Home >

Scoundrels

D --> f001ish attempts at misuse of resources


D --> via http

1 requests from 14.198.145.112
1 requests from 66.249.66.210
1 requests for/xmlrpc.php
1 requests for/.well-known/assetlinks.json

D --> via ssh

96attempts from  177.9.0.0/16
82attempts from  118.163.0.0/16
43attempts from  193.201.224.0/22
26attempts from  222.153.0.0/17
24attempts from  136.56.48.0/20
17attempts from  139.59.64.0/20
14attempts from  54.36.0.0/16
13attempts from  31.220.40.0/23
13attempts from  176.31.0.0/16
12attempts from  212.98.160.0/19
10attempts from  96.1.0.0/17
10attempts from  81.174.128.0/17
10attempts from  142.93.32.0/20
10attempts from  132.145.32.0/20
9attempts from  54.37.0.0/16
9attempts from  51.38.0.0/16
9attempts from  51.254.0.0/15
9attempts from  5.103.0.0/16
9attempts from  206.189.128.0/20
9attempts from  178.128.80.0/20
... 113 items truncated ...
174attempts on root
56attempts on admin
16attempts on test
15attempts on pi
15attempts on 1234
14attempts on support
13attempts on postgres
12attempts on oracle
11attempts on ubuntu
10attempts on 22
9attempts on user
9attempts on ftp
8attempts on git
7attempts on guest
6attempts on test1
6attempts on student
5attempts on vnc
5attempts on nagios
5attempts on jboss
5attempts on db2inst1
... 166 items truncated ..

D --> via smtp

3 attempts from 27.97.140.165
4 attempts from 45.7.42.166
4 attempts from 46.222.94.98
3 attempts from 58.123.175.106
5 attempts from 77.40.3.226
4 attempts from 84.109.225.247
4 attempts from 87.253.33.241
60 attempts from 88.201.225.137
4 attempts from 88.230.162.219
4 attempts from 89.102.12.34
4 attempts from 89.205.49.249
4 attempts from 108.46.190.14
22 attempts from 123.168.20.66
4 attempts from 125.179.100.123
4 attempts from 130.43.222.188
... 12 items truncated ..
1253 of reject: RCPT from [...]: 550 5.1.1
197 of reject: RCPT from [...]: 554 5.7.1
104 of reject: RCPT from [...]: 550 5.7.1
70 of reject: RCPT from [...]: 450 4.1.8
60 of warning: numeric domain name in resource data of MX record for [...]
36 of Client host [...] blocked using bl.spamcop.net;
16 of Client host [...] blocked using cbl.abuseat.org;
12 of warning: unknown[123.168.20.66]: SASL PLAIN authentication failed: Connection lost to authentication server
10 of warning: unknown[123.168.20.66]: SASL PLAIN authentication failed:
10 of warning: TLS library problem: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960:
9 of Received-SPF: softfail
6 of warning: malformed domain name in resource data of MX record for [...]
6 of Received-SPF: permerror
5 of warning: unknown[77.40.3.226]: SASL PLAIN authentication failed:
5 of warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
... 4 items truncated ..

D --> blacklisted

The first set are ranges blacklisted by hand
pkts bytes target prot opt in out source destination
48 2604 REFUSE all -- * * 222.176.0.0/12 0.0.0.0/0
410 26432 REFUSE all -- * *  58.192.0.0/11 *
1 40 REJECT all -- * *  106.13.0.0/18 * reject-with icmp-port-unreachable
162 7548 REFUSE all -- * *  111.72.0.0/13 *
250 15047 REFUSE all -- * *  111.192.0.0/12 *
1 40 REFUSE all -- * *  118.24.0.0/15 *
127 5206 REFUSE all -- * *  125.64.0.0/11 *
636 43294 REFUSE all -- * *  221.224.0.0/13 *
2 100 REFUSE all -- * *  222.128.0.0/12 *

