City: Kampala
Region: Central Region
Country: Uganda
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 45.221.87.151 | attack | Brute forcing RDP port 3389 |
2019-12-10 04:15:21 |
| 45.221.88.146 | attackspam | Automatic report - Port Scan Attack |
2019-09-16 04:53:42 |
| 45.221.80.249 | attackspam | Sep 11 20:51:53 lenivpn01 kernel: \[460715.063399\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=45.221.80.249 DST=195.201.121.15 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=16853 DF PROTO=TCP SPT=36883 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 Sep 11 20:51:56 lenivpn01 kernel: \[460718.060026\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=45.221.80.249 DST=195.201.121.15 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=16854 DF PROTO=TCP SPT=36883 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 Sep 11 20:52:02 lenivpn01 kernel: \[460724.059537\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:2f:6c:1b:d2:74:7f:6e:37:e3:08:00 SRC=45.221.80.249 DST=195.201.121.15 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=16855 DF PROTO=TCP SPT=36883 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 ... |
2019-09-12 09:12:06 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.221.8.225
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62447
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;45.221.8.225. IN A
;; AUTHORITY SECTION:
. 535 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022062400 1800 900 604800 86400
;; Query time: 21 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jun 24 13:39:52 CST 2022
;; MSG SIZE rcvd: 105Host 225.8.221.45.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 225.8.221.45.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 198.199.79.17 | attack | Sep 26 22:49:00 eddieflores sshd\[26506\]: Invalid user kq from 198.199.79.17 Sep 26 22:49:00 eddieflores sshd\[26506\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.79.17 Sep 26 22:49:02 eddieflores sshd\[26506\]: Failed password for invalid user kq from 198.199.79.17 port 60268 ssh2 Sep 26 22:52:52 eddieflores sshd\[27389\]: Invalid user andres from 198.199.79.17 Sep 26 22:52:52 eddieflores sshd\[27389\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.79.17 |
2019-09-27 16:58:34 |
| 59.17.84.105 | attack | Unauthorised access (Sep 27) SRC=59.17.84.105 LEN=40 TTL=53 ID=33517 TCP DPT=8080 WINDOW=49698 SYN |
2019-09-27 17:01:34 |
| 183.89.215.122 | attackbotsspam | Chat Spam |
2019-09-27 16:41:47 |
| 175.112.9.160 | attack | 19/9/26@23:50:18: FAIL: IoT-Telnet address from=175.112.9.160 19/9/26@23:50:19: FAIL: IoT-Telnet address from=175.112.9.160 ... |
2019-09-27 16:32:17 |
| 45.136.109.190 | attack | firewall-block, port(s): 3604/tcp, 12161/tcp, 35290/tcp |
2019-09-27 16:50:21 |
| 115.68.1.14 | attackbots | Sep 27 02:00:40 plusreed sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.68.1.14 user=root Sep 27 02:00:42 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 Sep 27 02:00:44 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 Sep 27 02:00:40 plusreed sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.68.1.14 user=root Sep 27 02:00:42 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 Sep 27 02:00:44 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 Sep 27 02:00:40 plusreed sshd[13279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.68.1.14 user=root Sep 27 02:00:42 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 Sep 27 02:00:44 plusreed sshd[13279]: Failed password for root from 115.68.1.14 port 39050 ssh2 S |
2019-09-27 16:54:43 |
| 49.88.112.78 | attackbotsspam | Sep 27 10:32:56 dcd-gentoo sshd[1840]: User root from 49.88.112.78 not allowed because none of user's groups are listed in AllowGroups Sep 27 10:32:58 dcd-gentoo sshd[1840]: error: PAM: Authentication failure for illegal user root from 49.88.112.78 Sep 27 10:32:56 dcd-gentoo sshd[1840]: User root from 49.88.112.78 not allowed because none of user's groups are listed in AllowGroups Sep 27 10:32:58 dcd-gentoo sshd[1840]: error: PAM: Authentication failure for illegal user root from 49.88.112.78 Sep 27 10:32:56 dcd-gentoo sshd[1840]: User root from 49.88.112.78 not allowed because none of user's groups are listed in AllowGroups Sep 27 10:32:58 dcd-gentoo sshd[1840]: error: PAM: Authentication failure for illegal user root from 49.88.112.78 Sep 27 10:32:58 dcd-gentoo sshd[1840]: Failed keyboard-interactive/pam for invalid user root from 49.88.112.78 port 63767 ssh2 ... |
2019-09-27 16:33:11 |
| 185.176.27.102 | attackbotsspam | 09/27/2019-03:14:10.932105 185.176.27.102 Protocol: 6 ET DROP Dshield Block Listed Source group 1 |
2019-09-27 16:58:54 |
| 222.119.20.239 | attackbotsspam | 2019-09-27T09:00:58.508551abusebot-2.cloudsearch.cf sshd\[26073\]: Invalid user administrador from 222.119.20.239 port 38500 |
2019-09-27 17:02:16 |
| 109.124.148.164 | attackspam | Sep 27 05:49:59 tor-proxy-04 sshd\[9188\]: Invalid user pi from 109.124.148.164 port 36624 Sep 27 05:49:59 tor-proxy-04 sshd\[9188\]: Connection closed by 109.124.148.164 port 36624 \[preauth\] Sep 27 05:50:00 tor-proxy-04 sshd\[9190\]: Invalid user pi from 109.124.148.164 port 36626 Sep 27 05:50:00 tor-proxy-04 sshd\[9190\]: Connection closed by 109.124.148.164 port 36626 \[preauth\] ... |
2019-09-27 16:52:00 |
| 125.69.100.12 | attackbotsspam | 09/26/2019-23:49:00.624089 125.69.100.12 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433 |
2019-09-27 16:50:02 |
| 103.78.97.61 | attackbotsspam | 2019-09-27T05:20:46.741311abusebot-8.cloudsearch.cf sshd\[6185\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.78.97.61 user=root |
2019-09-27 17:00:32 |
| 182.16.166.118 | attackspam | Attempt to attack host OS, exploiting network vulnerabilities, on 27-09-2019 04:50:14. |
2019-09-27 16:37:28 |
| 138.219.228.96 | attackspam | Reported by AbuseIPDB proxy server. |
2019-09-27 16:42:03 |
| 188.240.208.212 | attack | Sep 27 08:36:34 localhost sshd\[123754\]: Invalid user edwin from 188.240.208.212 port 42378 Sep 27 08:36:34 localhost sshd\[123754\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.240.208.212 Sep 27 08:36:36 localhost sshd\[123754\]: Failed password for invalid user edwin from 188.240.208.212 port 42378 ssh2 Sep 27 08:41:24 localhost sshd\[123942\]: Invalid user sa from 188.240.208.212 port 54568 Sep 27 08:41:24 localhost sshd\[123942\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.240.208.212 ... |
2019-09-27 16:55:12 |