+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Opšte teme (https://bezbedanbalkan.net/forum-1.html)
+--- Forum: Honeypots (https://bezbedanbalkan.net/forum-37.html)
+--- Thread: Honeypot za balkanske IP adrese (/thread-37.html)
RE: Honeypot za balkanske IP adrese - 1van - 02-17-2023
I da dodam izgleda da traži IoT uređaje. Google: "ANKO Products DVR root/anko Mirai".
RE: Honeypot za balkanske IP adrese - 1van - 03-11-2023
Detektovan novi uporni 194.152.206.17, zemlja Hrvatska, provajder: Hrvatski Telekom.
Quote:Mar 7 11:25:35 base sshd[16332]: Invalid user nadia from 194.152.206.17 port 45460
Mar 7 11:27:01 base sshd[16428]: Invalid user deqingfu from 194.152.206.17 port 17310
Mar 7 11:28:14 base sshd[16498]: Invalid user mohsen from 194.152.206.17 port 64688
Mar 7 11:29:29 base sshd[16579]: Invalid user monstruola from 194.152.206.17 port 55150
Mar 7 11:30:44 base sshd[16679]: Invalid user maucosta from 194.152.206.17 port 35638
AbuseIPDB: https://www.abuseipdb.com/check/194.152.206.17
RE: Honeypot za balkanske IP adrese - 1van - 03-15-2023
Prateći tragove iz ove teme (https://www.abuseipdb.com/check-block/79.101.45.94/24) indetifikovao sam IP (79.101.45.94) koja je prilično aktivna sa malicioznim aktivnostima. Provajder Telekom, uređaj Mikrotik (https://www.shodan.io/host/79.101.45.94).
RE: Honeypot za balkanske IP adrese - 1van - 03-15-2023
Prateći tragove iz ove teme indetifikovao sam IP (212.57.43.75) koja je prilično aktivna sa malicioznim aktivnostima. Provajder Astra Telekom / Telekom Srbija, uređaj najverovatnje Mikrotik (https://www.shodan.io/host/212.57.43.75).
AbuseIPDB: https://www.abuseipdb.com/check/212.57.43.75
RE: Honeypot za balkanske IP adrese - 1van - 03-15-2023
Prateći tragove iz ove teme indetifikovao sam IP (95.140.126.82) koja je prilično aktivna sa malicioznim aktivnostima. Provajder Orion Telekom.
AbuseIPDB: https://www.abuseipdb.com/check/95.140.126.82
RE: Honeypot za balkanske IP adrese - 1van - 03-21-2023
Evo još jednog upornog sa napadima, IP: 194.152.206.17, zemlja Hrvatska, provajder Hrvatski Telekom: https://www.abuseipdb.com/check/194.152.206.17.
Quote:Mar 21 06:37:18 base sshd[15493]: Invalid user timofej from 194.152.206.17 port 58381
Mar 21 06:40:11 base sshd[16267]: Invalid user gabdul from 194.152.206.17 port 48215
Mar 21 06:41:22 base sshd[16331]: Invalid user sakhab from 194.152.206.17 port 40053
Mar 21 06:42:34 base sshd[16368]: Invalid user marya from 194.152.206.17 port 33476
Mar 21 06:43:46 base sshd[16491]: Invalid user adelzyan from 194.152.206.17 port 43891
RE: Honeypot za balkanske IP adrese - 1van - 04-14-2023
Evo još jednog upornog sa napadima, IP: 194.152.214.252 zemlja Hrvatska, provajder Hrvatski Telekom: https://www.abuseipdb.com/check/194.152.214.252
Quote:Apr 1 00:11:02 base sshd[26869]: Invalid user remote from 194.152.214.252 port 37809
Apr 1 00:15:20 base sshd[27017]: Invalid user redmine from 194.152.214.252 port 44865
Apr 1 00:17:47 base sshd[27138]: Invalid user pluto from 194.152.214.252 port 27557
Apr 1 00:20:06 base sshd[27269]: Invalid user hadoop from 194.152.214.252 port 31241
Apr 1 00:22:21 base sshd[27384]: Invalid user jeffrey from 194.152.214.252 port 48876
RE: Honeypot za balkanske IP adrese - 1van - 08-28-2023
SMB CRAWLER: https://viz.greynoise.io/ip/79.101.33.190, Provider: TELEKOM SRBIJA (79-101-33-190.static.isp.telekom.rs).
AbuseIPDB: https://www.abuseipdb.com/check/79.101.33.190.
RE: Honeypot za balkanske IP adrese - 1van - 08-29-2023
MIRAI, IP: 93.87.46.178, Provajder: Telekom Srbija
https://viz.greynoise.io/ip/93.87.46.178
https://threatbook.io/ip/93.87.46.178
https://www.abuseipdb.com/check/93.87.46.178
RE: Honeypot za balkanske IP adrese - 1van - 09-02-2023
Scanner: 93.87.59.88, provajder Telekom Srbija. SUR ELITE, Kladovo je vlasnik IP adrese.
https://www.abuseipdb.com/check/93.87.59.88
https://threatbook.io/ip/93.87.59.88
https://viz.greynoise.io/ip/93.87.59.88
https://www.shodan.io/host/93.87.59.88
https://whois.domaintools.com/93.87.59.88