City: unknown
Region: unknown
Country: Taiwan, China
Internet Service Provider: Google LLC
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attack | Lines containing failures of 34.80.125.119 Aug 2 12:49:14 newdogma sshd[14584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.80.125.119 user=r.r Aug 2 12:49:16 newdogma sshd[14584]: Failed password for r.r from 34.80.125.119 port 44202 ssh2 Aug 2 12:49:18 newdogma sshd[14584]: Received disconnect from 34.80.125.119 port 44202:11: Bye Bye [preauth] Aug 2 12:49:18 newdogma sshd[14584]: Disconnected from authenticating user r.r 34.80.125.119 port 44202 [preauth] Aug 2 13:02:44 newdogma sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.80.125.119 user=r.r Aug 2 13:02:45 newdogma sshd[15919]: Failed password for r.r from 34.80.125.119 port 58396 ssh2 Aug 2 13:02:46 newdogma sshd[15919]: Received disconnect from 34.80.125.119 port 58396:11: Bye Bye [preauth] Aug 2 13:02:46 newdogma sshd[15919]: Disconnected from authenticating user r.r 34.80.125.119 port 58396 [preauth........ ------------------------------ |
2020-08-03 06:46:29 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 34.80.125.119
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;34.80.125.119. IN A
;; AUTHORITY SECTION:
. 179 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020080201 1800 900 604800 86400
;; Query time: 37 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Aug 03 06:46:26 CST 2020
;; MSG SIZE rcvd: 117119.125.80.34.in-addr.arpa domain name pointer 119.125.80.34.bc.googleusercontent.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
119.125.80.34.in-addr.arpa name = 119.125.80.34.bc.googleusercontent.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 202.154.246.44 | attackbots | Port probing on unauthorized port 445 |
2020-08-22 01:41:54 |
| 128.14.134.134 | attackspam | [20/Aug/2020:12:41:42 -0400] "GET / HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" [20/Aug/2020:12:41:43 -0400] "GET / HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" |
2020-08-22 01:50:24 |
| 196.188.232.41 | attackbots | 1598011381 - 08/21/2020 14:03:01 Host: 196.188.232.41/196.188.232.41 Port: 445 TCP Blocked |
2020-08-22 01:32:18 |
| 91.113.174.252 | attackbotsspam | Unauthorized connection attempt from IP address 91.113.174.252 on Port 445(SMB) |
2020-08-22 01:47:00 |
| 220.176.162.118 | attackspambots | Unauthorized connection attempt from IP address 220.176.162.118 on Port 445(SMB) |
2020-08-22 01:18:21 |
| 81.12.169.126 | attackspam | srvr1: (mod_security) mod_security (id:942100) triggered by 81.12.169.126 (RO/-/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:03:11 [error] 482759#0: *840316 [client 81.12.169.126] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "15980113918.300741"] [ref ""], client: 81.12.169.126, [redacted] request: "GET /forum/viewthread.php?thread_id=1122+AND+++%279864%27+%3D+%270%27 HTTP/1.1" [redacted] |
2020-08-22 01:17:11 |
| 14.161.30.0 | attackspam | Unauthorized connection attempt from IP address 14.161.30.0 on Port 445(SMB) |
2020-08-22 01:22:34 |
| 183.109.124.137 | attackspambots | prod11 ... |
2020-08-22 01:42:18 |
| 106.54.98.89 | attackspambots | Aug 21 14:39:26 firewall sshd[25562]: Invalid user yhy from 106.54.98.89 Aug 21 14:39:28 firewall sshd[25562]: Failed password for invalid user yhy from 106.54.98.89 port 41548 ssh2 Aug 21 14:44:02 firewall sshd[25736]: Invalid user rdp from 106.54.98.89 ... |
2020-08-22 01:54:02 |
| 101.95.106.6 | attackspambots | Unauthorized connection attempt from IP address 101.95.106.6 on Port 445(SMB) |
2020-08-22 01:32:47 |
| 113.53.83.212 | attack | srvr1: (mod_security) mod_security (id:942100) triggered by 113.53.83.212 (TH/-/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:02:53 [error] 482759#0: *840280 [client 113.53.83.212] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801137360.314875"] [ref ""], client: 113.53.83.212, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27+AND+++%279414%27+%3D+%270%27 HTTP/1.1" [redacted] |
2020-08-22 01:36:03 |
| 139.59.12.65 | attackbotsspam | SSH authentication failure x 6 reported by Fail2Ban ... |
2020-08-22 01:39:39 |
| 78.161.212.36 | attack | Unauthorized connection attempt from IP address 78.161.212.36 on Port 445(SMB) |
2020-08-22 01:40:07 |
| 36.74.177.163 | attackbots | Unauthorized connection attempt from IP address 36.74.177.163 on Port 445(SMB) |
2020-08-22 01:19:20 |
| 108.60.44.245 | attackspambots | Icarus honeypot on github |
2020-08-22 01:29:25 |