Apr 25 05:56:41 web01.agentur-b-2.de postfix/smtpd[923798]: NOQUEUE: reject: RCPT from Wimax-Cali-190-0-22-34.orbitel.net.co[190.0.22.34]: 554 5.7.1 Service unavailable; Client host [190.0.22.34] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS / https://www.spamhaus.org/query/ip/190.0.22.34; from= to=<2c.thomssen@rhythm-and-arts.de> proto=ESMTP helo=
Apr 25 05:56:41 web01.agentur-b-2.de postfix/smtpd[923798]: NOQUEUE: reject: RCPT from Wimax-Cali-190-0-22-34.orbitel.net.co[190.0.22.34]: 554 5.7.1 Service unavailable; Client host [190.0.22.34] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS / https://www.spamhaus.org/query/ip/190.0.22.34; from= to=<3c.thomssen@rhythm-and-arts.de> proto=ESMTP helo=
Apr 25 05:56:41 web01.agentur-b-2.de postfix/smtpd[923798]: NOQUEUE: reject: RCPT from Wimax-Cali-190-0-22-34.orbitel.net.co[190.0.22.34]: 554 5.7.1 Service unavailable; Client host [190.0.22.34] b

MARRE de ces ORDURES et autres FILS de PUTE genre SOUS MERDES capables de POLLUER STUPIDEMENT pour ne pas dire CONNEMENT la Planète par des POURRIELS INUTILES à répétitions à longueur de journée DEPUIS DES MOIS !
Bref, résidus de capote sinon RACLURES de BIDETS à OCCIR IMMEDIATEMENT car il n'y a qu'en "compost" qu'ils deviendront enfin réellement utiles ?
Ainsi que TOUS LEURS COMPLICES comme hébergeurs, serveurs etc. !

WebSites "gurdet.co.cr", "zonaempresarial.org" and "cyberfuel.com" and links by blogspot.com to BURN / CLOSE / DELETTE / STOP IMMEDIATELY for SPAM, PHISHING and SCAM by SEXE and Co ! ! !

Message-ID: 
Reply-To: Flamewas12213 
From: Flamewas12213 

info@gurdet.co.cr => 190.0.224.183 qui renvoie sur :

http://www.superpuperr.blogspot.com/9itfhgbkjn9ijnrfhgbkjngvgv

http://www.superpuperr.blogspot.com/56rjkn09igvhjbkjnjnkjn9irsvhjbhjbkjngv

https://en.asytech.cn/check-ip/190.0.224.183

190.0.224.183 => cyberfuel.com

gurdet.co.cr => 190.0.230.72

https://www.mywot.com/scorecard/gurdet.co.cr

https://en.asytech.cn/check-ip/190.0.230.72

gurdet.co.cr resend to zonaempresarial.org

zonaempresarial.org => 23.236.62.147

https://www.mywot.com/scorecard/zonaempresarial.org

https://en.asytech.cn/check-ip/23.236.62.147

https://www.mywot.com/scorecard/cyberfuel.com

Dec 19 09:28:43 hosting sshd[5214]: Invalid user burbach from 190.0.22.66 port 31226
...

Honeypot attack, port: 445, PTR: PTR record not found

web Attack on Website

445/tcp 445/tcp 445/tcp
[2019-10-31/11-15]3pkt

Nov 10 22:08:32 hpm sshd\[13191\]: Invalid user test1 from 190.0.22.66
Nov 10 22:08:32 hpm sshd\[13191\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66
Nov 10 22:08:34 hpm sshd\[13191\]: Failed password for invalid user test1 from 190.0.22.66 port 45483 ssh2
Nov 10 22:16:42 hpm sshd\[13977\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66  user=root
Nov 10 22:16:44 hpm sshd\[13977\]: Failed password for root from 190.0.22.66 port 41446 ssh2

