City: Frankfurt am Main
Region: Hesse
Country: Germany
Internet Service Provider: Linode LLC
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attack | [TueJun0222:25:30.0799612020][:error][pid29773:tid47395576493824][client2a01:7e01::f03c:91ff:fed3:3e2d:43964][client2a01:7e01::f03c:91ff:fed3:3e2d]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:administrator\|users_can_register\|https\?\)"atARGS:data.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"424"][id"347150"][rev"2"][msg"Atomicorp.comWAFRules:WordPressGDPRCompliancePluginExploitblocked"][data"admin-ajax.php"][severity"CRITICAL"][hostname"www.cdconsult.ch"][uri"/wp-admin/admin-ajax.php"][unique_id"Xta1urO79SVa@1nVQG9BNQAAANE"][TueJun0222:25:48.1515482020][:error][pid29626:tid47395488044800][client2a01:7e01::f03c:91ff:fed3:3e2d:45916][client2a01:7e01::f03c:91ff:fed3:3e2d]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\^0\$"against"REQUEST_HEADERS:Content-Length"required.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"96"][id"392301"][rev"8"][msg"Atomicorp.comWAFRules:RequestContainingContent\,butMissi |
2020-06-03 06:41:54 |
b
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3 <<>> 2a01:7e01::f03c:91ff:fed3:3e2d
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62636
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;2a01:7e01::f03c:91ff:fed3:3e2d. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020060202 1800 900 604800 86400
;; Query time: 1 msec
;; SERVER: 100.100.2.138#53(100.100.2.138)
;; WHEN: Wed Jun 3 06:52:59 2020
;; MSG SIZE rcvd: 123
Host d.2.e.3.3.d.e.f.f.f.1.9.c.3.0.f.0.0.0.0.0.0.0.0.1.0.e.7.1.0.a.2.ip6.arpa not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find d.2.e.3.3.d.e.f.f.f.1.9.c.3.0.f.0.0.0.0.0.0.0.0.1.0.e.7.1.0.a.2.ip6.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 58.49.230.254 | attack | ET CINS Active Threat Intelligence Poor Reputation IP group 40 - port: 30148 proto: TCP cat: Misc Attack |
2020-04-21 16:49:40 |
| 202.79.168.154 | attackspam | Apr 21 09:15:01 hosting sshd[11253]: Invalid user gitlab from 202.79.168.154 port 35280 ... |
2020-04-21 17:15:41 |
| 47.100.240.129 | attackspambots | 47.100.240.129 - - \[21/Apr/2020:05:51:43 +0200\] "POST /wp-login.php HTTP/1.0" 200 6949 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 47.100.240.129 - - \[21/Apr/2020:05:51:46 +0200\] "POST /wp-login.php HTTP/1.0" 200 6951 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 47.100.240.129 - - \[21/Apr/2020:05:51:50 +0200\] "POST /wp-login.php HTTP/1.0" 200 6807 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" |
2020-04-21 16:52:50 |
| 202.138.247.140 | attack | SSH invalid-user multiple login attempts |
2020-04-21 17:12:00 |
| 200.194.39.184 | attackbotsspam | Port scanning |
2020-04-21 17:27:27 |
| 223.194.33.72 | attackbotsspam | (sshd) Failed SSH login from 223.194.33.72 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 21 11:21:14 ubnt-55d23 sshd[21755]: Invalid user ii from 223.194.33.72 port 36064 Apr 21 11:21:16 ubnt-55d23 sshd[21755]: Failed password for invalid user ii from 223.194.33.72 port 36064 ssh2 |
2020-04-21 17:24:59 |
| 119.146.150.134 | attackbotsspam | Bruteforce detected by fail2ban |
2020-04-21 16:56:38 |
| 159.89.117.129 | attack | srv04 Mass scanning activity detected Target: 540(uucp) .. |
2020-04-21 17:18:06 |
| 41.193.122.77 | attackspam | Apr 21 09:10:25 internal-server-tf sshd\[8199\]: Invalid user pi from 41.193.122.77Apr 21 09:10:25 internal-server-tf sshd\[8201\]: Invalid user pi from 41.193.122.77 ... |
2020-04-21 17:24:37 |
| 202.152.0.14 | attack | Apr 21 09:19:20 jane sshd[11532]: Failed password for root from 202.152.0.14 port 45528 ssh2 ... |
2020-04-21 17:14:22 |
| 194.26.29.114 | attackbotsspam | Apr 21 10:13:36 debian-2gb-nbg1-2 kernel: \[9715775.566383\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=194.26.29.114 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36347 PROTO=TCP SPT=52697 DPT=6182 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-04-21 17:11:01 |
| 68.144.61.70 | attackspam | $f2bV_matches |
2020-04-21 16:59:53 |
| 45.95.169.232 | attackbots | $f2bV_matches_ltvn |
2020-04-21 17:28:01 |
| 140.246.175.68 | attack | $f2bV_matches |
2020-04-21 16:51:21 |
| 62.141.36.206 | attack | Brute-force attempt banned |
2020-04-21 16:57:25 |