City: unknown
Region: unknown
Country: United States of America
Internet Service Provider: Amazon Technologies Inc.
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackspam | Lines containing failures of 34.209.124.160 auth.log:Sep 5 09:54:05 omfg sshd[14971]: Connection from 34.209.124.160 port 47182 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:06 omfg sshd[14971]: Connection closed by 34.209.124.160 port 47182 [preauth] auth.log:Sep 5 09:54:07 omfg sshd[14973]: Connection from 34.209.124.160 port 48614 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:07 omfg sshd[14973]: Unable to negotiate whostnameh 34.209.124.160 port 48614: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth] auth.log:Sep 5 09:54:08 omfg sshd[14975]: Connection from 34.209.124.160 port 49690 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:09 omfg sshd[14975]: Unable to negotiate whostnameh 34.209.124.160 port 49690: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth] auth.log:Sep 5 09:54:10 omfg sshd[14977]: Connection from 34.209.124.160 port 50530 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:11 omfg sshd[14977]: Connection c........ ------------------------------ |
2020-09-06 21:31:05 |
| attackspam | Lines containing failures of 34.209.124.160 auth.log:Sep 5 09:54:05 omfg sshd[14971]: Connection from 34.209.124.160 port 47182 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:06 omfg sshd[14971]: Connection closed by 34.209.124.160 port 47182 [preauth] auth.log:Sep 5 09:54:07 omfg sshd[14973]: Connection from 34.209.124.160 port 48614 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:07 omfg sshd[14973]: Unable to negotiate whostnameh 34.209.124.160 port 48614: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth] auth.log:Sep 5 09:54:08 omfg sshd[14975]: Connection from 34.209.124.160 port 49690 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:09 omfg sshd[14975]: Unable to negotiate whostnameh 34.209.124.160 port 49690: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth] auth.log:Sep 5 09:54:10 omfg sshd[14977]: Connection from 34.209.124.160 port 50530 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:11 omfg sshd[14977]: Connection c........ ------------------------------ |
2020-09-06 13:06:01 |
| attack | Lines containing failures of 34.209.124.160 auth.log:Sep 5 09:54:05 omfg sshd[14971]: Connection from 34.209.124.160 port 47182 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:06 omfg sshd[14971]: Connection closed by 34.209.124.160 port 47182 [preauth] auth.log:Sep 5 09:54:07 omfg sshd[14973]: Connection from 34.209.124.160 port 48614 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:07 omfg sshd[14973]: Unable to negotiate whostnameh 34.209.124.160 port 48614: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth] auth.log:Sep 5 09:54:08 omfg sshd[14975]: Connection from 34.209.124.160 port 49690 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:09 omfg sshd[14975]: Unable to negotiate whostnameh 34.209.124.160 port 49690: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth] auth.log:Sep 5 09:54:10 omfg sshd[14977]: Connection from 34.209.124.160 port 50530 on 78.46.60.42 port 22 auth.log:Sep 5 09:54:11 omfg sshd[14977]: Connection c........ ------------------------------ |
2020-09-06 05:23:59 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 34.209.124.160
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30696
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;34.209.124.160. IN A
;; AUTHORITY SECTION:
. 491 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020090500 1800 900 604800 86400
;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 06 05:23:56 CST 2020
;; MSG SIZE rcvd: 118160.124.209.34.in-addr.arpa domain name pointer ec2-34-209-124-160.us-west-2.compute.amazonaws.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
160.124.209.34.in-addr.arpa name = ec2-34-209-124-160.us-west-2.compute.amazonaws.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 201.182.234.206 | attackbots | Automatic report - Port Scan Attack |
