城市(city): unknown
省份(region): unknown
国家(country): Netherlands
运营商(isp): Incrediserve Ltd
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): Data Center/Web Hosting/Transit
| 类型 | 评论内容 | 时间 |
|---|---|---|
| attackbotsspam | scans 8 times in preceeding hours on the ports (in chronological order) 33892 8889 4489 3000 50001 3399 3397 10000 resulting in total of 25 scans from 94.102.48.0/20 block. |
2020-09-30 04:26:03 |
| attackspam |
|
2020-09-29 20:33:50 |
| attack | firewall-block, port(s): 5589/tcp, 8889/tcp, 10000/tcp, 33892/tcp, 33894/tcp, 60000/tcp |
2020-09-29 12:42:11 |
| attack | Unauthorized connection attempt from IP address 94.102.51.29 on Port 110(POP3) |
2020-09-18 21:10:59 |
| attackbotsspam | Unauthorized connection attempt from IP address 94.102.51.29 on Port 139(NETBIOS) |
2020-09-18 13:29:36 |
| attack | [H1.VM2] Blocked by UFW |
2020-09-18 03:44:32 |
| attack | firewall-block, port(s): 14/tcp, 15/tcp, 19/tcp, 32/tcp, 63/tcp, 92/tcp, 101/tcp, 111/tcp, 157/tcp, 173/tcp, 214/tcp, 244/tcp, 265/tcp, 271/tcp, 305/tcp, 325/tcp, 354/tcp, 355/tcp, 395/tcp, 413/tcp, 441/tcp, 446/tcp, 590/tcp, 615/tcp, 641/tcp, 750/tcp, 774/tcp, 806/tcp, 831/tcp, 859/tcp, 866/tcp, 894/tcp, 901/tcp, 902/tcp, 927/tcp, 943/tcp, 945/tcp, 992/tcp, 995/tcp |
2020-09-17 21:20:51 |
| attackbotsspam | Sep 17 06:49:46 [host] kernel: [650237.167348] [UF Sep 17 06:52:24 [host] kernel: [650395.510659] [UF Sep 17 06:54:54 [host] kernel: [650545.632879] [UF Sep 17 07:02:52 [host] kernel: [651023.513741] [UF Sep 17 07:03:15 [host] kernel: [651046.924002] [UF Sep 17 07:09:59 [host] kernel: [651450.920256] [UF |
2020-09-17 13:31:26 |
| attackbots | firewall-block, port(s): 47/tcp, 67/tcp, 72/tcp, 188/tcp, 198/tcp, 204/tcp, 205/tcp, 210/tcp, 224/tcp, 229/tcp, 284/tcp, 301/tcp, 309/tcp, 387/tcp, 438/tcp, 468/tcp, 473/tcp, 475/tcp, 478/tcp, 483/tcp, 487/tcp, 507/tcp, 509/tcp, 514/tcp, 519/tcp, 559/tcp, 568/tcp, 588/tcp, 718/tcp, 735/tcp, 741/tcp, 745/tcp, 771/tcp, 788/tcp, 792/tcp, 821/tcp, 822/tcp, 849/tcp, 898/tcp, 934/tcp, 947/tcp, 966/tcp, 971/tcp |
2020-09-17 04:37:45 |
| attackbotsspam |
|
2020-09-14 02:44:11 |
| attack |
|
2020-09-13 18:43:03 |
| attackbotsspam |
|
2020-09-11 01:48:50 |
| attackspam |
|
2020-09-10 17:08:59 |
| attackspam | Multiport scan : 5 ports scanned 3395 4489 8000 8889 9000 |
2020-09-10 07:43:12 |
| attack |
|
2020-09-09 01:12:25 |
| attackbots |
|
2020-09-08 16:39:03 |
| attackbots | ET CINS Active Threat Intelligence Poor Reputation IP group 82 - port: 5188 proto: tcp cat: Misc Attackbytes: 60 |
2020-09-07 01:29:37 |
| attack | [H1.VM4] Blocked by UFW |
2020-09-06 16:50:53 |
| attack | Multiport scan : 9 ports scanned 3388 3390 3396 3399 4001 7789 9000 9001 10000 |
2020-09-06 08:50:27 |
| attack |
|
2020-09-05 21:57:47 |
| attackspambots | firewall-block, port(s): 3404/tcp, 4002/tcp, 8000/tcp, 10002/tcp |
2020-09-05 13:34:13 |
| attackspam | SmallBizIT.US 9 packets to tcp(3399,3404,5000,5001,5188,5589,6689,20001,50002) |
2020-09-05 06:20:18 |
| attackbots | Port scan detected on ports: 491[TCP], 402[TCP], 502[TCP] |
2020-08-31 01:30:20 |
| attack |
|
2020-08-27 00:35:15 |
| attack | SmallBizIT.US 8 packets to tcp(3405,3410,4001,5188,33891,33894,33896,50001) |
2020-08-26 06:29:30 |
| attack |
|
2020-08-16 17:28:24 |
| attack | ET DROP Dshield Block Listed Source group 1 - port: 58077 proto: tcp cat: Misc Attackbytes: 60 |
2020-08-12 16:33:55 |
| attackspambots | Port Scan ... |
2020-08-11 08:03:40 |
| attackbotsspam | Aug 9 13:53:30 venus kernel: [161514.858958] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:66:8f:ed:d2:74:7f:6e:37:e3:08:00 SRC=94.102.51.29 DST=78.47.70.226 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=25435 PROTO=TCP SPT=40011 DPT=19099 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-08-09 19:31:15 |
