City: unknown
Region: unknown
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.140.195.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11868
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;159.140.195.13. IN A
;; AUTHORITY SECTION:
. 175 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022022700 1800 900 604800 86400
;; Query time: 57 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 27 19:23:09 CST 2022
;; MSG SIZE rcvd: 10713.195.140.159.in-addr.arpa domain name pointer cernreph.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer hazemn.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer thch6tx.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer msjhncbn.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer chlddccvprod.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer cnhsok.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer nashncbn_np.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer armcgaea.cernerworks.com.
13.195.140.159.in-addr.arpa domain name pointer wthctn.cernerworks.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
13.195.140.159.in-addr.arpa name = thch6tx.cernerworks.com.
13.195.140.159.in-addr.arpa name = msjhncbn.cernerworks.com.
13.195.140.159.in-addr.arpa name = chlddccvprod.cernerworks.com.
13.195.140.159.in-addr.arpa name = cnhsok.cernerworks.com.
13.195.140.159.in-addr.arpa name = nashncbn_np.cernerworks.com.
13.195.140.159.in-addr.arpa name = armcgaea.cernerworks.com.
13.195.140.159.in-addr.arpa name = wthctn.cernerworks.com.
13.195.140.159.in-addr.arpa name = cernreph.cernerworks.com.
13.195.140.159.in-addr.arpa name = hazemn.cernerworks.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 51.38.153.207 | attackspambots | [ssh] SSH attack |
2019-12-06 04:11:25 |
| 110.77.148.247 | attackspam | Unauthorized connection attempt from IP address 110.77.148.247 on Port 445(SMB) |
2019-12-06 04:10:54 |
| 59.148.173.231 | attack | Dec 5 09:50:06 tdfoods sshd\[17852\]: Invalid user christine from 59.148.173.231 Dec 5 09:50:06 tdfoods sshd\[17852\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=059148173231.ctinets.com Dec 5 09:50:07 tdfoods sshd\[17852\]: Failed password for invalid user christine from 59.148.173.231 port 52898 ssh2 Dec 5 09:56:02 tdfoods sshd\[18433\]: Invalid user gauci from 59.148.173.231 Dec 5 09:56:02 tdfoods sshd\[18433\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=059148173231.ctinets.com |
2019-12-06 04:08:25 |
| 193.70.89.152 | attack | Dec 5 21:19:20 eventyay sshd[16363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.89.152 Dec 5 21:19:22 eventyay sshd[16363]: Failed password for invalid user guest from 193.70.89.152 port 59518 ssh2 Dec 5 21:24:39 eventyay sshd[16512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.89.152 ... |
2019-12-06 04:30:53 |
| 106.13.144.8 | attack | k+ssh-bruteforce |
2019-12-06 04:14:10 |
| 52.45.44.167 | attack | Obvious spam mail, below snippet from spam filter details Authentication-Results: spf=fail (sender IP is 52.45.44.167) smtp.mailfrom=1and1.de; live.nl; dkim=none (message not signed) header.d=none;live.nl; dmarc=none action=none header.from=; Received-SPF: Fail (protection.outlook.com: domain of 1and1.de does not designate 52.45.44.167 as permitted sender) receiver=protection.outlook.com; |
2019-12-06 04:39:05 |
| 14.116.195.20 | attackbots | $f2bV_matches |
2019-12-06 04:00:52 |
| 139.155.45.196 | attackbots | Dec 5 10:31:17 sshd: Connection from 139.155.45.196 port 46434 Dec 5 10:31:19 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.45.196 user=root Dec 5 10:31:21 sshd: Failed password for root from 139.155.45.196 port 46434 ssh2 Dec 5 10:31:21 sshd: Received disconnect from 139.155.45.196: 11: Bye Bye [preauth] |
2019-12-06 04:03:22 |
| 182.18.180.44 | attack | Unauthorized connection attempts |
2019-12-06 04:33:54 |
| 112.85.42.175 | attack | Dec 5 20:05:51 localhost sshd\[9844\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.175 user=root Dec 5 20:05:54 localhost sshd\[9844\]: Failed password for root from 112.85.42.175 port 41266 ssh2 Dec 5 20:05:57 localhost sshd\[9844\]: Failed password for root from 112.85.42.175 port 41266 ssh2 ... |
2019-12-06 04:06:02 |
| 74.63.227.26 | attackbotsspam | ET CINS Active Threat Intelligence Poor Reputation IP group 61 - port: 5060 proto: TCP cat: Misc Attack |
2019-12-06 04:23:58 |
| 109.182.62.236 | attack | B: /wp-login.php attack |
2019-12-06 04:13:08 |
| 59.25.197.142 | attackbotsspam | 2019-12-05T20:25:38.506043abusebot-5.cloudsearch.cf sshd\[16674\]: Invalid user robert from 59.25.197.142 port 44876 |
2019-12-06 04:35:42 |
| 49.88.112.55 | attackbots | Dec 5 21:26:42 mail sshd[13762]: Failed password for root from 49.88.112.55 port 59462 ssh2 Dec 5 21:26:46 mail sshd[13762]: Failed password for root from 49.88.112.55 port 59462 ssh2 Dec 5 21:26:53 mail sshd[13762]: Failed password for root from 49.88.112.55 port 59462 ssh2 Dec 5 21:26:58 mail sshd[13762]: Failed password for root from 49.88.112.55 port 59462 ssh2 |
2019-12-06 04:32:54 |
| 185.209.0.89 | attackbots | 12/05/2019-15:11:50.181670 185.209.0.89 Protocol: 6 ET DROP Dshield Block Listed Source group 1 |
2019-12-06 04:16:10 |