162.254.3.142 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: ColoMX LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: 461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-26 07:54:51
attackbotsspam	srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: 461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-26 01:10:02
attack	srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: 461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-25 16:46:42

Type

Details

Datetime

attackbotsspam

srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: *461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]

2020-09-26 07:54:51

attackbotsspam

srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: *461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]

2020-09-26 01:10:02

attack

srvr2: (mod_security) mod_security (id:920350) triggered by 162.254.3.142 (GB/-/-): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/25 01:30:47 [error] 550601#0: *461869 [client 162.254.3.142] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160099024732.832093"] [ref "o0,17v21,17"], client: 162.254.3.142, [redacted] request: "GET / HTTP/1.1" [redacted]

2020-09-25 16:46:42

Comments on same subnet:

IP	Type	Details	Datetime
162.254.3.60	attackbots	Hits on port : 11211	2020-05-01 22:46:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 162.254.3.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11983
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;162.254.3.142.			IN	A

;; AUTHORITY SECTION:
.			581	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092500 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 25 16:46:35 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 142.3.254.162.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 142.3.254.162.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
162.158.106.184	attackspam	Apache - FakeGoogleBot	2020-05-30 17:25:47
14.163.19.62	attackspam	Unauthorised access (May 30) SRC=14.163.19.62 LEN=52 TTL=50 ID=2573 DF TCP DPT=445 WINDOW=8192 SYN	2020-05-30 16:53:02
138.97.23.190	attackspambots	May 30 10:50:36 server sshd[10446]: Failed password for root from 138.97.23.190 port 33214 ssh2 May 30 10:55:10 server sshd[10749]: Failed password for root from 138.97.23.190 port 39008 ssh2 ...	2020-05-30 17:14:40
178.161.214.254	attackspambots	Automatic report - Banned IP Access	2020-05-30 17:18:12
162.158.107.211	attackbotsspam	Apache - FakeGoogleBot	2020-05-30 17:25:01
194.61.55.164	attackbots	2020-05-30T09:15:24.550422abusebot-8.cloudsearch.cf sshd[9890]: Invalid user boittier from 194.61.55.164 port 41034 2020-05-30T09:15:24.718392abusebot-8.cloudsearch.cf sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.55.164 2020-05-30T09:15:24.550422abusebot-8.cloudsearch.cf sshd[9890]: Invalid user boittier from 194.61.55.164 port 41034 2020-05-30T09:15:27.447379abusebot-8.cloudsearch.cf sshd[9890]: Failed password for invalid user boittier from 194.61.55.164 port 41034 ssh2 2020-05-30T09:15:28.805864abusebot-8.cloudsearch.cf sshd[9895]: Invalid user internet from 194.61.55.164 port 45587 2020-05-30T09:15:28.969118abusebot-8.cloudsearch.cf sshd[9895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.61.55.164 2020-05-30T09:15:28.805864abusebot-8.cloudsearch.cf sshd[9895]: Invalid user internet from 194.61.55.164 port 45587 2020-05-30T09:15:31.246659abusebot-8.cloudsearch.cf sshd[9895]: ...	2020-05-30 17:20:27
14.29.232.82	attack	$f2bV_matches	2020-05-30 17:09:42
122.114.158.242	attackspambots	May 30 06:31:29 inter-technics sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.158.242 user=root May 30 06:31:31 inter-technics sshd[7648]: Failed password for root from 122.114.158.242 port 51524 ssh2 May 30 06:34:54 inter-technics sshd[14110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.158.242 user=root May 30 06:34:57 inter-technics sshd[14110]: Failed password for root from 122.114.158.242 port 35982 ssh2 May 30 06:38:31 inter-technics sshd[15776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.158.242 user=root May 30 06:38:33 inter-technics sshd[15776]: Failed password for root from 122.114.158.242 port 48666 ssh2 ...	2020-05-30 17:05:40
104.248.10.181	attack	" "	2020-05-30 17:20:11
191.30.134.67	attackspambots	Automatic report - Port Scan Attack	2020-05-30 16:47:31
49.232.30.175	attack	Brute-force attempt banned	2020-05-30 16:53:48
36.46.135.38	attackbots	May 30 10:45:24 ns382633 sshd\[8209\]: Invalid user rpm from 36.46.135.38 port 34893 May 30 10:45:24 ns382633 sshd\[8209\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.46.135.38 May 30 10:45:27 ns382633 sshd\[8209\]: Failed password for invalid user rpm from 36.46.135.38 port 34893 ssh2 May 30 11:00:57 ns382633 sshd\[10885\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.46.135.38 user=root May 30 11:00:59 ns382633 sshd\[10885\]: Failed password for root from 36.46.135.38 port 49567 ssh2	2020-05-30 17:17:08
51.178.50.244	attackbots	May 30 01:36:18 askasleikir sshd[23788]: Failed password for root from 51.178.50.244 port 59178 ssh2 May 30 01:44:40 askasleikir sshd[23811]: Failed password for root from 51.178.50.244 port 52340 ssh2 May 30 01:29:09 askasleikir sshd[23768]: Failed password for root from 51.178.50.244 port 48394 ssh2	2020-05-30 17:26:35
82.102.173.90	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 75 - port: 8243 proto: TCP cat: Misc Attack	2020-05-30 17:15:29
222.185.241.130	attack	May 30 06:01:22 eventyay sshd[7370]: Failed password for root from 222.185.241.130 port 49539 ssh2 May 30 06:03:16 eventyay sshd[7421]: Failed password for root from 222.185.241.130 port 56161 ssh2 May 30 06:07:04 eventyay sshd[7522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.185.241.130 ...	2020-05-30 17:18:39

Recently Reported IPs

125.25.136.51	107.172.2.236	209.250.229.105	190.24.59.44
122.180.58.118	95.255.52.233	66.62.28.79	161.35.46.168
45.125.66.137	52.183.115.25	117.2.233.66	168.0.158.1
167.71.211.86	163.172.147.193	161.35.38.236	125.129.212.198
121.225.25.142	49.118.187.50	182.75.141.110	182.119.208.51