Invalid user ix from 190.0.22.66 port 17257

Sep 10 08:10:08 php1 sshd\[1953\]: Invalid user ansible from 190.0.22.66
Sep 10 08:10:08 php1 sshd\[1953\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66
Sep 10 08:10:10 php1 sshd\[1953\]: Failed password for invalid user ansible from 190.0.22.66 port 35470 ssh2
Sep 10 08:17:08 php1 sshd\[2816\]: Invalid user oracle from 190.0.22.66
Sep 10 08:17:08 php1 sshd\[2816\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66

Aug 19 11:31:52 kapalua sshd\[26863\]: Invalid user web123 from 190.0.22.66
Aug 19 11:31:52 kapalua sshd\[26863\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66
Aug 19 11:31:54 kapalua sshd\[26863\]: Failed password for invalid user web123 from 190.0.22.66 port 42647 ssh2
Aug 19 11:41:12 kapalua sshd\[27874\]: Invalid user dusty from 190.0.22.66
Aug 19 11:41:12 kapalua sshd\[27874\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66

2019-08-15 08:58:08,445 fail2ban.actions        [1115]: NOTICE  [sshd] Ban 190.0.22.66
2019-08-15 10:14:10,436 fail2ban.actions        [1115]: NOTICE  [sshd] Ban 190.0.22.66
2019-08-15 11:29:04,504 fail2ban.actions        [1115]: NOTICE  [sshd] Ban 190.0.22.66
...

Automated report - ssh fail2ban:
Aug 13 12:51:45 wrong password, user=ts, port=13292, ssh2
Aug 13 13:23:49 authentication failure 
Aug 13 13:23:51 wrong password, user=scaner, port=57788, ssh2

Automatic report - Banned IP Access

Automatic report - Banned IP Access

Jul  8 22:34:02 ubuntu-2gb-nbg1-dc3-1 sshd[3498]: Failed password for root from 190.0.22.66 port 54938 ssh2
Jul  8 22:36:38 ubuntu-2gb-nbg1-dc3-1 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66
...

Jul  7 18:00:23 giegler sshd[31746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66
Jul  7 18:00:23 giegler sshd[31746]: Invalid user samba from 190.0.22.66 port 27675
Jul  7 18:00:26 giegler sshd[31746]: Failed password for invalid user samba from 190.0.22.66 port 27675 ssh2
Jul  7 18:04:00 giegler sshd[31767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.22.66  user=root
Jul  7 18:04:02 giegler sshd[31767]: Failed password for root from 190.0.22.66 port 33453 ssh2

Sep 22 23:21:13 webhost01 sshd[5132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.241.26.213
Sep 22 23:21:15 webhost01 sshd[5132]: Failed password for invalid user death from 84.241.26.213 port 38752 ssh2
...

Automatic report - Port Scan Attack

Connection by 185.156.177.2 on port: 20000 got caught by honeypot at 9/22/2019 8:38:17 AM

2019-09-18 23:35:06,109 fail2ban.actions        \[946\]: NOTICE  \[sshd\] Ban 61.147.182.140
2019-09-19 00:05:47,605 fail2ban.actions        \[946\]: NOTICE  \[sshd\] Ban 61.147.182.140
2019-09-19 00:37:55,476 fail2ban.actions        \[946\]: NOTICE  \[sshd\] Ban 61.147.182.140
2019-09-19 01:08:47,849 fail2ban.actions        \[946\]: NOTICE  \[sshd\] Ban 61.147.182.140
2019-09-19 01:41:29,949 fail2ban.actions        \[946\]: NOTICE  \[sshd\] Ban 61.147.182.140
...

