City: Sydney
Region: New South Wales
Country: Australia
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 3.25.98.58 | attack | srvr1: (mod_security) mod_security (id:920350) triggered by 3.25.98.58 (AU/-/ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/16 05:04:17 [error] 117383#0: *157388 [client 3.25.98.58] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/.git/HEAD"] [unique_id "159755425770.248773"] [ref "o0,13v30,13"], client: 3.25.98.58, [redacted] request: "GET /.git/HEAD HTTP/1.1" [redacted] |
2020-08-16 15:33:55 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 3.25.9.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21473
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;3.25.9.37. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025021002 1800 900 604800 86400
;; Query time: 12 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 11 12:05:03 CST 2025
;; MSG SIZE rcvd: 10237.9.25.3.in-addr.arpa domain name pointer ec2-3-25-9-37.ap-southeast-2.compute.amazonaws.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
37.9.25.3.in-addr.arpa name = ec2-3-25-9-37.ap-southeast-2.compute.amazonaws.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 159.203.219.38 | attack | 616. On Jun 30 2020 experienced a Brute Force SSH login attempt -> 4 unique times by 159.203.219.38. |
2020-07-02 06:22:43 |
| 185.39.11.88 | attack | Persistent intruder - 185.39.11.88 |
2020-07-02 06:15:11 |
| 103.254.198.67 | attackspambots | SSH / Telnet Brute Force Attempts on Honeypot |
2020-07-02 06:11:01 |
| 36.111.182.133 | attackspam | Jun 30 20:52:12 vps1 sshd[2054220]: Invalid user omega from 36.111.182.133 port 36400 Jun 30 20:52:14 vps1 sshd[2054220]: Failed password for invalid user omega from 36.111.182.133 port 36400 ssh2 ... |
2020-07-02 05:35:40 |
| 35.185.40.110 | attackbots | Jun 30 19:00:25 master sshd[1107]: Failed password for invalid user y from 35.185.40.110 port 52210 ssh2 |
2020-07-02 06:08:57 |
| 137.59.66.140 | attack | Honeypot attack, port: 445, PTR: PTR record not found |
2020-07-02 06:07:39 |
| 101.50.71.19 | attackbotsspam | Jun 24 17:38:43 mail1 sshd[23460]: Invalid user admin from 101.50.71.19 port 58102 Jun 24 17:38:43 mail1 sshd[23460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.50.71.19 Jun 24 17:38:45 mail1 sshd[23460]: Failed password for invalid user admin from 101.50.71.19 port 58102 ssh2 Jun 24 17:38:45 mail1 sshd[23460]: Connection closed by 101.50.71.19 port 58102 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=101.50.71.19 |
2020-07-02 05:54:10 |
| 93.48.89.62 | attackspambots | firewall-block, port(s): 81/tcp |
2020-07-02 06:18:47 |
| 192.35.169.27 | attackspambots | Jul 1 02:20:58 debian-2gb-nbg1-2 kernel: \[15821493.628327\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=192.35.169.27 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=40108 PROTO=TCP SPT=21544 DPT=5984 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-07-02 06:19:17 |
| 88.155.148.166 | attack | кто стучался в мою почту? точно мошенники!!! будьте осторожны!!! |
2020-07-02 05:37:10 |
| 186.213.100.213 | attackspambots | $f2bV_matches |
2020-07-02 06:05:19 |
| 178.128.221.85 | attackspambots | 2020-06-30T10:47:48.588202mail.thespaminator.com sshd[3212]: Invalid user ly from 178.128.221.85 port 40410 2020-06-30T10:47:50.636883mail.thespaminator.com sshd[3212]: Failed password for invalid user ly from 178.128.221.85 port 40410 ssh2 ... |
2020-07-02 05:26:41 |
| 175.24.14.72 | attackspambots | DATE:2020-07-01 02:02:01, IP:175.24.14.72, PORT:ssh SSH brute force auth (docker-dc) |
2020-07-02 06:22:02 |
| 157.52.193.81 | attack | Brute force attempt |
2020-07-02 05:18:56 |
| 137.74.166.77 | attack | Jul 1 00:26:13 pve1 sshd[21021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.166.77 Jul 1 00:26:15 pve1 sshd[21021]: Failed password for invalid user mysql from 137.74.166.77 port 37432 ssh2 ... |
2020-07-02 05:46:19 |