City: unknown
Region: unknown
Country: Lithuania
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| Type | Details | Datetime |
|---|---|---|
| attackspambots | ET CINS Active Threat Intelligence Poor Reputation IP group 86 - port: 3443 proto: tcp cat: Misc Attackbytes: 60 |
2020-08-21 23:20:46 |
| attack | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 82 |
2020-08-01 18:54:47 |
| attackbotsspam |
|
2020-07-28 23:28:40 |
| attackbots | Automatic report - Banned IP Access |
2020-07-14 02:45:47 |
| attackbotsspam | srv02 Mass scanning activity detected Target: 11211 .. |
2020-06-16 13:58:37 |
| attackspambots | MultiHost/MultiPort Probe, Scan, Hack - |
2020-06-12 18:08:56 |
| attackbotsspam |
|
2020-06-11 01:23:44 |
| attackspambots |
|
2020-06-06 07:59:39 |
| attackbotsspam | May 7 23:41:06 debian-2gb-nbg1-2 kernel: \[11146549.927740\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=92.118.160.57 DST=195.201.40.59 LEN=68 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=UDP SPT=61341 DPT=161 LEN=48 |
2020-05-08 06:30:15 |
| attackbotsspam | Port Scan: Events[1] countPorts[1]: 5443 .. |
2020-04-18 05:47:10 |
| attackbots | ET CINS Active Threat Intelligence Poor Reputation IP group 86 - port: N/A proto: ICMP cat: Misc Attack |
2020-04-17 05:58:58 |
| attackspam | Port Scan: Events[1] countPorts[1]: 2161 .. |
2020-04-16 04:34:12 |
| attackbotsspam | Port Scanning Detected |
2020-04-04 12:33:25 |
| attackbotsspam | Automatic report - Banned IP Access |
2020-03-27 04:15:12 |
| attackspambots | Honeypot attack, port: 139, PTR: 92.118.160.57.netsystemsresearch.com. |
2020-03-20 22:53:19 |
| attack | GPL POLICY PCAnywhere server response - port: 5632 proto: UDP cat: Misc activity |
2020-03-20 16:10:29 |
| attack | firewall-block, port(s): 80/tcp |
2020-03-18 06:13:36 |
| attack | 03/06/2020-08:34:23.249090 92.118.160.57 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2020-03-06 21:37:19 |
| attack | firewall-block, port(s): 8088/tcp |
2020-03-03 14:20:34 |
| attackbotsspam | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 502 [J] |
2020-02-25 13:41:19 |
| attackbots | Fail2Ban Ban Triggered |
2020-02-20 05:28:10 |
| attack | Automatic report - Banned IP Access |
2020-02-14 10:21:21 |
| attackbotsspam | trying to access non-authorized port |
2020-02-13 05:40:04 |
| attackbotsspam | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 2483 [J] |
2020-02-01 22:05:34 |
| attack | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 990 [J] |
2020-01-26 01:09:15 |
| attackspam | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 139 [J] |
2020-01-23 11:37:17 |
| attack | Unauthorized connection attempt detected from IP address 92.118.160.57 to port 5901 [J] |
2020-01-15 02:45:02 |
| attackspam | Port 22 Scan, PTR: 92.118.160.57.netsystemsresearch.com. |
2020-01-10 18:54:10 |
| attackbotsspam | scan r |
2020-01-08 21:18:25 |
| attack | ET CINS Active Threat Intelligence Poor Reputation IP group 94 - port: 5904 proto: TCP cat: Misc Attack |
2019-12-31 21:17:15 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 92.118.160.61 | attackspambots | [Wed Oct 14 04:02:08.771804 2020] [:error] [pid 18140:tid 140204174145280] [client 92.118.160.61:51035] [client 92.118.160.61] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1041"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "X4YV0AhFQrstw8CY0VTYQwAAABU"]
... |
2020-10-14 05:38:29 |
| 92.118.160.41 | attackspam | ET CINS Active Threat Intelligence Poor Reputation IP group 83 - port: 808 proto: tcp cat: Misc Attackbytes: 60 |
2020-10-14 05:01:11 |
