City: Guangzhou
Region: Guangdong
Country: China
Internet Service Provider: ChinaNet Guangdong Province Network
Hostname: unknown
Organization: unknown
Usage Type: unknown
| Type | Details | Datetime |
|---|---|---|
| attack | The IP has triggered Cloudflare WAF. CF-Ray: 54366c001e81eba5 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: badHost | Protocol: HTTP/2 | Method: GET | Host: api.skk.moe | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB). |
2019-12-12 04:14:23 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 219.137.142.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17147
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;219.137.142.139. IN A
;; AUTHORITY SECTION:
. 140 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019121101 1800 900 604800 86400
;; Query time: 505 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 12 04:14:19 CST 2019
;; MSG SIZE rcvd: 119139.142.137.219.in-addr.arpa domain name pointer 139.142.137.219.broad.gz.gd.dynamic.163data.com.cn.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
139.142.137.219.in-addr.arpa name = 139.142.137.219.broad.gz.gd.dynamic.163data.com.cn.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 208.186.16.204 | attack | (sshd) Failed SSH login from 208.186.16.204 (US/United States/-): 5 in the last 3600 secs |
2020-05-22 16:46:44 |
| 62.173.147.229 | attack | [2020-05-22 04:12:50] NOTICE[1157][C-000081f1] chan_sip.c: Call from '' (62.173.147.229:51477) to extension '9**16614627706' rejected because extension not found in context 'public'. [2020-05-22 04:12:50] SECURITY[1173] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-05-22T04:12:50.727-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9**16614627706",SessionID="0x7f5f10787a08",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/62.173.147.229/51477",ACLName="no_extension_match" [2020-05-22 04:18:45] NOTICE[1157][C-000081f6] chan_sip.c: Call from '' (62.173.147.229:50355) to extension '9**1116614627706' rejected because extension not found in context 'public'. [2020-05-22 04:18:45] SECURITY[1173] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-05-22T04:18:45.438-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9**1116614627706",SessionID="0x7f5f10787a08",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/U ... |
2020-05-22 17:02:25 |
| 116.114.95.130 | attackspambots | Port probing on unauthorized port 23 |
2020-05-22 17:03:45 |
| 1.196.223.50 | attackspambots | Invalid user rwa from 1.196.223.50 port 63609 |
2020-05-22 16:31:13 |
| 142.44.185.242 | attackbotsspam | May 22 10:55:19 MainVPS sshd[31401]: Invalid user pbl from 142.44.185.242 port 58552 May 22 10:55:19 MainVPS sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.185.242 May 22 10:55:19 MainVPS sshd[31401]: Invalid user pbl from 142.44.185.242 port 58552 May 22 10:55:22 MainVPS sshd[31401]: Failed password for invalid user pbl from 142.44.185.242 port 58552 ssh2 May 22 10:58:45 MainVPS sshd[1523]: Invalid user xst from 142.44.185.242 port 35342 ... |
2020-05-22 17:06:18 |
| 111.231.139.30 | attack | May 22 07:57:06 nextcloud sshd\[22005\]: Invalid user ecz from 111.231.139.30 May 22 07:57:06 nextcloud sshd\[22005\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.139.30 May 22 07:57:07 nextcloud sshd\[22005\]: Failed password for invalid user ecz from 111.231.139.30 port 39437 ssh2 |
2020-05-22 17:02:44 |
| 14.247.254.225 | attackbotsspam | 1590119542 - 05/22/2020 05:52:22 Host: 14.247.254.225/14.247.254.225 Port: 445 TCP Blocked |
2020-05-22 16:53:16 |
| 111.229.50.131 | attackbotsspam | May 21 22:19:07 web9 sshd\[4066\]: Invalid user ehh from 111.229.50.131 May 21 22:19:07 web9 sshd\[4066\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.50.131 May 21 22:19:09 web9 sshd\[4066\]: Failed password for invalid user ehh from 111.229.50.131 port 52028 ssh2 May 21 22:20:36 web9 sshd\[4245\]: Invalid user ypt from 111.229.50.131 May 21 22:20:36 web9 sshd\[4245\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.50.131 |
2020-05-22 16:37:50 |
| 148.229.3.242 | attack | Invalid user admin0 from 148.229.3.242 port 46649 |
2020-05-22 16:48:29 |
| 119.18.0.12 | attack | Unauthorized access to web resources |
2020-05-22 16:51:57 |
| 191.7.158.65 | attack | Invalid user bow from 191.7.158.65 port 50576 |
2020-05-22 16:39:03 |
| 106.13.20.61 | attackbots | 5x Failed Password |
2020-05-22 16:38:32 |
| 68.183.227.252 | attack | May 22 08:14:00 web8 sshd\[28474\]: Invalid user emm from 68.183.227.252 May 22 08:14:00 web8 sshd\[28474\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.227.252 May 22 08:14:02 web8 sshd\[28474\]: Failed password for invalid user emm from 68.183.227.252 port 57482 ssh2 May 22 08:18:31 web8 sshd\[30797\]: Invalid user hxf from 68.183.227.252 May 22 08:18:31 web8 sshd\[30797\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.227.252 |
2020-05-22 16:29:08 |
| 183.89.212.158 | attackspam | failed_logins |
2020-05-22 17:07:14 |
| 69.163.144.78 | attackspambots | Automatically reported by fail2ban report script (mx1) |
2020-05-22 16:53:54 |