66.102.6.14 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
bots	也是谷歌爬虫不是真实流量 66.102.6.14 - - [29/Mar/2019:08:22:44 +0800] "GET / HTTP/1.1" 200 3237 "http://www.google.com/search" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko; Google Web Preview) Chrome/41.0.2272.118 Safari/537.36"	2019-03-29 09:19:24

类型

评论内容

时间

bots

也是谷歌爬虫不是真实流量
66.102.6.14 - - [29/Mar/2019:08:22:44 +0800] "GET / HTTP/1.1" 200 3237 "http://www.google.com/search" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko; Google Web Preview) Chrome/41.0.2272.118 Safari/537.36"

2019-03-29 09:19:24

相同子网IP讨论:

IP	类型	评论内容	时间
66.102.6.10	attackbotsspam	[Mon Apr 27 18:48:56.427777 2020] [:error] [pid 5592:tid 140574997767936] [client 66.102.6.10:63881] [client 66.102.6.10] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/agroklimatologi/kalender-tanam/2787-kalender-tanam-katam-terpadu-pulau-sulawesi/kalender-tanam-katam-terpadu-provinsi-sulawesi-barat/kalender-tanam-katam-terpadu-kabupaten-mamasa-provinsi-sulawesi-barat/kalender-tanam-katam-terpadu-ke ...	2020-04-28 03:48:25
66.102.6.6	attackbotsspam	[Mon Apr 27 10:53:12.561278 2020] [:error] [pid 11638:tid 139751813748480] [client 66.102.6.6:51847] [client 66.102.6.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-of-all-tags/analisis-klimatologi"] [unique_id "XqZXKNsUVPp--jG8n2jRgQAAALU"] ...	2020-04-27 16:59:31
66.102.6.93	attackspambots	This is supposedly my IP. I've been hacked for 4years. I'm in Canada	2020-03-28 18:14:53
66.102.6.55	attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 5437e31cf9dac560 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: US \| CF_IPClass: searchEngine \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.0 (Linux; Android 4.2.1; en-us; Nexus 5 Build/JOP40D) AppleWebKit/535.19 (KHTML, like Gecko; googleweblight) Chrome/38.0.1025.166 Mobile Safari/535.19 \| CF_DC: ORD. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 02:02:50
66.102.6.34	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 5413884e7a2d9d83 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: US \| CF_IPClass: searchEngine \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.0 (Linux; Android 4.2.1; en-us; Nexus 5 Build/JOP40D) AppleWebKit/535.19 (KHTML, like Gecko; googleweblight) Chrome/38.0.1025.166 Mobile Safari/535.19 \| CF_DC: ORD. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:04:47
66.102.6.185	attackspambots	Automatic report - Banned IP Access	2019-07-30 07:23:10
66.102.6.142	bots	谷歌icon爬虫 66.102.6.142 - - [29/Mar/2019:09:01:33 +0800] "GET / HTTP/1.1" 200 29010 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon"	2019-03-29 09:18:49

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 66.102.6.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6683
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;66.102.6.14.			IN	A

;; AUTHORITY SECTION:
.			3495	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019032802 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Mar 29 09:19:23 +08 2019
;; MSG SIZE  rcvd: 115

HOST信息:

