City: unknown
Region: unknown
Country: Indonesia
Internet Service Provider: PT. XL Axiata Tbk
Hostname: unknown
Organization: unknown
Usage Type: Mobile ISP
| Type | Details | Datetime |
|---|---|---|
| attackbotsspam | [Mon Feb 17 11:54:56.501374 2020] [:error] [pid 11333:tid 140577555363584] [client 140.213.59.254:42402] [client 140.213.59.254] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-hujan-bulanan/prakiraan-curah-hujan-bulanan/555557608-prakiraan-bulanan-curah-hujan-bulan-januari-tahun-2020-update-dari-analisis-bulan-september-2019"] [unique_id "XkocoCKsjobM@NabR@cILAAAAAE"], refe
... |
2020-02-17 19:54:13 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 140.213.59.171 | attackbotsspam | Honeypot attack, port: 445, PTR: PTR record not found |
2019-10-01 03:19:56 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 140.213.59.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19066
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;140.213.59.254. IN A
;; AUTHORITY SECTION:
. 532 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020021700 1800 900 604800 86400
;; Query time: 460 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 17 19:54:09 CST 2020
;; MSG SIZE rcvd: 118Host 254.59.213.140.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 254.59.213.140.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 54.39.151.167 | attack | Sep 28 22:49:43 rotator sshd\[20945\]: Address 54.39.151.167 maps to tor-exit.deusvult.xyz, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Sep 28 22:49:43 rotator sshd\[20945\]: Invalid user aaron from 54.39.151.167Sep 28 22:49:45 rotator sshd\[20945\]: Failed password for invalid user aaron from 54.39.151.167 port 33542 ssh2Sep 28 22:49:47 rotator sshd\[20945\]: Failed password for invalid user aaron from 54.39.151.167 port 33542 ssh2Sep 28 22:49:51 rotator sshd\[20945\]: Failed password for invalid user aaron from 54.39.151.167 port 33542 ssh2Sep 28 22:49:53 rotator sshd\[20945\]: Failed password for invalid user aaron from 54.39.151.167 port 33542 ssh2 ... |
2019-09-29 07:45:00 |
| 159.203.197.168 | attack | firewall-block, port(s): 1527/tcp |
2019-09-29 07:34:11 |
| 35.237.194.141 | attack | Automated report (2019-09-28T20:50:18+00:00). Misbehaving bot detected at this address. |
2019-09-29 07:23:36 |
| 49.88.112.85 | attack | Sep 28 13:08:58 aiointranet sshd\[8278\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.85 user=root Sep 28 13:08:59 aiointranet sshd\[8278\]: Failed password for root from 49.88.112.85 port 46919 ssh2 Sep 28 13:09:02 aiointranet sshd\[8278\]: Failed password for root from 49.88.112.85 port 46919 ssh2 Sep 28 13:09:04 aiointranet sshd\[8278\]: Failed password for root from 49.88.112.85 port 46919 ssh2 Sep 28 13:11:13 aiointranet sshd\[8576\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.85 user=root |
2019-09-29 07:16:19 |
| 183.88.33.108 | attackspam | Attempt to attack host OS, exploiting network vulnerabilities, on 28-09-2019 21:50:14. |
2019-09-29 07:25:27 |
| 45.136.172.201 | attackbots | B: Magento admin pass test (wrong country) |
2019-09-29 07:20:50 |
| 41.227.18.113 | attackbots | *Port Scan* detected from 41.227.18.113 (TN/Tunisia/-). 4 hits in the last 116 seconds |
2019-09-29 07:12:22 |
| 148.70.41.33 | attackbots | Aug 2 20:16:31 vtv3 sshd\[29626\]: Invalid user wayne from 148.70.41.33 port 34418 Aug 2 20:16:31 vtv3 sshd\[29626\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.41.33 Aug 2 20:16:33 vtv3 sshd\[29626\]: Failed password for invalid user wayne from 148.70.41.33 port 34418 ssh2 Aug 2 20:22:19 vtv3 sshd\[32367\]: Invalid user beni from 148.70.41.33 port 53072 Aug 2 20:22:19 vtv3 sshd\[32367\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.41.33 Aug 2 20:39:20 vtv3 sshd\[8320\]: Invalid user syslog from 148.70.41.33 port 52292 Aug 2 20:39:20 vtv3 sshd\[8320\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.41.33 Aug 2 20:39:22 vtv3 sshd\[8320\]: Failed password for invalid user syslog from 148.70.41.33 port 52292 ssh2 Aug 2 20:44:53 vtv3 sshd\[11108\]: Invalid user ronaldo from 148.70.41.33 port 42666 Aug 2 20:44:53 vtv3 sshd\[11108\]: pam_unix\(sshd |
2019-09-29 07:06:34 |
| 77.247.110.235 | attack | firewall-block, port(s): 8728/tcp |
2019-09-29 07:40:32 |
| 185.175.93.104 | attack | 09/28/2019-23:57:09.490408 185.175.93.104 Protocol: 6 ET DROP Dshield Block Listed Source group 1 |
2019-09-29 07:29:10 |
| 188.165.24.200 | attack | Sep 28 22:46:38 apollo sshd\[17024\]: Invalid user arkuser from 188.165.24.200Sep 28 22:46:40 apollo sshd\[17024\]: Failed password for invalid user arkuser from 188.165.24.200 port 56144 ssh2Sep 28 22:50:14 apollo sshd\[17030\]: Invalid user skyrix from 188.165.24.200 ... |
2019-09-29 07:26:37 |
| 49.235.139.125 | attackbots | Sep 28 18:14:03 srv00 sshd[3129]: fatal: Unable to negotiate whostnameh 49.235.139.125 port 60104: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] Sep 28 18:15:41 srv00 sshd[3137]: fatal: Unable to negotiate whostnameh 49.235.139.125 port 45488: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] Sep 28 18:16:38 srv00 sshd[3142]: fatal: Unable to negotiate whostnameh 49.235.139.125 port 59078: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth] Sep 28 18:17:45 srv00 sshd[3145]: fatal: Unable to negotiate whostnameh 49.235.139.125 port 44442: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-gro........ ------------------------------ |
2019-09-29 07:42:51 |
| 192.3.177.213 | attack | Sep 29 00:46:17 eventyay sshd[4464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.3.177.213 Sep 29 00:46:18 eventyay sshd[4464]: Failed password for invalid user arash from 192.3.177.213 port 41530 ssh2 Sep 29 00:50:38 eventyay sshd[4580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.3.177.213 ... |
2019-09-29 07:05:48 |
| 37.59.70.186 | attackspam | RDP Bruteforce |
2019-09-29 07:41:15 |
| 186.113.179.166 | attackbots | Automatic report - Port Scan Attack |
2019-09-29 07:48:09 |