City: Münster
Region: North Rhine-Westphalia
Country: Germany
Internet Service Provider: Vodafone
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.144.134.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28382
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.144.134.28. IN A
;; AUTHORITY SECTION:
. 271 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020051101 1800 900 604800 86400
;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue May 12 07:25:40 CST 2020
;; MSG SIZE rcvd: 11828.134.144.212.in-addr.arpa domain name pointer dialin-212-144-134-028.pools.arcor-ip.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
28.134.144.212.in-addr.arpa name = dialin-212-144-134-028.pools.arcor-ip.net.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 66.220.149.29 | attackspam | [Sat Mar 21 05:06:56.181533 2020] [:error] [pid 15471:tid 140719603767040] [client 66.220.149.29:60660] [client 66.220.149.29] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/IcoMoon.woff"] [unique_id "XnU@gHSgGZCQuiPkFx7dIAAAAAE"] ... |
2020-03-21 09:00:59 |
| 66.220.149.27 | attack | [Sat Mar 21 05:06:56.192841 2020] [:error] [pid 15461:tid 140719612159744] [client 66.220.149.27:39448] [client 66.220.149.27] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/image-loader-worker-v1.js"] [unique_id "XnU@gBotaJdlQvWXwpYWqwAAAAE"] ... |
2020-03-21 08:58:35 |
| 181.174.84.69 | attack | Mar 20 18:08:50 askasleikir sshd[101241]: Failed password for invalid user zhangkun from 181.174.84.69 port 54710 ssh2 Mar 20 17:53:15 askasleikir sshd[100236]: Failed password for invalid user te from 181.174.84.69 port 60430 ssh2 Mar 20 18:04:18 askasleikir sshd[101005]: Failed password for invalid user kjayroe from 181.174.84.69 port 33876 ssh2 |
2020-03-21 09:10:23 |
| 123.206.176.219 | attackbots | SSH bruteforce (Triggered fail2ban) |
2020-03-21 09:04:04 |
| 43.225.151.142 | attack | Invalid user ofisher from 43.225.151.142 port 38696 |
2020-03-21 08:49:06 |
| 36.49.159.129 | attack | Mar 20 19:07:08 ws19vmsma01 sshd[68316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.49.159.129 Mar 20 19:07:09 ws19vmsma01 sshd[68316]: Failed password for invalid user dq from 36.49.159.129 port 3227 ssh2 ... |
2020-03-21 08:45:37 |
| 14.169.80.105 | attackspam | Mar 21 00:05:18 * sshd[24674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.169.80.105 Mar 21 00:05:20 * sshd[24674]: Failed password for invalid user gymnasiem from 14.169.80.105 port 43890 ssh2 |
2020-03-21 08:54:40 |
| 103.30.115.1 | attack | Mar 21 03:07:08 gw1 sshd[1685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.115.1 Mar 21 03:07:09 gw1 sshd[1685]: Failed password for invalid user mother from 103.30.115.1 port 10101 ssh2 ... |
2020-03-21 08:47:04 |
| 217.23.194.27 | attack | Mar 21 01:14:54 ns3042688 sshd\[6234\]: Invalid user eliza from 217.23.194.27 Mar 21 01:14:56 ns3042688 sshd\[6234\]: Failed password for invalid user eliza from 217.23.194.27 port 54974 ssh2 Mar 21 01:20:10 ns3042688 sshd\[7233\]: Invalid user abbey from 217.23.194.27 Mar 21 01:20:12 ns3042688 sshd\[7233\]: Failed password for invalid user abbey from 217.23.194.27 port 40842 ssh2 Mar 21 01:23:53 ns3042688 sshd\[7816\]: Invalid user yj from 217.23.194.27 ... |
2020-03-21 08:39:52 |
| 37.115.188.95 | attackspambots | DATE:2020-03-21 00:16:38, IP:37.115.188.95, PORT:ssh SSH brute force auth (docker-dc) |
2020-03-21 09:01:19 |
| 142.93.239.197 | attackbotsspam | Invalid user zhangchx from 142.93.239.197 port 53696 |
2020-03-21 08:38:38 |
| 66.240.219.146 | attackspam | US_CariNet,_<177>1584747777 [1:2403406:56115] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 [Classification: Misc Attack] [Priority: 2]: |
2020-03-21 08:34:16 |
| 106.12.58.4 | attackspambots | SSH Login Bruteforce |
2020-03-21 09:11:07 |
| 59.50.95.129 | attack | Time: Fri Mar 20 20:08:54 2020 -0300 IP: 59.50.95.129 (CN/China/-) Failures: 20 (WordPressBruteForcePOST) Interval: 3600 seconds Blocked: Permanent Block |
2020-03-21 08:54:26 |
| 192.3.103.253 | attackbots | (From steve@steveconstable.com) Hello, I am writing in hopes of finding the appropriate person who handles marketing? If it makes sense to talk, let me know how your calendar looks. Steve Constable New Media Services is a digital marketing agency which specializes in online customer acquisition in local search for service-based businesses and also in e-commerce product sales with a national reach. Some of my past Fortune 500 clients include: IBM, Motorola, Microsoft Advertising and AT&T. I also work with medium sized businesses in local search. As an introduction to my services, I can prepare a FREE website analysis report for you at your request. Simply reply back with the url you want evaluated and the words “YES, send me the report” and expect to hear from me soon. I will analyze your website and report back to you my findings and create a custom tailored strategy to improve your website experience for your clients, which will ultimately result in more leads and sales for your business. In the |
2020-03-21 08:39:12 |