197.221.12.148

基本信息:

城市(city): Cape Town

省份(region): Western Cape

国家(country): South Africa

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
197.221.129.110	attack	srvr3: (mod_security) mod_security (id:920350) triggered by 197.221.129.110 (UG/Uganda/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/13 05:52:44 [error] 37437#0: 997 [client 197.221.129.110] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159729076419.670520"] [ref "o0,17v21,17"], client: 197.221.129.110, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-13 15:46:16

类型

评论内容

时间

197.221.129.110

attack

srvr3: (mod_security) mod_security (id:920350) triggered by 197.221.129.110 (UG/Uganda/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/13 05:52:44 [error] 37437#0: *997 [client 197.221.129.110] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159729076419.670520"] [ref "o0,17v21,17"], client: 197.221.129.110, [redacted] request: "GET / HTTP/1.1" [redacted]

2020-08-13 15:46:16

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.221.12.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51444
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.221.12.148.			IN	A

;; AUTHORITY SECTION:
.			478	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 91 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 03 15:07:56 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

148.12.221.197.in-addr.arpa domain name pointer dedi48.cpt3.host-h.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
148.12.221.197.in-addr.arpa	name = dedi48.cpt3.host-h.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
49.213.197.6	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-18 18:07:03
36.90.20.65	attackbotsspam	20/2/17@23:51:32: FAIL: Alarm-Network address from=36.90.20.65 ...	2020-02-18 18:40:18
49.213.193.44	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-18 18:21:06
83.149.37.228	attack	Email rejected due to spam filtering	2020-02-18 18:31:30
37.49.231.127	attackspambots	Feb 18 11:21:49 debian-2gb-nbg1-2 kernel: \[4280525.618328\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=37.49.231.127 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53102 PROTO=TCP SPT=53325 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-18 18:37:29
73.93.102.54	attack	Feb 18 10:25:19 v22018076622670303 sshd\[14626\]: Invalid user william from 73.93.102.54 port 56696 Feb 18 10:25:19 v22018076622670303 sshd\[14626\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.93.102.54 Feb 18 10:25:21 v22018076622670303 sshd\[14626\]: Failed password for invalid user william from 73.93.102.54 port 56696 ssh2 ...	2020-02-18 18:26:42
171.235.72.54	attack	port scan and connect, tcp 23 (telnet)	2020-02-18 18:34:56
108.161.133.84	attackbotsspam	Fail2Ban Ban Triggered	2020-02-18 18:08:48
123.207.237.31	attack	Feb 18 06:24:26 marvibiene sshd[43808]: Invalid user cai from 123.207.237.31 port 50758 Feb 18 06:24:26 marvibiene sshd[43808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.237.31 Feb 18 06:24:26 marvibiene sshd[43808]: Invalid user cai from 123.207.237.31 port 50758 Feb 18 06:24:29 marvibiene sshd[43808]: Failed password for invalid user cai from 123.207.237.31 port 50758 ssh2 ...	2020-02-18 18:31:02
218.106.92.66	attackbotsspam	Invalid user heidi from 218.106.92.66 port 54689	2020-02-18 18:43:29
5.113.245.138	attack	1582001503 - 02/18/2020 05:51:43 Host: 5.113.245.138/5.113.245.138 Port: 445 TCP Blocked	2020-02-18 18:27:56
110.137.179.150	attack	1582001536 - 02/18/2020 05:52:16 Host: 110.137.179.150/110.137.179.150 Port: 445 TCP Blocked	2020-02-18 18:04:58
128.199.233.54	attackspambots	Invalid user mongodb from 128.199.233.54 port 46024	2020-02-18 18:10:33
49.213.197.40	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-18 18:11:38
213.176.62.11	attackspam	Feb 18 07:21:20 ws25vmsma01 sshd[391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.62.11 Feb 18 07:21:23 ws25vmsma01 sshd[391]: Failed password for invalid user ubuntu from 213.176.62.11 port 57460 ssh2 ...	2020-02-18 18:18:53

最近上报的IP列表

81.24.124.156	5.15.248.59	198.199.76.59	135.174.195.180
2.5.48.15	161.164.30.183	87.94.191.240	1.4.26.220
81.14.61.220	75.98.142.189	167.249.105.140	105.73.90.24
63.31.177.202	178.62.82.240	176.30.192.9	193.72.136.60
118.69.65.193	1.246.128.129	93.49.168.224	161.10.136.91