City: unknown
Region: Bavaria
Country: Germany
Internet Service Provider: LEIBNIZ-RECHENZENTRUM
Hostname: unknown
Organization: Leibniz-Rechenzentrum
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackbotsspam | Jul 3 13:25:33 TCP Attack: SRC=2001:4ca0:0108:0042:0000:0443:0006:0009 DST=[Masked] LEN=80 TC=0 HOPLIMIT=245 FLOWLBL=0 PROTO=TCP SPT=53115 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 |
2019-07-03 23:37:37 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2001:4ca0:108:42:0:443:6:9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38585
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2001:4ca0:108:42:0:443:6:9. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019070301 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 03 23:37:26 CST 2019
;; MSG SIZE rcvd: 130
9.0.0.0.6.0.0.0.3.4.4.0.0.0.0.0.2.4.0.0.8.0.1.0.0.a.c.4.1.0.0.2.ip6.arpa domain name pointer planetlab9.net.in.tum.de.8.0.1.0.0.a.c.4.1.0.0.2.ip6.arpa.
Server: 67.207.67.2
Address: 67.207.67.2#53
Non-authoritative answer:
9.0.0.0.6.0.0.0.3.4.4.0.0.0.0.0.2.4.0.0.8.0.1.0.0.a.c.4.1.0.0.2.ip6.arpa name = planetlab9.net.in.tum.de.8.0.1.0.0.a.c.4.1.0.0.2.ip6.arpa.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 94.102.51.29 | attack | ET CINS Active Threat Intelligence Poor Reputation IP group 92 - port: 3395 proto: TCP cat: Misc Attack |
2020-05-26 02:15:56 |
| 165.227.194.176 | attackbotsspam | frenzy |
2020-05-26 02:21:50 |
| 212.5.152.196 | attackspam | reported through recidive - multiple failed attempts(SSH) |
2020-05-26 01:57:32 |
| 45.5.238.183 | attack | May 25 13:42:00 mail.srvfarm.net postfix/smtpd[235746]: warning: 45-5-238-183.jerenet.com.br[45.5.238.183]: SASL PLAIN authentication failed: May 25 13:42:01 mail.srvfarm.net postfix/smtpd[235746]: lost connection after AUTH from 45-5-238-183.jerenet.com.br[45.5.238.183] May 25 13:44:46 mail.srvfarm.net postfix/smtps/smtpd[240130]: warning: 45-5-238-183.jerenet.com.br[45.5.238.183]: SASL PLAIN authentication failed: May 25 13:44:47 mail.srvfarm.net postfix/smtps/smtpd[240130]: lost connection after AUTH from 45-5-238-183.jerenet.com.br[45.5.238.183] May 25 13:44:55 mail.srvfarm.net postfix/smtps/smtpd[244218]: warning: 45-5-238-183.jerenet.com.br[45.5.238.183]: SASL PLAIN authentication failed: |
2020-05-26 02:13:34 |
| 178.62.117.106 | attackspambots | SSH auth scanning - multiple failed logins |
2020-05-26 02:31:27 |
| 191.53.238.102 | attack | May 25 13:17:26 mail.srvfarm.net postfix/smtpd[235744]: warning: unknown[191.53.238.102]: SASL PLAIN authentication failed: May 25 13:17:27 mail.srvfarm.net postfix/smtpd[235744]: lost connection after AUTH from unknown[191.53.238.102] May 25 13:19:25 mail.srvfarm.net postfix/smtps/smtpd[236937]: warning: unknown[191.53.238.102]: SASL PLAIN authentication failed: May 25 13:19:26 mail.srvfarm.net postfix/smtps/smtpd[236937]: lost connection after AUTH from unknown[191.53.238.102] May 25 13:21:22 mail.srvfarm.net postfix/smtps/smtpd[220465]: lost connection after CONNECT from unknown[191.53.238.102] |
2020-05-26 02:01:30 |
| 63.83.75.210 | attack | May 25 13:36:19 web01.agentur-b-2.de postfix/smtpd[210519]: NOQUEUE: reject: RCPT from unknown[63.83.75.210]: 450 4.7.1 |
2020-05-26 02:11:47 |
| 200.192.252.178 | attackspam | May 25 13:13:42 mail.srvfarm.net postfix/smtpd[216665]: lost connection after CONNECT from unknown[200.192.252.178] May 25 13:14:00 mail.srvfarm.net postfix/smtps/smtpd[217912]: warning: unknown[200.192.252.178]: SASL PLAIN authentication failed: May 25 13:14:00 mail.srvfarm.net postfix/smtps/smtpd[217912]: lost connection after AUTH from unknown[200.192.252.178] May 25 13:18:42 mail.srvfarm.net postfix/smtps/smtpd[221526]: warning: unknown[200.192.252.178]: SASL PLAIN authentication failed: May 25 13:18:42 mail.srvfarm.net postfix/smtps/smtpd[221526]: lost connection after AUTH from unknown[200.192.252.178] |
2020-05-26 01:59:09 |
| 134.209.71.245 | attackspam | $f2bV_matches |
2020-05-26 02:05:32 |
| 132.148.166.254 | attack | Cross-sitescripting |
2020-05-26 02:27:44 |
| 213.32.23.58 | attack | 2020-05-25T18:11:21.621071vps773228.ovh.net sshd[19729]: Failed password for root from 213.32.23.58 port 47902 ssh2 2020-05-25T18:14:57.920413vps773228.ovh.net sshd[19756]: Invalid user fliet from 213.32.23.58 port 52466 2020-05-25T18:14:57.936530vps773228.ovh.net sshd[19756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.ip-213-32-23.eu 2020-05-25T18:14:57.920413vps773228.ovh.net sshd[19756]: Invalid user fliet from 213.32.23.58 port 52466 2020-05-25T18:14:59.411041vps773228.ovh.net sshd[19756]: Failed password for invalid user fliet from 213.32.23.58 port 52466 ssh2 ... |
2020-05-26 02:33:24 |
| 66.249.65.210 | attackspam | [Mon May 25 18:59:30.867347 2020] [:error] [pid 20362:tid 139717567837952] [client 66.249.65.210:64347] [client 66.249.65.210] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/component/tags/tag/655-kalender-tanam-provinsi-jawa-timur"] [unique_id "XsuzIZF2BN7fidk-iLyMyAAAAfE"]
... |
2020-05-26 02:18:51 |
| 94.102.52.44 | attackbotsspam | May 25 19:44:30 ns3042688 courier-pop3d: LOGIN FAILED, user=office@sikla-systems.es, ip=\[::ffff:94.102.52.44\] ... |
2020-05-26 02:06:54 |
| 216.58.194.206 | attack | porn spam |
2020-05-26 02:21:33 |
| 80.82.65.122 | attackspam | May 25 19:50:02 ns3042688 courier-pop3d: LOGIN FAILED, user=reception@dewalt-shop.info, ip=\[::ffff:80.82.65.122\] ... |
2020-05-26 02:09:54 |