City: Lomé
Region: Maritime
Country: Togo
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 196.171.39.7 | spamattack | They took over somehow my domain. I believe they have some buggy DNS servers that allow it do such thing. While they do have my domain for a little while - they are using my company's real email address to send tons of emails to nonexistent email recipients (hotmail, yahoo, google, etc. (public mail providers)). After a little while I get back tons of NDRs in my SMTP gateways and in corresponding user mailbox. Now the tricky part - I have to be on time when NDRs come in my SMTP gateway - because I have to remove them as soon as possible or there will be another loop and I my SMTP gateway will banned to global spam lists (p.s. It is banned now) |
2020-07-30 16:00:45 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 196.171.3.237
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41481
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;196.171.3.237. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025013101 1800 900 604800 86400
;; Query time: 38 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Feb 01 10:38:47 CST 2025
;; MSG SIZE rcvd: 106Host 237.3.171.196.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 237.3.171.196.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 51.68.190.214 | attackbots | SSH Brute Force |
2020-03-20 21:50:32 |
| 165.22.62.234 | attack | Invalid user tom from 165.22.62.234 port 40376 |
2020-03-20 21:05:37 |
| 139.198.122.76 | attackbots | SSH Brute Force |
2020-03-20 21:38:24 |
| 112.85.42.94 | attackbots | SSH Brute Force |
2020-03-20 21:40:19 |
| 111.67.202.86 | attack | SSH Brute Force |
2020-03-20 21:41:24 |
| 46.38.145.5 | attackspam | Mar 20 14:14:38 srv01 postfix/smtpd\[10001\]: warning: unknown\[46.38.145.5\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Mar 20 14:15:09 srv01 postfix/smtpd\[9967\]: warning: unknown\[46.38.145.5\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Mar 20 14:15:39 srv01 postfix/smtpd\[24118\]: warning: unknown\[46.38.145.5\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Mar 20 14:16:10 srv01 postfix/smtpd\[12850\]: warning: unknown\[46.38.145.5\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Mar 20 14:16:41 srv01 postfix/smtpd\[9967\]: warning: unknown\[46.38.145.5\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... |
2020-03-20 21:25:35 |
| 122.51.31.60 | attackspam | SSH Brute Force |
2020-03-20 21:39:30 |
| 212.237.30.205 | attackspam | Invalid user oikawa from 212.237.30.205 port 41318 |
2020-03-20 21:02:53 |
| 117.55.241.2 | attackbotsspam | TCP SYN with data, PTR: PTR record not found |
2020-03-20 21:24:08 |
| 106.12.93.114 | attack | Invalid user gaop from 106.12.93.114 port 57556 |
2020-03-20 21:05:55 |
| 92.63.194.32 | attackbotsspam | Mar 20 13:17:22 *** sshd[13566]: User root from 92.63.194.32 not allowed because not listed in AllowUsers |
2020-03-20 21:45:38 |
| 54.37.229.128 | attack | SSH Brute Force |
2020-03-20 21:50:08 |
| 178.62.108.111 | attack | TCP port 1135: Scan and connection |
2020-03-20 21:20:39 |
| 111.231.94.138 | attack | SSH Brute Force |
2020-03-20 21:40:53 |
| 197.36.112.33 | attackspam | DATE:2020-03-20 04:46:00, IP:197.36.112.33, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq) |
2020-03-20 21:01:12 |