81.163.117.199

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Ukraine

运营商(isp): TOV Telecommunication Company Plazma

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	" "	2019-08-22 08:25:04

相同子网IP讨论:

IP	类型	评论内容	时间
81.163.117.212	attackspam	srvr2: (mod_security) mod_security (id:920350) triggered by 81.163.117.212 (UA/-/212-117.tkplazma.com.ua): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/08 18:54:23 [error] 548013#0: 348564 [client 81.163.117.212] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159958406331.945953"] [ref "o0,18v21,18"], client: 81.163.117.212, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-09 20:49:11
81.163.117.212	attackspambots	srvr2: (mod_security) mod_security (id:920350) triggered by 81.163.117.212 (UA/-/212-117.tkplazma.com.ua): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/08 18:54:23 [error] 548013#0: 348564 [client 81.163.117.212] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159958406331.945953"] [ref "o0,18v21,18"], client: 81.163.117.212, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-09 14:46:07
81.163.117.212	attackbotsspam	srvr2: (mod_security) mod_security (id:920350) triggered by 81.163.117.212 (UA/-/212-117.tkplazma.com.ua): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/08 18:54:23 [error] 548013#0: 348564 [client 81.163.117.212] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159958406331.945953"] [ref "o0,18v21,18"], client: 81.163.117.212, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-09 06:56:58
81.163.117.59	attackspam	Wordpress attack	2020-01-01 18:14:16

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 81.163.117.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20480
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;81.163.117.199.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082101 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Aug 22 08:24:55 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 199.117.163.81.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 67.207.67.2, trying next server
Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 199.117.163.81.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
148.66.133.166	attack	May 15 22:08:37 server sshd\[34542\]: Invalid user webadmin from 148.66.133.166 May 15 22:08:37 server sshd\[34542\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.133.166 May 15 22:08:39 server sshd\[34542\]: Failed password for invalid user webadmin from 148.66.133.166 port 58102 ssh2 ...	2019-07-12 03:38:40
148.70.65.167	attack	frenzy	2019-07-12 03:26:28
148.70.23.121	attack	May 23 11:01:07 server sshd\[128896\]: Invalid user desiree from 148.70.23.121 May 23 11:01:07 server sshd\[128896\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.23.121 May 23 11:01:09 server sshd\[128896\]: Failed password for invalid user desiree from 148.70.23.121 port 48624 ssh2 ...	2019-07-12 03:32:09
103.138.109.219	attack	Trying ports that it shouldn't be.	2019-07-12 02:57:45
148.70.190.42	attack	May 19 03:38:49 server sshd\[206073\]: Invalid user smart from 148.70.190.42 May 19 03:38:49 server sshd\[206073\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.190.42 May 19 03:38:51 server sshd\[206073\]: Failed password for invalid user smart from 148.70.190.42 port 48184 ssh2 ...	2019-07-12 03:32:36
150.129.118.220	attackbots	Jul 3 03:00:42 server sshd\[217287\]: Invalid user hannes from 150.129.118.220 Jul 3 03:00:42 server sshd\[217287\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.129.118.220 Jul 3 03:00:44 server sshd\[217287\]: Failed password for invalid user hannes from 150.129.118.220 port 56478 ssh2 ...	2019-07-12 03:09:42
148.70.62.12	attackbots	Jul 6 22:45:33 server sshd\[23668\]: Invalid user dodsserver from 148.70.62.12 Jul 6 22:45:33 server sshd\[23668\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.62.12 Jul 6 22:45:35 server sshd\[23668\]: Failed password for invalid user dodsserver from 148.70.62.12 port 40188 ssh2 ...	2019-07-12 03:27:27
168.205.236.10	attack	TCP src-port=57945 dst-port=25 dnsbl-sorbs abuseat-org barracuda (Project Honey Pot rated Suspicious) (454)	2019-07-12 03:24:57
177.154.236.173	attack	Currently 7 failed/unauthorized logins attempts via SMTP/IMAP whostnameh 7 different usernames and wrong password: 2019-07-11T15:52:37+02:00 x@x 2019-07-10T23:06:25+02:00 x@x 2019-07-06T17:22:40+02:00 x@x 2019-06-29T22:21:10+02:00 x@x 2019-06-29T02:56:06+02:00 x@x 2019-06-25T08:06:45+02:00 x@x 2019-06-23T17:25:04+02:00 x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=177.154.236.173	2019-07-12 03:00:50
148.70.74.123	attackspam	Jun 21 00:27:49 server sshd\[125607\]: Invalid user server from 148.70.74.123 Jun 21 00:27:49 server sshd\[125607\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.74.123 Jun 21 00:27:51 server sshd\[125607\]: Failed password for invalid user server from 148.70.74.123 port 58118 ssh2 ...	2019-07-12 03:24:38
149.202.45.205	attackspam	Jun 27 19:39:16 server sshd\[53260\]: Invalid user serveur from 149.202.45.205 Jun 27 19:39:16 server sshd\[53260\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.202.45.205 Jun 27 19:39:18 server sshd\[53260\]: Failed password for invalid user serveur from 149.202.45.205 port 40100 ssh2 ...	2019-07-12 03:20:16
148.70.246.108	attackspambots	Jun 17 14:29:48 server sshd\[91062\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.246.108 user=news Jun 17 14:29:49 server sshd\[91062\]: Failed password for news from 148.70.246.108 port 59374 ssh2 Jun 17 14:33:16 server sshd\[91288\]: Invalid user buszdieker from 148.70.246.108 ...	2019-07-12 03:31:20
185.176.27.58	attack	Port scan: Attack repeated for 24 hours	2019-07-12 03:31:49
151.80.140.13	attack	May 20 19:18:54 server sshd\[22885\]: Invalid user bn from 151.80.140.13 May 20 19:18:54 server sshd\[22885\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.140.13 May 20 19:18:57 server sshd\[22885\]: Failed password for invalid user bn from 151.80.140.13 port 60460 ssh2 ...	2019-07-12 03:03:35
151.80.207.9	attack	May 10 05:45:57 server sshd\[41369\]: Invalid user user100 from 151.80.207.9 May 10 05:45:57 server sshd\[41369\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.207.9 May 10 05:45:59 server sshd\[41369\]: Failed password for invalid user user100 from 151.80.207.9 port 53543 ssh2 ...	2019-07-12 02:58:02

最近上报的IP列表

164.187.96.232	82.160.175.217	120.197.74.76	212.1.85.174
222.223.183.25	177.125.40.145	61.235.74.247	115.189.153.202
186.169.75.109	193.109.65.70	106.13.38.86	48.151.92.40
165.100.216.232	45.6.72.17	153.3.139.224	86.120.209.52
195.207.82.173	188.104.21.128	168.235.96.82	13.155.61.2