City: unknown
Region: unknown
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.2.213.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61497
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;149.2.213.132. IN A
;; AUTHORITY SECTION:
. 178 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022123100 1800 900 604800 86400
;; Query time: 23 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Dec 31 23:32:16 CST 2022
;; MSG SIZE rcvd: 106Host 132.213.2.149.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 132.213.2.149.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 91.134.13.250 | attackspam | 2020-09-21T19:21:05.580345centos sshd[13254]: Failed password for root from 91.134.13.250 port 48974 ssh2 2020-09-21T19:24:43.103843centos sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.134.13.250 user=root 2020-09-21T19:24:44.843117centos sshd[13494]: Failed password for root from 91.134.13.250 port 59512 ssh2 ... |
2020-09-22 02:13:39 |
| 193.112.126.64 | attackspambots | $f2bV_matches |
2020-09-22 03:08:07 |
| 78.22.89.35 | attack | vps:sshd-InvalidUser |
2020-09-22 03:07:39 |
| 94.232.57.245 | attack | DATE:2020-09-20 18:56:01, IP:94.232.57.245, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq) |
2020-09-22 03:07:07 |
| 112.254.55.131 | attackspambots | [Sun Sep 20 23:58:02.153212 2020] [:error] [pid 23423:tid 140118059661056] [client 112.254.55.131:39665] [client 112.254.55.131] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1041"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/setup.cgi"] [unique_id "AAAAAKyLvmllluV-tW9b4QAAAC0"]
... |
2020-09-22 02:59:45 |
| 106.75.104.44 | attack | Sep 21 16:28:40 ip-172-31-42-142 sshd\[31184\]: Failed password for root from 106.75.104.44 port 49856 ssh2\ Sep 21 16:30:40 ip-172-31-42-142 sshd\[31188\]: Failed password for root from 106.75.104.44 port 42684 ssh2\ Sep 21 16:32:51 ip-172-31-42-142 sshd\[31196\]: Failed password for root from 106.75.104.44 port 35514 ssh2\ Sep 21 16:34:58 ip-172-31-42-142 sshd\[31201\]: Failed password for root from 106.75.104.44 port 56574 ssh2\ Sep 21 16:36:57 ip-172-31-42-142 sshd\[31232\]: Failed password for root from 106.75.104.44 port 49402 ssh2\ |
2020-09-22 02:47:31 |
| 74.120.14.31 | attackbotsspam |
|
2020-09-22 02:56:02 |
| 182.61.60.191 | attackbotsspam | $f2bV_matches |
2020-09-22 02:51:22 |
| 93.43.216.241 | attackspam | Port Scan: TCP/443 |
2020-09-22 03:05:47 |
| 167.172.195.99 | attackbotsspam | Bruteforce detected by fail2ban |
2020-09-22 03:00:48 |
| 51.254.32.102 | attackbots | Time: Mon Sep 21 17:40:24 2020 +0000 IP: 51.254.32.102 (FR/France/102.ip-51-254-32.eu) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 21 17:22:02 3 sshd[16809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.32.102 user=root Sep 21 17:22:04 3 sshd[16809]: Failed password for root from 51.254.32.102 port 44238 ssh2 Sep 21 17:36:06 3 sshd[20171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.32.102 user=root Sep 21 17:36:07 3 sshd[20171]: Failed password for root from 51.254.32.102 port 54732 ssh2 Sep 21 17:40:20 3 sshd[21182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.32.102 user=root |
2020-09-22 02:15:06 |
| 68.115.18.134 | attack | SS5,WP GET /wp-login.php |
2020-09-22 02:11:03 |
| 187.193.246.47 | attackbotsspam | Unauthorised access (Sep 20) SRC=187.193.246.47 LEN=40 TTL=239 ID=9164 TCP DPT=1433 WINDOW=1024 SYN |
2020-09-22 02:51:46 |
| 165.22.186.18 | attackbotsspam | 165.22.186.18 - - [21/Sep/2020:11:05:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 165.22.186.18 - - [21/Sep/2020:11:05:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2159 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 165.22.186.18 - - [21/Sep/2020:11:06:01 +0100] "POST /wp-login.php HTTP/1.1" 200 2204 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2020-09-22 02:46:36 |
| 94.102.50.175 | attackbots | Triggered: repeated knocking on closed ports. |
2020-09-22 02:15:53 |