2020-02-14 10:35:33 |
| 180.245.185.118 | attackbots | Fail2Ban Ban Triggered |
2020-02-14 10:09:56 |
| 206.189.156.198 | attackspam | Scanned 3 times in the last 24 hours on port 22 |
2020-02-14 09:58:25 |
| 185.234.216.178 | attackspam | Feb 12 09:43:32 tamoto postfix/smtpd[16011]: connect from unknown[185.234.216.178] Feb 12 09:43:32 tamoto postfix/smtpd[16011]: connect from unknown[185.234.216.178] Feb 12 09:43:32 tamoto postfix/smtpd[16011]: warning: unknown[185.234.216.178]: SASL LOGIN authentication failed: authentication failure Feb 12 09:43:32 tamoto postfix/smtpd[16011]: warning: unknown[185.234.216.178]: SASL LOGIN authentication failed: authentication failure Feb 12 09:43:32 tamoto postfix/smtpd[16011]: lost connection after AUTH from unknown[185.234.216.178] Feb 12 09:43:32 tamoto postfix/smtpd[16011]: lost connection after AUTH from unknown[185.234.216.178] Feb 12 09:43:32 tamoto postfix/smtpd[16011]: disconnect from unknown[185.234.216.178] Feb 12 09:43:32 tamoto postfix/smtpd[16011]: disconnect from unknown[185.234.216.178] Feb 12 09:44:32 tamoto postfix/smtpd[20645]: connect from unknown[185.234.216.178] Feb 12 09:44:32 tamoto postfix/smtpd[20645]: connect from unknown[185.234.216.178] Fe........ ------------------------------- |
2020-02-14 10:01:01 |
| 92.38.152.92 | attackbotsspam | Feb 13 22:39:10 ws22vmsma01 sshd[196533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.38.152.92 Feb 13 22:39:12 ws22vmsma01 sshd[196533]: Failed password for invalid user tk from 92.38.152.92 port 47066 ssh2 ... |
2020-02-14 10:19:37 |
| 134.175.161.251 | attack | Invalid user post from 134.175.161.251 port 52858 |
2020-02-14 10:07:02 |
| 2a00:1158:2:6d00::2 | attackspam | 02/14/2020-03:15:13.275386 2a00:1158:0002:6d00:0000:0000:0000:0002 Protocol: 6 SURICATA TLS invalid record/traffic |
2020-02-14 10:42:11 |
| 153.126.141.42 | attackbots | Feb 13 20:06:26 tuxlinux sshd[30949]: Invalid user zest from 153.126.141.42 port 40394 Feb 13 20:06:26 tuxlinux sshd[30949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.126.141.42 Feb 13 20:06:26 tuxlinux sshd[30949]: Invalid user zest from 153.126.141.42 port 40394 Feb 13 20:06:26 tuxlinux sshd[30949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.126.141.42 ... |
2020-02-14 10:30:25 |
| 36.226.107.120 | attack | $f2bV_matches |
2020-02-14 10:19:08 |
| 103.48.192.48 | attack | $f2bV_matches |
2020-02-14 10:38:50 |
| 144.217.34.148 | attackspam | 144.217.34.148 was recorded 7 times by 7 hosts attempting to connect to the following ports: 5353. Incident counter (4h, 24h, all-time): 7, 40, 777 |
2020-02-14 10:10:24 |
| 52.130.85.47 | attackbots | Feb 12 21:44:26 cloud sshd[6849]: Did not receive identification string from 52.130.85.47 Feb 12 21:45:27 cloud sshd[6852]: Did not receive identification string from 52.130.85.47 Feb 12 21:46:57 cloud sshd[6855]: Invalid user james from 52.130.85.47 Feb 12 21:46:57 cloud sshd[6855]: Received disconnect from 52.130.85.47 port 43878:11: Normal Shutdown, Thank you for playing [preauth] Feb 12 21:46:57 cloud sshd[6855]: Disconnected from 52.130.85.47 port 43878 [preauth] Feb 12 21:48:04 cloud sshd[6859]: Invalid user james from 52.130.85.47 Feb 12 21:48:05 cloud sshd[6859]: Received disconnect from 52.130.85.47 port 36448:11: Normal Shutdown, Thank you for playing [preauth] Feb 12 21:48:05 cloud sshd[6859]: Disconnected from 52.130.85.47 port 36448 [preauth] Feb 12 21:49:25 cloud sshd[6863]: Invalid user james from 52.130.85.47 Feb 12 21:49:25 cloud sshd[6863]: Received disconnect from 52.130.85.47 port 57290:11: Normal Shutdown, Thank you for playing [preauth] Feb 12 21:4........ ------------------------------- |
2020-02-14 10:23:16 |
| 191.255.250.51 | attackspambots | MultiHost/MultiPort Probe, Scan, Hack - |
2020-02-14 10:17:35 |
| 191.7.155.166 | attack | MultiHost/MultiPort Probe, Scan, Hack - |
2020-02-14 10:09:32 |
| 93.42.117.137 | attack | $f2bV_matches |
2020-02-14 10:08:44 |