City: Frankfurt am Main
Region: Hesse
Country: Germany
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 104.248.42.94 | attack | Dec 11 07:28:44 herz-der-gamer sshd[26689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.42.94 user=vmail Dec 11 07:28:46 herz-der-gamer sshd[26689]: Failed password for vmail from 104.248.42.94 port 56192 ssh2 ... |
2019-12-11 16:53:11 |
| 104.248.42.94 | attackspambots | Dec 9 05:56:06 v22018076622670303 sshd\[22485\]: Invalid user mobile from 104.248.42.94 port 52208 Dec 9 05:56:06 v22018076622670303 sshd\[22485\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.42.94 Dec 9 05:56:09 v22018076622670303 sshd\[22485\]: Failed password for invalid user mobile from 104.248.42.94 port 52208 ssh2 ... |
2019-12-09 13:56:28 |
| 104.248.42.94 | attackspam | 2019-11-22T22:55:50.489874abusebot-4.cloudsearch.cf sshd\[5583\]: Invalid user admin from 104.248.42.94 port 39292 |
2019-11-23 07:32:31 |
| 104.248.42.94 | attack | Nov 17 23:21:47 icinga sshd[4842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.42.94 Nov 17 23:21:49 icinga sshd[4842]: Failed password for invalid user xbmc from 104.248.42.94 port 49854 ssh2 Nov 17 23:42:58 icinga sshd[24675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.42.94 ... |
2019-11-18 07:49:25 |
| 104.248.42.231 | attackbotsspam | Wed 17 01:29:19 60001/tcp |
2019-07-17 20:31:05 |
| 104.248.42.231 | attackspambots | NAME : DO-13 CIDR : 104.248.0.0/16 SYN Flood DDoS Attack USA - New York - block certain countries :) IP: 104.248.42.231 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl |
2019-07-12 01:08:45 |
| 104.248.42.231 | attackspambots | 5500/tcp 5500/tcp [2019-07-08/10]2pkt |
2019-07-10 21:10:55 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.42.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1180
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;104.248.42.27. IN A
;; AUTHORITY SECTION:
. 500 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022031801 1800 900 604800 86400
;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Mar 19 09:46:45 CST 2022
;; MSG SIZE rcvd: 106Host 27.42.248.104.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 27.42.248.104.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 91.134.248.230 | attackspambots | 91.134.248.230 - - [25/Aug/2020:08:20:47 +0100] "POST /wp-login.php HTTP/1.1" 200 2415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [25/Aug/2020:08:20:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2341 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [25/Aug/2020:08:20:48 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2020-08-25 16:51:25 |
| 104.27.157.6 | attack | Sending out spam emails from IP 2001:41d0:1004:20d9:0:0:0:0 (ovh. net) Advertising that they are selling hacked dating account as well as compromised SMTP servers, shells, cpanel accounts and other illegal activity. For OVH report via their form as well as email https://www.ovh.com/world/abuse/ And send the complaint to abuse@ovh.net noc@ovh.net OVH.NET are pure scumbags and allow their customers to spam and ignore abuse complaints these guys are the worst of the worst! Pure scumbags! Now the spammer's websites are located at http://toolsbase.ws IP: 104.27.156.6, 104.27.157.6, 172.67.222.105 (cloudflare.com) For Cloudflare report via their form at https://www.cloudflare.com/abuse/ and noc@cloudflare.com and abuse@cloudflare.com |
2020-08-25 16:53:06 |
| 208.97.177.178 | attack | 208.97.177.178 - - [25/Aug/2020:10:44:49 +0200] "GET /wp-login.php HTTP/1.1" 200 8537 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.97.177.178 - - [25/Aug/2020:10:44:51 +0200] "POST /wp-login.php HTTP/1.1" 200 8788 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.97.177.178 - - [25/Aug/2020:10:44:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-08-25 16:46:12 |
| 178.62.252.206 | attack | 178.62.252.206 - - [25/Aug/2020:06:56:40 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 178.62.252.206 - - [25/Aug/2020:06:56:41 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 178.62.252.206 - - [25/Aug/2020:06:56:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-08-25 16:55:47 |
| 94.102.56.216 | attackspambots | 94.102.56.216 was recorded 5 times by 4 hosts attempting to connect to the following ports: 56243,57057. Incident counter (4h, 24h, all-time): 5, 33, 1815 |
2020-08-25 17:09:16 |
| 212.64.71.225 | attackbotsspam | Aug 24 23:47:21 ny01 sshd[13851]: Failed password for root from 212.64.71.225 port 38958 ssh2 Aug 24 23:49:55 ny01 sshd[14153]: Failed password for root from 212.64.71.225 port 45800 ssh2 |
2020-08-25 17:16:43 |
| 192.42.116.18 | attackspambots | Aug 24 22:37:46 mockhub sshd[25143]: Failed password for root from 192.42.116.18 port 55900 ssh2 Aug 24 22:37:57 mockhub sshd[25143]: error: maximum authentication attempts exceeded for root from 192.42.116.18 port 55900 ssh2 [preauth] ... |
2020-08-25 17:00:45 |
| 18.232.132.241 | attackspambots | Scanner : /ResidentEvil/blog |
2020-08-25 16:53:29 |
| 167.172.152.54 | attackspam | Time: Tue Aug 25 00:54:03 2020 +0000 IP: 167.172.152.54 (US/United States/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Aug 25 00:53:35 ca-1-ams1 sshd[7607]: Did not receive identification string from 167.172.152.54 port 48576 Aug 25 00:53:44 ca-1-ams1 sshd[7608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.152.54 user=root Aug 25 00:53:47 ca-1-ams1 sshd[7608]: Failed password for root from 167.172.152.54 port 45236 ssh2 Aug 25 00:54:00 ca-1-ams1 sshd[7613]: Invalid user oracle from 167.172.152.54 port 35624 Aug 25 00:54:01 ca-1-ams1 sshd[7613]: Failed password for invalid user oracle from 167.172.152.54 port 35624 ssh2 |
2020-08-25 17:26:04 |
| 128.199.240.120 | attackbotsspam | Automatic Fail2ban report - Trying login SSH |
2020-08-25 16:58:24 |
| 184.105.139.97 | attackbotsspam | Port scanning [2 denied] |
2020-08-25 17:14:48 |
| 139.59.34.226 | attackbotsspam | 139.59.34.226 - - [25/Aug/2020:09:14:15 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.34.226 - - [25/Aug/2020:09:16:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2020-08-25 16:48:46 |
| 116.179.32.41 | attackbotsspam | Bad bot/spoofed identity |
2020-08-25 17:16:59 |
| 185.202.0.117 | attack | RDP Bruteforce |
2020-08-25 16:58:06 |
| 112.60.95.1 | attack | Aug 25 05:06:49 ns3033917 sshd[8354]: Invalid user limao from 112.60.95.1 port 59944 Aug 25 05:06:51 ns3033917 sshd[8354]: Failed password for invalid user limao from 112.60.95.1 port 59944 ssh2 Aug 25 05:25:42 ns3033917 sshd[8556]: Invalid user ubuntu from 112.60.95.1 port 46408 ... |
2020-08-25 16:56:27 |