City: unknown
Region: unknown
Country: Indonesia
Internet Service Provider: PT. First Media TBK
Hostname: unknown
Organization: unknown
Usage Type: Fixed Line ISP
| Type | Details | Datetime |
|---|---|---|
| attackspam | Feb 16 20:46:47 lcl-usvr-02 sshd[8689]: Invalid user admin from 139.195.242.34 port 60966 Feb 16 20:46:47 lcl-usvr-02 sshd[8689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.195.242.34 Feb 16 20:46:47 lcl-usvr-02 sshd[8689]: Invalid user admin from 139.195.242.34 port 60966 Feb 16 20:46:49 lcl-usvr-02 sshd[8689]: Failed password for invalid user admin from 139.195.242.34 port 60966 ssh2 Feb 16 20:46:53 lcl-usvr-02 sshd[8742]: Invalid user admin from 139.195.242.34 port 60970 ... |
2020-02-17 02:07:48 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 139.195.242.8 | attackbotsspam | Lines containing failures of 139.195.242.8 Feb 29 06:30:42 shared11 sshd[11634]: Invalid user admin from 139.195.242.8 port 63684 Feb 29 06:30:43 shared11 sshd[11634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.195.242.8 Feb 29 06:30:45 shared11 sshd[11634]: Failed password for invalid user admin from 139.195.242.8 port 63684 ssh2 Feb 29 06:30:45 shared11 sshd[11634]: Connection closed by invalid user admin 139.195.242.8 port 63684 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=139.195.242.8 |
2020-02-29 18:49:07 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.195.242.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42841
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.195.242.34. IN A
;; AUTHORITY SECTION:
. 436 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020021600 1800 900 604800 86400
;; Query time: 46 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 17 02:07:44 CST 2020
;; MSG SIZE rcvd: 118Host 34.242.195.139.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 34.242.195.139.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 123.221.22.30 | attackbotsspam | scans 2 times in preceeding hours on the ports (in chronological order) 17621 17621 |
2020-06-07 02:11:48 |
| 194.26.29.219 | attack | scans 45 times in preceeding hours on the ports (in chronological order) 6204 6985 6919 6397 6739 6716 6250 6351 6161 6638 6888 6460 6765 6475 6728 6634 6222 6397 6414 6174 6979 6314 6181 6991 6738 6794 6396 6770 6603 6197 6864 6266 6212 6254 6251 6054 6900 6818 6787 6447 6840 6504 6235 6692 6407 resulting in total of 612 scans from 194.26.29.0/24 block. |
2020-06-07 02:17:38 |
| 106.12.129.167 | attackspam | Lines containing failures of 106.12.129.167 Jun 5 23:14:30 newdogma sshd[32633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.129.167 user=r.r Jun 5 23:14:32 newdogma sshd[32633]: Failed password for r.r from 106.12.129.167 port 37472 ssh2 Jun 5 23:14:33 newdogma sshd[32633]: Received disconnect from 106.12.129.167 port 37472:11: Bye Bye [preauth] Jun 5 23:14:33 newdogma sshd[32633]: Disconnected from authenticating user r.r 106.12.129.167 port 37472 [preauth] Jun 5 23:25:57 newdogma sshd[516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.129.167 user=r.r Jun 5 23:25:59 newdogma sshd[516]: Failed password for r.r from 106.12.129.167 port 42458 ssh2 Jun 5 23:26:00 newdogma sshd[516]: Received disconnect from 106.12.129.167 port 42458:11: Bye Bye [preauth] Jun 5 23:26:00 newdogma sshd[516]: Disconnected from authenticating user r.r 106.12.129.167 port 42458 [preaut........ ------------------------------ |
2020-06-07 01:51:34 |
| 194.26.29.135 | attackbots | scans 39 times in preceeding hours on the ports (in chronological order) 5011 5288 5565 5094 5791 5475 5538 5711 5954 5198 5473 5452 5958 5728 5130 5027 5182 5764 5018 5282 5404 5739 5273 5325 5527 5177 5953 5717 5722 5685 5793 5300 5745 5502 5550 5721 5194 5826 5246 resulting in total of 612 scans from 194.26.29.0/24 block. |
2020-06-07 02:19:45 |
| 208.100.26.228 | attackspambots | scans once in preceeding hours on the ports (in chronological order) 2082 resulting in total of 1 scans from 208.100.0.0/18 block. |
2020-06-07 02:16:47 |
| 213.215.83.3 | attack |
|
2020-06-07 01:44:12 |
| 194.26.29.146 | attackspambots | scans 43 times in preceeding hours on the ports (in chronological order) 11021 11691 11135 11814 11392 11512 11044 11482 11783 11860 11170 11818 11135 11393 11819 11512 11598 11576 11752 11681 11931 11155 11840 11731 11149 11800 11729 11841 11189 11518 11293 11631 11235 11126 11247 11959 11109 11557 11995 11660 11639 11541 11287 resulting in total of 612 scans from 194.26.29.0/24 block. |
2020-06-07 02:19:02 |
| 5.62.41.135 | attackbots | [munged]::80 5.62.41.135 - - [06/Jun/2020:14:29:10 +0200] "POST /[munged]: HTTP/1.1" 200 5565 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" [munged]::80 5.62.41.135 - - [06/Jun/2020:14:29:11 +0200] "POST /[munged]: HTTP/1.1" 200 5564 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" [munged]::80 5.62.41.135 - - [06/Jun/2020:14:29:11 +0200] "POST /[munged]: HTTP/1.1" 200 5564 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" [munged]::80 5.62.41.135 - - [06/Jun/2020:14:29:11 +0200] "POST /[munged]: HTTP/1.1" 200 5564 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" [munged]::80 5.62.41.135 - - [06/Jun/2020:14:29:11 +0200] "P |
2020-06-07 02:02:01 |
| 193.27.228.13 | attackbotsspam |
|
2020-06-07 02:00:50 |
| 58.27.99.112 | attackbots | Jun 6 15:43:59 legacy sshd[32689]: Failed password for root from 58.27.99.112 port 50200 ssh2 Jun 6 15:46:18 legacy sshd[32730]: Failed password for root from 58.27.99.112 port 48676 ssh2 ... |
2020-06-07 01:42:44 |
| 194.26.29.220 | attackspambots | scans 47 times in preceeding hours on the ports (in chronological order) 7728 7379 7578 7360 7984 7856 7204 7198 7618 7227 7849 7660 7442 7654 7688 7902 7619 7669 7102 7968 7521 7632 7189 7949 7575 7931 7955 7532 7002 7910 7863 7630 7677 7442 7780 7514 7178 7011 7673 7435 7578 7627 7028 7707 7485 7771 7131 resulting in total of 612 scans from 194.26.29.0/24 block. |
2020-06-07 02:17:22 |
| 86.193.149.7 | attackspam | port scan and connect, tcp 80 (http) |
2020-06-07 02:01:22 |
| 195.54.161.41 | attackbotsspam | Jun 6 19:51:28 debian-2gb-nbg1-2 kernel: \[13724636.623916\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=195.54.161.41 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=424 PROTO=TCP SPT=59422 DPT=4564 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-06-07 01:55:52 |
| 142.93.187.179 | attackspam | scans 2 times in preceeding hours on the ports (in chronological order) 2251 2253 |
2020-06-07 02:05:43 |
| 121.254.125.211 | attackbots | Brute-force attempt banned |
2020-06-07 02:21:27 |