Home >

Scoundrels

D --> f001ish attempts at misuse of resources


D --> via http

304 requests from 103.213.249.73
302 requests from 203.57.230.249
302 requests from 114.116.138.98
302 requests from 219.144.130.208
302 requests from 80.245.106.56
300 requests from 111.230.15.35
295 requests from 124.81.123.71
287 requests from 122.14.209.13
205 requests from 202.78.200.166
108 requests from 202.77.24.222
108 requests from 149.202.59.252
108 requests from 73.6.89.210
88 requests from 94.102.49.125
68 requests from 39.108.71.47
4 requests from 219.141.206.50
... 84 items truncated ...
22 requests for/
16 requests for/wp-login.php
10 requests for/db.init.php
10 requests for/lindex.php
10 requests for/admin/mysql2/index.php
10 requests for/wc.php
10 requests for/desktop.ini.php
10 requests for/hell.php
10 requests for/pmamy2/index.php
10 requests for/m.php...
10 requests for/admin/pma/index.php
10 requests for/phpMyAdmin/scripts/db___.init.php
10 requests for/wshell.php
10 requests for/shell.php
10 requests for/admin/phpMyAdmin/index.php
... 534 items truncated ...

D --> via ssh

10attempts from  50.128.0.0/9
9attempts from  81.98.0.0/15
9attempts from  101.88.0.0/13
8attempts from  189.112.0.0/16
8attempts from  106.12.192.0/20
7attempts from  193.201.224.0/22
7attempts from  180.76.96.0/23
7attempts from  109.68.126.0/24
6attempts from  91.134.0.0/16
6attempts from  200.194.8.0/21
6attempts from  167.99.32.0/20
6attempts from  142.93.240.0/20
6attempts from  119.235.21.0/24
6attempts from  106.13.32.0/20
5attempts from  80.13.0.0/16
5attempts from  40.64.0.0/10
5attempts from  23.224.0.0/15
5attempts from  210.183.0.0/16
5attempts from  208.81.160.0/22
5attempts from  198.199.112.0/21
... 30 items truncated ...
46attempts on root
42attempts on admin
25attempts on test
21attempts on ubuntu
19attempts on postgres
14attempts on ftpuser
11attempts on user
8attempts on oracle
8attempts on hadoop
8attempts on ftp_test
7attempts on tomcat
7attempts on phion
6attempts on pi
6attempts on jboss
5attempts on ftp_user
5attempts on avis
4attempts on zimbra
4attempts on www-data
4attempts on support
4attempts on squid
... 47 items truncated ..

D --> via smtp

4 attempts from 1.220.171.229
4 attempts from 14.230.49.219
4 attempts from 31.178.148.45
4 attempts from 36.67.116.13
3 attempts from 37.21.207.83
4 attempts from 37.248.158.205
4 attempts from 43.248.26.18
3 attempts from 45.116.232.117
4 attempts from 46.25.102.76
4 attempts from 51.235.179.52
4 attempts from 60.188.245.63
4 attempts from 72.250.108.93
4 attempts from 78.45.141.28
4 attempts from 78.90.116.74
4 attempts from 81.30.182.215
... 45 items truncated ..
186 of warning: unknown[185.211.245.198]: SASL PLAIN authentication failed:
142 of warning: unknown[185.211.245.170]: SASL PLAIN authentication failed:
129 of reject: RCPT from [...]: 554 5.7.1
114 of warning: unknown[185.211.245.197]: SASL PLAIN authentication failed:
93 of Client host [...] blocked using bl.spamcop.net;
80 of reject: RCPT from [...]: 550 5.7.1
65 of warning: unknown[185.222.209.40]: SASL PLAIN authentication failed:
30 of reject: RCPT from [...]: 450 4.1.8
17 of warning: unknown[190.167.98.30]: SASL PLAIN authentication failed: Connection lost to authentication server
17 of warning: unknown[115.84.91.62]: SASL PLAIN authentication failed: Connection lost to authentication server
15 of reject: RCPT from [...]: 504 5.5.2
7 of Client host [...] blocked using cbl.abuseat.org;
4 of Received-SPF: softfail
2 of warning: unknown[190.167.98.30]: SASL PLAIN authentication failed:
2 of warning: unknown[115.84.91.62]: SASL PLAIN authentication failed:
... 1 items truncated ..

