City: Sacavem
Region: Lisbon
Country: Portugal
Internet Service Provider: PT Comunicacoes S.A.
Hostname: unknown
Organization: unknown
Usage Type: Fixed Line ISP
| Type | Details | Datetime |
|---|---|---|
| attack | 2020-01-25 14:11:58,266 fail2ban.actions: WARNING [ssh] Ban 85.242.242.102 |
2020-01-26 01:37:20 |
| attackbots | $f2bV_matches |
2020-01-03 03:49:16 |
| attack | --- report --- Dec 30 12:27:45 -0300 sshd: Connection from 85.242.242.102 port 56332 Dec 30 12:27:52 -0300 sshd: Invalid user dbus from 85.242.242.102 Dec 30 12:27:54 -0300 sshd: Failed password for invalid user dbus from 85.242.242.102 port 56332 ssh2 Dec 30 12:27:54 -0300 sshd: Received disconnect from 85.242.242.102: 11: Bye Bye [preauth] |
2019-12-31 00:03:23 |
| attack | Automatic report - SSH Brute-Force Attack |
2019-12-28 21:53:15 |
| attackspam | Automatic report - SSH Brute-Force Attack |
2019-12-27 03:56:21 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 85.242.242.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36509
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;85.242.242.102. IN A
;; AUTHORITY SECTION:
. 294 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019122601 1800 900 604800 86400
;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Dec 27 03:56:16 CST 2019
;; MSG SIZE rcvd: 118102.242.242.85.in-addr.arpa domain name pointer bl9-242-102.dsl.telepac.pt.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
102.242.242.85.in-addr.arpa name = bl9-242-102.dsl.telepac.pt.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 62.210.31.104 | attack | Port Scan |
2020-05-29 20:47:12 |
| 51.210.15.231 | attack | Port Scan |
2020-05-29 20:48:26 |
| 220.129.15.109 | attackbotsspam | Port Scan |
2020-05-29 20:31:48 |
| 195.54.161.40 | attack | Port Scan |
2020-05-29 20:34:11 |
| 210.71.232.236 | attackbotsspam | May 29 14:36:35 OPSO sshd\[20298\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.71.232.236 user=admin May 29 14:36:37 OPSO sshd\[20298\]: Failed password for admin from 210.71.232.236 port 57416 ssh2 May 29 14:40:43 OPSO sshd\[20740\]: Invalid user test from 210.71.232.236 port 35844 May 29 14:40:43 OPSO sshd\[20740\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.71.232.236 May 29 14:40:45 OPSO sshd\[20740\]: Failed password for invalid user test from 210.71.232.236 port 35844 ssh2 |
2020-05-29 20:52:13 |
| 223.171.32.55 | attackbotsspam | May 29 14:39:38 journals sshd\[104025\]: Invalid user sex from 223.171.32.55 May 29 14:39:38 journals sshd\[104025\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.171.32.55 May 29 14:39:40 journals sshd\[104025\]: Failed password for invalid user sex from 223.171.32.55 port 14207 ssh2 May 29 14:46:54 journals sshd\[105123\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.171.32.55 user=root May 29 14:46:55 journals sshd\[105123\]: Failed password for root from 223.171.32.55 port 14207 ssh2 ... |
2020-05-29 20:18:50 |
| 92.118.160.1 | attackspam | Port Scan |
2020-05-29 20:45:36 |
| 223.149.107.230 | attackbots | Port Scan |
2020-05-29 20:30:58 |
| 179.145.207.18 | attack | May 29 14:14:49 db01 sshd[3898]: reveeclipse mapping checking getaddrinfo for 179-145-207-18.user.vivozap.com.br [179.145.207.18] failed - POSSIBLE BREAK-IN ATTEMPT! May 29 14:14:49 db01 sshd[3898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.145.207.18 user=r.r May 29 14:14:51 db01 sshd[3898]: Failed password for r.r from 179.145.207.18 port 40179 ssh2 May 29 14:14:51 db01 sshd[3898]: Received disconnect from 179.145.207.18: 11: Bye Bye [preauth] May 29 14:14:57 db01 sshd[3902]: reveeclipse mapping checking getaddrinfo for 179-145-207-18.user.vivozap.com.br [179.145.207.18] failed - POSSIBLE BREAK-IN ATTEMPT! May 29 14:14:57 db01 sshd[3902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.145.207.18 user=r.r May 29 14:14:58 db01 sshd[3902]: Failed password for r.r from 179.145.207.18 port 40180 ssh2 May 29 14:14:59 db01 sshd[3902]: Received disconnect from 179.145.207.18: 11: ........ ------------------------------- |
2020-05-29 20:26:08 |
| 27.64.195.60 | attack | Port Scan |
2020-05-29 20:51:17 |
| 138.68.17.223 | attackspambots | 2020-05-29T11:37:36.000Z "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" 2020-05-29T11:37:33.000Z "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" |
2020-05-29 20:15:55 |
| 114.47.102.8 | attackspam | Port Scan |
2020-05-29 20:41:51 |
| 80.244.179.6 | attack | May 29 11:45:35 jumpserver sshd[1578]: Failed password for invalid user phpmyadmin from 80.244.179.6 port 48570 ssh2 May 29 11:48:39 jumpserver sshd[1603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.244.179.6 user=root May 29 11:48:41 jumpserver sshd[1603]: Failed password for root from 80.244.179.6 port 42186 ssh2 ... |
2020-05-29 20:13:39 |
| 216.218.206.81 | attack | Port Scan |
2020-05-29 20:51:58 |
| 51.161.12.231 | attackspambots | Port Scan |
2020-05-29 20:30:12 |