TPI-Abuse
2024-12-06 14:14:21
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.164.140.22 (servicos.cet.netfast.com.br): 1 ... show more (mod_security) mod_security (id:210730) triggered by 45.164.140.22 (servicos.cet.netfast.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 09:14:14.963613 2024] [security2:error] [pid 2352:tid 2352] [client 45.164.140.22:59762] [client 45.164.140.22] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gamepart.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gamepart.com"] [uri "/home/tancedi1/gamepart.com"] [unique_id "Z1MGtldJiHjFHhbVl5GWdgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
sefinek.net
2024-11-12 00:21:14
(2 months ago)
Blocked by UFW (TCP on port 22).
Source port: 57236
TTL: 40
Packet length: 60<br / ... show more Blocked by UFW (TCP on port 22).
Source port: 57236
TTL: 40
Packet length: 60
TOS: 0x00
This report (for 45.164.140.22) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less
Port Scan
Brute-Force
SSH
Anonymous
2024-08-04 16:25:30
(5 months ago)
Ports: 25,587,465; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
10dencehispahard SL
2024-06-03 19:00:03
(7 months ago)
Unauthorized login attempts [ spamlogs]
Brute-Force
nyuuzyou
2024-05-31 01:39:29
(7 months ago)
{"action": "connection", "dest_ip": "0.0.0.0", "dest_port": "22", "server": "ssh_server", "src_ip": ... show more {"action": "connection", "dest_ip": "0.0.0.0", "dest_port": "22", "server": "ssh_server", "src_ip": "45.164.140.22", "src_port": "58432", "timestamp": "2024-05-31T01:38:34.492003"} show less
Brute-Force
SSH
lp
2024-05-30 04:54:04
(7 months ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 45.164.140.22
2024-05-30T04:02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 45.164.140.22
2024-05-30T04:02:09+02:00 vpn Access-Reject 'landladmin' station: 45.164.140.22 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less
Brute-Force
Web App Attack
Anonymous
2024-03-17 23:15:26
(9 months ago)
Ports: 25,465,587; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
unhfree.net
2024-03-14 03:11:01
(10 months ago)
Mar 13 23:53:01 canopus postfix/smtpd[1690343]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 5 ... show more Mar 13 23:53:01 canopus postfix/smtpd[1690343]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 14 00:09:01 canopus postfix/smtpd[1710620]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 14 01:18:29 canopus postfix/smtpd[1725884]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 14 02:45:29 canopus postfix/smtpd[1737293]: NOQUEUE: reject: RCPT from unkno
... show less
Brute-Force
Exploited Host
TPI-Abuse
2024-03-10 19:31:07
(10 months ago)
(mod_security) mod_security (id:217291) triggered by 45.164.140.22 (servicos.cet.netfast.com.br): 1 ... show more (mod_security) mod_security (id:217291) triggered by 45.164.140.22 (servicos.cet.netfast.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 10 15:31:01.918024 2024] [security2:error] [pid 17681] [client 45.164.140.22:48086] [client 45.164.140.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(\\\\n|\\\\r)" at ARGS_NAMES:\\r\\nfromwhere. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||killeramps.com|F|2"] [data "Matched Data: \\x0d found within ARGS_NAMES:\\x5cr\\x5cnfromwhere: \\x0d\\x0afromwhere"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "killeramps.com"] [uri "/g12contact.php"] [unique_id "Ze4KdWCnI2Lt7Jg_krdhhAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
unhfree.net
2024-03-05 07:22:38
(10 months ago)
Mar 5 03:56:39 canopus postfix/smtpd[3000592]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 5 ... show more Mar 5 03:56:39 canopus postfix/smtpd[3000592]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 5 05:38:23 canopus postfix/smtpd[3010673]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 5 06:00:07 canopus postfix/smtpd[3048287]: NOQUEUE: reject: RCPT from unknown[45.164.140.22]: 554 5.7.1 <[email protected] >: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<localhost.>
Mar 5 08:11:02 canopus postfix/smtpd[3040717]: NOQUEUE: reject: RCPT from unknown[45.
... show less
Brute-Force
Exploited Host
Turu
2023-09-26 16:00:00
(1 year ago)
Phishing attack spoofing and denial of service from several points on the Internet simultaneously
Phishing
Phishing
Email Spam
Spoofing
Turu
2023-09-26 16:00:00
(1 year ago)
Phishing attack spoofing and denial of service from several points on the Internet simultaneously
Phishing
Phishing
Email Spam
Spoofing
Fusl
2023-09-25 15:31:37
(1 year ago)
received unsolicited smtp data stream:
Message-ID: <[email protected] >
Date: Mon, ... show more received unsolicited smtp data stream:
Message-ID: <[email protected] >
Date: Mon, 25 Sep 2023 06:01:35 -0500
From: <[email protected] >
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3
MIME-Version: 1.0
To: <[email protected] >
Subject: Pago asociado a su cuenta.
Content-Type: multipart/alternative;
boundary="------------030804000400060802070304"
This is a multi-part message in MIME format.
--------------030804000400060802070304
Content-Type: text/plain; charset=CP-850; format=flowed
Content-Transfer-Encoding: quoted-printable
¡Hola!Desgraciadamente, tengo que empezar nuestra conversación =
con malas noticias para usted.Hace unos meses conseguí obtener =
acceso completo a todos los dispositivos que utiliza a diario para =
navegar por Internet.Desde ese momento, empecé a controlar y hacer =
un seguimiento de todas sus actividades en la web.Deje que le cuente =
exactamente cómo lo he hecho: Hace tiempo, compré show less
Email Spam
Anonymous
2023-09-19 14:16:09
(1 year ago)
Fail2Ban - Postfix SMTP Reject - Auth Failure
Email Spam
Brute-Force
Smel
2023-08-30 22:17:07
(1 year ago)
Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -
Email Spam
Hacking
Brute-Force