City: Nuremberg
Region: Bavaria
Country: Germany
Internet Service Provider: Contabo GmbH
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackspam | Unauthorized connection attempt detected from IP address 213.136.93.52 to port 22 |
2020-03-25 06:53:59 |
| attack | 22/tcp [2020-03-24]1pkt |
2020-03-24 21:19:41 |
| attackbotsspam | Lines containing failures of 213.136.93.52 Mar 23 13:32:43 www sshd[17307]: Did not receive identification string from 213.136.93.52 port 33474 Mar 23 13:33:48 www sshd[17522]: Invalid user \n from 213.136.93.52 port 49012 Mar 23 13:33:48 www sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.136.93.52 Mar 23 13:33:51 www sshd[17522]: Failed password for invalid user \n from 213.136.93.52 port 49012 ssh2 Mar 23 13:33:51 www sshd[17522]: Received disconnect from 213.136.93.52 port 49012:11: Normal Shutdown, Thank you for playing [preauth] Mar 23 13:33:51 www sshd[17522]: Disconnected from invalid user \\n 213.136.93.52 port 49012 [preauth] Mar 23 13:34:30 www sshd[17630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.136.93.52 user=r.r Mar 23 13:34:33 www sshd[17630]: Failed password for r.r from 213.136.93.52 port 39170 ssh2 Mar 23 13:34:33 www sshd[17630]: Received disco........ ------------------------------ |
2020-03-24 04:58:51 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 213.136.93.171 | attackspam | xmlrpc attack |
2020-09-03 02:09:33 |
| 213.136.93.171 | attack | xmlrpc attack |
2020-09-02 17:40:10 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 213.136.93.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;213.136.93.52. IN A
;; AUTHORITY SECTION:
. 188 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020032301 1800 900 604800 86400
;; Query time: 115 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 24 04:58:47 CST 2020
;; MSG SIZE rcvd: 11752.93.136.213.in-addr.arpa domain name pointer vmd50361.contaboserver.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
52.93.136.213.in-addr.arpa name = vmd50361.contaboserver.net.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 94.191.64.101 | attack | 2019-09-09T15:00:29.196584abusebot.cloudsearch.cf sshd\[5319\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.64.101 user=root |
2019-09-10 04:23:42 |
| 73.59.165.164 | attack | Sep 9 10:23:32 hiderm sshd\[15402\]: Invalid user 123456789 from 73.59.165.164 Sep 9 10:23:32 hiderm sshd\[15402\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-59-165-164.hsd1.tn.comcast.net Sep 9 10:23:35 hiderm sshd\[15402\]: Failed password for invalid user 123456789 from 73.59.165.164 port 36668 ssh2 Sep 9 10:29:41 hiderm sshd\[15908\]: Invalid user qwe123 from 73.59.165.164 Sep 9 10:29:41 hiderm sshd\[15908\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-59-165-164.hsd1.tn.comcast.net |
2019-09-10 04:46:55 |
| 185.209.0.17 | attackbotsspam | Port scan on 10 port(s): 7197 7201 7202 7203 7205 7212 7214 7215 7223 7224 |
2019-09-10 04:21:11 |
| 222.186.15.110 | attack | Sep 9 22:25:58 core sshd[12649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.110 user=root Sep 9 22:26:01 core sshd[12649]: Failed password for root from 222.186.15.110 port 39740 ssh2 ... |
2019-09-10 04:26:59 |
| 175.174.211.186 | attackspam | Unauthorised access (Sep 9) SRC=175.174.211.186 LEN=40 TTL=49 ID=16960 TCP DPT=8080 WINDOW=36805 SYN Unauthorised access (Sep 9) SRC=175.174.211.186 LEN=40 TTL=49 ID=25613 TCP DPT=8080 WINDOW=25133 SYN |
2019-09-10 04:41:46 |
| 202.88.246.161 | attackspam | Sep 9 14:52:15 Tower sshd[17041]: Connection from 202.88.246.161 port 50622 on 192.168.10.220 port 22 Sep 9 14:52:17 Tower sshd[17041]: Invalid user test from 202.88.246.161 port 50622 Sep 9 14:52:17 Tower sshd[17041]: error: Could not get shadow information for NOUSER Sep 9 14:52:17 Tower sshd[17041]: Failed password for invalid user test from 202.88.246.161 port 50622 ssh2 Sep 9 14:52:17 Tower sshd[17041]: Received disconnect from 202.88.246.161 port 50622:11: Bye Bye [preauth] Sep 9 14:52:17 Tower sshd[17041]: Disconnected from invalid user test 202.88.246.161 port 50622 [preauth] |
2019-09-10 04:23:02 |
| 144.217.4.14 | attack | Sep 9 18:41:36 XXX sshd[47774]: Invalid user ofsaa from 144.217.4.14 port 50965 |
2019-09-10 04:10:54 |
| 185.66.141.119 | attack | WordPress XMLRPC scan :: 185.66.141.119 0.436 BYPASS [10/Sep/2019:03:50:50 1000] [censored_1] "POST /xmlrpc.php HTTP/1.1" 503 19381 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2019-09-10 04:19:09 |
| 184.105.139.99 | attackbotsspam | firewall-block, port(s): 4786/tcp |
2019-09-10 04:34:06 |
| 84.193.142.76 | attackbotsspam | ssh failed login |
2019-09-10 04:52:39 |
| 43.230.166.3 | attack | Probing for vulnerable PHP code /mi04ed7w.php |
2019-09-10 04:44:20 |
| 119.29.153.245 | attackspambots | Too Many Connections Or General Abuse |
2019-09-10 04:29:57 |
| 51.38.238.22 | attackbots | Sep 9 19:56:28 SilenceServices sshd[3805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.238.22 Sep 9 19:56:30 SilenceServices sshd[3805]: Failed password for invalid user 123 from 51.38.238.22 port 56654 ssh2 Sep 9 20:02:02 SilenceServices sshd[8440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.238.22 |
2019-09-10 04:20:21 |
| 106.12.187.146 | attackbots | Sep 9 10:39:13 web9 sshd\[15125\]: Invalid user tomtom from 106.12.187.146 Sep 9 10:39:13 web9 sshd\[15125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.187.146 Sep 9 10:39:14 web9 sshd\[15125\]: Failed password for invalid user tomtom from 106.12.187.146 port 48774 ssh2 Sep 9 10:43:37 web9 sshd\[15910\]: Invalid user wwwadmin from 106.12.187.146 Sep 9 10:43:37 web9 sshd\[15910\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.187.146 |
2019-09-10 04:51:36 |
| 164.132.209.242 | attack | Sep 9 16:47:22 server sshd[31276]: Failed password for invalid user teamspeak3 from 164.132.209.242 port 39216 ssh2 Sep 9 16:55:12 server sshd[32309]: Failed password for root from 164.132.209.242 port 37542 ssh2 Sep 9 17:00:38 server sshd[32963]: Failed password for invalid user developer from 164.132.209.242 port 43032 ssh2 |
2019-09-10 04:11:56 |