These were blacklisted automatically by triggering a trap
4 192 REFUSE all -- * *  5.43.69.221 *
0 0 REFUSE all -- * *  5.196.89.62 *
1 52 REFUSE all -- * *  14.198.145.112 *
0 0 REFUSE all -- * *  31.170.167.36 *
0 0 REFUSE all -- * *  39.52.14.127 *
0 0 REFUSE all -- * *  41.220.128.10 *
0 0 REFUSE all -- * *  42.51.34.174 *
6 288 REFUSE all -- * *  43.242.135.130 *
0 0 REFUSE all -- * *  43.242.135.130 *
10 424 REFUSE all -- * *  45.122.220.167 *
0 0 REFUSE all -- * *  46.105.29.207 *
0 0 REFUSE all -- * *  47.104.104.123 *
0 0 REFUSE all -- * *  49.37.206.250 *
58 2928 REFUSE all -- * *  51.83.107.36 *
0 0 REFUSE all -- * *  58.181.114.38 *
0 0 REFUSE all -- * *  61.160.247.137 *
0 0 REFUSE all -- * *  65.39.211.246 *
0 0 REFUSE all -- * *  66.23.227.211 *
0 0 REFUSE all -- * *  67.205.13.248 *
0 0 REFUSE all -- * *  69.12.86.78 *
32 1920 REFUSE all -- * *  69.27.124.170 *
0 0 REFUSE all -- * *  73.139.92.84 *
0 0 REFUSE all -- * *  74.220.215.73 *
0 0 REFUSE all -- * *  77.72.1.98 *
1 40 REFUSE all -- * *  77.113.39.158 *
9 372 REFUSE all -- * *  78.7.157.74 *
7 280 REFUSE all -- * *  78.61.195.216 *
0 0 REFUSE all -- * *  80.88.86.23 *
0 0 REFUSE all -- * *  80.99.0.22 *
0 0 REFUSE all -- * *  81.88.48.113 *
0 0 REFUSE all -- * *  82.165.85.249 *
0 0 REFUSE all -- * *  83.218.160.57 *
0 0 REFUSE all -- * *  87.116.180.17 *
0 0 REFUSE all -- * *  91.121.81.65 *
0 0 REFUSE all -- * *  91.208.99.2 *
0 0 REFUSE all -- * *  95.70.165.160 *
0 0 REFUSE all -- * *  97.97.11.138 *
0 0 REFUSE all -- * *  98.139.190.57 *
1 40 REFUSE all -- * *  103.56.250.221 *
3 120 REFUSE all -- * *  103.109.92.10 *
6 240 REFUSE all -- * *  106.52.230.133 *
11 472 REFUSE all -- * *  107.77.85.132 *
0 0 REFUSE all -- * *  108.163.175.146 *
0 0 REFUSE all -- * *  110.136.75.6 *
0 0 REFUSE all -- * *  115.28.240.215 *
4 184 REFUSE all -- * *  118.70.171.157 *
0 0 REFUSE all -- * *  119.29.4.85 *
0 0 REFUSE all -- * *  121.42.13.194 *
0 0 REFUSE all -- * *  123.25.228.195 *
7 280 REFUSE all -- * *  143.255.153.108 *
7 280 REFUSE all -- * *  143.255.154.181 *
0 0 REFUSE all -- * *  151.80.102.165 *
0 0 REFUSE all -- * *  156.204.106.163 *
0 0 REFUSE all -- * *  159.69.197.0 *
20 940 REFUSE all -- * *  170.52.107.133 *
0 0 REFUSE all -- * *  176.248.102.42 *
0 0 REFUSE all -- * *  179.189.101.227 *
12 568 REFUSE all -- * *  181.48.67.242 *
0 0 REFUSE all -- * *  181.75.3.238 *
0 0 REFUSE all -- * *  184.168.224.163 *
0 0 REFUSE all -- * *  185.2.4.34 *
0 0 REFUSE all -- * *  185.182.59.23 *
0 0 REFUSE all -- * *  185.234.217.9 *
0 0 REFUSE all -- * *  188.226.129.20 *
0 0 REFUSE all -- * *  189.127.18.164 *
0 0 REFUSE all -- * *  193.201.224.213 *
0 0 REFUSE all -- * *  193.201.224.220 *
0 0 REFUSE all -- * *  196.195.255.2 *
2 112 REFUSE all -- * *  197.50.5.212 *
10 400 REFUSE all -- * *  198.27.67.17 *
0 0 REFUSE all -- * *  198.54.114.14 *
0 0 REFUSE all -- * *  198.100.144.166 *
2 120 REFUSE all -- * *  198.245.61.119 *
0 0 REFUSE all -- * *  210.212.251.166 *
0 0 REFUSE all -- * *  213.32.55.100 *
0 0 REFUSE all -- * *  216.189.15.251 *
0 0 REFUSE all -- * *  220.133.18.147 *

Last updated Sun May 19 11:51:08 2019