City: Castroville
Region: Texas
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: DoD Network Information Center
Usage Type: unknown
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.38.103.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49878
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.38.103.12. IN A
;; AUTHORITY SECTION:
. 3580 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019061200 1800 900 604800 86400
;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jun 12 19:45:06 CST 2019
;; MSG SIZE rcvd: 117
12.103.38.139.in-addr.arpa domain name pointer mpls-103.12.health.mil.
12.103.38.139.in-addr.arpa domain name pointer dha-103-12.health.mil.
Server: 67.207.67.2
Address: 67.207.67.2#53
Non-authoritative answer:
12.103.38.139.in-addr.arpa name = mpls-103.12.health.mil.
12.103.38.139.in-addr.arpa name = dha-103-12.health.mil.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 54.39.16.73 | attack | 54.39.16.73 (CA/Canada/-), 8 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 20 00:07:30 server5 sshd[26855]: Failed password for root from 51.75.249.224 port 53550 ssh2 Sep 20 00:07:13 server5 sshd[26736]: Failed password for root from 198.251.83.73 port 35698 ssh2 Sep 20 00:07:16 server5 sshd[26736]: Failed password for root from 198.251.83.73 port 35698 ssh2 Sep 20 00:07:36 server5 sshd[27125]: Failed password for root from 54.39.16.73 port 49026 ssh2 Sep 20 00:07:07 server5 sshd[26653]: Failed password for root from 51.158.111.157 port 50914 ssh2 Sep 20 00:07:11 server5 sshd[26736]: Failed password for root from 198.251.83.73 port 35698 ssh2 Sep 20 00:07:18 server5 sshd[26736]: Failed password for root from 198.251.83.73 port 35698 ssh2 Sep 20 00:07:20 server5 sshd[26736]: Failed password for root from 198.251.83.73 port 35698 ssh2 IP Addresses Blocked: 51.75.249.224 (FR/France/-) 198.251.83.73 (US/United States/-) |
2020-09-20 12:44:23 |
| 54.37.71.203 | attackspambots | Triggered by Fail2Ban at Ares web server |
2020-09-20 12:49:11 |
| 111.120.16.2 | attackspambots | Sep 19 22:20:22 [host] sshd[16588]: pam_unix(sshd: Sep 19 22:20:24 [host] sshd[16588]: Failed passwor Sep 19 22:24:43 [host] sshd[16657]: pam_unix(sshd: |
2020-09-20 12:39:27 |
| 101.99.81.155 | attack | (Sep 20) LEN=40 TTL=46 ID=60569 TCP DPT=8080 WINDOW=39536 SYN (Sep 19) LEN=40 TTL=46 ID=44463 TCP DPT=8080 WINDOW=42910 SYN (Sep 19) LEN=40 TTL=46 ID=42968 TCP DPT=8080 WINDOW=39536 SYN (Sep 18) LEN=40 TTL=46 ID=3557 TCP DPT=8080 WINDOW=42910 SYN (Sep 18) LEN=40 TTL=46 ID=51044 TCP DPT=8080 WINDOW=39536 SYN (Sep 18) LEN=40 TTL=46 ID=3677 TCP DPT=8080 WINDOW=42910 SYN (Sep 18) LEN=40 TTL=46 ID=99 TCP DPT=8080 WINDOW=42910 SYN (Sep 18) LEN=40 TTL=46 ID=18654 TCP DPT=8080 WINDOW=39536 SYN (Sep 17) LEN=40 TTL=46 ID=4222 TCP DPT=8080 WINDOW=39536 SYN (Sep 17) LEN=40 TTL=46 ID=2039 TCP DPT=8080 WINDOW=39536 SYN (Sep 16) LEN=40 TTL=46 ID=2080 TCP DPT=8080 WINDOW=42910 SYN (Sep 15) LEN=40 TTL=46 ID=49264 TCP DPT=8080 WINDOW=39536 SYN (Sep 15) LEN=40 TTL=46 ID=62341 TCP DPT=8080 WINDOW=42910 SYN (Sep 14) LEN=40 TTL=46 ID=64366 TCP DPT=8080 WINDOW=39536 SYN (Sep 13) LEN=40 TTL=46 ID=27448 TCP DPT=8080 WINDOW=42910 SYN |
2020-09-20 12:46:21 |
| 190.219.176.76 | attack | Connection to SSH Honeypot - Detected by HoneypotDB |
2020-09-20 13:10:46 |
| 89.163.223.246 | attackbots | Sep 20 06:54:05 h2829583 sshd[1449]: Failed password for root from 89.163.223.246 port 54678 ssh2 |
2020-09-20 13:06:58 |
| 119.29.247.187 | attackbotsspam | Sep 20 06:37:32 rancher-0 sshd[161104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.247.187 user=root Sep 20 06:37:34 rancher-0 sshd[161104]: Failed password for root from 119.29.247.187 port 52016 ssh2 ... |
2020-09-20 12:48:47 |
| 116.108.54.54 | attack | Lines containing failures of 116.108.54.54 Sep 19 19:00:06 mellenthin sshd[20987]: Did not receive identification string from 116.108.54.54 port 57511 Sep 19 19:00:08 mellenthin sshd[20988]: Invalid user admin1 from 116.108.54.54 port 57710 Sep 19 19:00:08 mellenthin sshd[20988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.108.54.54 Sep 19 19:00:10 mellenthin sshd[20988]: Failed password for invalid user admin1 from 116.108.54.54 port 57710 ssh2 Sep 19 19:00:11 mellenthin sshd[20988]: Connection closed by invalid user admin1 116.108.54.54 port 57710 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=116.108.54.54 |
2020-09-20 13:00:58 |
| 23.129.64.203 | attackspam | 2020-09-20T03:43[Censored Hostname] sshd[23591]: Failed password for root from 23.129.64.203 port 13955 ssh2 2020-09-20T03:43[Censored Hostname] sshd[23591]: Failed password for root from 23.129.64.203 port 13955 ssh2 2020-09-20T03:43[Censored Hostname] sshd[23591]: Failed password for root from 23.129.64.203 port 13955 ssh2[...] |
2020-09-20 12:58:59 |
| 193.154.75.43 | attack | Sep 19 19:02:56 vps639187 sshd\[27233\]: Invalid user pi from 193.154.75.43 port 35390 Sep 19 19:02:56 vps639187 sshd\[27233\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.154.75.43 Sep 19 19:02:59 vps639187 sshd\[27233\]: Failed password for invalid user pi from 193.154.75.43 port 35390 ssh2 ... |
2020-09-20 12:43:55 |
| 209.17.97.26 | attackspambots | Automatic report - Banned IP Access |
2020-09-20 13:00:17 |
| 191.177.219.85 | attackspam | Connection to SSH Honeypot - Detected by HoneypotDB |
2020-09-20 13:07:41 |
| 106.54.189.18 | attack | Invalid user saisairo from 106.54.189.18 port 47112 |
2020-09-20 13:06:36 |
| 190.153.27.98 | attackspambots | $f2bV_matches |
2020-09-20 12:47:29 |
| 121.168.83.191 | attack | Connection to SSH Honeypot - Detected by HoneypotDB |
2020-09-20 12:48:18 |