124.74.131.106

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[SunSep0821:25:58.1932582019][:error][pid26868:tid47825462339328][client124.74.131.106:55673][client124.74.131.106]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\\|\?=\?f\(\?:open\\|write\)\?\\\\\\\\\(\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress\)\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:admin.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:admin"][severity"CRITICAL"][hostname"148.251.104.84"][uri"/App.php"][unique_id"XXVVxnXRRDaOkurNzma-DwAAAMU"][SunSep0821:26:29.9051722019][:error][pid26868:tid47825547187968][client124.74.131.106:63148][client124.74.131.106]ModSecurity:Accessdeniedwithcode403\(phase2\).Pa	2019-09-09 11:12:15

Type

Details

Datetime

attack

[SunSep0821:25:58.1932582019][:error][pid26868:tid47825462339328][client124.74.131.106:55673][client124.74.131.106]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\|\?=\?f\(\?:open\|write\)\?\\\\\\\\\(\|\\\\\\\\b\(\?:passthru\|serialize\|php_uname\|phpinfo\|shell_exec\|preg_\\\\\\\\w \|mysql_query\|exec\|eval\|base64_decode\|decode_base64\|rot13\|base64_url_decode\|gz\(\?:inflate\|decode\|uncompress\)\|strrev\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:admin.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:admin"][severity"CRITICAL"][hostname"148.251.104.84"][uri"/App.php"][unique_id"XXVVxnXRRDaOkurNzma-DwAAAMU"][SunSep0821:26:29.9051722019][:error][pid26868:tid47825547187968][client124.74.131.106:63148][client124.74.131.106]ModSecurity:Accessdeniedwithcode403\(phase2\).Pa

2019-09-09 11:12:15

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 124.74.131.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36450
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;124.74.131.106.			IN	A

;; AUTHORITY SECTION:
.			3220	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090801 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Sep 09 11:12:03 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 106.131.74.124.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 106.131.74.124.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.30.35	attackbots	2020-02-03T19:20:53.776049vostok sshd\[20338\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.35 user=root \| Triggered by Fail2Ban at Vostok web server	2020-02-04 08:23:59
178.62.36.116	attackspam	$f2bV_matches	2020-02-04 08:20:17
122.252.255.82	attackbots	Unauthorized connection attempt detected from IP address 122.252.255.82 to port 445	2020-02-04 08:24:13
101.251.197.238	attackspambots	Feb 4 01:20:35 MK-Soft-Root2 sshd[25289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.197.238 Feb 4 01:20:38 MK-Soft-Root2 sshd[25289]: Failed password for invalid user brianne from 101.251.197.238 port 54366 ssh2 ...	2020-02-04 08:27:19
200.68.143.7	attack	Feb 4 01:07:40 grey postfix/smtpd\[4502\]: NOQUEUE: reject: RCPT from unknown\[200.68.143.7\]: 554 5.7.1 Service unavailable\; Client host \[200.68.143.7\] blocked using dul.dnsbl.sorbs.net\; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml\?200.68.143.7\; from=\ to=\ proto=ESMTP helo=\<\[200.68.143.7\]\> ...	2020-02-04 08:19:27
164.132.80.139	attackspam	SSH Brute Force	2020-02-04 08:11:34
88.146.219.245	attackbots	Unauthorized connection attempt detected from IP address 88.146.219.245 to port 2220 [J]	2020-02-04 08:22:09
49.235.41.34	attackbots	Unauthorized connection attempt detected from IP address 49.235.41.34 to port 2220 [J]	2020-02-04 07:54:32
49.232.86.90	attack	Unauthorized connection attempt detected from IP address 49.232.86.90 to port 2220 [J]	2020-02-04 08:21:05
42.117.71.253	attack	Unauthorized connection attempt detected from IP address 42.117.71.253 to port 23 [J]	2020-02-04 07:54:56
188.59.188.40	attack	Unauthorized connection attempt detected from IP address 188.59.188.40 to port 8080 [J]	2020-02-04 08:02:43
36.72.218.73	attackbotsspam	1580774854 - 02/04/2020 01:07:34 Host: 36.72.218.73/36.72.218.73 Port: 445 TCP Blocked	2020-02-04 08:23:34
129.211.130.66	attackspam	SSH authentication failure x 6 reported by Fail2Ban ...	2020-02-04 08:32:41
66.220.149.28	attackbotsspam	[Tue Feb 04 07:07:33.501108 2020] [:error] [pid 18719:tid 139896723326720] [client 66.220.149.28:52886] [client 66.220.149.28] ModSecurity: Access denied with code 403 (phase 2). Found 3 byte(s) in REQUEST_URI outside range: 32-36,38-126. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1304"] [id "920272"] [msg "Invalid character in request (outside of printable chars below ascii 127)"] [data "REQUEST_URI=/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika/2020/01_Januari_2020/Das-III/Analisis_Dinamika_Atmosfer\\xe2\\x80\\x93Laut_Dan_Prediksi_Curah_Hujan_Update_Dasarian_III_Januari_2020.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [tag "paranoia-level/3"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika ...	2020-02-04 08:23:07
41.210.128.81	attackbots	Unauthorized connection attempt detected from IP address 41.210.128.81 to port 23 [J]	2020-02-04 07:55:19

Recently Reported IPs

187.120.134.81	138.68.208.159	172.96.81.181	48.100.224.243
51.225.227.10	1.20.248.226	138.68.208.69	37.236.106.6
153.165.246.183	194.113.106.146	159.203.199.151	162.243.58.198
2a01:4f8:121:5009::2	162.63.125.186	169.157.190.8	167.151.64.59
148.251.11.82	124.194.51.102	51.15.57.137	188.212.197.136