Home >

Scoundrels

D --> f001ish attempts at misuse of resources


D --> via http

376 requests from 162.209.247.90
372 requests from 182.61.53.162
368 requests from 125.234.102.149
366 requests from 59.36.169.180
363 requests from 59.37.137.3
362 requests from 103.86.49.187
361 requests from 103.245.18.130
357 requests from 221.120.210.210
357 requests from 123.206.80.183
350 requests from 111.231.220.47
316 requests from 139.199.59.75
13 requests from 60.215.26.68
9 requests from 121.42.144.51
6 requests from 68.183.168.169
6 requests from 185.234.216.52
... 86 items truncated ...
38 requests for/
12 requests for/s.php
12 requests for/xw.php
12 requests for/webdav/
12 requests for/db.init.php
12 requests for/xx.php
12 requests for/phpmyadmin/scripts/setup.php
12 requests for/db_session.init.php
12 requests for/phpmyadmin/index.php
12 requests for/phpMyAdmin/index.php
12 requests for/phpMyAdmin/scripts/setup.php
12 requests for/sheep.php
12 requests for/wuwu11.php
12 requests for/index.php
11 requests for/phpMyAdmins/index.php
... 433 items truncated ...

D --> via ssh

12attempts from  139.59.0.0/18
8attempts from  87.128.0.0/10
6attempts from  81.128.0.0/12
6attempts from  68.183.176.0/20
6attempts from  218.75.0.0/17
6attempts from  208.157.144.0/21
6attempts from  201.91.0.0/16
6attempts from  191.100.24.0/21
6attempts from  188.166.208.0/20
6attempts from  178.128.144.0/20
6attempts from  106.12.208.0/20
5attempts from  78.192.0.0/11
5attempts from  217.182.0.0/16
5attempts from  203.190.128.0/24
5attempts from  178.48.0.0/17
5attempts from  172.254.0.0/16
5attempts from  148.216.0.0/16
5attempts from  128.199.192.0/18
4attempts from  99.32.0.0/12
4attempts from  96.239.0.0/17
... 25 items truncated ...
116attempts on root
44attempts on admin
27attempts on test
13attempts on pi
12attempts on ubuntu
7attempts on support
6attempts on ftp
4attempts on zimbra
4attempts on www
4attempts on user
4attempts on mysql
4attempts on hadoop
3attempts on zabbix
3attempts on nagios
3attempts on minecraft
3attempts on git
3attempts on ftpuser
3attempts on fred
3attempts on denis
3attempts on chase
... 44 items truncated ..

D --> via smtp

4 attempts from 5.66.38.127
4 attempts from 14.203.205.50
4 attempts from 14.251.189.167
4 attempts from 31.31.228.32
4 attempts from 31.145.46.252
4 attempts from 31.179.222.10
4 attempts from 37.52.8.38
4 attempts from 37.106.73.7
4 attempts from 37.182.65.133
4 attempts from 45.226.144.86
4 attempts from 46.29.15.101
4 attempts from 77.123.17.128
4 attempts from 78.29.129.89
4 attempts from 78.148.125.152
4 attempts from 81.202.181.5
... 38 items truncated ..
166 of reject: RCPT from [...]: 554 5.7.1
138 of Client host [...] blocked using bl.spamcop.net;
74 of reject: RCPT from [...]: 550 5.7.1
37 of reject: RCPT from [...]: 550 5.1.1
17 of reject: RCPT from [...]: 450 4.1.8
12 of Received-SPF: permerror
11 of Client host [...] blocked using cbl.abuseat.org;
6 of Received-SPF: softfail
3 of reject: RCPT from [...]: 504 5.5.2
2 of warning: unknown[91.223.213.224]: SASL PLAIN authentication failed:
2 of warning: non-SMTP command from [...]: GET /login.html HTTP/1.1

D --> blacklisted

The first set are ranges blacklisted by hand
pkts bytes target prot opt in out source destination
326 16988 REFUSE all -- * * 222.176.0.0/12 0.0.0.0/0
1846 121K REFUSE all -- * *  58.192.0.0/11 *
22 1320 REJECT all -- * *  106.13.0.0/18 * reject-with icmp-port-unreachable
9 380 REFUSE all -- * *  111.72.0.0/13 *
520 34290 REFUSE all -- * *  111.192.0.0/12 *
55 3240 REFUSE all -- * *  118.24.0.0/15 *
154 7218 REFUSE all -- * *  125.64.0.0/11 *
577 39744 REFUSE all -- * *  221.224.0.0/13 *
4 188 REFUSE all -- * *  222.128.0.0/12 *

