131.108.53.90 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
131.108.53.221	attack	[Sat Jan 11 11:52:52.178348 2020] [:error] [pid 8512:tid 140478037059328] [client 131.108.53.221:57715] [client 131.108.53.221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XhlUpFdOXXW0RQAWP01AeAAAAHs"] ...	2020-01-11 16:49:46

Type

Details

Datetime

131.108.53.221

attack

[Sat Jan 11 11:52:52.178348 2020] [:error] [pid 8512:tid 140478037059328] [client 131.108.53.221:57715] [client 131.108.53.221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XhlUpFdOXXW0RQAWP01AeAAAAHs"]
...

2020-01-11 16:49:46

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 131.108.53.90
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7995
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;131.108.53.90.			IN	A

;; AUTHORITY SECTION:
.			184	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020700 1800 900 604800 86400

;; Query time: 82 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 07 13:56:33 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 90.53.108.131.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 90.53.108.131.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
177.43.129.220	attackspam	" "	2020-02-20 21:10:57
192.254.207.123	attackspam	Wordpress Admin Login attack	2020-02-20 20:58:38
151.80.254.78	attackspam	$f2bV_matches	2020-02-20 21:07:43
223.100.104.192	attackspambots	Invalid user zhaowei from 223.100.104.192 port 48134	2020-02-20 21:17:41
189.126.175.215	attackbotsspam	Feb 20 08:46:24 debian-2gb-nbg1-2 kernel: \[4443995.160175\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=189.126.175.215 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=49247 PROTO=TCP SPT=10568 DPT=8080 WINDOW=11457 RES=0x00 SYN URGP=0	2020-02-20 21:15:38
86.110.21.103	attackbots	Honeypot attack, port: 5555, PTR: host-86-110-21-103.n.atel.su.	2020-02-20 20:58:02
122.117.64.4	attack	Honeypot attack, port: 81, PTR: 122-117-64-4.HINET-IP.hinet.net.	2020-02-20 20:52:49
45.187.164.1	attack	45.187.164.1 - - [20/Feb/2020:03:52:22 +0200] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 HTTP/1.1" 400 226	2020-02-20 21:14:00
66.23.205.43	attackspambots	Feb 20 11:41:12 host sshd\[27887\]: Unable to negotiate with 66.23.205.43 port 35334: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 \[preauth\]	2020-02-20 21:00:01
5.135.253.172	attackspambots	scans 2 times in preceeding hours on the ports (in chronological order) 11775 11776	2020-02-20 21:06:39
194.26.29.124	attackbotsspam	Feb 20 13:42:22 debian-2gb-nbg1-2 kernel: \[4461753.467020\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=194.26.29.124 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=183 ID=28661 PROTO=TCP SPT=44494 DPT=33984 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-20 20:46:01
45.136.108.23	attackspambots	Unauthorized connection attempt detected from IP address 45.136.108.23 to port 1694	2020-02-20 20:56:29
192.241.227.186	attack	port scan and connect, tcp 22 (ssh)	2020-02-20 21:12:36
166.62.123.55	attack	166.62.123.55 - - \[20/Feb/2020:10:38:36 +0100\] "POST /wp-login.php HTTP/1.0" 200 6997 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 166.62.123.55 - - \[20/Feb/2020:10:38:39 +0100\] "POST /wp-login.php HTTP/1.0" 200 6864 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 166.62.123.55 - - \[20/Feb/2020:10:38:41 +0100\] "POST /wp-login.php HTTP/1.0" 200 6860 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-02-20 21:08:06
210.2.145.90	attackspambots	Honeypot attack, port: 445, PTR: static-host210-2-145-90.link.net.pk.	2020-02-20 20:45:15

Recently Reported IPs

5.235.195.160	188.159.2.194	144.123.69.192	62.113.206.67
20.206.91.204	43.154.190.53	197.60.108.151	211.75.30.19
45.134.186.4	74.64.42.82	41.40.222.17	110.78.151.113
94.128.16.160	90.203.141.252	112.18.130.104	106.104.121.133
42.235.154.184	40.94.95.1	93.190.11.154	157.245.146.138