46.29.164.139 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Russian Federation

运营商(isp): LLC Baxet

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Vulnerability scan and SQL injection attempts	2020-08-11 04:21:55
attackspam	(mod_security) mod_security (id:942100) triggered by 46.29.164.139 (RU/-/scren-assurance.countysky.com): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/07 12:07:52 [error] 16769#0: 68026 [client 46.29.164.139] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159680207216.498153"] [ref ""], client: 46.29.164.139, [redacted] request: "GET /forum/viewthread.php?thread_id=-1%22+UNION+ALL+SELECT+0x333834333139393138%2C0x333834333239393138--+ HTTP/1.1" [redacted]	2020-08-07 21:19:34

类型

评论内容

时间

attackspam

Vulnerability scan and SQL injection attempts

2020-08-11 04:21:55

attackspam

(mod_security) mod_security (id:942100) triggered by 46.29.164.139 (RU/-/scren-assurance.countysky.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/07 12:07:52 [error] 16769#0: *68026 [client 46.29.164.139] ModSecurity: Access denied with code 406 (phase 2).  [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159680207216.498153"] [ref ""], client: 46.29.164.139, [redacted] request: "GET /forum/viewthread.php?thread_id=-1%22+UNION+ALL+SELECT+0x333834333139393138%2C0x333834333239393138--+ HTTP/1.1" [redacted]

2020-08-07 21:19:34

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 46.29.164.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20416
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;46.29.164.139.			IN	A

;; AUTHORITY SECTION:
.			184	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080700 1800 900 604800 86400

;; Query time: 75 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Aug 07 21:19:26 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

