City: Hannibal
Region: New York
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.46.151.242
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4327
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;45.46.151.242. IN A
;; AUTHORITY SECTION:
. 60 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022032500 1800 900 604800 86400
;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 25 21:03:32 CST 2022
;; MSG SIZE rcvd: 106
242.151.46.45.in-addr.arpa domain name pointer cpe-45-46-151-242.buffalo.res.rr.com.
Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
242.151.46.45.in-addr.arpa name = cpe-45-46-151-242.buffalo.res.rr.com.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 212.64.12.236 | attackbots | Aug 7 13:52:36 ovpn sshd\[15235\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.12.236 user=root Aug 7 13:52:38 ovpn sshd\[15235\]: Failed password for root from 212.64.12.236 port 51584 ssh2 Aug 7 14:04:31 ovpn sshd\[20226\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.12.236 user=root Aug 7 14:04:33 ovpn sshd\[20226\]: Failed password for root from 212.64.12.236 port 54282 ssh2 Aug 7 14:07:30 ovpn sshd\[21257\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.12.236 user=root |
2020-08-07 21:42:20 |
| 5.63.186.31 | attack | failed_logins |
2020-08-07 21:18:06 |
| 192.35.169.19 | attackbotsspam |
|
2020-08-07 21:11:58 |
| 119.40.33.22 | attackspambots | Aug 7 12:59:30 plex-server sshd[815531]: Failed password for root from 119.40.33.22 port 55921 ssh2 Aug 7 13:01:54 plex-server sshd[816584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.40.33.22 user=root Aug 7 13:01:56 plex-server sshd[816584]: Failed password for root from 119.40.33.22 port 39901 ssh2 Aug 7 13:04:19 plex-server sshd[817520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.40.33.22 user=root Aug 7 13:04:21 plex-server sshd[817520]: Failed password for root from 119.40.33.22 port 52107 ssh2 ... |
2020-08-07 21:39:08 |
| 51.195.136.14 | attackspambots | 2020-08-07T14:03:34.261239centos sshd[29479]: Failed password for root from 51.195.136.14 port 36752 ssh2 2020-08-07T14:07:44.143211centos sshd[29717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.136.14 user=root 2020-08-07T14:07:46.221036centos sshd[29717]: Failed password for root from 51.195.136.14 port 46978 ssh2 ... |
2020-08-07 21:28:08 |
| 37.59.56.124 | attackbotsspam | 37.59.56.124 - - [07/Aug/2020:14:08:01 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.59.56.124 - - [07/Aug/2020:14:08:02 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.59.56.124 - - [07/Aug/2020:14:08:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-08-07 21:09:19 |
| 106.12.148.201 | attackbotsspam | Attempted to establish connection to non opened port 22584 |
2020-08-07 21:08:34 |
| 109.244.35.42 | attackspambots | Aug 3 05:56:00 ns sshd[31565]: Connection from 109.244.35.42 port 39250 on 134.119.36.27 port 22 Aug 3 05:56:03 ns sshd[31565]: User r.r from 109.244.35.42 not allowed because not listed in AllowUsers Aug 3 05:56:03 ns sshd[31565]: Failed password for invalid user r.r from 109.244.35.42 port 39250 ssh2 Aug 3 05:56:03 ns sshd[31565]: Received disconnect from 109.244.35.42 port 39250:11: Bye Bye [preauth] Aug 3 05:56:03 ns sshd[31565]: Disconnected from 109.244.35.42 port 39250 [preauth] Aug 3 06:05:33 ns sshd[9368]: Connection from 109.244.35.42 port 55982 on 134.119.36.27 port 22 Aug 3 06:05:41 ns sshd[9368]: User r.r from 109.244.35.42 not allowed because not listed in AllowUsers Aug 3 06:05:41 ns sshd[9368]: Failed password for invalid user r.r from 109.244.35.42 port 55982 ssh2 Aug 3 06:05:41 ns sshd[9368]: Received disconnect from 109.244.35.42 port 55982:11: Bye Bye [preauth] Aug 3 06:05:41 ns sshd[9368]: Disconnected from 109.244.35.42 port 55982 [preaut........ ------------------------------- |
2020-08-07 21:21:17 |