| 92.118.160.37 | attackspam | TCP ports : 3000 / 6002 |
2020-10-13 20:55:54 |
| 92.118.160.37 | attack | firewall-block, port(s): 1723/tcp |
2020-10-13 12:24:28 |
| 92.118.160.25 | attackbotsspam | Port scan denied |
2020-10-11 04:38:44 |
| 92.118.160.29 | attackspam | Automatic report - Banned IP Access |
2020-10-11 03:13:48 |
| 92.118.160.25 | attack | Port scan denied |
2020-10-10 20:37:51 |
| 92.118.160.29 | attack |
|
2020-10-10 19:03:49 |
| 92.118.160.53 | attack | Hit honeypot r. |
2020-10-10 03:31:27 |
| 92.118.160.53 | attack | TCP port : 7547 |
2020-10-09 19:25:10 |
| 92.118.160.45 | attackbotsspam | Found on Binary Defense / proto=6 . srcport=62996 . dstport=5443 . (3940) |
2020-10-08 06:38:02 |
| 92.118.160.17 | attackspam | Port Scan/VNC login attempt ... |
2020-10-08 03:10:41 |
| 92.118.160.49 | attackbots | Automatic report - Banned IP Access |
2020-10-08 03:07:09 |
| 92.118.160.45 | attack |
|
2020-10-07 22:58:40 |
| 92.118.160.17 | attackbotsspam | [N1.H1.VM1] Port Scanner Detected Blocked by UFW |
2020-10-07 19:24:46 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 92.118.160.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40425
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;92.118.160.57. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019052202 1800 900 604800 86400
;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu May 23 08:47:10 CST 2019
;; MSG SIZE rcvd: 117
57.160.118.92.in-addr.arpa domain name pointer 92.118.160.57.netsystemsresearch.com.
Server: 67.207.67.2
Address: 67.207.67.2#53
Non-authoritative answer:
57.160.118.92.in-addr.arpa name = 92.118.160.57.netsystemsresearch.com.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 170.84.202.17 | attack | SSH Brute-Forcing (server1) |
2020-03-30 05:09:38 |
| 91.121.104.181 | attack | Mar 29 21:42:22 ms-srv sshd[26664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.104.181 Mar 29 21:42:24 ms-srv sshd[26664]: Failed password for invalid user omr from 91.121.104.181 port 33591 ssh2 |
2020-03-30 05:14:30 |
| 165.22.63.106 | attackspam | Invalid user ansible from 165.22.63.106 port 52752 |
2020-03-30 04:57:40 |
| 138.121.184.10 | attackbots | Mar 29 07:31:12 xxxxxxx9247313 sshd[7965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.121.184.10.wiff.com.br user=r.r Mar 29 07:31:14 xxxxxxx9247313 sshd[7965]: Failed password for r.r from 138.121.184.10 port 42762 ssh2 Mar 29 07:31:16 xxxxxxx9247313 sshd[7967]: Invalid user DUP from 138.121.184.10 Mar 29 07:31:16 xxxxxxx9247313 sshd[7967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.121.184.10.wiff.com.br Mar 29 07:31:17 xxxxxxx9247313 sshd[7967]: Failed password for invalid user DUP from 138.121.184.10 port 43000 ssh2 Mar 29 07:31:19 xxxxxxx9247313 sshd[7969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.121.184.10.wiff.com.br user=r.r Mar 29 07:31:20 xxxxxxx9247313 sshd[7969]: Failed password for r.r from 138.121.184.10 port 43199 ssh2 Mar 29 07:31:22 xxxxxxx9247313 sshd[7973]: pam_unix(sshd:auth): authentication failure; ........ ------------------------------ |
2020-03-30 04:50:28 |
| 87.251.74.12 | attack | 03/29/2020-17:07:57.596465 87.251.74.12 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2020-03-30 05:28:27 |
| 222.186.15.91 | attack | Mar 30 04:13:31 itv-usvr-02 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.91 user=root Mar 30 04:13:33 itv-usvr-02 sshd[1657]: Failed password for root from 222.186.15.91 port 36103 ssh2 |
2020-03-30 05:13:59 |
| 165.22.11.101 | attack | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-03-30 05:05:51 |
