City: unknown
Region: unknown
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 172.104.108.109 | attack | srvr1: (mod_security) mod_security (id:920350) triggered by 172.104.108.109 (US/-/scan-92.security.ipip.net): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/04 19:47:33 [error] 246777#0: *198802 [client 172.104.108.109] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160183365376.869714"] [ref "o0,13v21,13"], client: 172.104.108.109, [redacted] request: "GET / HTTP/1.1" [redacted] |
2020-10-05 03:53:39 |
| 172.104.108.109 | attackbotsspam | Use Brute-Force |
2020-10-04 19:43:17 |
| 172.104.108.109 | attackspambots | \[2020-08-18 06:42:58\] \[28845\] \[http_80_tcp 12088\] \[172.104.108.109:36896\] recv: GET / HTTP/1.1 \[2020-08-19 22:52:37\] \[28845\] \[http_80_tcp 21967\] \[172.104.108.109:44078\] recv: GET / HTTP/1.1 |
2020-08-20 05:39:57 |
| 172.104.108.109 | attackspam | [14/Aug/2020:04:16:00 -0400] "GET / HTTP/1.1" "Mozilla/5.0" |
2020-08-15 23:44:23 |
| 172.104.108.109 | attack | [Thu Jul 30 10:56:16.226586 2020] [:error] [pid 28485:tid 139696478869248] [client 172.104.108.109:42200] [client 172.104.108.109] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XyJE4M@uTJFGYTjqSIaxkQAAAqU"] ... |
2020-07-30 12:14:53 |
| 172.104.108.109 | attackbots | Cluster member 67.227.229.95 (US/United States/host.cjthedj97.me) said, DENY 172.104.108.109, Reason:[(mod_security) mod_security (id:2000064) triggered by 172.104.108.109 (JP/Japan/scan-92.security.ipip.net): 1 in the last 3600 secs]; Ports: *; Direction: inout; Trigger: LF_CLUSTER |
2020-07-07 16:19:28 |
| 172.104.108.109 | attackbots | W 31101,/var/log/nginx/access.log,-,- |
2020-06-30 21:46:53 |
| 172.104.108.109 | attackbotsspam | Unauthorized connection attempt detected from IP address 172.104.108.109 to port 80 |
2020-05-24 17:17:29 |
| 172.104.108.109 | attack | Brute force attack stopped by firewall |
2020-05-22 07:25:50 |
| 172.104.108.109 | bots | 172.104.108.109 - - [19/Apr/2019:09:14:51 +0800] "GET / HTTP/1.1" 301 194 "-" "Go-http-client/1.1" 172.104.108.109 - - [19/Apr/2019:09:14:52 +0800] "GET / HTTP/1.1" 200 3269 "http://118.25.52.138:80" "Go-http-client/1.1" |
2019-04-19 09:16:41 |
| 172.104.108.109 | bots | 172.104.108.109 - - [09/Apr/2019:18:20:18 +0800] "GET / HTTP/1.1" 301 194 "-" "Go-http-client/1.1" 172.104.108.109 - - [09/Apr/2019:18:20:19 +0800] "GET / HTTP/1.1" 200 3280 "http://118.25.52.138:80" "Go-http-client/1.1" |
2019-04-09 18:20:46 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 172.104.108.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64619
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;172.104.108.114. IN A
;; AUTHORITY SECTION:
. 387 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020700 1800 900 604800 86400
;; Query time: 15 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 07 22:06:52 CST 2022
;; MSG SIZE rcvd: 108114.108.104.172.in-addr.arpa domain name pointer li1718-114.members.linode.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
114.108.104.172.in-addr.arpa name = li1718-114.members.linode.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 1.174.58.222 | attack | 2222/tcp [2019-06-26]1pkt |
2019-06-26 20:57:22 |
