178.91.254.34 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Kazakhstan

Internet Service Provider: JSC Kazakhtelecom

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Advance-fee Fraud Spam Return-Path: Received: from mail.logitex.kz (mail.logitex.kz [178.91.254.34]) Reply-To: From: DR DAVID To: Subject: Re: Gold Investment Date: Mon, 13 Jan 2020 18:15:16 -0500 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: Hello Friend My name is Dr. David Koffi I am a financial broker by profession. I have an important business I want to propose to you therefore go through this email and get back to me. In the year 2011 during the political upheavals in Libya, I was consulted by one of my old client an oil magnate and ex minister of petroleum being a strong ally to deposed Libyan president Muammar Gaddaffi. My client sought for my assistance to move 900 kilograms of Gold ore Bars to a financial house abroad when it became clear to him that	2020-01-15 16:26:38

Type

Details

Datetime

attack

Advance-fee Fraud Spam

Return-Path: 
Received: from mail.logitex.kz (mail.logitex.kz [178.91.254.34])
Reply-To: 
From: DR DAVID 
To: 
Subject: Re: Gold Investment
Date: Mon, 13 Jan 2020 18:15:16 -0500
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: 

Hello Friend

My name is Dr. David Koffi I am a financial broker by profession. I have an 

important business I want to propose to you therefore go through this email and 

get back to me.

In the year 2011 during the political upheavals in Libya, I was consulted by one 

of my old client an oil magnate and ex minister of petroleum being a strong ally 

to deposed Libyan president Muammar Gaddaffi. My client sought for my assistance 

to move 900 kilograms of Gold ore Bars to a financial house abroad when it became 

clear to him that

2020-01-15 16:26:38

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 178.91.254.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61346
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;178.91.254.34.			IN	A

;; AUTHORITY SECTION:
.			291	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011500 1800 900 604800 86400

;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jan 15 16:26:34 CST 2020
;; MSG SIZE  rcvd: 117

