My router is informing to me about this IP, here is the message Dear User Your router has detected and protected you against an attempt to gain access to your network. This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance. Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts. Save this email for comparison with future alert messages. Your router Alert Information Time: 04/25/2013, 19:47:10 Message: TCP FIN Scan Source: 200.54.104.109, 57421 Destination:192.168.54.140, 80 (from ATM1 Inbound)
Reviewing my Apache logs is multiple attempts from this address to probe for security vulnerabilities in my server mainly script kitty ****: [Sun Apr 28 06:45:24 2013] [error] [client 200.54.104.109] File does not exist: G:/web/MySQLAdmin [Sun Apr 28 06:45:24 2013] [error] [client 200.54.104.109] File does not exist: G:/web/mysqlmanager [Sun Apr 28 06:45:25 2013] [error] [client 200.54.104.109] File does not exist: G:/web/mysql [Sun Apr 28 06:45:25 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpadmin [Sun Apr 28 06:45:26 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmanager [Sun Apr 28 06:45:26 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpm [Sun Apr 28 06:45:27 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmyadmin1 [Sun Apr 28 06:45:27 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpMyAdmin1 [Sun Apr 28 06:45:28 2013] [error] [client 200.54.104.109] File does not exist: G:/web/_phpmyadmin [Sun Apr 28 06:45:28 2013] [error] [client 200.54.104.109] File does not exist: G:/web/php-my-admin [Sun Apr 28 06:45:29 2013] [error] [client 200.54.104.109] File does not exist: G:/web/php-myadmin [Sun Apr 28 06:45:29 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmy-admin [Sun Apr 28 06:45:29 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmyadmin [Sun Apr 28 06:45:30 2013] [error] [client 200.54.104.109] File does not exist: G:/web/_phpMyAdmin [Sun Apr 28 06:45:30 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpMyAdmin [Sun Apr 28 06:45:31 2013] [error] [client 200.54.104.109] File does not exist: G:/web/pHpMyAdMiN [Sun Apr 28 06:45:31 2013] [error] [client 200.54.104.109] File does not exist: G:/web/PHPMYADMIN [Sun Apr 28 06:45:32 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpMyAdmi [Sun Apr 28 06:45:32 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmyad [Sun Apr 28 06:45:33 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpMyAds [Sun Apr 28 06:45:33 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmyad-sys [Sun Apr 28 06:45:33 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmya [Sun Apr 28 06:45:34 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpMyA [Sun Apr 28 06:45:34 2013] [error] [client 200.54.104.109] File does not exist: G:/web/phpmy [Sun Apr 28 06:45:35 2013] [error] [client 200.54.104.109] File does not exist: G:/web/pHpMy
This IP Address was used to run an attempted scan and was stopped by my IPS "BLACKLIST User-Agent known malicious user-agent string ZmEu - vulnerability scanner" 267 events were recorded by the IPS
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 200.54.104.109 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.