City: Frisco
Region: Texas
Country: United States
Internet Service Provider: AT&T
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 108.81.194.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19434
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;108.81.194.48. IN A
;; AUTHORITY SECTION:
. 482 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019100202 1800 900 604800 86400
;; Query time: 327 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 03 03:24:57 CST 2019
;; MSG SIZE rcvd: 11748.194.81.108.in-addr.arpa domain name pointer 108-81-194-48.lightspeed.rcsntx.sbcglobal.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
48.194.81.108.in-addr.arpa name = 108-81-194-48.lightspeed.rcsntx.sbcglobal.net.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 83.97.20.31 | attack | ET DROP Dshield Block Listed Source group 1 - port: 1080 proto: tcp cat: Misc Attackbytes: 60 |
2020-10-12 02:26:15 |
| 154.180.242.72 | attack | Icarus honeypot on github |
2020-10-12 02:51:56 |
| 64.227.0.92 | attackspam | $f2bV_matches |
2020-10-12 02:58:14 |
| 103.89.5.26 | attackbots | Oct 11 23:07:59 gw1 sshd[3652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.89.5.26 Oct 11 23:08:01 gw1 sshd[3652]: Failed password for invalid user roger from 103.89.5.26 port 37346 ssh2 ... |
2020-10-12 02:28:07 |
| 185.234.218.84 | attackbots | Oct 11 16:38:43 mail postfix/smtpd\[27108\]: warning: unknown\[185.234.218.84\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 11 17:11:35 mail postfix/smtpd\[28446\]: warning: unknown\[185.234.218.84\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 11 17:44:11 mail postfix/smtpd\[29214\]: warning: unknown\[185.234.218.84\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 11 18:16:35 mail postfix/smtpd\[30405\]: warning: unknown\[185.234.218.84\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ |
2020-10-12 02:21:12 |
| 49.233.148.2 | attackspambots | Oct 11 10:21:45 cdc sshd[17157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.148.2 user=root Oct 11 10:21:47 cdc sshd[17157]: Failed password for invalid user root from 49.233.148.2 port 58924 ssh2 |
2020-10-12 02:34:26 |
| 35.205.219.55 | attackbotsspam | srvr2: (mod_security) mod_security (id:920350) triggered by 35.205.219.55 (BE/-/55.219.205.35.bc.googleusercontent.com): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/11 15:44:46 [error] 219667#0: *47663 [client 35.205.219.55] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160242388653.025440"] [ref "o0,12v21,12"], client: 35.205.219.55, [redacted] request: "GET / HTTP/1.1" [redacted] |
2020-10-12 02:46:08 |
| 111.229.218.60 | attackbots | SSH Brute Force (F) |
2020-10-12 02:35:27 |
| 218.146.20.61 | attack | Oct 11 20:04:57 dignus sshd[11531]: Invalid user harris from 218.146.20.61 port 50006 Oct 11 20:04:57 dignus sshd[11531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.146.20.61 Oct 11 20:04:59 dignus sshd[11531]: Failed password for invalid user harris from 218.146.20.61 port 50006 ssh2 Oct 11 20:08:06 dignus sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.146.20.61 user=root Oct 11 20:08:08 dignus sshd[11575]: Failed password for root from 218.146.20.61 port 41660 ssh2 ... |
2020-10-12 02:36:50 |
| 178.74.81.65 | attack | 20/10/10@16:43:10: FAIL: Alarm-Network address from=178.74.81.65 ... |
2020-10-12 02:51:33 |
| 49.234.60.118 | attack | Oct 11 18:32:04 sso sshd[14688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.60.118 Oct 11 18:32:06 sso sshd[14688]: Failed password for invalid user asterisk from 49.234.60.118 port 33066 ssh2 ... |
2020-10-12 02:30:06 |
| 82.65.20.87 | attackbots | Port scan denied |
2020-10-12 02:56:14 |
| 45.6.18.65 | attackbots | 45.6.18.65 (BR/Brazil/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Oct 11 18:09:21 server sshd[26756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.245.92.136 user=root Oct 11 18:09:23 server sshd[26756]: Failed password for root from 210.245.92.136 port 50830 ssh2 Oct 11 18:09:47 server sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.212.168 user=root Oct 11 18:09:40 server sshd[26829]: Failed password for root from 193.70.91.79 port 48427 ssh2 Oct 11 18:07:14 server sshd[26456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.18.65 user=root Oct 11 18:07:16 server sshd[26456]: Failed password for root from 45.6.18.65 port 32845 ssh2 IP Addresses Blocked: 210.245.92.136 (VN/Vietnam/-) 164.90.212.168 (US/United States/-) 193.70.91.79 (FR/France/-) |
2020-10-12 02:56:46 |
| 167.71.53.185 | attack | 167.71.53.185 is unauthorized and has been banned by fail2ban |
2020-10-12 02:20:37 |
| 182.112.177.98 | attack | "SSH brute force auth login attempt." |
2020-10-12 02:19:49 |