Host info

34.254.91.178.in-addr.arpa domain name pointer mail.logitex.kz.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
34.254.91.178.in-addr.arpa	name = mail.logitex.kz.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
208.65.181.179	attackspambots	Logfile match	2020-08-07 17:26:50
192.144.218.101	attackbots	2020-08-07T08:42:05.921351amanda2.illicoweb.com sshd\[34873\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.218.101 user=root 2020-08-07T08:42:08.302119amanda2.illicoweb.com sshd\[34873\]: Failed password for root from 192.144.218.101 port 54976 ssh2 2020-08-07T08:47:03.055493amanda2.illicoweb.com sshd\[35775\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.218.101 user=root 2020-08-07T08:47:05.346008amanda2.illicoweb.com sshd\[35775\]: Failed password for root from 192.144.218.101 port 47492 ssh2 2020-08-07T08:49:22.019120amanda2.illicoweb.com sshd\[36102\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.144.218.101 user=root ...	2020-08-07 17:33:36
62.234.74.245	attack	Lines containing failures of 62.234.74.245 Aug 3 08:22:41 neon sshd[6100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.74.245 user=r.r Aug 3 08:22:44 neon sshd[6100]: Failed password for r.r from 62.234.74.245 port 38858 ssh2 Aug 3 08:22:46 neon sshd[6100]: Received disconnect from 62.234.74.245 port 38858:11: Bye Bye [preauth] Aug 3 08:22:46 neon sshd[6100]: Disconnected from authenticating user r.r 62.234.74.245 port 38858 [preauth] Aug 3 09:24:21 neon sshd[23829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.74.245 user=r.r Aug 3 09:24:22 neon sshd[23829]: Failed password for r.r from 62.234.74.245 port 36726 ssh2 Aug 3 09:24:23 neon sshd[23829]: Received disconnect from 62.234.74.245 port 36726:11: Bye Bye [preauth] Aug 3 09:24:23 neon sshd[23829]: Disconnected from authenticating user r.r 62.234.74.245 port 36726 [preauth] Aug 3 09:30:04 neon sshd[25524]: ........ ------------------------------	2020-08-07 17:25:04
181.174.144.138	attack	Aug 7 05:03:17 mail.srvfarm.net postfix/smtps/smtpd[3172594]: warning: unknown[181.174.144.138]: SASL PLAIN authentication failed: Aug 7 05:03:18 mail.srvfarm.net postfix/smtps/smtpd[3172594]: lost connection after AUTH from unknown[181.174.144.138] Aug 7 05:07:14 mail.srvfarm.net postfix/smtps/smtpd[3176093]: warning: unknown[181.174.144.138]: SASL PLAIN authentication failed: Aug 7 05:07:15 mail.srvfarm.net postfix/smtps/smtpd[3176093]: lost connection after AUTH from unknown[181.174.144.138] Aug 7 05:09:05 mail.srvfarm.net postfix/smtpd[3172456]: warning: unknown[181.174.144.138]: SASL PLAIN authentication failed:	2020-08-07 17:07:31
177.125.161.176	attackspam	www.goldgier.de 177.125.161.176 [07/Aug/2020:05:51:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4565 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" www.goldgier.de 177.125.161.176 [07/Aug/2020:05:52:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4565 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"	2020-08-07 17:16:23
151.80.119.61	attack	$f2bV_matches	2020-08-07 17:31:56
177.54.250.206	attackspam	Aug 7 05:10:11 mail.srvfarm.net postfix/smtps/smtpd[3189476]: warning: unknown[177.54.250.206]: SASL PLAIN authentication failed: Aug 7 05:10:12 mail.srvfarm.net postfix/smtps/smtpd[3189476]: lost connection after AUTH from unknown[177.54.250.206] Aug 7 05:13:17 mail.srvfarm.net postfix/smtpd[3188840]: warning: unknown[177.54.250.206]: SASL PLAIN authentication failed: Aug 7 05:13:17 mail.srvfarm.net postfix/smtpd[3188840]: lost connection after AUTH from unknown[177.54.250.206] Aug 7 05:16:25 mail.srvfarm.net postfix/smtps/smtpd[3176098]: warning: unknown[177.54.250.206]: SASL PLAIN authentication failed:	2020-08-07 17:09:17
116.228.196.210	attack	2020-08-07T08:53:13.297598amanda2.illicoweb.com sshd\[36916\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.228.196.210 user=root 2020-08-07T08:53:15.050857amanda2.illicoweb.com sshd\[36916\]: Failed password for root from 116.228.196.210 port 40876 ssh2 2020-08-07T08:54:56.234866amanda2.illicoweb.com sshd\[37220\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.228.196.210 user=root 2020-08-07T08:54:57.792773amanda2.illicoweb.com sshd\[37220\]: Failed password for root from 116.228.196.210 port 59948 ssh2 2020-08-07T08:56:40.457992amanda2.illicoweb.com sshd\[37496\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.228.196.210 user=root ...	2020-08-07 17:36:34
36.92.1.31	attackbots	36.92.1.31 - - [07/Aug/2020:05:17:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2121 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 36.92.1.31 - - [07/Aug/2020:05:17:33 +0100] "POST /wp-login.php HTTP/1.1" 200 2091 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 36.92.1.31 - - [07/Aug/2020:05:17:36 +0100] "POST /wp-login.php HTTP/1.1" 200 2092 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-07 17:39:29
159.89.199.195	attack	Aug 7 10:47:24 vpn01 sshd[27216]: Failed password for root from 159.89.199.195 port 58610 ssh2 ...	2020-08-07 17:38:11
162.243.128.185	attackspam	" "	2020-08-07 17:45:30
202.133.56.235	attackbotsspam	Aug 6 21:42:24 hpm sshd\[29615\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.56.235 user=root Aug 6 21:42:26 hpm sshd\[29615\]: Failed password for root from 202.133.56.235 port 30980 ssh2 Aug 6 21:46:51 hpm sshd\[29862\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.56.235 user=root Aug 6 21:46:53 hpm sshd\[29862\]: Failed password for root from 202.133.56.235 port 48314 ssh2 Aug 6 21:51:29 hpm sshd\[30136\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.133.56.235 user=root	2020-08-07 17:45:43
78.128.113.116	attackbotsspam	Aug 7 11:00:41 srv01 postfix/smtpd\[5624\]: warning: unknown\[78.128.113.116\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 11:00:59 srv01 postfix/smtpd\[5624\]: warning: unknown\[78.128.113.116\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 11:03:26 srv01 postfix/smtpd\[7893\]: warning: unknown\[78.128.113.116\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 11:03:44 srv01 postfix/smtpd\[5633\]: warning: unknown\[78.128.113.116\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 11:11:38 srv01 postfix/smtpd\[32254\]: warning: unknown\[78.128.113.116\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-08-07 17:11:56
127.0.0.1	attackspam	Test Connectivity	2020-08-07 17:32:10
177.91.188.134	attackspambots	Aug 7 05:13:50 mail.srvfarm.net postfix/smtpd[3188843]: warning: unknown[177.91.188.134]: SASL PLAIN authentication failed: Aug 7 05:13:50 mail.srvfarm.net postfix/smtpd[3188843]: lost connection after AUTH from unknown[177.91.188.134] Aug 7 05:14:25 mail.srvfarm.net postfix/smtpd[3188836]: warning: unknown[177.91.188.134]: SASL PLAIN authentication failed: Aug 7 05:14:25 mail.srvfarm.net postfix/smtpd[3188836]: lost connection after AUTH from unknown[177.91.188.134] Aug 7 05:17:26 mail.srvfarm.net postfix/smtpd[3188843]: warning: unknown[177.91.188.134]: SASL PLAIN authentication failed:	2020-08-07 17:08:58

Recently Reported IPs

103.219.112.47	103.140.234.214	172.81.237.219	36.81.172.39
138.197.196.174	122.51.60.228	173.180.134.56	151.101.230.213
121.182.74.116	159.203.124.234	49.51.161.114	128.53.85.45
174.87.75.126	5.175.221.137	88.230.62.92	113.208.8.76
236.26.184.216	1.1.135.188	101.219.199.26	123.218.137.237