| 111.72.195.242 | attack | Aug 7 14:54:28 srv01 postfix/smtpd\[32569\]: warning: unknown\[111.72.195.242\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 14:54:40 srv01 postfix/smtpd\[32569\]: warning: unknown\[111.72.195.242\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 7 14:55:05 srv01 postfix/smtpd\[32569\]: warning: unknown\[111.72.195.242\]: SASL LOGIN authentication failed: Invalid base64 data in continued response Aug 7 14:55:32 srv01 postfix/smtpd\[32569\]: warning: unknown\[111.72.195.242\]: SASL LOGIN authentication failed: Invalid base64 data in continued response Aug 7 14:57:45 srv01 postfix/smtpd\[29160\]: warning: unknown\[111.72.195.242\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... |
2020-08-07 21:22:16 |
| 177.126.85.31 | attack | Lines containing failures of 177.126.85.31 Aug 3 05:45:59 shared11 sshd[29581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.85.31 user=r.r Aug 3 05:46:01 shared11 sshd[29581]: Failed password for r.r from 177.126.85.31 port 45187 ssh2 Aug 3 05:46:01 shared11 sshd[29581]: Received disconnect from 177.126.85.31 port 45187:11: Bye Bye [preauth] Aug 3 05:46:01 shared11 sshd[29581]: Disconnected from authenticating user r.r 177.126.85.31 port 45187 [preauth] Aug 3 05:53:19 shared11 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.85.31 user=r.r Aug 3 05:53:20 shared11 sshd[31761]: Failed password for r.r from 177.126.85.31 port 23434 ssh2 Aug 3 05:53:20 shared11 sshd[31761]: Received disconnect from 177.126.85.31 port 23434:11: Bye Bye [preauth] Aug 3 05:53:20 shared11 sshd[31761]: Disconnected from authenticating user r.r 177.126.85.31 port 23434 [preauth........ ------------------------------ |
2020-08-07 21:18:34 |
| 188.166.144.207 | attackspam | Aug 7 03:02:17 web9 sshd\[3283\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.144.207 user=root Aug 7 03:02:19 web9 sshd\[3283\]: Failed password for root from 188.166.144.207 port 54668 ssh2 Aug 7 03:06:38 web9 sshd\[4124\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.144.207 user=root Aug 7 03:06:40 web9 sshd\[4124\]: Failed password for root from 188.166.144.207 port 37576 ssh2 Aug 7 03:10:56 web9 sshd\[4685\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.144.207 user=root |
2020-08-07 21:29:55 |
| 222.186.180.17 | attackbots | Aug 7 15:11:55 cosmoit sshd[29368]: Failed password for root from 222.186.180.17 port 48400 ssh2 |
2020-08-07 21:15:05 |
| 58.210.77.166 | attack | Aug 7 14:39:04 inter-technics sshd[14862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.210.77.166 user=root Aug 7 14:39:06 inter-technics sshd[14862]: Failed password for root from 58.210.77.166 port 27582 ssh2 Aug 7 14:43:24 inter-technics sshd[15175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.210.77.166 user=root Aug 7 14:43:27 inter-technics sshd[15175]: Failed password for root from 58.210.77.166 port 14356 ssh2 Aug 7 14:47:46 inter-technics sshd[15366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.210.77.166 user=root Aug 7 14:47:48 inter-technics sshd[15366]: Failed password for root from 58.210.77.166 port 28410 ssh2 ... |
2020-08-07 21:26:46 |
| 218.92.0.247 | attackbots | 2020-08-07T16:34:29.153578afi-git.jinr.ru sshd[20103]: Failed password for root from 218.92.0.247 port 31628 ssh2 2020-08-07T16:34:32.514291afi-git.jinr.ru sshd[20103]: Failed password for root from 218.92.0.247 port 31628 ssh2 2020-08-07T16:34:35.952792afi-git.jinr.ru sshd[20103]: Failed password for root from 218.92.0.247 port 31628 ssh2 2020-08-07T16:34:35.952924afi-git.jinr.ru sshd[20103]: error: maximum authentication attempts exceeded for root from 218.92.0.247 port 31628 ssh2 [preauth] 2020-08-07T16:34:35.952939afi-git.jinr.ru sshd[20103]: Disconnecting: Too many authentication failures [preauth] ... |
2020-08-07 21:36:26 |
| 46.29.164.139 | attackspam | (mod_security) mod_security (id:942100) triggered by 46.29.164.139 (RU/-/scren-assurance.countysky.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/07 12:07:52 [error] 16769#0: *68026 [client 46.29.164.139] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159680207216.498153"] [ref ""], client: 46.29.164.139, [redacted] request: "GET /forum/viewthread.php?thread_id=-1%22+UNION+ALL+SELECT+0x333834333139393138%2C0x333834333239393138--+ HTTP/1.1" [redacted] |
2020-08-07 21:19:34 |