D --> blacklisted

The first set are ranges blacklisted by hand
pkts bytes target prot opt in out source destination
170 9269 REFUSE all -- * * 222.176.0.0/12 0.0.0.0/0
1291 83211 REFUSE all -- * *  58.192.0.0/11 *
32 1420 REFUSE all -- * *  111.72.0.0/13 *
1460 91562 REFUSE all -- * *  111.192.0.0/12 *
57 3820 REFUSE all -- * *  118.24.0.0/15 *
467 22683 REFUSE all -- * *  125.64.0.0/11 *
733 50024 REFUSE all -- * *  221.224.0.0/13 *
15 600 REFUSE all -- * *  222.128.0.0/12 *

These were blacklisted automatically by triggering a trap
7 344 REFUSE all -- * *  1.186.108.6 *
0 0 REFUSE all -- * *  2.89.152.112 *
10 424 REFUSE all -- * *  5.101.156.59 *
0 0 REFUSE all -- * *  5.236.2.87 *
8 344 REFUSE all -- * *  23.91.70.10 *
10 400 REFUSE all -- * *  24.73.192.66 *
0 0 REFUSE all -- * *  24.112.200.247 *
0 0 REFUSE all -- * *  24.201.174.129 *
0 0 REFUSE all -- * *  27.5.184.207 *
0 0 REFUSE all -- * *  27.59.52.65 *
7 352 REFUSE all -- * *  31.10.134.70 *
0 0 REFUSE all -- * *  31.223.130.190 *
0 0 REFUSE all -- * *  31.223.148.238 *
0 0 REFUSE all -- * *  35.234.124.25 *
40 2016 REFUSE all -- * *  35.246.93.207 *
0 0 REFUSE all -- * *  37.15.119.155 *
0 0 REFUSE all -- * *  37.26.71.99 *
25 1256 REFUSE all -- * *  37.115.184.19 *
25 1256 REFUSE all -- * *  37.115.191.132 *
8 320 REFUSE all -- * *  37.187.69.10 *
0 0 REFUSE all -- * *  37.187.143.98 *
7 344 REFUSE all -- * *  39.43.101.142 *
7 344 REFUSE all -- * *  39.59.75.243 *
0 0 REFUSE all -- * *  39.98.52.133 *
0 0 REFUSE all -- * *  39.98.56.218 *
0 0 REFUSE all -- * *  39.98.174.211 *
0 0 REFUSE all -- * *  41.79.219.209 *
15 664 REFUSE all -- * *  41.250.251.135 *
0 0 REFUSE all -- * *  42.51.39.56 *
12 512 REFUSE all -- * *  42.188.56.115 *
4 160 REFUSE all -- * *  43.245.141.77 *
0 0 REFUSE all -- * *  45.40.166.170 *
0 0 REFUSE all -- * *  45.127.138.136 *
0 0 REFUSE all -- * *  46.71.171.246 *
0 0 REFUSE all -- * *  46.119.115.106 *
0 0 REFUSE all -- * *  46.221.105.44 *
8 344 REFUSE all -- * *  46.252.205.174 *
1 40 REFUSE all -- * *  47.8.223.161 *
0 0 REFUSE all -- * *  47.92.68.206 *
0 0 REFUSE all -- * *  49.150.147.74 *
3 120 REFUSE all -- * *  49.150.233.98 *
0 0 REFUSE all -- * *  49.205.9.13 *
0 0 REFUSE all -- * *  49.206.112.223 *
0 0 REFUSE all -- * *  49.207.236.56 *
0 0 REFUSE all -- * *  50.87.144.137 *
10 412 REFUSE all -- * *  51.68.253.19 *
26 1899 REFUSE all -- * *  51.254.28.132 *
0 0 REFUSE all -- * *  59.89.221.38 *
1 40 REFUSE all -- * *  61.6.230.81 *
3 144 REFUSE all -- * *  61.7.58.13 *
0 0 REFUSE all -- * *  61.46.209.120 *
4 192 REFUSE all -- * *  61.245.161.206 *
4 160 REFUSE all -- * *  62.80.225.180 *
0 0 REFUSE all -- * *  63.250.204.23 *
0 0 REFUSE all -- * *  65.182.101.71 *
1 52 REFUSE all -- * *  67.205.0.134 *
1 40 REFUSE all -- * *  68.199.121.190 *
100 6000 REFUSE all -- * *  69.27.124.170 *
0 0 REFUSE all -- * *  69.158.12.96 *
1 40 REFUSE all -- * *  72.26.2.175 *
0 0 REFUSE all -- * *  73.231.163.64 *
0 0 REFUSE all -- * *  74.220.207.166 *