| 80.82.70.39 | attackspam | EXPLOIT Netcore Router Backdoor Access |
2019-06-26 21:26:36 |
| 120.229.42.59 | attack | Jun 26 05:33:48 mxgate1 postfix/postscreen[23334]: CONNECT from [120.229.42.59]:1139 to [176.31.12.44]:25 Jun 26 05:33:48 mxgate1 postfix/dnsblog[23338]: addr 120.229.42.59 listed by domain zen.spamhaus.org as 127.0.0.4 Jun 26 05:33:48 mxgate1 postfix/dnsblog[23339]: addr 120.229.42.59 listed by domain cbl.abuseat.org as 127.0.0.2 Jun 26 05:33:54 mxgate1 postfix/postscreen[23334]: DNSBL rank 3 for [120.229.42.59]:1139 Jun x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=120.229.42.59 |
2019-06-26 21:10:49 |
| 222.254.7.179 | attack | 445/tcp [2019-06-26]1pkt |
2019-06-26 20:47:37 |
| 202.182.174.102 | attack | 2019-06-26T12:48:15.450311enmeeting.mahidol.ac.th sshd\[24015\]: Invalid user solr from 202.182.174.102 port 33243 2019-06-26T12:48:15.470583enmeeting.mahidol.ac.th sshd\[24015\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.182.174.102 2019-06-26T12:48:17.624363enmeeting.mahidol.ac.th sshd\[24015\]: Failed password for invalid user solr from 202.182.174.102 port 33243 ssh2 ... |
2019-06-26 20:56:16 |
| 35.237.232.107 | attackbots | RDP Brute-Force (Grieskirchen RZ1) |
2019-06-26 20:44:15 |
| 206.201.5.117 | attackspam | $f2bV_matches |
2019-06-26 20:58:23 |
| 114.67.232.237 | attack | Scanning and Vuln Attempts |
2019-06-26 20:42:06 |
| 178.127.80.43 | attack | Lines containing failures of 178.127.80.43 Jun 26 05:31:35 shared11 postfix/smtpd[28352]: connect from unknown[178.127.80.43] Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=178.127.80.43 |
2019-06-26 21:05:30 |
| 103.81.62.1 | attackbotsspam | 445/tcp [2019-06-26]1pkt |
2019-06-26 20:37:52 |
| 209.17.97.66 | attack | port scan and connect, tcp 443 (https) |
2019-06-26 20:34:39 |
| 74.82.47.4 | attack | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-26 06:53:39,552 INFO [amun_request_handler] unknown vuln (Attacker: 74.82.47.4 Port: 3389, Mess: ['\x16\x03\x01\x00\x9a\x01\x00\x00\x96\x03\x03]0f\x1f\xe9\xd7\xbbD{x\xa4\xf9\xed\xfc\xbc\xf8\x04\xd3a\xe6h\xf8e:\xfb\xdd.^\x16~\x8df\x00\x00\x1a\xc0/\xc0 \xc0\x11\xc0\x07\xc0\x13\xc0\t\xc0\x14\xc0\n\x00\x05\x00/\x005\xc0\x12\x00\n\x01\x00\x00S\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\n\x00\x08\x00\x06\x00\x17\x00\x18\x00\x19\x00\x0b\x00\x02\x01\x00\x00\r\x00 |
2019-06-26 21:08:11 |
| 5.172.14.153 | attackspam | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-26 01:27:23,159 INFO [shellcode_manager] (5.172.14.153) no match, writing hexdump (61e6edfd42c66cf280b9de9dbe36cb1b :2040910) - MS17010 (EternalBlue) |
2019-06-26 21:21:16 |
| 202.149.193.118 | attack | Jun 26 11:24:05 localhost sshd\[20480\]: Invalid user hyperic from 202.149.193.118 Jun 26 11:24:05 localhost sshd\[20480\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.193.118 Jun 26 11:24:06 localhost sshd\[20480\]: Failed password for invalid user hyperic from 202.149.193.118 port 32613 ssh2 Jun 26 11:25:53 localhost sshd\[20747\]: Invalid user ping from 202.149.193.118 Jun 26 11:25:53 localhost sshd\[20747\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.193.118 ... |
2019-06-26 20:42:32 |
| 182.61.33.2 | attackbots | Invalid user user1 from 182.61.33.2 port 58432 |
2019-06-26 20:35:28 |