Arrival Time: Sep 17, 2023 08:22:45.284702000 Pacific Daylight Time
SSH ATTEMPT
TCP SPORT 47322 DP ...
show moreArrival Time: Sep 17, 2023 08:22:45.284702000 Pacific Daylight Time
SSH ATTEMPT
TCP SPORT 47322 DPORT 28 PALO ALTO HIGH AVAILABILITY SSH
show less
09/17/2023 07:27:40 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/17/2023 07:27:40 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
apparently this attack happens both when using a VPN and not using a VPN, meaning use of your own VPN is irrelevant
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
CLOWN, SAME ATTACK 24 TIMES BETWEEN
Arrival Time: Sep 16, 2023 19:16:43.990010000 Pacific Daylight ...
show moreCLOWN, SAME ATTACK 24 TIMES BETWEEN
Arrival Time: Sep 16, 2023 19:16:43.990010000 Pacific Daylight Time AND
Arrival Time: Sep 16, 2023 20:46:03.959910000 Pacific Daylight Time
TCP SPORT 46254 DPORT 8443 PCSYNC-HTTPS
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
CLOWN
Arrival Time: Sep 16, 2023 20:42:29.598294000 Pacific Daylight Time
TCP SPORT 55264 DPORT 22 ...
show moreCLOWN
Arrival Time: Sep 16, 2023 20:42:29.598294000 Pacific Daylight Time
TCP SPORT 55264 DPORT 22 SSH
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
Arrival Time: Sep 16, 2023 20:16:38.020561000 Pacific Daylight Time
OBFUSCATED PORNBOT PROXY
[GET ...
show moreArrival Time: Sep 16, 2023 20:16:38.020561000 Pacific Daylight Time
OBFUSCATED PORNBOT PROXY
[GET /?q=ultrasurf HTTP/1.1\r\n]
[Full request URI: http://xvideos.com/?q=ultrasurf]
ULTRASURF allows internet users to evade government censorship and monitoring.
The software bypasses Internet censorship and firewalls using an HTTP proxy server,
and employs encryption protocols for privacy.
UltraSurf does not install any files on the user's computer and leaves no registry edits after it exits .
it leaves no trace of its use.
TCP SPORT 5805 DPORT 80
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
Arrival Time: Sep 16, 2023 14:11:40.334209000 Pacific Daylight Time
OBFUSCATED PORNBOT PROXY
[GET ...
show moreArrival Time: Sep 16, 2023 14:11:40.334209000 Pacific Daylight Time
OBFUSCATED PORNBOT PROXY
[GET /?q=ultrasurf HTTP/1.1\r\n]
[Full request URI: http://xvideos.com/?q=ultrasurf]
ULTRASURF allows internet users to evade government censorship and monitoring.
The software bypasses Internet censorship and firewalls using an HTTP proxy server,
and employs encryption protocols for privacy.
UltraSurf does not install any files on the user's computer and leaves no registry edits after it exits .
it leaves no trace of its use.
TCP SPORT 17431 DPORT 80
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
OBFUSCATED PORNBOT PROXY
[GET /?q=ultrasurf HTTP/1.1\r\n]
[Full request URI: http://xvideos.com/?q ...
show moreOBFUSCATED PORNBOT PROXY
[GET /?q=ultrasurf HTTP/1.1\r\n]
[Full request URI: http://xvideos.com/?q=ultrasurf]
ULTRASURF allows internet users to evade government censorship and monitoring.
The software bypasses Internet censorship and firewalls using an HTTP proxy server,
and employs encryption protocols for privacy.
UltraSurf does not install any files on the user's computer and leaves no registry edits after it exits .
it leaves no trace of its use.
