204.13.201.138

基本信息:

城市(city): Littleton

省份(region): Colorado

国家(country): United States

运营商(isp): Trustwave Holdings Inc.

主机名(hostname): unknown

机构(organization): Trustwave Holdings, Inc.

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	IP 204.13.201.138 attacked honeypot on port: 80 at 6/4/2020 4:49:41 AM	2020-06-04 17:52:10

相同子网IP讨论:

IP	类型	评论内容	时间
204.13.201.139	attackbots	[Tue Jun 30 10:56:34.276504 2020] [:error] [pid 3201:tid 139691194054400] [client 204.13.201.139:5271] [client 204.13.201.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xvq38mTTWfFwXkCpdOpvvgAAALQ"], referer: http://www.bing.com ...	2020-06-30 12:09:02

类型

评论内容

时间

204.13.201.139

attackbots

[Tue Jun 30 10:56:34.276504 2020] [:error] [pid 3201:tid 139691194054400] [client 204.13.201.139:5271] [client 204.13.201.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xvq38mTTWfFwXkCpdOpvvgAAALQ"], referer: http://www.bing.com
...

2020-06-30 12:09:02

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 204.13.201.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2522
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;204.13.201.138.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062701 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 28 01:02:24 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

138.201.13.204.in-addr.arpa domain name pointer aip-138.trustwave.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
138.201.13.204.in-addr.arpa	name = aip-138.trustwave.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
185.220.100.255	attackbots	Automatic report - Banned IP Access	2019-07-14 11:43:47
198.71.227.40	attack	xmlrpc attack	2019-07-14 12:32:09
3.113.1.148	attack	Jul 14 00:38:05 TCP Attack: SRC=3.113.1.148 DST=[Masked] LEN=40 TOS=0x00 PREC=0x00 TTL=56 DF PROTO=TCP SPT=41112 DPT=995 WINDOW=29200 RES=0x00 SYN URGP=0	2019-07-14 11:41:44
104.236.94.49	attackspam	Jul 14 05:40:27 icinga sshd[2119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.94.49 Jul 14 05:40:29 icinga sshd[2119]: Failed password for invalid user prueba from 104.236.94.49 port 43765 ssh2 ...	2019-07-14 11:55:57
162.144.84.235	attack	villaromeo.de 162.144.84.235 \[14/Jul/2019:03:29:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 2061 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" villaromeo.de 162.144.84.235 \[14/Jul/2019:03:29:26 +0200\] "POST /wp-login.php HTTP/1.1" 200 2026 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" villaromeo.de 162.144.84.235 \[14/Jul/2019:03:29:28 +0200\] "POST /wp-login.php HTTP/1.1" 200 2025 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-07-14 11:47:46
79.2.9.254	attack	Jul 14 05:57:04 hosting sshd[14254]: Invalid user drop from 79.2.9.254 port 51844 ...	2019-07-14 12:37:18
138.197.176.130	attack	Jul 14 00:37:40 localhost sshd\[7045\]: Invalid user hadoop from 138.197.176.130 port 49034 Jul 14 00:37:40 localhost sshd\[7045\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.176.130 Jul 14 00:37:42 localhost sshd\[7045\]: Failed password for invalid user hadoop from 138.197.176.130 port 49034 ssh2 ...	2019-07-14 11:52:42
209.235.67.48	attackbotsspam	Jul 14 05:41:55 icinga sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.235.67.48 Jul 14 05:41:57 icinga sshd[2308]: Failed password for invalid user oracle from 209.235.67.48 port 38920 ssh2 ...	2019-07-14 12:35:03
191.53.222.47	attackbots	failed_logins	2019-07-14 12:28:21
179.104.139.17	attackspam	Jul 14 05:36:02 mail sshd\[18906\]: Invalid user jrun from 179.104.139.17 port 34903 Jul 14 05:36:02 mail sshd\[18906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.104.139.17 Jul 14 05:36:04 mail sshd\[18906\]: Failed password for invalid user jrun from 179.104.139.17 port 34903 ssh2 Jul 14 05:45:26 mail sshd\[20656\]: Invalid user elf from 179.104.139.17 port 51479 Jul 14 05:45:26 mail sshd\[20656\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.104.139.17	2019-07-14 12:16:56
103.24.179.35	attackspambots	Jul 14 05:57:30 dev sshd\[21768\]: Invalid user media from 103.24.179.35 port 50700 Jul 14 05:57:30 dev sshd\[21768\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.24.179.35 ...	2019-07-14 12:19:23
191.53.236.153	attackspam	failed_logins	2019-07-14 12:32:40
51.68.44.13	attackbotsspam	Jul 14 04:30:53 vps647732 sshd[19967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.44.13 Jul 14 04:30:55 vps647732 sshd[19967]: Failed password for invalid user oracle from 51.68.44.13 port 40084 ssh2 ...	2019-07-14 11:40:02
176.126.83.22	attackspam	\[2019-07-14 05:34:41\] NOTICE\[11540\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '176.126.83.22:1394' \(callid: 595759315-1493934283-1049184539\) - Failed to authenticate \[2019-07-14 05:34:41\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-14T05:34:41.117+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="595759315-1493934283-1049184539",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/176.126.83.22/1394",Challenge="1563075281/332ff28edd356fc2b9b4278d2778e39a",Response="b6d5908eff84d24d14147b21bfcc7f3b",ExpectedResponse="" \[2019-07-14 05:34:41\] NOTICE\[5109\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '176.126.83.22:1394' \(callid: 595759315-1493934283-1049184539\) - Failed to authenticate \[2019-07-14 05:34:41\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseF	2019-07-14 12:17:22
193.112.220.76	attack	Jul 14 03:56:08 mail sshd\[1960\]: Invalid user minecraft from 193.112.220.76 port 47444 Jul 14 03:56:08 mail sshd\[1960\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.220.76 Jul 14 03:56:10 mail sshd\[1960\]: Failed password for invalid user minecraft from 193.112.220.76 port 47444 ssh2 Jul 14 04:00:23 mail sshd\[3322\]: Invalid user estelle from 193.112.220.76 port 40371 Jul 14 04:00:23 mail sshd\[3322\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.220.76	2019-07-14 12:15:46

最近上报的IP列表

88.25.43.8	134.209.97.245	175.156.42.198	194.27.224.120
168.197.6.204	60.133.120.28	75.163.18.2	46.118.78.210
129.106.157.168	182.175.158.249	39.34.132.27	104.132.249.179
106.107.35.251	2.200.34.233	112.202.148.53	202.152.56.170
94.195.203.117	149.229.35.150	178.62.202.119	100.238.34.169