| attackspam | 08/07/2020-18:56:59.805303 94.102.51.29 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2020-08-08 07:27:38 |
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 94.102.51.28 | attackspambots | ET CINS Active Threat Intelligence Poor Reputation IP group 86 - port: 14265 proto: tcp cat: Misc Attackbytes: 60 |
2020-10-14 05:18:39 |
| 94.102.51.28 | attackbots | [portscan] Port scan |
2020-10-13 20:55:07 |
| 94.102.51.17 | attackspambots | Fail2Ban Ban Triggered |
2020-10-13 12:24:11 |
| 94.102.51.28 | attack | Oct 13 05:48:00 [host] kernel: [2892792.420159] [U Oct 13 05:52:10 [host] kernel: [2893042.585542] [U Oct 13 05:59:27 [host] kernel: [2893479.003593] [U Oct 13 06:00:45 [host] kernel: [2893556.972194] [U Oct 13 06:02:58 [host] kernel: [2893690.599550] [U Oct 13 06:03:57 [host] kernel: [2893748.886505] [U |
2020-10-13 12:23:49 |
| 94.102.51.17 | attack | [MK-Root1] Blocked by UFW |
2020-10-13 05:13:55 |
| 94.102.51.28 | attackbotsspam | Oct 12 22:53:57 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50790 PROTO=TCP SPT=46594 DPT=45355 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 12 22:58:36 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=4168 PROTO=TCP SPT=46594 DPT=47667 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 12 23:01:47 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40976 PROTO=TCP SPT=46594 DPT=13886 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 12 23:08:05 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=34845 PROTO=TCP SPT=46594 DPT=29762 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 12 23:09:15 *hidd ... |
2020-10-13 05:13:37 |
| 94.102.51.17 | attackbotsspam | firewall-block, port(s): 5275/tcp |
2020-10-11 01:43:06 |
| 94.102.51.78 | attackspambots | Oct 9 12:46:02 haigwepa sshd[8112]: Failed password for root from 94.102.51.78 port 45205 ssh2 Oct 9 12:46:06 haigwepa sshd[8112]: Failed password for root from 94.102.51.78 port 45205 ssh2 ... |
2020-10-10 02:03:42 |
| 94.102.51.78 | attackbots | [MK-VM3] SSH login failed |
2020-10-09 17:48:16 |
| 94.102.51.28 | attackspambots |
|
2020-10-09 05:42:43 |
| 94.102.51.28 | attack | 49164/tcp 52334/tcp 60882/tcp... [2020-08-07/10-08]47445pkt,38785pt.(tcp) |
2020-10-08 21:57:39 |
| 94.102.51.28 | attack | [H1.VM2] Blocked by UFW |
2020-10-08 13:52:57 |
| 94.102.51.28 | attackbots |
|
2020-10-08 02:53:29 |
| 94.102.51.28 | attackbots | Oct 7 12:48:08 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46543 PROTO=TCP SPT=45039 DPT=31360 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 7 12:49:13 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=21421 PROTO=TCP SPT=45039 DPT=53281 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 7 13:01:05 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43131 PROTO=TCP SPT=45039 DPT=23703 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 7 13:03:35 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43904 PROTO=TCP SPT=45039 DPT=44237 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 7 13:05:31 *hidden* ... |
2020-10-07 19:07:31 |
| 94.102.51.28 | attackbotsspam | Port scan: Attack repeated for 24 hours |
2020-10-01 07:40:34 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.102.51.29
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38974
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.102.51.29. IN A
;; AUTHORITY SECTION:
. 255 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020050900 1800 900 604800 86400
;; Query time: 135 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 09 21:30:00 CST 2020
;; MSG SIZE rcvd: 116
29.51.102.94.in-addr.arpa domain name pointer customer.fibre7.net.
Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
29.51.102.94.in-addr.arpa name = customer.fibre7.net.