14.6.102.66.in-addr.arpa domain name pointer google-proxy-66-102-6-14.google.com.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
14.6.102.66.in-addr.arpa	name = google-proxy-66-102-6-14.google.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
103.52.52.22	attackspam	Oct 12 18:06:57 dev0-dcde-rnet sshd[28626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.52.22 Oct 12 18:06:59 dev0-dcde-rnet sshd[28626]: Failed password for invalid user Wet@123 from 103.52.52.22 port 37035 ssh2 Oct 12 18:12:22 dev0-dcde-rnet sshd[28638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.52.22	2019-10-13 06:09:13
42.52.134.217	attack	Unauthorised access (Oct 12) SRC=42.52.134.217 LEN=40 TTL=49 ID=24034 TCP DPT=8080 WINDOW=64323 SYN Unauthorised access (Oct 12) SRC=42.52.134.217 LEN=40 TTL=49 ID=10713 TCP DPT=8080 WINDOW=52345 SYN	2019-10-13 06:04:05
92.118.161.9	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-13 06:17:42
37.187.5.137	attackbots	Unauthorized SSH login attempts	2019-10-13 06:06:58
198.71.228.63	attackbots	xmlrpc attack	2019-10-13 05:54:28
89.216.124.253	attackbots	Automatic report - XMLRPC Attack	2019-10-13 06:01:42
36.110.39.217	attackspambots	SSH Brute Force	2019-10-13 06:13:53
162.247.74.200	attackbots	Oct 12 23:35:23 vpn01 sshd[7656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.200 Oct 12 23:35:25 vpn01 sshd[7656]: Failed password for invalid user cron from 162.247.74.200 port 42866 ssh2 ...	2019-10-13 05:57:29
77.247.110.227	attackspam	\[2019-10-12 15:59:34\] SECURITY\[1898\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-12T15:59:34.651-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="5591201148443071003",SessionID="0x7fc3ad578188",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.110.227/57869",ACLName="no_extension_match" \[2019-10-12 15:59:49\] SECURITY\[1898\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-12T15:59:49.294-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="60116401148672520013",SessionID="0x7fc3ac5226d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.110.227/59070",ACLName="no_extension_match" \[2019-10-12 15:59:58\] SECURITY\[1898\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-12T15:59:58.669-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="5171401148243625006",SessionID="0x7fc3ac7f93a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.110.227/51388"	2019-10-13 06:22:04
42.159.121.111	attack	Oct 12 09:34:28 home sshd[31667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.159.121.111 user=root Oct 12 09:34:31 home sshd[31667]: Failed password for root from 42.159.121.111 port 45560 ssh2 Oct 12 09:45:10 home sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.159.121.111 user=root Oct 12 09:45:13 home sshd[31732]: Failed password for root from 42.159.121.111 port 11786 ssh2 Oct 12 09:50:09 home sshd[31785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.159.121.111 user=root Oct 12 09:50:10 home sshd[31785]: Failed password for root from 42.159.121.111 port 48678 ssh2 Oct 12 09:55:01 home sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.159.121.111 user=root Oct 12 09:55:02 home sshd[31845]: Failed password for root from 42.159.121.111 port 21572 ssh2 Oct 12 09:59:39 home sshd[31914]: pam_unix(sshd:auth	2019-10-13 06:03:51
40.112.248.127	attackspam	Oct 12 15:28:34 game-panel sshd[13039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.112.248.127 Oct 12 15:28:36 game-panel sshd[13039]: Failed password for invalid user 0okm(IJN8uhb from 40.112.248.127 port 49792 ssh2 Oct 12 15:32:13 game-panel sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.112.248.127	2019-10-13 06:04:30
51.83.32.232	attackspambots	Automatic report - Banned IP Access	2019-10-13 06:16:15
82.147.120.41	attackspam	Unauthorized IMAP connection attempt	2019-10-13 06:27:15
182.61.109.92	attackbots	Oct 12 19:11:47 web8 sshd\[10990\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.109.92 user=root Oct 12 19:11:49 web8 sshd\[10990\]: Failed password for root from 182.61.109.92 port 39454 ssh2 Oct 12 19:15:49 web8 sshd\[12972\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.109.92 user=root Oct 12 19:15:51 web8 sshd\[12972\]: Failed password for root from 182.61.109.92 port 50248 ssh2 Oct 12 19:19:57 web8 sshd\[15293\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.109.92 user=root	2019-10-13 06:27:58
5.43.197.146	attackbotsspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/5.43.197.146/ DE - 1H : (59) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : DE NAME ASN : ASN51407 IP : 5.43.197.146 CIDR : 5.43.196.0/23 PREFIX COUNT : 183 UNIQUE IP COUNT : 88832 WYKRYTE ATAKI Z ASN51407 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 4 DateTime : 2019-10-12 16:04:26 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-13 06:18:39

最近上报的IP列表

72.11.190.157	61.76.169.138	54.88.225.159	51.75.29.61
46.105.31.249	31.206.41.114	5.51.234.155	1.34.164.204
220.77.29.179	211.159.187.191	200.89.175.103	191.98.163.2
190.210.42.83	183.101.208.41	182.74.209.206	181.123.10.88
173.12.157.141	162.241.178.219	159.65.148.91	159.65.84.164