City: Pretoria
Region: Gauteng
Country: South Africa
Internet Service Provider: Telkom
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 102.252.64.63 | attackspambots | php WP PHPmyadamin ABUSE blocked for 12h |
2020-08-26 06:51:47 |
| 102.252.64.77 | attackspam | php WP PHPmyadamin ABUSE blocked for 12h |
2020-08-13 18:08:08 |
bb'
; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> 102.252.64.96
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45666
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;102.252.64.96. IN A
;; Query time: 2 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Jul 07 07:05:06 CST 2021
;; MSG SIZE rcvd: 42
'96.64.252.102.in-addr.arpa domain name pointer 8ta-252-64-96.telkomadsl.co.za.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
96.64.252.102.in-addr.arpa name = 8ta-252-64-96.telkomadsl.co.za.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 76.20.169.224 | attackbotsspam | (sshd) Failed SSH login from 76.20.169.224 (US/United States/c-76-20-169-224.hsd1.mi.comcast.net): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 26 16:36:58 internal2 sshd[22575]: Invalid user admin from 76.20.169.224 port 38901 Sep 26 16:36:58 internal2 sshd[22599]: Invalid user admin from 76.20.169.224 port 38918 Sep 26 16:36:59 internal2 sshd[22606]: Invalid user admin from 76.20.169.224 port 38935 |
2020-09-28 00:35:28 |
| 35.225.133.2 | attack | hzb4 35.225.133.2 [27/Sep/2020:19:27:47 "-" "POST /wp-login.php 200 3558 35.225.133.2 [27/Sep/2020:19:27:47 "-" "POST /wp-login.php 200 3558 35.225.133.2 [27/Sep/2020:19:27:47 "-" "POST /wp-login.php 200 3564 |
2020-09-28 00:36:00 |
| 49.235.137.64 | attack | timhelmke.de 49.235.137.64 [22/Sep/2020:13:52:20 +0200] "POST /wp-login.php HTTP/1.1" 200 6651 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" timhelmke.de 49.235.137.64 [22/Sep/2020:13:52:25 +0200] "POST /wp-login.php HTTP/1.1" 200 6604 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-09-28 00:21:06 |
| 168.61.55.2 | attack | [SunSep2717:24:44.7700002020][:error][pid3276:tid47083707156224][client168.61.55.2:50198][client168.61.55.2]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.php"atARGS:img.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"839"][id"337479"][rev"2"][msg"Atomicorp.comWAFRules-VirtualJustInTimePatch:WordpressRevslidernon-imagefiledownloadAttack"][severity"CRITICAL"][hostname"forum-wbp.com"][uri"/wp-admin/admin-ajax.php"][unique_id"X3CuvPNlwKK2wQXwcQyyRwAAAVc"][SunSep2717:24:47.0732952020][:error][pid9930:tid47083690346240][client168.61.55.2:58811][client168.61.55.2]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.php"atARGS:img.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"839"][id"337479"][rev"2"][msg"Atomicorp.comWAFRules-VirtualJustInTimePatch:WordpressRevslidernon-imagefiledownloadAttack"][severity"CRITICAL"][hostname"www.forum-wbp.com"][uri"/wp-admin/admin-ajax.php"][unique_id"X3Cuv1LN4aLU |
2020-09-28 00:40:17 |
| 212.124.119.74 | attack | /wp-login.php |
2020-09-28 00:30:27 |
| 40.70.221.167 | attackbotsspam | Invalid user 125 from 40.70.221.167 port 60068 |
2020-09-28 00:57:11 |
| 218.92.0.184 | attackbotsspam | Sep 27 18:31:24 pve1 sshd[32240]: Failed password for root from 218.92.0.184 port 64335 ssh2 Sep 27 18:31:28 pve1 sshd[32240]: Failed password for root from 218.92.0.184 port 64335 ssh2 ... |
2020-09-28 00:53:36 |
| 150.107.149.11 | attack | Fail2Ban Ban Triggered |
2020-09-28 00:47:15 |
| 81.70.7.32 | attackspambots | Connection to SSH Honeypot - Detected by HoneypotDB |
2020-09-28 00:41:17 |
| 60.18.200.246 | attackbots | Auto Detect Rule! proto TCP (SYN), 60.18.200.246:36987->gjan.info:23, len 40 |
2020-09-28 00:52:52 |
| 20.52.38.207 | attackspam | Invalid user azureuser from 20.52.38.207 port 9818 |
2020-09-28 00:33:37 |
| 140.143.228.67 | attackspam | (sshd) Failed SSH login from 140.143.228.67 (CN/China/Guangdong/Shenzhen/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 27 04:26:48 atlas sshd[22148]: Invalid user zjw from 140.143.228.67 port 43816 Sep 27 04:26:50 atlas sshd[22148]: Failed password for invalid user zjw from 140.143.228.67 port 43816 ssh2 Sep 27 04:48:22 atlas sshd[27089]: Invalid user ftpuser from 140.143.228.67 port 59756 Sep 27 04:48:23 atlas sshd[27089]: Failed password for invalid user ftpuser from 140.143.228.67 port 59756 ssh2 Sep 27 04:54:35 atlas sshd[28761]: Invalid user kai from 140.143.228.67 port 55284 |
2020-09-28 00:51:33 |
| 195.154.174.175 | attack | Invalid user registry from 195.154.174.175 port 59098 |
2020-09-28 00:48:31 |
| 13.92.133.6 | attackbotsspam | Invalid user 163 from 13.92.133.6 port 10361 |
2020-09-28 00:38:29 |
| 195.54.160.183 | attackbotsspam | Sep 27 10:41:31 vm0 sshd[16419]: Failed password for invalid user deluge from 195.54.160.183 port 27796 ssh2 Sep 27 18:29:12 vm0 sshd[1781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.54.160.183 ... |
2020-09-28 00:32:08 |