12897070056: 2017

Thursday, November 23, 2017

uMatrix Pannel

uMatrix Pannel
View of
https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys

Here is what uBlock captures

23:01:15			image	https://static.slickdealscdn.com/images/header/footerGooglePlayBtn.png
23:01:15			image	https://static.slickdealscdn.com/images/header/footerAppStore.png
23:01:15			image	https://static.slickdealscdn.com/images/header/logo.png
23:01:15			image	https://static.slickdealscdn.com/attachment/5/3/6/1/0/7/5/160x160/4571687.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/5/6/3/8/6/7/3/160x160/5306412.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/5/6/3/8/6/7/3/160x160/5333600.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/5/6/3/8/6/7/3/160x160/5346716.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/5/3/6/0/2/1/3/160x160/3439369.thumb
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/75x38/7416.png?5593
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/75x38/8536.png?5593
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/75x38/370.png?5593
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/75x38/20572.png?5593
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/75x38/480.png?5593
23:01:15			image	https://static.slickdealscdn.com/attachment/avatar/6/3/5/4/7/1/25x25/avatar.normal?dateline=1408591769
23:01:15			image	https://static.slickdealscdn.com/attachment/avatar/4/1/7/6/4/0/150x150/avatar.normal?dateline=1408586196
23:01:15			image	https://static.slickdealscdn.com/images/avatar/sd/redesign/Android.png
23:01:15			image	https://static.slickdealscdn.com/images/avatar/sd/redesign/Star.png
23:01:15			image	https://static.slickdealscdn.com/images/avatar-150.png
23:01:15			image	https://static.slickdealscdn.com/attachment/avatar/3/3/7/3/7/9/8/150x150/avatar.normal?dateline=1408607527
23:01:15			image	https://static.slickdealscdn.com/attachment/avatar/6/3/5/4/7/1/150x150/avatar.normal?dateline=1408591769
23:01:15			image	https://static.slickdealscdn.com/images/slickdeals/storelogo/100x50/480.png?5593
23:01:15			image	https://static.slickdealscdn.com/attachment/1/2/1/8/5/8/4/4/320x320/6131807.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/5/1/1/1/5/8/9/320x320/6140587.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/6/0/1/0/8/7/2/320x320/6227127.thumb
23:01:15			image	https://static.slickdealscdn.com/attachment/6/0/1/0/8/7/2/320x320/6304631.thumb
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-nike.png
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-kids-clothing.png
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-amazon.png
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-apple.png
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-home-improvement.png
23:01:15			image	https://static.slickdealscdn.com/images/dealalerts/1click-deal-alert-image-travel.png
23:01:15			image	https://static.slickdealscdn.com/images/header/megaPostADeal.jpg
23:01:15			image	https://static.slickdealscdn.com/images/header/megaDealAlerts.jpg
23:01:15			image	https://static.slickdealscdn.com/images/header/2017_black_friday_img.png
