City: unknown
Region: unknown
Country: Germany
Internet Service Provider: Hetzner Online AG
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attack | [WedOct0723:12:05.7271442020][:error][pid23678:tid47724261132032][client2a01:4f8:c2c:97c1::1:42670][client2a01:4f8:c2c:97c1::1]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disablethisruleifyouusepython-requests/."][severity"CRITICAL"][hostname"www.nonsolotende.ch"][uri"/wp-content/plugins/wp-file-manager/readme.txt"][unique_id"X34vJV817Y3M8cNF2tz2rwAAAI4"][WedOct0723:12:06.8456712020][:error][pid23678:tid47724261132032][client2a01:4f8:c2c:97c1::1:42670][client2a01:4f8:c2c:97c1::1]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disableth |
2020-10-08 05:29:44 |
| attackspambots | [TueOct0623:18:38.4767272020][:error][pid15696:tid47724271638272][client2a01:4f8:c2c:97c1::1:33776][client2a01:4f8:c2c:97c1::1]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disablethisruleifyouusepython-requests/."][severity"CRITICAL"][hostname"mail.interiorrm.ch"][uri"/wp-content/plugins/wp-file-manager/readme.txt"][unique_id"X3zfLot-6x8jAMBNX7efNwAAABM"][TueOct0623:18:39.3994742020][:error][pid15696:tid47724271638272][client2a01:4f8:c2c:97c1::1:33776][client2a01:4f8:c2c:97c1::1]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disablethi |
2020-10-07 13:42:06 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2a01:4f8:c2c:97c1::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17491
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2a01:4f8:c2c:97c1::1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020100602 1800 900 604800 86400
;; Query time: 2 msec
;; SERVER: 100.100.2.138#53(100.100.2.138)
;; WHEN: Wed Oct 07 13:56:37 CST 2020
;; MSG SIZE rcvd: 124
Host 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.c.7.9.c.2.c.0.8.f.4.0.1.0.a.2.ip6.arpa not found: 3(NXDOMAIN)
Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.c.7.9.c.2.c.0.8.f.4.0.1.0.a.2.ip6.arpa: NXDOMAIN
| IP | Type | Details | Datetime |
|---|---|---|---|
| 185.220.101.35 | attackspam | Aug 1 05:34:43 nginx sshd[76937]: Connection from 185.220.101.35 port 43451 on 10.23.102.80 port 22 Aug 1 05:34:46 nginx sshd[76937]: Received disconnect from 185.220.101.35 port 43451:11: bye [preauth] |
2019-08-01 11:47:05 |
| 180.242.155.46 | attackbots | Jul 31 20:36:34 * sshd[21207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.242.155.46 Jul 31 20:36:36 * sshd[21207]: Failed password for invalid user 666666 from 180.242.155.46 port 51547 ssh2 |
2019-08-01 11:25:52 |
| 193.171.202.150 | attack | Jul 31 11:38:05 *** sshd[9800]: Failed password for invalid user maint from 193.171.202.150 port 37682 ssh2 |
2019-08-01 11:23:32 |
| 157.35.242.222 | attack | ¯\_(ツ)_/¯ |
2019-08-01 11:34:55 |
| 115.239.239.98 | attackbotsspam | 2019-08-01T03:34:52.277275abusebot-5.cloudsearch.cf sshd\[12703\]: Invalid user juliano from 115.239.239.98 port 57859 |
2019-08-01 11:43:04 |
| 111.67.27.16 | attackspambots | Unauthorized connection attempt from IP address 111.67.27.16 on Port 445(SMB) |
2019-08-01 11:43:26 |
| 94.54.136.191 | attack | Unauthorized connection attempt from IP address 94.54.136.191 on Port 445(SMB) |
2019-08-01 11:37:10 |
| 104.140.188.58 | attackbotsspam | 01.08.2019 01:34:33 Connection to port 3389 blocked by firewall |
2019-08-01 11:23:03 |
| 124.158.12.204 | attackspam | 124.158.12.204 - - \[01/Aug/2019:05:34:36 +0200\] "POST /wp-login.php HTTP/1.1" 200 2110 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 124.158.12.204 - - \[01/Aug/2019:05:34:39 +0200\] "POST /wp-login.php HTTP/1.1" 200 2113 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ... |
2019-08-01 11:52:40 |
| 104.206.128.6 | attack | Honeypot attack, port: 81, PTR: 6-128.206.104.serverhubrdns.in-addr.arpa. |
2019-08-01 11:07:54 |
| 188.254.0.214 | attackbots | Apr 17 01:54:48 ubuntu sshd[32554]: Failed password for invalid user zq from 188.254.0.214 port 48166 ssh2 Apr 17 01:57:07 ubuntu sshd[732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.254.0.214 Apr 17 01:57:09 ubuntu sshd[732]: Failed password for invalid user Kaino from 188.254.0.214 port 45110 ssh2 |
2019-08-01 11:35:47 |
| 189.144.94.96 | attackbots | TCP port 445 (SMB) attempt blocked by firewall. [2019-07-31 20:24:23] |
2019-08-01 11:14:41 |
| 188.93.234.85 | attackbots | 2019-07-31T18:51:58.616060abusebot-7.cloudsearch.cf sshd\[1332\]: Invalid user 123456 from 188.93.234.85 port 48341 |
2019-08-01 11:33:05 |
| 1.4.135.54 | attackspam | Unauthorized connection attempt from IP address 1.4.135.54 on Port 445(SMB) |
2019-08-01 11:41:43 |
| 92.63.194.26 | attackspam | Aug105:23:49server2kernel:Firewall:\*TCP_INBlocked\*IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=92.63.194.26DST=136.243.224.50LEN=60TOS=0x00PREC=0x00TTL=56ID=57543DFPROTO=TCPSPT=59842DPT=22WINDOW=29200RES=0x00SYNURGP=0Aug105:23:49server2kernel:Firewall:\*TCP_INBlocked\*IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=92.63.194.26DST=136.243.224.52LEN=60TOS=0x00PREC=0x00TTL=56ID=2541DFPROTO=TCPSPT=34976DPT=22WINDOW=29200RES=0x00SYNURGP=0Aug105:23:49server2kernel:Firewall:\*TCP_INBlocked\*IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=92.63.194.26DST=136.243.224.54LEN=60TOS=0x00PREC=0x00TTL=57ID=1909DFPROTO=TCPSPT=44090DPT=22WINDOW=29200RES=0x00SYNURGP=0Aug105:23:49server2kernel:Firewall:\*TCP_INBlocked\*IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=92.63.194.26DST=136.243.224.53LEN=60TOS=0x00PREC=0x00TTL=56ID=42284DFPROTO=TCPSPT=52588DPT=22WINDOW=29200RES=0x00SYNURGP=0Aug105:23:49server2kernel:Firewall:\*PortFlood\*IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00: |
2019-08-01 11:24:38 |