City: unknown
Region: unknown
Country: United States of America (the)
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 216.134.43.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12459
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;216.134.43.149. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025020602 1800 900 604800 86400
;; Query time: 35 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 07 11:27:08 CST 2025
;; MSG SIZE rcvd: 107Host 149.43.134.216.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 149.43.134.216.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 27.77.20.90 | attackspam | Unauthorized connection attempt from IP address 27.77.20.90 on Port 445(SMB) |
2020-09-23 01:45:12 |
| 91.207.40.45 | attack | Sep 22 15:53:36 rush sshd[6509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.207.40.45 Sep 22 15:53:37 rush sshd[6509]: Failed password for invalid user ftproot from 91.207.40.45 port 33334 ssh2 Sep 22 15:57:53 rush sshd[6637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.207.40.45 ... |
2020-09-23 01:25:25 |
| 94.23.216.212 | attackspam | 94.23.216.212 - - [22/Sep/2020:19:22:12 +0200] "GET /wp-login.php HTTP/1.1" 200 9184 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.23.216.212 - - [22/Sep/2020:19:22:13 +0200] "POST /wp-login.php HTTP/1.1" 200 9435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.23.216.212 - - [22/Sep/2020:19:22:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-09-23 01:43:06 |
| 190.12.113.38 | attackbotsspam | Unauthorized connection attempt from IP address 190.12.113.38 on Port 445(SMB) |
2020-09-23 02:19:57 |
| 23.90.145.52 | attack | srvr1: (mod_security) mod_security (id:920350) triggered by 23.90.145.52 (DE/-/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/22 18:42:43 [error] 124057#0: *396601 [client 23.90.145.52] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160079296326.280589"] [ref "o0,13v21,13"], client: 23.90.145.52, [redacted] request: "GET / HTTP/1.0" [redacted] |
2020-09-23 01:38:09 |
| 192.241.235.22 | attackbots | Port scan denied |
2020-09-23 02:13:32 |
| 94.153.224.202 | attackbots | 94.153.224.202 - - [22/Sep/2020:18:34:50 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.153.224.202 - - [22/Sep/2020:18:34:52 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.153.224.202 - - [22/Sep/2020:18:34:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-09-23 01:47:42 |
| 94.102.57.155 | attackbotsspam | Port scan on 53 port(s): 25003 25108 25109 25120 25135 25146 25200 25215 25219 25245 25291 25302 25308 25319 25323 25370 25382 25391 25446 25448 25451 25466 25479 25519 25540 25578 25581 25587 25589 25629 25668 25672 25679 25680 25710 25712 25714 25721 25724 25736 25738 25741 25791 25873 25894 25903 25908 25912 25915 25929 25932 25996 25999 |
2020-09-23 01:42:48 |
| 203.45.101.10 | attackbots | srvr2: (mod_security) mod_security (id:920350) triggered by 203.45.101.10 (AU/-/dungow1.lnk.telstra.net): 1 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/21 19:01:00 [error] 91401#0: *151274 [client 203.45.101.10] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160070766024.826780"] [ref "o0,15v21,15"], client: 203.45.101.10, [redacted] request: "GET / HTTP/1.1" [redacted] |
2020-09-23 01:33:50 |
| 69.252.50.230 | attackspambots | 20 attempts against mh-misbehave-ban on pluto |
2020-09-23 01:32:57 |
| 167.114.96.156 | attackspam | $f2bV_matches |
2020-09-23 01:26:35 |
| 221.120.237.146 | attackspambots | Unauthorized connection attempt from IP address 221.120.237.146 on Port 445(SMB) |
2020-09-23 01:31:55 |
| 91.185.30.30 | attackbotsspam | Unauthorized connection attempt from IP address 91.185.30.30 on Port 445(SMB) |
2020-09-23 02:15:59 |
| 190.79.169.49 | attackbotsspam | SSH/22 MH Probe, BF, Hack - |
2020-09-23 01:32:19 |
| 85.172.174.5 | attack | $f2bV_matches |
2020-09-23 01:35:05 |