City: unknown
Region: unknown
Country: Canada
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 107.152.192.145 | attackspambots | (From whitlow.retha@gmail.com) This Google doc exposes how this scamdemic is part of a bigger plan to crush your business and keep it closed or semi-operational (with heavy rescritions) while big corporations remain open without consequences. This Covid lie has ruined many peoples lives and businesses and is all done on purpose to bring about the One World Order. It goes much deeper than this but the purpose of this doc is to expose the evil and wickedness that works in the background to ruin peoples lives. So feel free to share this message with friends and family. No need to reply to the email i provided above as its not registered. But this information will tell you everything you need to know. https://docs.google.com/document/d/14MuVe_anmrcDQl4sZhDqzhQy0Pbhrx9A/edit. In case the document is taken down, here is a backup source https://fakecovidscam.com |
2020-07-24 23:07:28 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.152.192.235
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52984
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;107.152.192.235. IN A
;; AUTHORITY SECTION:
. 359 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022022800 1800 900 604800 86400
;; Query time: 24 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 28 14:49:46 CST 2022
;; MSG SIZE rcvd: 108235.192.152.107.in-addr.arpa domain name pointer d7dc5.westemberg.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
235.192.152.107.in-addr.arpa name = d7dc5.westemberg.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 159.203.34.76 | attackspambots | $f2bV_matches |
2020-08-02 05:52:41 |
| 106.13.92.126 | attackspambots | Lines containing failures of 106.13.92.126 Aug 1 01:49:10 kmh-vmh-001-fsn07 sshd[10232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.92.126 user=r.r Aug 1 01:49:12 kmh-vmh-001-fsn07 sshd[10232]: Failed password for r.r from 106.13.92.126 port 55376 ssh2 Aug 1 01:49:14 kmh-vmh-001-fsn07 sshd[10232]: Received disconnect from 106.13.92.126 port 55376:11: Bye Bye [preauth] Aug 1 01:49:14 kmh-vmh-001-fsn07 sshd[10232]: Disconnected from authenticating user r.r 106.13.92.126 port 55376 [preauth] Aug 1 02:07:49 kmh-vmh-001-fsn07 sshd[15072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.92.126 user=r.r Aug 1 02:07:51 kmh-vmh-001-fsn07 sshd[15072]: Failed password for r.r from 106.13.92.126 port 44656 ssh2 Aug 1 02:07:53 kmh-vmh-001-fsn07 sshd[15072]: Received disconnect from 106.13.92.126 port 44656:11: Bye Bye [preauth] Aug 1 02:07:53 kmh-vmh-001-fsn07 sshd[15072]: Dis........ ------------------------------ |
2020-08-02 06:14:21 |
| 110.87.25.124 | attack | $f2bV_matches |
2020-08-02 06:28:19 |
| 122.51.77.128 | attackspam | Invalid user ansible from 122.51.77.128 port 58800 |
2020-08-02 06:27:07 |
| 222.186.175.215 | attack | 2020-08-01T19:24:05.890462correo.[domain] sshd[39910]: Failed password for root from 222.186.175.215 port 43968 ssh2 2020-08-01T19:24:08.996527correo.[domain] sshd[39910]: Failed password for root from 222.186.175.215 port 43968 ssh2 2020-08-01T19:24:12.513244correo.[domain] sshd[39910]: Failed password for root from 222.186.175.215 port 43968 ssh2 ... |
2020-08-02 06:15:57 |
| 114.249.230.154 | attackbots | Aug 1 22:48:21 debian-2gb-nbg1-2 kernel: \[18573379.950565\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=114.249.230.154 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=229 ID=52973 PROTO=TCP SPT=42478 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 1 22:48:21 debian-2gb-nbg1-2 kernel: \[18573379.968042\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=114.249.230.154 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=52973 PROTO=TCP SPT=42478 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-08-02 05:56:51 |
| 218.245.5.248 | attackbots | Repeated brute force against a port |
2020-08-02 05:57:26 |
| 91.121.176.34 | attackspambots | Aug 1 23:16:11 nextcloud sshd\[9181\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.176.34 user=root Aug 1 23:16:13 nextcloud sshd\[9181\]: Failed password for root from 91.121.176.34 port 50186 ssh2 Aug 1 23:53:43 nextcloud sshd\[14317\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.176.34 user=root |
2020-08-02 06:15:08 |
| 93.186.69.147 | attackbots | Brute force attempt |
2020-08-02 06:13:33 |
| 209.126.124.203 | attackbotsspam | Aug 2 00:04:13 eventyay sshd[8236]: Failed password for root from 209.126.124.203 port 41735 ssh2 Aug 2 00:05:19 eventyay sshd[8265]: Failed password for root from 209.126.124.203 port 50614 ssh2 ... |
2020-08-02 06:09:59 |
| 218.104.128.54 | attackbots | SSH Invalid Login |
2020-08-02 06:00:57 |
| 85.216.6.12 | attackspam | Lines containing failures of 85.216.6.12 (max 1000) Jul 27 16:03:46 srv sshd[95798]: Invalid user jpnshi from 85.216.6.12 port 45204 Jul 27 16:03:46 srv sshd[95798]: Received disconnect from 85.216.6.12 port 45204:11: Bye Bye [preauth] Jul 27 16:03:46 srv sshd[95798]: Disconnected from invalid user jpnshi 85.216.6.12 port 45204 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=85.216.6.12 |
2020-08-02 06:13:50 |
| 183.215.125.210 | attackspam | Invalid user zouliangfeng from 183.215.125.210 port 60891 |
2020-08-02 06:08:50 |
| 51.75.144.58 | attack | Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-01T20:21:35Z and 2020-08-01T22:12:28Z |
2020-08-02 06:25:18 |
| 122.51.103.110 | attack | fail2ban - Attack against Apache (too many 404s) |
2020-08-02 05:50:05 |