204.13.201.138

基本信息:

城市(city): Littleton

省份(region): Colorado

国家(country): United States

运营商(isp): Trustwave Holdings Inc.

主机名(hostname): unknown

机构(organization): Trustwave Holdings, Inc.

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	IP 204.13.201.138 attacked honeypot on port: 80 at 6/4/2020 4:49:41 AM	2020-06-04 17:52:10

相同子网IP讨论:

IP	类型	评论内容	时间
204.13.201.139	attackbots	[Tue Jun 30 10:56:34.276504 2020] [:error] [pid 3201:tid 139691194054400] [client 204.13.201.139:5271] [client 204.13.201.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xvq38mTTWfFwXkCpdOpvvgAAALQ"], referer: http://www.bing.com ...	2020-06-30 12:09:02

类型

评论内容

时间

204.13.201.139

attackbots

[Tue Jun 30 10:56:34.276504 2020] [:error] [pid 3201:tid 139691194054400] [client 204.13.201.139:5271] [client 204.13.201.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xvq38mTTWfFwXkCpdOpvvgAAALQ"], referer: http://www.bing.com
...

2020-06-30 12:09:02

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 204.13.201.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2522
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;204.13.201.138.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062701 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 28 01:02:24 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

138.201.13.204.in-addr.arpa domain name pointer aip-138.trustwave.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
138.201.13.204.in-addr.arpa	name = aip-138.trustwave.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
51.178.52.185	attackbots	2020-03-25T03:49:00.520183abusebot-4.cloudsearch.cf sshd[24826]: Invalid user cari from 51.178.52.185 port 53473 2020-03-25T03:49:00.529612abusebot-4.cloudsearch.cf sshd[24826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.ip-51-178-52.eu 2020-03-25T03:49:00.520183abusebot-4.cloudsearch.cf sshd[24826]: Invalid user cari from 51.178.52.185 port 53473 2020-03-25T03:49:02.538802abusebot-4.cloudsearch.cf sshd[24826]: Failed password for invalid user cari from 51.178.52.185 port 53473 ssh2 2020-03-25T03:56:15.296679abusebot-4.cloudsearch.cf sshd[25241]: Invalid user etrust from 51.178.52.185 port 58423 2020-03-25T03:56:15.302158abusebot-4.cloudsearch.cf sshd[25241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.ip-51-178-52.eu 2020-03-25T03:56:15.296679abusebot-4.cloudsearch.cf sshd[25241]: Invalid user etrust from 51.178.52.185 port 58423 2020-03-25T03:56:17.004315abusebot-4.cloudsearch.cf sshd[252 ...	2020-03-25 12:42:56
106.13.132.192	attackspam	Mar 25 04:51:29 ns382633 sshd\[19256\]: Invalid user vserver from 106.13.132.192 port 44270 Mar 25 04:51:29 ns382633 sshd\[19256\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.132.192 Mar 25 04:51:31 ns382633 sshd\[19256\]: Failed password for invalid user vserver from 106.13.132.192 port 44270 ssh2 Mar 25 04:56:26 ns382633 sshd\[20061\]: Invalid user mh from 106.13.132.192 port 40740 Mar 25 04:56:26 ns382633 sshd\[20061\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.132.192	2020-03-25 12:31:51
106.54.42.50	attackspambots	IDS admin	2020-03-25 12:29:19
121.171.166.170	attackspam	2020-03-25T04:51:10.678094vps751288.ovh.net sshd\[7831\]: Invalid user bf from 121.171.166.170 port 58748 2020-03-25T04:51:10.686017vps751288.ovh.net sshd\[7831\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.171.166.170 2020-03-25T04:51:12.847056vps751288.ovh.net sshd\[7831\]: Failed password for invalid user bf from 121.171.166.170 port 58748 ssh2 2020-03-25T04:56:02.066788vps751288.ovh.net sshd\[7882\]: Invalid user xietian from 121.171.166.170 port 48410 2020-03-25T04:56:02.075029vps751288.ovh.net sshd\[7882\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.171.166.170	2020-03-25 12:53:35
159.89.145.59	attack	Mar 25 04:12:33 124388 sshd[13938]: Invalid user zbl from 159.89.145.59 port 50558 Mar 25 04:12:33 124388 sshd[13938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.145.59 Mar 25 04:12:33 124388 sshd[13938]: Invalid user zbl from 159.89.145.59 port 50558 Mar 25 04:12:35 124388 sshd[13938]: Failed password for invalid user zbl from 159.89.145.59 port 50558 ssh2 Mar 25 04:16:27 124388 sshd[14087]: Invalid user staff from 159.89.145.59 port 35354	2020-03-25 12:56:25
103.71.255.100	attackspam	Automatic report - XMLRPC Attack	2020-03-25 12:45:10
34.84.213.233	attack	Mar 25 06:56:40 hosting sshd[4262]: Invalid user linkinpark from 34.84.213.233 port 34262 ...	2020-03-25 12:18:02
156.199.26.97	attack	Telnetd brute force attack detected by fail2ban	2020-03-25 12:41:14
14.176.241.28	attackspam	LGS,WP GET /wp-login.php	2020-03-25 12:19:46
106.12.61.64	attack	sshd jail - ssh hack attempt	2020-03-25 12:25:50
67.241.39.58	attackbots	3x Failed Password	2020-03-25 12:23:44
211.25.18.74	attack	RDP Brute-Force (Grieskirchen RZ1)	2020-03-25 12:55:26
202.171.77.46	attackspam	(imapd) Failed IMAP login from 202.171.77.46 (NC/New Caledonia/202-171-77-46.h14.canl.nc): 1 in the last 3600 secs	2020-03-25 12:14:17
36.67.81.41	attack	Mar 25 04:56:21 tuxlinux sshd[8045]: Invalid user sam from 36.67.81.41 port 32962 Mar 25 04:56:21 tuxlinux sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.81.41 Mar 25 04:56:21 tuxlinux sshd[8045]: Invalid user sam from 36.67.81.41 port 32962 Mar 25 04:56:21 tuxlinux sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.81.41 Mar 25 04:56:21 tuxlinux sshd[8045]: Invalid user sam from 36.67.81.41 port 32962 Mar 25 04:56:21 tuxlinux sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.81.41 Mar 25 04:56:23 tuxlinux sshd[8045]: Failed password for invalid user sam from 36.67.81.41 port 32962 ssh2 ...	2020-03-25 12:35:40
87.70.248.209	attackspam	Fail2Ban Ban Triggered	2020-03-25 12:47:56

最近上报的IP列表

88.25.43.8	134.209.97.245	175.156.42.198	194.27.224.120
168.197.6.204	60.133.120.28	75.163.18.2	46.118.78.210
129.106.157.168	182.175.158.249	39.34.132.27	104.132.249.179
106.107.35.251	2.200.34.233	112.202.148.53	202.152.56.170
94.195.203.117	149.229.35.150	178.62.202.119	100.238.34.169