City: unknown
Region: unknown
Country: Germany
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 2.200.81.206 | attackbots | srvr1: (mod_security) mod_security (id:920350) triggered by 2.200.81.206 (DE/-/dslb-002-200-081-206.002.200.pools.vodafone-ip.de): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/27 21:06:59 [error] 155659#0: *426673 [client 2.200.81.206] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/phpmyadmin/"] [unique_id "15985624191.983664"] [ref "o0,13v155,13"], client: 2.200.81.206, [redacted] request: "GET /phpmyadmin/ HTTP/1.1" [redacted] |
2020-08-28 07:42:42 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2.200.8.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61078
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2.200.8.22. IN A
;; AUTHORITY SECTION:
. 583 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023100401 1800 900 604800 86400
;; Query time: 25 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 05 12:48:24 CST 2023
;; MSG SIZE rcvd: 10322.8.200.2.in-addr.arpa domain name pointer dslb-002-200-008-022.002.200.pools.vodafone-ip.de.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
22.8.200.2.in-addr.arpa name = dslb-002-200-008-022.002.200.pools.vodafone-ip.de.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 87.251.74.166 | attackspam | May 10 20:36:30 debian-2gb-nbg1-2 kernel: \[11394661.138942\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=87.251.74.166 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=40294 PROTO=TCP SPT=55324 DPT=3366 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-05-11 02:58:44 |
| 51.178.50.244 | attack | May 10 19:00:00 localhost sshd[33315]: Invalid user atomic from 51.178.50.244 port 59452 May 10 19:00:00 localhost sshd[33315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=244.ip-51-178-50.eu May 10 19:00:00 localhost sshd[33315]: Invalid user atomic from 51.178.50.244 port 59452 May 10 19:00:02 localhost sshd[33315]: Failed password for invalid user atomic from 51.178.50.244 port 59452 ssh2 May 10 19:05:11 localhost sshd[33821]: Invalid user nagios from 51.178.50.244 port 59822 ... |
2020-05-11 03:12:27 |
| 211.23.162.200 | attackspam | Honeypot attack, port: 445, PTR: 211-23-162-200.HINET-IP.hinet.net. |
2020-05-11 02:47:25 |
| 115.84.105.146 | attackbotsspam | Dovecot Invalid User Login Attempt. |
2020-05-11 02:48:09 |
| 119.139.198.74 | attackspam | 2020-05-10T10:03:22.2681831495-001 sshd[27932]: Invalid user csgoserver from 119.139.198.74 port 35479 2020-05-10T10:03:24.3315611495-001 sshd[27932]: Failed password for invalid user csgoserver from 119.139.198.74 port 35479 ssh2 2020-05-10T10:06:04.2953941495-001 sshd[28061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.139.198.74 user=root 2020-05-10T10:06:06.5964691495-001 sshd[28061]: Failed password for root from 119.139.198.74 port 49517 ssh2 2020-05-10T10:08:55.1414411495-001 sshd[28173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.139.198.74 user=root 2020-05-10T10:08:56.9161881495-001 sshd[28173]: Failed password for root from 119.139.198.74 port 35319 ssh2 ... |
2020-05-11 03:00:25 |
| 223.71.80.37 | attackspam | 2020/5/9 10:34:09 Firewall[240]: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=48:1d:70:de:3a:51:00:01:5c:32:7b:01:08:00 SRC=223.71.80.37 DST= LEN=40 TOS=00 PREC=0x00 TTL=96 ID=256 PROTO=TCP SPT=6000 DPT=8433 SEQ=807731200 ACK |
2020-05-11 02:43:33 |
| 42.119.228.157 | attackbotsspam | Honeypot attack, port: 445, PTR: PTR record not found |
2020-05-11 02:56:12 |
| 106.124.130.114 | attack | $f2bV_matches |
2020-05-11 02:52:51 |
| 178.94.39.103 | attackbots | Honeypot attack, port: 445, PTR: 103-39-94-178.pool.ukrtel.net. |
2020-05-11 03:01:22 |
| 59.127.222.78 | attackspam | Port probing on unauthorized port 23 |
2020-05-11 03:02:32 |
| 123.21.112.47 | attack | port scan and connect, tcp 22 (ssh) |
2020-05-11 03:06:00 |
| 139.59.60.196 | attack | May 10 14:46:18 wordpress wordpress(www.ruhnke.cloud)[4670]: Blocked authentication attempt for admin from ::ffff:139.59.60.196 |
2020-05-11 02:52:31 |
| 1.164.31.186 | attack | Honeypot attack, port: 5555, PTR: 1-164-31-186.dynamic-ip.hinet.net. |
2020-05-11 02:52:00 |
| 194.26.29.13 | attack | May 10 20:54:54 debian-2gb-nbg1-2 kernel: \[11395764.977846\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=194.26.29.13 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19766 PROTO=TCP SPT=55997 DPT=8218 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-05-11 03:02:54 |
| 176.63.178.99 | attackspambots | Port probing on unauthorized port 23 |
2020-05-11 02:58:17 |