City: unknown
Region: unknown
Country: Australia
Internet Service Provider: Amazon Corporate Services Pty Ltd
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attack | srvr1: (mod_security) mod_security (id:920350) triggered by 3.25.98.58 (AU/-/ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/16 05:04:17 [error] 117383#0: *157388 [client 3.25.98.58] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/.git/HEAD"] [unique_id "159755425770.248773"] [ref "o0,13v30,13"], client: 3.25.98.58, [redacted] request: "GET /.git/HEAD HTTP/1.1" [redacted] |
2020-08-16 15:33:55 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 3.25.98.58
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 786
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.25.98.58. IN A
;; AUTHORITY SECTION:
. 483 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020081600 1800 900 604800 86400
;; Query time: 81 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Aug 16 15:33:49 CST 2020
;; MSG SIZE rcvd: 114
58.98.25.3.in-addr.arpa domain name pointer ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com.
Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
58.98.25.3.in-addr.arpa name = ec2-3-25-98-58.ap-southeast-2.compute.amazonaws.com.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 114.34.101.37 | attackspam | Unauthorized connection attempt detected from IP address 114.34.101.37 to port 82 [J] |
2020-01-14 19:58:25 |
| 116.89.112.121 | attackspam | Unauthorized connection attempt detected from IP address 116.89.112.121 to port 5555 [J] |
2020-01-14 19:57:33 |
| 160.20.52.22 | attackbotsspam | Honeypot attack, port: 445, PTR: PTR record not found |
2020-01-14 20:09:34 |
| 216.165.194.170 | attack | Unauthorized connection attempt detected from IP address 216.165.194.170 to port 5555 [J] |
2020-01-14 20:06:13 |
| 188.113.174.55 | attack | Unauthorized connection attempt detected from IP address 188.113.174.55 to port 2220 [J] |
2020-01-14 20:08:42 |
| 199.192.226.168 | attackspam | Unauthorized connection attempt detected from IP address 199.192.226.168 to port 80 [J] |
2020-01-14 20:07:08 |
| 190.164.224.135 | attack | Unauthorized connection attempt detected from IP address 190.164.224.135 to port 8080 [J] |
2020-01-14 19:52:49 |
| 118.69.26.160 | attack | Unauthorized connection attempt detected from IP address 118.69.26.160 to port 23 [J] |
2020-01-14 20:11:55 |
| 200.100.92.223 | attackbots | firewall-block, port(s): 445/tcp |
2020-01-14 20:19:51 |
| 91.113.247.98 | attackbotsspam | Unauthorized connection attempt detected from IP address 91.113.247.98 to port 2222 [J] |
2020-01-14 20:00:50 |
| 24.221.38.182 | attackbotsspam | Unauthorized connection attempt detected from IP address 24.221.38.182 to port 2222 [J] |
2020-01-14 19:49:41 |
| 116.252.0.28 | attack | Unauthorized connection attempt detected from IP address 116.252.0.28 to port 8899 [J] |
2020-01-14 20:27:22 |
| 36.66.175.129 | attack | Honeypot attack, port: 445, PTR: PTR record not found |
2020-01-14 19:48:56 |
| 209.97.175.96 | attack | Unauthorized connection attempt detected from IP address 209.97.175.96 to port 2220 [J] |
2020-01-14 20:06:37 |
| 222.186.175.154 | attack | pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.154 user=root Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2 Failed password for root from 222.186.175.154 port 27046 ssh2 |
2020-01-14 19:50:51 |