Authoritative answers can be found from:
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 156.96.44.213 | attackbots | 2020-06-28T02:03:37.291913www postfix/smtpd[9452]: warning: unknown[156.96.44.213]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2020-06-28T02:03:45.391236www postfix/smtpd[9452]: warning: unknown[156.96.44.213]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2020-06-28T02:03:57.489565www postfix/smtpd[9452]: warning: unknown[156.96.44.213]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... |
2020-06-28 08:16:07 |
| 167.249.134.210 | attack | 2020-06-28T07:07:25.921038hostname sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.249.134.210 2020-06-28T07:07:25.898501hostname sshd[31510]: Invalid user vivek from 167.249.134.210 port 52342 2020-06-28T07:07:28.177576hostname sshd[31510]: Failed password for invalid user vivek from 167.249.134.210 port 52342 ssh2 ... |
2020-06-28 08:29:54 |
| 122.114.229.193 | attackbotsspam | Lines containing failures of 122.114.229.193 Jun 27 04:32:56 kopano sshd[8610]: Invalid user susi from 122.114.229.193 port 40062 Jun 27 04:32:56 kopano sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.229.193 Jun 27 04:32:57 kopano sshd[8610]: Failed password for invalid user susi from 122.114.229.193 port 40062 ssh2 Jun 27 04:32:58 kopano sshd[8610]: Received disconnect from 122.114.229.193 port 40062:11: Bye Bye [preauth] Jun 27 04:32:58 kopano sshd[8610]: Disconnected from invalid user susi 122.114.229.193 port 40062 [preauth] Jun 27 04:48:53 kopano sshd[9373]: Connection closed by 122.114.229.193 port 48436 [preauth] Jun 27 04:50:36 kopano sshd[9425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.229.193 user=r.r Jun 27 04:50:38 kopano sshd[9425]: Failed password for r.r from 122.114.229.193 port 48604 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/vie |
2020-06-28 08:04:26 |
| 5.135.165.55 | attack | Jun 28 00:32:28 plex sshd[13566]: Invalid user juliet from 5.135.165.55 port 32910 |
2020-06-28 08:13:58 |
| 27.71.204.189 | attackbotsspam | " " |
2020-06-28 08:30:58 |
| 77.205.116.154 | spam | This adresse IP Spy me on Facebook and mail |
2020-06-28 08:34:13 |
| 51.210.44.194 | attack | SSH brute force |
2020-06-28 08:02:37 |
| 2.58.12.137 | attackspambots | As always with web2objects |
2020-06-28 08:12:02 |
| 185.143.72.16 | attackbotsspam | Jun 28 01:46:09 v22019058497090703 postfix/smtpd[23685]: warning: unknown[185.143.72.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 28 01:47:38 v22019058497090703 postfix/smtpd[23685]: warning: unknown[185.143.72.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 28 01:49:06 v22019058497090703 postfix/smtpd[23685]: warning: unknown[185.143.72.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... |
2020-06-28 07:59:34 |
| 218.92.0.251 | attackbotsspam | Scanned 28 times in the last 24 hours on port 22 |
2020-06-28 08:07:28 |
| 116.255.213.168 | attackbots | Jun 27 22:14:49 124388 sshd[16633]: Invalid user odoo from 116.255.213.168 port 37400 Jun 27 22:14:49 124388 sshd[16633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.255.213.168 Jun 27 22:14:49 124388 sshd[16633]: Invalid user odoo from 116.255.213.168 port 37400 Jun 27 22:14:51 124388 sshd[16633]: Failed password for invalid user odoo from 116.255.213.168 port 37400 ssh2 Jun 27 22:19:46 124388 sshd[16979]: Invalid user afp from 116.255.213.168 port 57022 |
2020-06-28 08:08:14 |
| 80.82.77.245 | attack | 80.82.77.245 was recorded 8 times by 6 hosts attempting to connect to the following ports: 1054,1064,1059. Incident counter (4h, 24h, all-time): 8, 39, 24607 |
2020-06-28 08:20:41 |
| 139.196.189.71 | attack | Jun 27 22:44:03 host proftpd[25375]: 0.0.0.0 (139.196.189.71[139.196.189.71]) - USER anonymous: no such user found from 139.196.189.71 [139.196.189.71] to 163.172.107.87:21 ... |
2020-06-28 08:09:40 |
| 49.234.98.155 | attack | Jun 27 22:02:33 game-panel sshd[4279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.98.155 Jun 27 22:02:34 game-panel sshd[4279]: Failed password for invalid user rdt from 49.234.98.155 port 42992 ssh2 Jun 27 22:06:40 game-panel sshd[4502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.98.155 |
2020-06-28 08:32:58 |
| 109.226.63.124 | attack | Brute forcing RDP port 3389 |
2020-06-28 08:19:13 |