0 0 REFUSE all -- * *  74.220.207.182 *
1 60 REFUSE all -- * *  74.220.215.52 *
2 92 REFUSE all -- * *  75.75.141.236 *
1 40 REFUSE all -- * *  76.76.227.126 *
1 40 REFUSE all -- * *  76.184.31.157 *
0 0 REFUSE all -- * *  77.46.191.80 *
0 0 REFUSE all -- * *  77.49.45.147 *
2 92 REFUSE all -- * *  77.243.24.71 *
0 0 REFUSE all -- * *  78.30.149.179 *
0 0 REFUSE all -- * *  78.182.156.146 *
0 0 REFUSE all -- * *  78.248.203.14 *
0 0 REFUSE all -- * *  79.70.1.228 *
0 0 REFUSE all -- * *  80.89.75.237 *
2 92 REFUSE all -- * *  80.236.246.82 *
0 0 REFUSE all -- * *  81.39.32.170 *
7 344 REFUSE all -- * *  81.129.109.112 *
0 0 REFUSE all -- * *  81.240.78.43 *
13 592 REFUSE all -- * *  82.63.59.240 *
2 92 REFUSE all -- * *  82.64.62.52 *
1 40 REFUSE all -- * *  82.137.12.175 *
11 1128 REFUSE all -- * *  82.165.83.20 *
0 0 REFUSE all -- * *  87.20.80.249 *
0 0 REFUSE all -- * *  88.102.7.67 *
13 648 REFUSE all -- * *  88.156.128.62 *
0 0 REFUSE all -- * *  88.224.144.59 *
0 0 REFUSE all -- * *  88.237.44.137 *
7 344 REFUSE all -- * *  89.102.203.233 *
0 0 REFUSE all -- * *  89.145.69.72 *
0 0 REFUSE all -- * *  89.163.132.80 *
0 0 REFUSE all -- * *  89.185.198.40 *
19 888 REFUSE all -- * *  90.192.120.31 *
0 0 REFUSE all -- * *  91.97.190.153 *
9 384 REFUSE all -- * *  91.200.184.119 *
0 0 REFUSE all -- * *  91.222.8.96 *
2 92 REFUSE all -- * *  92.27.128.96 *
0 0 REFUSE all -- * *  92.27.196.44 *
7 344 REFUSE all -- * *  92.191.98.180 *
0 0 REFUSE all -- * *  93.44.105.197 *
0 0 REFUSE all -- * *  93.172.7.21 *
0 0 REFUSE all -- * *  94.23.196.14 *
0 0 REFUSE all -- * *  94.66.56.223 *
0 0 REFUSE all -- * *  94.73.151.78 *
2 120 REFUSE all -- * *  94.130.88.20 *
7 344 REFUSE all -- * *  95.242.138.169 *
0 0 REFUSE all -- * *  97.74.228.115 *
0 0 REFUSE all -- * *  98.139.190.56 *
0 0 REFUSE all -- * *  98.139.190.57 *
0 0 REFUSE all -- * *  103.24.201.4 *
6 240 REFUSE all -- * *  103.107.96.254 *
7 328 REFUSE all -- * *  103.123.46.252 *
0 0 REFUSE all -- * *  103.204.53.39 *
0 0 REFUSE all -- * *  103.205.68.42 *
0 0 REFUSE all -- * *  103.208.75.214 *
0 0 REFUSE all -- * *  103.243.25.166 *
0 0 REFUSE all -- * *  106.245.169.196 *
4 196 REFUSE all -- * *  107.2.136.9 *
0 0 REFUSE all -- * *  109.93.9.79 *
0 0 REFUSE all -- * *  109.115.99.82 *
0 0 REFUSE all -- * *  109.236.94.110 *
0 0 REFUSE all -- * *  110.54.234.55 *
0 0 REFUSE all -- * *  111.88.211.178 *
6 240 REFUSE all -- * *  111.223.2.11 *
0 0 REFUSE all -- * *  113.66.33.54 *
0 0 REFUSE all -- * *  113.66.33.148 *
0 0 REFUSE all -- * *  113.111.82.218 *
1 40 REFUSE all -- * *  114.29.225.25 *
6 240 REFUSE all -- * *  114.143.74.30 *
8 344 REFUSE all -- * *  115.28.44.252 *
0 0 REFUSE all -- * *  115.28.111.201 *
5 232 REFUSE all -- * *  117.212.226.103 *
0 0 REFUSE all -- * *  117.217.90.252 *
0 0 REFUSE all -- * *  118.174.107.51 *
0 0 REFUSE all -- * *  119.27.178.206 *
8 344 REFUSE all -- * *  121.42.54.54 *
5 200 REFUSE all -- * *  121.42.154.116 *
0 0 REFUSE all -- * *  121.121.84.214 *
0 0 REFUSE all -- * *  122.165.116.229 *
