City: Bowling Green
Region: Kentucky
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 71.66.23.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10539
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;71.66.23.161. IN A
;; AUTHORITY SECTION:
. 431 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020061502 1800 900 604800 86400
;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jun 16 07:09:24 CST 2020
;; MSG SIZE rcvd: 116Host 161.23.66.71.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 161.23.66.71.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 198.143.155.140 | attackspam | 02/03/2020-19:07:09.823806 198.143.155.140 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2020-02-04 08:45:04 |
| 66.220.149.28 | attackbotsspam | [Tue Feb 04 07:07:33.501108 2020] [:error] [pid 18719:tid 139896723326720] [client 66.220.149.28:52886] [client 66.220.149.28] ModSecurity: Access denied with code 403 (phase 2). Found 3 byte(s) in REQUEST_URI outside range: 32-36,38-126. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1304"] [id "920272"] [msg "Invalid character in request (outside of printable chars below ascii 127)"] [data "REQUEST_URI=/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika/2020/01_Januari_2020/Das-III/Analisis_Dinamika_Atmosfer\\xe2\\x80\\x93Laut_Dan_Prediksi_Curah_Hujan_Update_Dasarian_III_Januari_2020.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [tag "paranoia-level/3"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika ... |
2020-02-04 08:23:07 |
| 139.199.0.84 | attack | 2020-02-03T17:36:18.6161821495-001 sshd[63339]: Invalid user postgres from 139.199.0.84 port 45496 2020-02-03T17:36:18.6198261495-001 sshd[63339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.0.84 2020-02-03T17:36:18.6161821495-001 sshd[63339]: Invalid user postgres from 139.199.0.84 port 45496 2020-02-03T17:36:20.4793491495-001 sshd[63339]: Failed password for invalid user postgres from 139.199.0.84 port 45496 ssh2 2020-02-03T17:45:07.8163151495-001 sshd[63726]: Invalid user db2inst1 from 139.199.0.84 port 35724 2020-02-03T17:45:07.8208611495-001 sshd[63726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.0.84 2020-02-03T17:45:07.8163151495-001 sshd[63726]: Invalid user db2inst1 from 139.199.0.84 port 35724 2020-02-03T17:45:09.6353621495-001 sshd[63726]: Failed password for invalid user db2inst1 from 139.199.0.84 port 35724 ssh2 2020-02-03T17:48:21.4536681495-001 sshd[63893]: Invalid us ... |
2020-02-04 08:07:43 |
| 64.225.21.125 | attackspambots | Feb 3 22:00:30 rama sshd[122403]: reveeclipse mapping checking getaddrinfo for 888737475domnag.com [64.225.21.125] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 3 22:00:30 rama sshd[122403]: Invalid user ff from 64.225.21.125 Feb 3 22:00:30 rama sshd[122403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.21.125 Feb 3 22:00:32 rama sshd[122403]: Failed password for invalid user ff from 64.225.21.125 port 51066 ssh2 Feb 3 22:00:32 rama sshd[122403]: Received disconnect from 64.225.21.125: 11: Bye Bye [preauth] Feb 3 22:13:35 rama sshd[125812]: reveeclipse mapping checking getaddrinfo for 888737475domnag.com [64.225.21.125] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 3 22:13:35 rama sshd[125812]: Invalid user asterick from 64.225.21.125 Feb 3 22:13:35 rama sshd[125812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.21.125 Feb 3 22:13:36 rama sshd[125812]: Failed password for ........ ------------------------------- |
2020-02-04 08:45:54 |
| 134.209.90.139 | attackbots | Feb 3 13:45:16 web9 sshd\[16651\]: Invalid user hwserver from 134.209.90.139 Feb 3 13:45:16 web9 sshd\[16651\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.90.139 Feb 3 13:45:18 web9 sshd\[16651\]: Failed password for invalid user hwserver from 134.209.90.139 port 33590 ssh2 Feb 3 13:47:04 web9 sshd\[16846\]: Invalid user rosnizat from 134.209.90.139 Feb 3 13:47:04 web9 sshd\[16846\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.90.139 |
2020-02-04 08:08:36 |
| 62.210.37.82 | attackspam | Feb 4 01:05:24 v22019058497090703 sshd[14465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.210.37.82 Feb 4 01:05:26 v22019058497090703 sshd[14465]: Failed password for invalid user admin from 62.210.37.82 port 39296 ssh2 ... |
2020-02-04 08:29:51 |
| 124.156.50.64 | attackspam | Unauthorized connection attempt detected from IP address 124.156.50.64 to port 512 [J] |
2020-02-04 08:10:05 |
| 222.138.97.4 | attackspam | Unauthorized connection attempt detected from IP address 222.138.97.4 to port 2220 [J] |
2020-02-04 08:19:05 |
| 177.191.181.5 | attackspam | Feb 4 01:07:18 MK-Soft-VM7 sshd[6983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.191.181.5 Feb 4 01:07:20 MK-Soft-VM7 sshd[6983]: Failed password for invalid user davids from 177.191.181.5 port 59494 ssh2 ... |
2020-02-04 08:33:26 |
| 103.54.250.122 | attackbots | Feb 4 01:04:26 silence02 sshd[19379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.54.250.122 Feb 4 01:04:28 silence02 sshd[19379]: Failed password for invalid user sinusbot from 103.54.250.122 port 45371 ssh2 Feb 4 01:07:44 silence02 sshd[19658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.54.250.122 |
2020-02-04 08:13:52 |
| 83.0.227.149 | attack | RDP brute force attack detected by fail2ban |
2020-02-04 08:35:57 |
| 117.36.152.9 | attackspam | Unauthorised access (Feb 4) SRC=117.36.152.9 LEN=44 TTL=50 ID=11968 TCP DPT=8080 WINDOW=11245 SYN Unauthorised access (Feb 2) SRC=117.36.152.9 LEN=44 TTL=50 ID=56064 TCP DPT=8080 WINDOW=3370 SYN Unauthorised access (Feb 2) SRC=117.36.152.9 LEN=44 TTL=50 ID=19662 TCP DPT=8080 WINDOW=11245 SYN |
2020-02-04 08:17:46 |
| 206.253.224.74 | attackbotsspam | [Tue Feb 04 07:07:33.368018 2020] [:error] [pid 18915:tid 139896824071936] [client 206.253.224.74:60831] [client 206.253.224.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/swiper-v19.js"] [unique_id "Xji1xeU0zZMsHkukhUXd9QAAAl0"] ... |
2020-02-04 08:21:35 |
| 122.51.58.42 | attackspam | Fail2Ban - SSH Bruteforce Attempt |
2020-02-04 08:13:35 |
| 128.199.52.45 | attackbotsspam | Unauthorized connection attempt detected from IP address 128.199.52.45 to port 2220 [J] |
2020-02-04 08:33:06 |