City: unknown
Region: unknown
Country: South Africa
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 105.245.211.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13708
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;105.245.211.48. IN A
;; AUTHORITY SECTION:
. 250 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023112203 1800 900 604800 86400
;; Query time: 49 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Nov 23 09:14:11 CST 2023
;; MSG SIZE rcvd: 10748.211.245.105.in-addr.arpa domain name pointer vc-gp-n-105-245-211-48.umts.vodacom.co.za.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
48.211.245.105.in-addr.arpa name = vc-gp-n-105-245-211-48.umts.vodacom.co.za.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 122.102.44.66 | attackbotsspam | Nov 6 08:04:16 legacy sshd[19603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.102.44.66 Nov 6 08:04:17 legacy sshd[19603]: Failed password for invalid user support from 122.102.44.66 port 52422 ssh2 Nov 6 08:09:05 legacy sshd[19750]: Failed password for root from 122.102.44.66 port 34510 ssh2 ... |
2019-11-06 15:13:06 |
| 207.154.249.12 | attack | www.lust-auf-land.com 207.154.249.12 \[06/Nov/2019:07:29:45 +0100\] "POST /wp-login.php HTTP/1.1" 200 5829 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" lust-auf-land.com 207.154.249.12 \[06/Nov/2019:07:29:51 +0100\] "POST /xmlrpc.php HTTP/1.1" 301 472 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" |
2019-11-06 15:12:37 |
| 92.118.37.83 | attackbotsspam | 92.118.37.83 was recorded 164 times by 27 hosts attempting to connect to the following ports: 3767,3758,3534,3831,3769,3457,3894,3942,3428,3460,3626,3614,3613,3850,3627,3886,3827,3863,3812,3469,3712,3623,3995,3723,3560,3666,3855,3760,3816,3910,3611,3610,3836,3763,3798,3577,3582,3858,3839,3661,3914,3438,3900,3594,3757,3606,3603,3835,3852,3772,3929,3752,3422,3871,3941,3511,3845,3778,3859,3430,3628,3622,3756,3837,3869,3664,3675,3750,3746,3905,3885,3765,3466,3437,3867,3567,3824,3669,3968,3624,3453,3874,3907,3825,3607,3898,3679,3764,3608,3781,3951,3531,3548,3785,3708,3964,3671,3535,3556,3935,3977,3754,3940,3670,3820,3602,3621,3892,3433,3443,3674,3574,3600,3411,3416,3660,3881,3501,3960,3419,3846,3508,3498,3828,3840,3691,3585,3616,3705,3833,3640,3620,3965,3944,3718,3706,3972,3924,3450,3542,3650. Incident counter (4h, 24h, all-time): 164, 413, 1153 |
2019-11-06 14:54:01 |
| 27.188.211.23 | attack | (Nov 6) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=27148 TCP DPT=8080 WINDOW=47805 SYN (Nov 5) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=8142 TCP DPT=8080 WINDOW=47805 SYN (Nov 5) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=58061 TCP DPT=8080 WINDOW=33410 SYN (Nov 5) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=11682 TCP DPT=8080 WINDOW=47260 SYN (Nov 4) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=22814 TCP DPT=8080 WINDOW=13556 SYN (Nov 3) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=14024 TCP DPT=8080 WINDOW=60964 SYN (Nov 3) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=16037 TCP DPT=8080 WINDOW=33410 SYN (Nov 3) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=7322 TCP DPT=8080 WINDOW=60964 SYN (Nov 3) LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=47675 TCP DPT=8080 WINDOW=3468 SYN |
2019-11-06 15:16:15 |
| 159.203.77.51 | attackbots | Nov 6 07:30:19 MK-Soft-Root1 sshd[21811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.77.51 Nov 6 07:30:21 MK-Soft-Root1 sshd[21811]: Failed password for invalid user david from 159.203.77.51 port 51360 ssh2 ... |
2019-11-06 14:50:37 |
| 34.192.117.8 | attack | WordPress XMLRPC scan :: 34.192.117.8 0.180 BYPASS [06/Nov/2019:06:29:57 0000] [censored_4] "GET /xmlrpc.php HTTP/1.1" 405 53 "http://[censored_4]/xmlrpc.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2019-11-06 15:08:49 |
| 86.57.155.110 | attack | Nov 6 08:07:33 localhost sshd\[28713\]: Invalid user ftpuser from 86.57.155.110 Nov 6 08:07:33 localhost sshd\[28713\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.57.155.110 Nov 6 08:07:35 localhost sshd\[28713\]: Failed password for invalid user ftpuser from 86.57.155.110 port 11027 ssh2 Nov 6 08:13:03 localhost sshd\[29218\]: Invalid user manager from 86.57.155.110 Nov 6 08:13:03 localhost sshd\[29218\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.57.155.110 ... |
2019-11-06 15:17:26 |
| 87.98.218.129 | attack | Nov 6 07:29:48 SilenceServices sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.218.129 Nov 6 07:29:49 SilenceServices sshd[13122]: Failed password for invalid user neils from 87.98.218.129 port 43962 ssh2 Nov 6 07:30:20 SilenceServices sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.98.218.129 |
2019-11-06 14:54:22 |
| 179.232.1.254 | attackbotsspam | $f2bV_matches |
2019-11-06 15:25:59 |
| 51.75.30.199 | attack | Nov 6 02:11:36 ny01 sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.30.199 Nov 6 02:11:39 ny01 sshd[7547]: Failed password for invalid user leckie from 51.75.30.199 port 50883 ssh2 Nov 6 02:14:56 ny01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.30.199 |
2019-11-06 15:29:36 |
| 77.105.99.85 | attack | IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/77.105.99.85/ FI - 1H : (2) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : FI NAME ASN : ASN42621 IP : 77.105.99.85 CIDR : 77.105.64.0/18 PREFIX COUNT : 3 UNIQUE IP COUNT : 17664 ATTACKS DETECTED ASN42621 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-11-06 07:30:22 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery |
2019-11-06 14:54:53 |
| 80.20.231.251 | attack | Honeypot attack, port: 23, PTR: host251-231-static.20-80-b.business.telecomitalia.it. |
2019-11-06 15:13:50 |
| 167.86.73.176 | attack | fell into ViewStateTrap:wien2018 |
2019-11-06 15:20:39 |
| 5.206.230.62 | attackspambots | email spam |
2019-11-06 15:00:48 |
| 45.136.109.95 | attackspambots | Nov 6 06:50:09 h2177944 kernel: \[5895047.672265\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.95 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46554 PROTO=TCP SPT=48022 DPT=3399 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 07:17:47 h2177944 kernel: \[5896705.266391\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.95 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42578 PROTO=TCP SPT=48022 DPT=3374 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 07:17:53 h2177944 kernel: \[5896711.325657\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.95 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18354 PROTO=TCP SPT=48022 DPT=3354 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 07:21:27 h2177944 kernel: \[5896925.825704\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.95 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48139 PROTO=TCP SPT=48022 DPT=3352 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 07:29:54 h2177944 kernel: \[5897432.417203\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.95 DST=85.214.117.9 |
2019-11-06 15:10:05 |