City: unknown
Region: unknown
Country: South Africa
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.87.195.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17409
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;197.87.195.139. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025012700 1800 900 604800 86400
;; Query time: 15 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jan 27 18:31:07 CST 2025
;; MSG SIZE rcvd: 107Host 139.195.87.197.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 139.195.87.197.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 103.203.172.166 | attackspam | Port scan and direct access per IP instead of hostname |
2019-07-28 17:50:15 |
| 39.134.26.20 | attack | Jul 28 03:05:24 mail kernel: \[1537165.698252\] \[UFW BLOCK\] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=39.134.26.20 DST=91.205.173.180 LEN=52 TOS=0x04 PREC=0x00 TTL=50 ID=22293 DF PROTO=TCP SPT=39920 DPT=6380 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 28 03:05:25 mail kernel: \[1537166.700875\] \[UFW BLOCK\] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=39.134.26.20 DST=91.205.173.180 LEN=52 TOS=0x04 PREC=0x00 TTL=49 ID=46261 DF PROTO=TCP SPT=30396 DPT=7001 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 28 03:05:29 mail kernel: \[1537170.700622\] \[UFW BLOCK\] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=39.134.26.20 DST=91.205.173.180 LEN=52 TOS=0x04 PREC=0x00 TTL=49 ID=31223 DF PROTO=TCP SPT=32289 DPT=8088 WINDOW=29200 RES=0x00 SYN URGP=0 |
2019-07-28 17:10:17 |
| 46.229.161.131 | attack | Looking for resource vulnerabilities |
2019-07-28 17:08:16 |
| 111.93.234.154 | attackbotsspam | GET /test.php HTTP/1.1 |
2019-07-28 17:14:41 |
| 107.170.239.22 | attackspam | Port scan attempt detected by AWS-CCS, CTS, India |
2019-07-28 17:27:25 |
| 164.132.74.224 | attack | Jul 28 04:38:09 s64-1 sshd[2905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.74.224 Jul 28 04:38:10 s64-1 sshd[2905]: Failed password for invalid user deeptiman from 164.132.74.224 port 55652 ssh2 Jul 28 04:43:47 s64-1 sshd[2967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.74.224 ... |
2019-07-28 17:07:46 |
| 79.137.46.233 | attackbots | C2,WP GET /wp-login.php |
2019-07-28 17:25:53 |
| 41.223.236.24 | attackbots | Jul 27 21:05:24 localhost kernel: [15520117.353317] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=41.223.236.24 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=59748 PROTO=TCP SPT=45550 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Jul 27 21:05:24 localhost kernel: [15520117.353325] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=41.223.236.24 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=59748 PROTO=TCP SPT=45550 DPT=445 SEQ=509642919 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Jul 27 21:05:24 localhost kernel: [15520117.361844] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=41.223.236.24 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=242 ID=59748 PROTO=TCP SPT=45550 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 |
2019-07-28 17:13:31 |
| 193.219.78.73 | attackbots | Jul 28 05:34:33 debian sshd\[15495\]: Invalid user qwertyuiop\[\] from 193.219.78.73 port 39158 Jul 28 05:34:33 debian sshd\[15495\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.219.78.73 ... |
2019-07-28 17:23:47 |
| 191.7.152.13 | attack | Jul 28 06:26:50 lnxweb62 sshd[12265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.152.13 |
2019-07-28 16:51:57 |
| 110.80.25.9 | attackspambots | GET /TP/public/index.php HTTP/1.1 |
2019-07-28 17:15:33 |
| 106.78.160.193 | attackbotsspam | Automatic report - Port Scan Attack |
2019-07-28 16:54:04 |
| 128.14.209.178 | attack | Port scan and direct access per IP instead of hostname |
2019-07-28 16:48:20 |
| 128.14.134.170 | attackbots | Port scan and direct access per IP instead of hostname |
2019-07-28 16:50:58 |
| 147.135.156.89 | attack | Jul 28 09:23:09 microserver sshd[59446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.135.156.89 user=root Jul 28 09:23:11 microserver sshd[59446]: Failed password for root from 147.135.156.89 port 50698 ssh2 Jul 28 09:27:29 microserver sshd[60060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.135.156.89 user=root Jul 28 09:27:32 microserver sshd[60060]: Failed password for root from 147.135.156.89 port 41942 ssh2 Jul 28 09:31:43 microserver sshd[60654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.135.156.89 user=root Jul 28 09:44:31 microserver sshd[62124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.135.156.89 user=root Jul 28 09:44:33 microserver sshd[62124]: Failed password for root from 147.135.156.89 port 51598 ssh2 Jul 28 09:48:44 microserver sshd[62743]: pam_unix(sshd:auth): authentication failure; logname= uid |
2019-07-28 16:47:22 |