0 0 REFUSE all -- * *  125.167.117.8 *
0 0 REFUSE all -- * *  138.91.176.41 *
0 0 REFUSE all -- * *  139.5.49.123 *
0 0 REFUSE all -- * *  143.159.2.154 *
3 120 REFUSE all -- * *  147.158.251.4 *
1 40 REFUSE all -- * *  150.242.204.109 *
0 0 REFUSE all -- * *  151.52.148.81 *
0 0 REFUSE all -- * *  151.79.178.70 *
0 0 REFUSE all -- * *  153.230.135.17 *
0 0 REFUSE all -- * *  154.85.91.105 *
0 0 REFUSE all -- * *  157.7.105.193 *
10 1102 REFUSE all -- * *  157.7.106.105 *
0 0 REFUSE all -- * *  158.69.125.175 *
0 0 REFUSE all -- * *  160.120.27.9 *
0 0 REFUSE all -- * *  162.248.245.110 *
4 160 REFUSE all -- * *  164.160.80.8 *
0 0 REFUSE all -- * *  168.62.226.23 *
0 0 REFUSE all -- * *  170.245.176.2 *
0 0 REFUSE all -- * *  171.5.148.99 *
0 0 REFUSE all -- * *  173.254.28.144 *
4 192 REFUSE all -- * *  177.95.103.56 *
0 0 REFUSE all -- * *  177.245.37.103 *
18 816 REFUSE all -- * *  178.57.218.123 *
0 0 REFUSE all -- * *  178.128.173.108 *
0 0 REFUSE all -- * *  178.137.80.55 *
0 0 REFUSE all -- * *  178.148.99.80 *
0 0 REFUSE all -- * *  178.149.135.15 *
8 344 REFUSE all -- * *  178.254.11.55 *
0 0 REFUSE all -- * *  179.176.210.61 *
15 664 REFUSE all -- * *  180.197.26.111 *
1 40 REFUSE all -- * *  180.211.177.19 *
13 648 REFUSE all -- * *  181.20.188.84 *
11 532 REFUSE all -- * *  181.209.87.186 *
15 664 REFUSE all -- * *  182.65.120.192 *
0 0 REFUSE all -- * *  184.60.182.218 *
0 0 REFUSE all -- * *  184.151.112.207 *
8 344 REFUSE all -- * *  184.168.152.182 *
0 0 REFUSE all -- * *  184.168.193.97 *
1 60 REFUSE all -- * *  185.2.4.65 *
8 384 REFUSE all -- * *  185.224.134.144 *
17 744 REFUSE all -- * *  185.234.217.119 *
6 304 REFUSE all -- * *  185.234.217.128 *
6 304 REFUSE all -- * *  185.234.217.152 *
17 744 REFUSE all -- * *  185.234.217.207 *
16 776 REFUSE all -- * *  188.100.208.28 *
13 584 REFUSE all -- * *  189.41.241.236 *
0 0 REFUSE all -- * *  189.47.95.46 *
0 0 REFUSE all -- * *  189.250.123.225 *
0 0 REFUSE all -- * *  190.80.34.60 *
0 0 REFUSE all -- * *  191.252.44.242 *
0 0 REFUSE all -- * *  192.162.35.130 *
0 0 REFUSE all -- * *  192.185.2.179 *
0 0 REFUSE all -- * *  193.34.108.162 *
3 120 REFUSE all -- * *  193.37.253.92 *
0 0 REFUSE all -- * *  193.140.110.153 *
18 912 REFUSE all -- * *  193.201.224.17 *
5 212 REFUSE all -- * *  193.254.231.209 *
0 0 REFUSE all -- * *  195.158.101.52 *
0 0 REFUSE all -- * *  197.0.211.91 *
0 0 REFUSE all -- * *  197.58.24.148 *
0 0 REFUSE all -- * *  197.227.105.45 *
8 344 REFUSE all -- * *  198.57.247.160 *
0 0 REFUSE all -- * *  198.71.224.74 *
0 0 REFUSE all -- * *  199.249.230.74 *
0 0 REFUSE all -- * *  202.134.13.131 *
0 0 REFUSE all -- * *  202.142.68.235 *
0 0 REFUSE all -- * *  207.253.175.155 *
7 352 REFUSE all -- * *  212.95.5.243 *
6 272 REFUSE all -- * *  212.200.160.150 *
0 0 REFUSE all -- * *  213.149.51.5 *
1 68 REFUSE all -- * *  213.251.182.105 *
10 680 REFUSE all -- * *  213.251.182.107 *
0 0 REFUSE all -- * *  213.251.182.110 *

Last updated Wed Jan 16 11:50:42 2019