23:01:13	\|\|crsspxl.com^$third-party	--	script	https://tag.crsspxl.com/s1.js?d=1375&cb=1511582473162
23:01:12	\|\|facebook.com/tr/?	--	image	https://www.facebook.com/tr/?id=753271888053840&ev=PixelInitialized&dl=https%3A%2F%2Fslickdeals.net%2Ff%2F10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys&rl=https%3A%2F%2Fwww.reddit.com%2Fr%2Fpihole%2Fcomments%2F7f0war%2Fsome_links_close_as_soon_as_i_open_them%2F&if=false&ts=1511582472173
23:01:12	\|\|facebook.com/tr/?	--	image	https://www.facebook.com/tr/?id=343695756083210&ev=PixelInitialized&dl=https%3A%2F%2Fslickdeals.net%2Ff%2F10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys&rl=https%3A%2F%2Fwww.reddit.com%2Fr%2Fpihole%2Fcomments%2F7f0war%2Fsome_links_close_as_soon_as_i_open_them%2F&if=false&ts=1511582472172
23:01:12			script	https://connect.facebook.net/en_US/fbds.js
23:01:02	\|\|quantserve.com^	--	script	https://secure.quantserve.com/quant.js
23:01:01	\|\|amazon-adsystem.com^	--	script	https://c.amazon-adsystem.com/aax2/apstag.js
23:00:56			image	https://static.slickdealscdn.com/attachment/6/3/5/4/7/1/50x50/6272327.thumb
23:00:56			image	https://static.slickdealscdn.com/attachment/6/3/5/4/7/1/50x50/6272323.thumb
23:00:54			css	https://css.slickdealscdn.com/min/5593/g=css&style=14&n=global-desktop%2Cnon-criticalBase%2CdealDetail-deferred%2Cdeal-details%2Fdeal-details-expired-deal-alert-modal-desktop
23:00:53	##.variableHeightAd		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	##.injectedAd		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	##.adunit		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	##.ad		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	##.ADbox		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	###bottomDDAd		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:53	###Ad-Container		dom	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:47	/b/ss/*/js-	--	xhr	https://slickdeals.sc.omtrdc.net/b/ss/slickdealsproduction/1/JS-1.6.1-D7QN/s13867746953250
23:00:45	\|\|omtrdc.net^$third-party	--	xhr	https://slickdeals.tt.omtrdc.net/m2/slickdeals/mbox/json?screenHeight=1080&screenWidth=1920&colorDepth=24&browserWidth=1432&browserHeight=944&browserTimeOffset=-300&mboxPage=eefc304404c7404a8e7318c9b0a5e385&mboxVersion=0.9.4&mboxHost=slickdeals.net&mboxURL=https%3A%2F%2Fslickdeals.net%2Ff%2F10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys&mboxReferrer=https%3A%2F%2Fwww.reddit.com%2Fr%2Fpihole%2Fcomments%2F7f0war%2Fsome_links_close_as_soon_as_i_open_them%2F&mboxSession=b847cdaf1dd94eef960dd4fb121f2e09&mboxPC=&mboxTime=1511564445368&mbox=GroceryStoreLink&mboxCount=1
23:00:44	\|\|googleadservices.com^	--	script	https://www.googleadservices.com/pagead/conversion_async.js
23:00:44			script	https://slickdeals.net/dtm/50/c892f1eac160eb3408344e556adf4907856f9e5d/s-code-contents-d6ea987a8569dff1e793a4d74add837133983eb1.js
23:00:44			script	https://slickdeals.net/dtm/50/c892f1eac160eb3408344e556adf4907856f9e5d/scripts/satellite-591f6f5d64746d20c6008d92.js
23:00:44	/bk-coretag.js	--	script	https://tags.bkrtx.com/js/bk-coretag.js
23:00:44			image	https://static.slickdealscdn.com/images/misc/backlink.gif
