12472 14541 14895 17217 19096 19472 21683 22065 27858 30001 37755 41825 43016 43714 49469 55300 57418 59550 59721	2019-09-09 05:01:40
165.22.254.187	attackbots	ssh failed login	2019-09-09 04:51:12
37.252.96.100	attack	WordPress XMLRPC scan :: 37.252.96.100 0.148 BYPASS [09/Sep/2019:05:33:14 1000] [censored_1] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-09 04:47:30
173.249.48.86	attackbotsspam	Sep 8 21:33:07 lnxded63 sshd[8196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.249.48.86	2019-09-09 04:48:33
76.27.163.60	attackspambots	Sep 8 22:14:10 localhost sshd\[18353\]: Invalid user sammy from 76.27.163.60 port 42578 Sep 8 22:14:10 localhost sshd\[18353\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.27.163.60 Sep 8 22:14:11 localhost sshd\[18353\]: Failed password for invalid user sammy from 76.27.163.60 port 42578 ssh2	2019-09-09 04:31:39
183.82.121.34	attackspam	Sep 8 23:18:42 server sshd\[14117\]: Invalid user 1 from 183.82.121.34 port 45032 Sep 8 23:18:42 server sshd\[14117\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.82.121.34 Sep 8 23:18:44 server sshd\[14117\]: Failed password for invalid user 1 from 183.82.121.34 port 45032 ssh2 Sep 8 23:23:41 server sshd\[18052\]: Invalid user 123123123 from 183.82.121.34 port 59392 Sep 8 23:23:41 server sshd\[18052\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.82.121.34	2019-09-09 04:28:56
51.68.138.143	attackbots	Sep 8 21:42:12 ns37 sshd[5468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.143	2019-09-09 04:38:55
62.48.150.175	attackspam	Sep 8 22:24:28 vtv3 sshd\[27324\]: Invalid user jenns from 62.48.150.175 port 50168 Sep 8 22:24:28 vtv3 sshd\[27324\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.48.150.175 Sep 8 22:24:30 vtv3 sshd\[27324\]: Failed password for invalid user jenns from 62.48.150.175 port 50168 ssh2 Sep 8 22:33:03 vtv3 sshd\[31653\]: Invalid user server from 62.48.150.175 port 33896 Sep 8 22:33:03 vtv3 sshd\[31653\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.48.150.175 Sep 8 22:48:52 vtv3 sshd\[6833\]: Invalid user postgres from 62.48.150.175 port 56894 Sep 8 22:48:52 vtv3 sshd\[6833\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.48.150.175 Sep 8 22:48:53 vtv3 sshd\[6833\]: Failed password for invalid user postgres from 62.48.150.175 port 56894 ssh2 Sep 8 22:57:09 vtv3 sshd\[10889\]: Invalid user test from 62.48.150.175 port 40402 Sep 8 22:57:09 vtv3 sshd\[10889\]: pa	2019-09-09 04:53:12
207.148.126.79	attackbots	WordPress wp-login brute force :: 207.148.126.79 0.160 BYPASS [09/Sep/2019:05:33:13 1000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-09 04:47:47
200.29.180.133	attackbots	Automatic report - Port Scan Attack	2019-09-09 04:28:09
49.88.112.70	attackspam	Sep 8 20:33:56 MK-Soft-VM4 sshd\[14099\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.70 user=root Sep 8 20:33:58 MK-Soft-VM4 sshd\[14099\]: Failed password for root from 49.88.112.70 port 21549 ssh2 Sep 8 20:34:00 MK-Soft-VM4 sshd\[14099\]: Failed password for root from 49.88.112.70 port 21549 ssh2 ...	2019-09-09 05:03:25

最近上报的IP列表

113.175.87.121	179.127.140.142	49.37.196.225	151.51.52.33
122.54.235.98	187.182.18.76	188.249.232.29	69.34.169.244
13.233.83.227	28.196.65.77	0.2.108.138	212.131.255.94
119.116.221.190	22.91.149.189	117.240.199.178	176.223.136.17
224.150.53.227	58.201.184.76	144.228.133.211	63.82.55.148