These were blacklisted automatically by triggering a trap
10 424 REFUSE all -- * *  5.101.156.59 *
0 0 REFUSE all -- * *  5.175.26.248 *
0 0 REFUSE all -- * *  13.94.249.183 *
0 0 REFUSE all -- * *  18.216.116.35 *
0 0 REFUSE all -- * *  34.219.9.146 *
0 0 REFUSE all -- * *  36.76.205.195 *
0 0 REFUSE all -- * *  38.121.82.221 *
0 0 REFUSE all -- * *  42.51.39.56 *
0 0 REFUSE all -- * *  45.235.222.0 *
15 760 REFUSE all -- * *  46.118.155.61 *
6 304 REFUSE all -- * *  46.118.157.179 *
0 0 REFUSE all -- * *  46.119.112.31 *
2 80 REFUSE all -- * *  46.252.205.222 *
0 0 REFUSE all -- * *  49.144.39.102 *
0 0 REFUSE all -- * *  49.149.135.77 *
0 0 REFUSE all -- * *  50.28.49.55 *
0 0 REFUSE all -- * *  50.87.144.56 *
2 104 REFUSE all -- * *  51.68.11.223 *
0 0 REFUSE all -- * *  51.68.11.231 *
1 60 REFUSE all -- * *  62.210.185.4 *
4 184 REFUSE all -- * *  63.250.204.24 *
0 0 REFUSE all -- * *  63.250.204.25 *
0 0 REFUSE all -- * *  64.251.23.173 *
0 0 REFUSE all -- * *  65.39.211.246 *
0 0 REFUSE all -- * *  65.93.222.161 *
1 60 REFUSE all -- * *  66.71.188.30 *
0 0 REFUSE all -- * *  67.205.13.248 *
32 1920 REFUSE all -- * *  69.27.124.170 *
0 0 REFUSE all -- * *  69.49.102.221 *
0 0 REFUSE all -- * *  74.208.57.143 *
0 0 REFUSE all -- * *  74.208.58.57 *
0 0 REFUSE all -- * *  79.106.209.189 *
0 0 REFUSE all -- * *  79.170.40.182 *
2 80 REFUSE all -- * *  80.88.86.23 *
11 1140 REFUSE all -- * *  82.165.81.39 *
0 0 REFUSE all -- * *  82.165.83.20 *
0 0 REFUSE all -- * *  82.165.84.85 *
0 0 REFUSE all -- * *  82.165.87.3 *
0 0 REFUSE all -- * *  87.116.191.35 *
6 264 REFUSE all -- * *  89.42.216.13 *
0 0 REFUSE all -- * *  94.177.226.160 *
0 0 REFUSE all -- * *  95.65.162.51 *
0 0 REFUSE all -- * *  95.149.94.88 *
8 344 REFUSE all -- * *  98.139.190.57 *
5 224 REFUSE all -- * *  98.139.190.58 *
0 0 REFUSE all -- * *  103.30.43.108 *
0 0 REFUSE all -- * *  103.215.80.182 *
0 0 REFUSE all -- * *  103.220.215.100 *
0 0 REFUSE all -- * *  109.175.102.137 *
0 0 REFUSE all -- * *  113.66.32.146 *
0 0 REFUSE all -- * *  113.66.34.202 *
0 0 REFUSE all -- * *  115.28.76.22 *
5 200 REFUSE all -- * *  115.28.145.231 *
0 0 REFUSE all -- * *  116.206.99.98 *
0 0 REFUSE all -- * *  118.89.139.150 *
0 0 REFUSE all -- * *  120.24.190.242 *
0 0 REFUSE all -- * *  120.27.35.11 *
0 0 REFUSE all -- * *  120.76.121.20 *
0 0 REFUSE all -- * *  120.76.176.146 *
0 0 REFUSE all -- * *  121.42.205.30 *
0 0 REFUSE all -- * *  128.199.230.172 *
0 0 REFUSE all -- * *  129.121.176.193 *
0 0 REFUSE all -- * *  129.121.177.200 *
0 0 REFUSE all -- * *  131.153.37.2 *
0 0 REFUSE all -- * *  134.209.24.249 *
0 0 REFUSE all -- * *  146.71.77.134 *
0 0 REFUSE all -- * *  146.71.77.244 *
0 0 REFUSE all -- * *  149.56.166.65 *
9 360 REFUSE all -- * *  150.129.80.99 *
0 0 REFUSE all -- * *  156.67.219.114 *
4 184 REFUSE all -- * *  164.160.91.13 *
0 0 REFUSE all -- * *  169.149.241.235 *
0 0 REFUSE all -- * *  173.254.56.27 *
0 0 REFUSE all -- * *  174.139.160.125 *
0 0 REFUSE all -- * *  178.128.68.151 *
0 0 REFUSE all -- * *  181.188.3.211 *
0 0 REFUSE all -- * *  183.111.174.4 *
8 344 REFUSE all -- * *  184.168.27.194 *
8 344 REFUSE all -- * *  184.168.152.134 *
0 0 REFUSE all -- * *  184.168.152.135 *
0 0 REFUSE all -- * *  184.168.152.136 *
0 0 REFUSE all -- * *  184.168.193.24 *
0 0 REFUSE all -- * *  185.2.4.27 *
0 0 REFUSE all -- * *  185.153.221.146 *
0 0 REFUSE all -- * *  185.234.217.206 *
17 744 REFUSE all -- * *  185.234.217.207 *
0 0 REFUSE all -- * *  185.234.217.218 *
0 0 REFUSE all -- * *  185.234.218.33 *
0 0 REFUSE all -- * *  188.214.30.6 *
7 280 REFUSE all -- * *  190.148.78.87 *
0 0 REFUSE all -- * *  192.169.189.40 *
0 0 REFUSE all -- * *  192.185.82.99 *
0 0 REFUSE all -- * *  192.185.128.168 *
0 0 REFUSE all -- * *  193.169.254.89 *
0 0 REFUSE all -- * *  194.113.106.11 *
0 0 REFUSE all -- * *  194.113.106.125 *
0 0 REFUSE all -- * *  197.210.227.131 *
0 0 REFUSE all -- * *  197.210.227.253 *
0 0 REFUSE all -- * *  198.57.247.197 *
0 0 REFUSE all -- * *  198.71.228.60 *
0 0 REFUSE all -- * *  198.100.148.23 *
0 0 REFUSE all -- * *  201.34.113.96 *
0 0 REFUSE all -- * *  209.18.90.150 *
0 0 REFUSE all -- * *  210.5.50.137 *
0 0 REFUSE all -- * *  211.13.204.1 *
1 40 REFUSE all -- * *  212.58.102.131 *
0 0 REFUSE all -- * *  216.218.189.80 *
8 320 REFUSE all -- * *  221.235.184.110 *

Last updated Sun Mar 24 11:50:42 2019