3.25.98.58 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Australia

Internet Service Provider: Amazon Corporate Services Pty Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	srvr1: (mod_security) mod_security (id:920350) triggered by 3.25.98.58 (AU/-/ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/16 05:04:17 [error] 117383#0: 157388 [client 3.25.98.58] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/.git/HEAD"] [unique_id "159755425770.248773"] [ref "o0,13v30,13"], client: 3.25.98.58, [redacted] request: "GET /.git/HEAD HTTP/1.1" [redacted]	2020-08-16 15:33:55

Type

Details

Datetime

attack

srvr1: (mod_security) mod_security (id:920350) triggered by 3.25.98.58 (AU/-/ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/16 05:04:17 [error] 117383#0: *157388 [client 3.25.98.58] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/.git/HEAD"] [unique_id "159755425770.248773"] [ref "o0,13v30,13"], client: 3.25.98.58, [redacted] request: "GET /.git/HEAD HTTP/1.1" [redacted]

2020-08-16 15:33:55

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 3.25.98.58
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 786
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.25.98.58.			IN	A

;; AUTHORITY SECTION:
.			483	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081600 1800 900 604800 86400

;; Query time: 81 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Aug 16 15:33:49 CST 2020
;; MSG SIZE  rcvd: 114

Host info

58.98.25.3.in-addr.arpa domain name pointer ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
58.98.25.3.in-addr.arpa	name = ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
114.34.101.37	attackspam	Unauthorized connection attempt detected from IP address 114.34.101.37 to port 82 [J]	2020-01-14 19:58:25
116.89.112.121	attackspam	Unauthorized connection attempt detected from IP address 116.89.112.121 to port 5555 [J]	2020-01-14 19:57:33
160.20.52.22	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-01-14 20:09:34
216.165.194.170	attack	Unauthorized connection attempt detected from IP address 216.165.194.170 to port 5555 [J]	2020-01-14 20:06:13
188.113.174.55	attack	Unauthorized connection attempt detected from IP address 188.113.174.55 to port 2220 [J]	2020-01-14 20:08:42
199.192.226.168	attackspam	Unauthorized connection attempt detected from IP address 199.192.226.168 to port 80 [J]	2020-01-14 20:07:08
190.164.224.135	attack	Unauthorized connection attempt detected from IP address 190.164.224.135 to port 8080 [J]	2020-01-14 19:52:49
118.69.26.160	attack	Unauthorized connection attempt detected from IP address 118.69.26.160 to port 23 [J]	2020-01-14 20:11:55
200.100.92.223	attackbots	firewall-block, port(s): 445/tcp	2020-01-14 20:19:51
91.113.247.98	attackbotsspam	Unauthorized connection attempt detected from IP address 91.113.247.98 to port 2222 [J]	2020-01-14 20:00:50
24.221.38.182	attackbotsspam	Unauthorized connection attempt detected from IP address 24.221.38.182 to port 2222 [J]	2020-01-14 19:49:41
116.252.0.28	attack	Unauthorized connection attempt detected from IP address 116.252.0.28 to port 8899 [J]	2020-01-14 20:27:22
36.66.175.129	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-01-14 19:48:56
209.97.175.96	attack	Unauthorized connection attempt detected from IP address 209.97.175.96 to port 2220 [J]	2020-01-14 20:06:37
222.186.175.154	attack	pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.154 user=root Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2	2020-01-14 19:50:51

Recently Reported IPs

185.40.139.8	60.48.83.142	1.202.116.146	119.8.109.226
35.188.149.132	91.218.63.18	80.255.13.30	198.148.118.3
180.249.166.81	41.37.198.196	62.31.81.69	24.238.79.45
181.31.119.250	91.241.74.19	49.234.127.186	92.74.189.230
171.118.105.59	170.249.57.88	41.44.55.95	212.227.216.29