TCP SPORT 17431 DPORT 80
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/16/2023 09:24:22 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/16/2023 09:24:22 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
apparently this attack happens both when using a VPN and not using a VPN, meaning use of your own VPN is irrelevant
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/16/2023 06:42:32 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/16/2023 06:42:32 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
apparently this attack happens both when using a VPN and not using a VPN, meaning use of your own VPN is irrelevant
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/14/2023 20:04:59 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/14/2023 20:04:59 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
shortly after my Hawaii VPN was giving me Great Britain search results...
this is a VPN attack
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/14/2023 05:03:29 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/14/2023 05:03:29 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE
shortly after my Hawaii VPN was giving me Great Britain search results...
this is a VPN attack
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/13/2023 07:54:34 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/13/2023 07:54:34 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
apparently this is a VPN attempt also, here is more information
SonicWall GVC works from certain locations and this error message only shows up when you are behind certain NAT device. There are two possible scenarios. NAT device is blocking IKE traffic from SonicWall GVC (Vista OS) since it is not using defined UDP source port (500) for IKE. This is currently only a problem with GVC running on Vista.
show less
DNS CompromiseDNS PoisoningFraud OrdersDDoS AttackFTP Brute-ForcePing of DeathPhishingFraud VoIPOpen ProxyWeb SpamEmail SpamBlog SpamVPN IPPort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App AttackSSHIoT Targeted
09/13/2023 08:10:31 PST
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 113
ET TOR Kno ...
show more09/13/2023 08:10:31 PST
ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 113
ET TOR Known Tor Exit Node Traffic group 113
ET 3CORESec Poor Reputation IP group 3
TCP SPORT 33244 DPORT 1080
note, this occurred right after attack from 193.34.212.225 at 09/13/2023 07:54:34
show less
HackingSpoofingBrute-ForceBad Web BotExploited Host
09/13/2023 07:54:34 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauth ...
show more09/13/2023 07:54:34 PST
SCUMBAG
Attempted Administrator Privilege Gain
SERVER-WEBAPP Zyxel unauthenticated IKEv2
command injection attempt
List of IPs performing same attack...
64.112.74.166 x
141.207.209.233 x
38.45.217.142 x
38.45.217.150 x
109.207.200.47 x
109.207.200.44 x
213.109.84.253
add one to the list 193.34.212.225
UDP SPORT 500 DPORT 500
show less
FTP Brute-ForcePort ScanHackingSQL InjectionSpoofingBrute-ForceBad Web BotExploited HostWeb App Attack
09/09/2023 19:35:38 PST
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer ...
show more09/09/2023 19:35:38 PST
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
...NOTE received same attack from 198.97.190.53 at the very same second DPORT 41947...
TCP SPORT 53 DPORT 48131
show less
09/09/2023 19:35:38 PST
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer ...
show more09/09/2023 19:35:38 PST
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
...NOTE received same attack from 199.7.83.42 at the very same second DPORT 48131...
TCP SPORT 53 DPORT 41947
show less
08/28/2023 08:39:32 PST
EXPLOITED HOST h.root-servers.net
Attempted User Privilege Gain
PROTOCOL- ...
show more08/28/2023 08:39:32 PST
EXPLOITED HOST h.root-servers.net
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
TCP SPORT 53 DPORT 17261
show less
08/22/2023 12:27:19 PST
EXPLOITED HOST f.gtld-servers.net
Attempted User Privilege Gain
PROTOCOL- ...
show more08/22/2023 12:27:19 PST
EXPLOITED HOST f.gtld-servers.net
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
UDP SPORT 53 DPORT 44557
show less
08/21/2023 21:47:00 PST
EXPLOITED HOST h.root-servers.net
Attempted User Privilege Gain
PROTOCOL- ...
show more08/21/2023 21:47:00 PST
EXPLOITED HOST h.root-servers.net
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
UDP SPORT 53 DPORT 1512
show less
08/21/2023 11:26:12 PST
Attempted Denial of Service
PROTOCOL-DNS DNS query amplification attempt
...
show more08/21/2023 11:26:12 PST
Attempted Denial of Service
PROTOCOL-DNS DNS query amplification attempt
UDP SPORT 18398 DPORT 18398
show less
08/21/2023 11:26:37 PST
SCUMBAG
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessi ...
show more08/21/2023 11:26:37 PST
SCUMBAG
Attempted User Privilege Gain
PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
UDP SPORT 53 DPORT 33815
show less
08/21/2023 10:13:03 PST
Attempted Denial of Service
PROTOCOL-DNS DNS query amplification attempt
...
show more08/21/2023 10:13:03 PST
Attempted Denial of Service
PROTOCOL-DNS DNS query amplification attempt
UDP SPORT 10224 DPORT 53
show less