Lines containing failures of 103.109.52.43
Sep 22 06:51:07 zabbix sshd[115831]: Invalid user User from 103.109.52.43 port 45076
Sep 22 06:51:07 zabbix sshd[115831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.109.52.43
Sep 22 06:51:10 zabbix sshd[115831]: Failed password for invalid user User from 103.109.52.43 port 45076 ssh2
Sep 22 06:51:10 zabbix sshd[115831]: Received disconnect from 103.109.52.43 port 45076:11: Bye Bye [preauth]
Sep 22 06:51:10 zabbix sshd[115831]: Disconnected from invalid user User 103.109.52.43 port 45076 [preauth]
Sep 22 07:52:56 zabbix sshd[121844]: Invalid user mktg3 from 103.109.52.43 port 24225
Sep 22 07:52:56 zabbix sshd[121844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.109.52.43
Sep 22 07:52:58 zabbix sshd[121844]: Failed password for invalid user mktg3 from 103.109.52.43 port 24225 ssh2
Sep 22 07:52:58 zabbix sshd[121844]: Received disconnec........
------------------------------

SSH Brute-Force reported by Fail2Ban

[ssh] SSH attack

10 attempts against mh-misc-ban on heat.magehost.pro

Sep 22 03:14:06 web9 sshd\[5650\]: Invalid user crew from 176.107.131.104
Sep 22 03:14:06 web9 sshd\[5650\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.107.131.104
Sep 22 03:14:08 web9 sshd\[5650\]: Failed password for invalid user crew from 176.107.131.104 port 60857 ssh2
Sep 22 03:18:43 web9 sshd\[6504\]: Invalid user timemachine from 176.107.131.104
Sep 22 03:18:43 web9 sshd\[6504\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.107.131.104

firewall-block, port(s): 9303/tcp, 9314/tcp, 9316/tcp, 9324/tcp

Sep2214:43:10server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[anonymous]Sep2214:43:16server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]Sep2214:43:17server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[forum-wbp]Sep2214:43:21server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[forum-wbp]Sep2214:43:23server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]Sep2214:43:28server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]Sep2214:43:29server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]Sep2214:43:34server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[forum-wbp]Sep2214:43:34server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]Sep2214:43:41server4pure-ftpd:\(\?@14.40.40.229\)[WARNING]Authenticationfailedforuser[www]

Sep 22 18:20:12 lnxded64 sshd[32381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.250.23.233
Sep 22 18:20:14 lnxded64 sshd[32381]: Failed password for invalid user test from 60.250.23.233 port 34590 ssh2
Sep 22 18:24:43 lnxded64 sshd[887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.250.23.233

\[2019-09-22 12:17:02\] SECURITY\[2283\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-09-22T12:17:02.834-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9007011972592277524",SessionID="0x7fcd8c02edc8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/52653",ACLName="no_extension_match"
\[2019-09-22 12:21:21\] SECURITY\[2283\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-09-22T12:21:21.169-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9008011972592277524",SessionID="0x7fcd8ca67c28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/50418",ACLName="no_extension_match"
\[2019-09-22 12:25:39\] SECURITY\[2283\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-09-22T12:25:39.676-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9009011972592277524",SessionID="0x7fcd8c4914c8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/163.172.207.104/6361

IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/42.191.32.16/ 
 MY - 1H : (16)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : MY 
 NAME ASN : ASN4788 
 
 IP : 42.191.32.16 
 
 CIDR : 42.191.0.0/18 
 
 PREFIX COUNT : 272 
 
 UNIQUE IP COUNT : 2955520 
 
 
 WYKRYTE ATAKI Z ASN4788 :  
  1H - 1 
  3H - 3 
  6H - 5 
 12H - 7 
 24H - 12 
 
 INFO : SERVER - ABB - Looking for resource vulnerabilities Detected and Blocked by ADMIN  - data recovery

Sep 22 21:54:36 itv-usvr-01 sshd[11980]: Invalid user data from 61.246.7.145
Sep 22 21:54:36 itv-usvr-01 sshd[11980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.246.7.145
Sep 22 21:54:36 itv-usvr-01 sshd[11980]: Invalid user data from 61.246.7.145
Sep 22 21:54:38 itv-usvr-01 sshd[11980]: Failed password for invalid user data from 61.246.7.145 port 55934 ssh2
Sep 22 22:04:30 itv-usvr-01 sshd[12365]: Invalid user gary from 61.246.7.145