City: unknown
Region: unknown
Country: Indonesia
Internet Service Provider: Alibaba.com Singapore E-Commerce Private Limited
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackspambots | DATE:2019-09-09 22:37:04, IP:149.129.214.48, PORT:ssh brute force auth on SSH service (patata) |
2019-09-10 04:47:45 |
| attack | Sep 6 18:17:34 zulu1842 sshd[772]: Invalid user servers from 149.129.214.48 Sep 6 18:17:34 zulu1842 sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.214.48 Sep 6 18:17:35 zulu1842 sshd[772]: Failed password for invalid user servers from 149.129.214.48 port 38888 ssh2 Sep 6 18:17:35 zulu1842 sshd[772]: Received disconnect from 149.129.214.48: 11: Bye Bye [preauth] Sep 6 18:27:28 zulu1842 sshd[1419]: Invalid user steam from 149.129.214.48 Sep 6 18:27:28 zulu1842 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.214.48 Sep 6 18:27:30 zulu1842 sshd[1419]: Failed password for invalid user steam from 149.129.214.48 port 54240 ssh2 Sep 6 18:27:31 zulu1842 sshd[1419]: Received disconnect from 149.129.214.48: 11: Bye Bye [preauth] Sep 6 18:32:17 zulu1842 sshd[1754]: Invalid user deploy from 149.129.214.48 Sep 6 18:32:17 zulu1842 sshd[1754]: pam_unix(ssh........ ------------------------------- |
2019-09-07 05:20:34 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 149.129.214.186 | attackbotsspam | Feb 9 17:42:37 www1 sshd\[18535\]: Invalid user saa from 149.129.214.186Feb 9 17:42:39 www1 sshd\[18535\]: Failed password for invalid user saa from 149.129.214.186 port 55338 ssh2Feb 9 17:46:07 www1 sshd\[18982\]: Invalid user tob from 149.129.214.186Feb 9 17:46:10 www1 sshd\[18982\]: Failed password for invalid user tob from 149.129.214.186 port 55730 ssh2Feb 9 17:49:47 www1 sshd\[19231\]: Invalid user upf from 149.129.214.186Feb 9 17:49:49 www1 sshd\[19231\]: Failed password for invalid user upf from 149.129.214.186 port 56128 ssh2 ... |
2020-02-10 05:29:10 |
| 149.129.214.81 | attackspambots | ... |
2020-02-01 22:36:11 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.129.214.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49562
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.129.214.48. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019090601 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 07 05:20:28 CST 2019
;; MSG SIZE rcvd: 118Host 48.214.129.149.in-addr.arpa. not found: 3(NXDOMAIN)Server: 67.207.67.2
Address: 67.207.67.2#53
** server can't find 48.214.129.149.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 159.65.152.201 | attackspam | Aug 12 04:37:06 vpn01 sshd\[6772\]: Invalid user backup2 from 159.65.152.201 Aug 12 04:37:06 vpn01 sshd\[6772\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.152.201 Aug 12 04:37:08 vpn01 sshd\[6772\]: Failed password for invalid user backup2 from 159.65.152.201 port 37848 ssh2 |
2019-08-12 15:48:46 |
| 118.24.210.254 | attackbotsspam | Aug 12 04:39:36 h2570396 sshd[454]: Failed password for invalid user edineide from 118.24.210.254 port 39794 ssh2 Aug 12 04:39:36 h2570396 sshd[454]: Received disconnect from 118.24.210.254: 11: Bye Bye [preauth] Aug 12 04:57:55 h2570396 sshd[581]: Failed password for invalid user gogs from 118.24.210.254 port 39566 ssh2 Aug 12 04:57:55 h2570396 sshd[581]: Received disconnect from 118.24.210.254: 11: Bye Bye [preauth] Aug 12 05:02:09 h2570396 sshd[2246]: Failed password for invalid user hadoop from 118.24.210.254 port 47526 ssh2 Aug 12 05:02:09 h2570396 sshd[2246]: Received disconnect from 118.24.210.254: 11: Bye Bye [preauth] Aug 12 05:06:15 h2570396 sshd[2291]: Failed password for invalid user centos from 118.24.210.254 port 55618 ssh2 Aug 12 05:06:16 h2570396 sshd[2291]: Received disconnect from 118.24.210.254: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=118.24.210.254 |
2019-08-12 15:21:33 |
| 178.62.214.85 | attackbots | Aug 12 02:38:27 sshgateway sshd\[2322\]: Invalid user sa from 178.62.214.85 Aug 12 02:38:27 sshgateway sshd\[2322\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.214.85 Aug 12 02:38:29 sshgateway sshd\[2322\]: Failed password for invalid user sa from 178.62.214.85 port 34120 ssh2 |
2019-08-12 15:18:15 |
| 81.22.45.148 | attack | Aug 12 08:29:19 lumpi kernel: INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.148 DST=172.31.1.100 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=51491 PROTO=TCP SPT=44617 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 ... |
2019-08-12 15:04:01 |
| 210.17.195.138 | attack | Automatic report - Banned IP Access |
2019-08-12 15:50:29 |
| 187.162.32.186 | attackbots | Automatic report - Port Scan Attack |
2019-08-12 15:17:25 |
| 200.57.9.70 | attackbotsspam | $f2bV_matches |
2019-08-12 15:49:21 |
| 85.40.225.169 | attackspambots | " " |
2019-08-12 15:33:12 |
| 162.247.74.202 | attackspambots | Aug 12 07:12:36 thevastnessof sshd[27418]: Failed password for root from 162.247.74.202 port 35964 ssh2 ... |
2019-08-12 15:58:33 |
| 212.230.117.75 | attackspam | Automatic report - Port Scan Attack |
2019-08-12 15:16:04 |
| 79.137.86.205 | attackspambots | 2019-08-12T05:56:23.212386abusebot-3.cloudsearch.cf sshd\[29242\]: Invalid user odoo from 79.137.86.205 port 39512 |
2019-08-12 15:52:18 |
| 23.129.64.166 | attackspambots | Aug 12 06:49:03 thevastnessof sshd[26718]: Failed password for root from 23.129.64.166 port 19180 ssh2 ... |
2019-08-12 15:49:43 |
| 144.76.185.113 | attackbotsspam | 144.76.185.113 - - [12/Aug/2019:04:38:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.76.185.113 - - [12/Aug/2019:04:38:05 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.76.185.113 - - [12/Aug/2019:04:38:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.76.185.113 - - [12/Aug/2019:04:38:05 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.76.185.113 - - [12/Aug/2019:04:38:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.76.185.113 - - [12/Aug/2019:04:38:06 +0200] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2019-08-12 15:27:54 |
| 180.127.76.221 | attack | Brute force SMTP login attempts. |
2019-08-12 15:41:28 |
| 200.196.249.170 | attackspambots | Automatic report - Banned IP Access |
2019-08-12 15:28:17 |