| 62.234.146.45 | attackspam | Mar 29 14:45:02 ns382633 sshd\[27922\]: Invalid user qdg from 62.234.146.45 port 54846 Mar 29 14:45:02 ns382633 sshd\[27922\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.146.45 Mar 29 14:45:03 ns382633 sshd\[27922\]: Failed password for invalid user qdg from 62.234.146.45 port 54846 ssh2 Mar 29 14:50:28 ns382633 sshd\[29358\]: Invalid user qjm from 62.234.146.45 port 33714 Mar 29 14:50:28 ns382633 sshd\[29358\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.146.45 |
2020-03-30 05:05:21 |
| 74.82.47.50 | attackspam | Port scan: Attack repeated for 24 hours |
2020-03-30 05:04:34 |
| 203.192.200.203 | attackbotsspam | Mar 29 20:13:42 host sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.192.200.203 user=test Mar 29 20:13:44 host sshd[31231]: Failed password for test from 203.192.200.203 port 28211 ssh2 ... |
2020-03-30 05:05:02 |
| 188.131.244.11 | attackspam | 5x Failed Password |
2020-03-30 05:25:27 |
| 68.183.35.255 | attackbots | 2020-03-29T19:42:46.584654abusebot-5.cloudsearch.cf sshd[4249]: Invalid user fla from 68.183.35.255 port 59372 2020-03-29T19:42:46.590919abusebot-5.cloudsearch.cf sshd[4249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.35.255 2020-03-29T19:42:46.584654abusebot-5.cloudsearch.cf sshd[4249]: Invalid user fla from 68.183.35.255 port 59372 2020-03-29T19:42:48.566900abusebot-5.cloudsearch.cf sshd[4249]: Failed password for invalid user fla from 68.183.35.255 port 59372 ssh2 2020-03-29T19:49:28.388249abusebot-5.cloudsearch.cf sshd[4797]: Invalid user poj from 68.183.35.255 port 35984 2020-03-29T19:49:28.393677abusebot-5.cloudsearch.cf sshd[4797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.35.255 2020-03-29T19:49:28.388249abusebot-5.cloudsearch.cf sshd[4797]: Invalid user poj from 68.183.35.255 port 35984 2020-03-29T19:49:29.892479abusebot-5.cloudsearch.cf sshd[4797]: Failed password for inva ... |
2020-03-30 05:02:08 |
| 186.147.160.195 | attack | 2020-03-29T19:47:28.518064abusebot-8.cloudsearch.cf sshd[32457]: Invalid user vhl from 186.147.160.195 port 52654 2020-03-29T19:47:28.531015abusebot-8.cloudsearch.cf sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.147.160.195 2020-03-29T19:47:28.518064abusebot-8.cloudsearch.cf sshd[32457]: Invalid user vhl from 186.147.160.195 port 52654 2020-03-29T19:47:30.888268abusebot-8.cloudsearch.cf sshd[32457]: Failed password for invalid user vhl from 186.147.160.195 port 52654 ssh2 2020-03-29T19:50:42.758104abusebot-8.cloudsearch.cf sshd[32621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.147.160.195 user=ftp 2020-03-29T19:50:45.416277abusebot-8.cloudsearch.cf sshd[32621]: Failed password for ftp from 186.147.160.195 port 43158 ssh2 2020-03-29T19:53:29.651697abusebot-8.cloudsearch.cf sshd[349]: Invalid user cfb from 186.147.160.195 port 59838 ... |
2020-03-30 04:52:37 |
| 47.94.102.174 | attackspam | [SunMar2914:40:53.3366682020][:error][pid24939:tid47557891344128][client47.94.102.174:53540][client47.94.102.174]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"402"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"maurokorangraf.ch"][uri"/"][unique_id"XoCXVYSzjMDsKhmbkNlVVQAAAVQ"]\,referer:http://maurokorangraf.ch/[SunMar2914:40:53.3366682020][:error][pid24744:tid47557861926656][client47.94.102.174:53542][client47.94.102.174]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"402"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSI |
2020-03-30 05:12:06 |
| 203.109.118.116 | attack | Triggered by Fail2Ban at Ares web server |
2020-03-30 04:54:59 |