139.164.29.46.in-addr.arpa domain name pointer scren-assurance.countysky.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
139.164.29.46.in-addr.arpa	name = scren-assurance.countysky.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
23.254.230.123	attack	2019-11-05T08:58:42.001666mail01 postfix/smtpd[24605]: warning: hwsrv-631948.hostwindsdns.com[23.254.230.123]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-05T08:58:48.314326mail01 postfix/smtpd[24605]: warning: hwsrv-631948.hostwindsdns.com[23.254.230.123]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-05T08:58:58.266044mail01 postfix/smtpd[24605]: warning: hwsrv-631948.hostwindsdns.com[23.254.230.123]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-05 16:09:07
116.233.187.224	attackbots	TCP Port Scanning	2019-11-05 16:10:48
45.162.13.208	attackspambots	Automatic report - Banned IP Access	2019-11-05 16:01:05
111.231.76.29	attackspam	2019-11-05T06:23:37.001090shield sshd\[31321\]: Invalid user imagosftp from 111.231.76.29 port 20127 2019-11-05T06:23:37.005359shield sshd\[31321\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.76.29 2019-11-05T06:23:39.548934shield sshd\[31321\]: Failed password for invalid user imagosftp from 111.231.76.29 port 20127 ssh2 2019-11-05T06:28:26.039966shield sshd\[32181\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.76.29 user=root 2019-11-05T06:28:28.257542shield sshd\[32181\]: Failed password for root from 111.231.76.29 port 58851 ssh2	2019-11-05 16:12:14
148.70.223.115	attackspambots	Nov 5 07:31:55 localhost sshd\[123191\]: Invalid user ZAQ!XSW@ from 148.70.223.115 port 55622 Nov 5 07:31:55 localhost sshd\[123191\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.223.115 Nov 5 07:31:57 localhost sshd\[123191\]: Failed password for invalid user ZAQ!XSW@ from 148.70.223.115 port 55622 ssh2 Nov 5 07:37:22 localhost sshd\[123325\]: Invalid user Innsbruck@123 from 148.70.223.115 port 37254 Nov 5 07:37:22 localhost sshd\[123325\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.223.115 ...	2019-11-05 15:58:37
62.151.183.226	attackbots	scan z	2019-11-05 16:15:29
185.216.32.166	attackbotsspam	TCP Port Scanning	2019-11-05 16:30:39
138.59.74.144	attackspambots	Nov 5 07:27:57 mc1 kernel: \[4221580.506943\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=138.59.74.144 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58753 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 5 07:28:00 mc1 kernel: \[4221583.654075\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=138.59.74.144 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58753 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 5 07:28:03 mc1 kernel: \[4221586.832025\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=138.59.74.144 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58753 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-11-05 16:26:34
49.235.137.58	attackbots	Nov 4 21:42:49 wbs sshd\[932\]: Invalid user passworD from 49.235.137.58 Nov 4 21:42:49 wbs sshd\[932\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.137.58 Nov 4 21:42:51 wbs sshd\[932\]: Failed password for invalid user passworD from 49.235.137.58 port 60418 ssh2 Nov 4 21:47:27 wbs sshd\[1323\]: Invalid user 1234\#asdf from 49.235.137.58 Nov 4 21:47:27 wbs sshd\[1323\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.137.58	2019-11-05 16:02:27
148.70.116.223	attackspambots	2019-11-05T08:15:30.877401shield sshd\[13756\]: Invalid user tyson from 148.70.116.223 port 56994 2019-11-05T08:15:30.881548shield sshd\[13756\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.116.223 2019-11-05T08:15:33.002817shield sshd\[13756\]: Failed password for invalid user tyson from 148.70.116.223 port 56994 ssh2 2019-11-05T08:20:56.572447shield sshd\[14400\]: Invalid user p@ssw0rd123456 from 148.70.116.223 port 48341 2019-11-05T08:20:56.576671shield sshd\[14400\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.116.223	2019-11-05 16:28:55
5.140.163.6	attackspam	Chat Spam	2019-11-05 15:59:39
218.76.52.107	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/218.76.52.107/ CN - 1H : (642) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 218.76.52.107 CIDR : 218.76.0.0/16 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 ATTACKS DETECTED ASN4134 : 1H - 18 3H - 43 6H - 87 12H - 152 24H - 294 DateTime : 2019-11-05 07:28:33 INFO : Port MAX SCAN Scan Detected and Blocked by ADMIN - data recovery	2019-11-05 16:06:33
199.167.137.34	attackspam	TCP Port Scanning	2019-11-05 15:57:32
139.59.73.205	attack	Nov 5 00:12:11 cw sshd[19234]: Invalid user 1234 from 139.59.73.205 Nov 5 00:12:11 cw sshd[19235]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:13 cw sshd[19236]: Invalid user admin from 139.59.73.205 Nov 5 00:12:13 cw sshd[19237]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:15 cw sshd[19238]: Invalid user ubnt from 139.59.73.205 Nov 5 00:12:15 cw sshd[19241]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:17 cw sshd[19242]: User r.r from 139.59.73.205 not allowed because listed in DenyUsers Nov 5 00:12:17 cw sshd[19243]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:18 cw sshd[19244]: Invalid user default from 139.59.73.205 Nov 5 00:12:19 cw sshd[19245]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:20 cw sshd[19246]: Invalid user default from 139.59.73.205 Nov 5 00:12:20 cw sshd[19247]: Received disconnect from 139.59.73.205: 11: Bye Bye Nov 5 00:12:21 cw sshd[1924........ -------------------------------	2019-11-05 16:20:52
222.186.173.201	attackbots	2019-11-05T07:50:35.232772shield sshd\[9974\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.201 user=root 2019-11-05T07:50:37.449624shield sshd\[9974\]: Failed password for root from 222.186.173.201 port 1432 ssh2 2019-11-05T07:50:43.361644shield sshd\[9974\]: Failed password for root from 222.186.173.201 port 1432 ssh2 2019-11-05T07:50:47.885867shield sshd\[9974\]: Failed password for root from 222.186.173.201 port 1432 ssh2 2019-11-05T07:50:52.930856shield sshd\[9974\]: Failed password for root from 222.186.173.201 port 1432 ssh2	2019-11-05 16:07:29

最近上报的IP列表

67.199.133.12	221.151.207.173	201.230.37.11	106.12.33.134
61.135.223.109	112.119.28.92	183.88.33.71	222.95.67.127
151.11.249.34	118.10.80.185	105.115.33.110	45.78.38.122
46.101.164.27	113.91.91.16	94.25.181.154	59.126.75.110
189.141.248.32	122.51.161.231	117.199.220.238	58.240.196.6