23:00:44			image	https://static.slickdealscdn.com/attachment/6/3/5/4/7/1/6272323.attach
23:00:44			image	https://static.slickdealscdn.com/blog/wp-content/uploads/2017/11/kohls-logo-desktop.png?5593
23:00:44			image	https://static.slickdealscdn.com/blog/wp-content/uploads/2017/11/blackfriday_2017-4.png?5593
23:00:44			image	https://static.slickdealscdn.com/images/slickdeals/blank.gif
23:00:44			image	https://static.slickdealscdn.com/images/header/slickdealsLogo.png?5593
23:00:44	\|\|heapanalytics.com^$third-party	--	script	https://cdn.heapanalytics.com/js/heap-4023737901.js
23:00:44	\|\|go-mpulse.net^$third-party	--	script	https://c.go-mpulse.net/boomerang/L9K7V-B7NKU-2DCCF-3D569-JLBFW
23:00:44	\|\|stats.g.doubleclick.net^	--	script	https://stats.g.doubleclick.net/dc.js
23:00:44	googletagservices.com/gpt.js	<<	script	https://www.googletagservices.com/tag/js/gpt.js
23:00:44	\|\|googletagservices.com/tag/js/gpt.js$script	--	script	https://www.googletagservices.com/tag/js/gpt.js
23:00:44	\|\|adnxs.com^	--	script	https://acdn.adnxs.com/prebid/c/7084/pb.js
23:00:44			script	https://slickdeals.net/dtm/50/c892f1eac160eb3408344e556adf4907856f9e5d/scripts/satellite-59d2c7bc64746d3ec0000ad6.js
23:00:44			script	https://slickdeals.net/dtm/50/c892f1eac160eb3408344e556adf4907856f9e5d/scripts/satellite-58ff66a964746d1237006a96.js
23:00:43	\|\|demdex.net^	--	script	https://dpm.demdex.net/id?d_visid_ver=1.5.7&d_rtbd=json&d_ver=2&d_orgid=2651F28B5550A1500A4C98A5%40AdobeOrg&d_nsid=0&d_mid=08590000298304310765427264238210408498&d_cb=s_c_il%5B0%5D._setAudienceManagerFields
23:00:43	\|\|googleadservices.com^	--	script	https://www.googleadservices.com/pagead/conversion_async.js
23:00:43			script	https://slickdeals.net/forums/userstyles.php?uniq=eF7tWmtv2zYU_SuCsAF7RLHej3zLkhUdkHRBUuzL3Bm0TNlCZFET6XhZkf--e2nLFKXOcey0AZoCgYPLN6XDc8-94keTCPPEnAlRnQwHwwEv8vR2QknBj0sqhoNsOHDsOHbCMLL4nBSFRaqqyEmZUm6li5znJamFNSPlxJrn_9DaCqy_hTWmRUGsqmbTmsznZFxQixdsaaWM3UKbVXXN0lsKbQtaTqBwzmpqxRYl6cwimYASx7VqOiaCWllNYQSBLSpY4KKyiLDmJL3n5pFZ04zWtF5vg8t9LJfL45pOJrk4Ttl8OKiHgyqfsYIOB2DPaSn4cBBl9pJADWdzOiry8paP0oJxOiJ8xBkr8X8-YhUtR2JGYZRmMphttFjkE5jS8zPPSRx_4iSB49Bo7EZhQgLPD9Iw8scEuoh8Trkg88o8caBNELu-7x6ZWQ4LHG0WL-oFxb2QYlX2BXc0oTyfludEEPPkozk2T-wjs4TFHpl38ncK5eYfjmEZ7-gSNkTGiJksTeAvDbPYjf04jcZj36aB49p0HPpjLzYfcI_llNZXdV5CDxiV3-bVNV3Nd01TVk-ggXmy2ntJlzeU85zB3BkgcFV0VuTwttolp0LU-Xgh2g0n9C5P6UjcV3SE7wVWzWcEHjDuiIzfwwvg5smfH83YwRL56hw3jORuRgKqZTeshheGZknmFAreUCIWMI4hD4VRkSmF5-A5tpdAyztar9Zr2mBVjOerVcHYYPO0zit8VDhLAfiH9w17vxUMoGDiTE2pwCOCLXGYpnDOxnmBa5Bjw8SjOeG3YP91_NN3OLyAo3A_WnCJfWyUAnwE7tlEoLmJHXhYDOCrm8HhrDXTpCK_w-FxIbV6GXKkO1Is6Mhe164seHKtOlezPM3yNSvQrFCzIs2KNSvRLMSgWhmAtGWlmtVscLXq5gGurGzdMudwruFRjdhihcxpzRbVqFzMx-unCeiNYf8KK14PK7icNlbOACe5MFJST4zrs0uDlUZWs1JsUGPbfrwNNQipFwaNkyROIsH7DTTNMXgSaCKAewMaJwi7oIFqHTSX8pQbSzo2ssq484Bd3MRxkZn-l10QinvgpM04G3LBwieTi-2HbuK7z0wuCLvVMUVywU2urK-SXKKWI3Jcv4eTriM6B_9jnFNBcnBDdxHCJEoS-ZA2TgitthNCrD0XTvZyQrbnu54fSrwewieK-NEJ4aNROFGo-SpxAhplwyd2gJvVBIuUMJoTmtH0Fr1aGxjykCt1gk7ouXCxH384tgt6Gdnxs-FCYQZxoTDTFyeqri9OVF1fnKi6vjhRdX1xour64gTrdhInAaxn42ckE2u4gGodF6eTifFbaVzkJTXes8o4A73DSm5csskC_A9olTdXklSCWFe2-JLapIIr3AM8z6dsJal40Wclla8cPL5yPgGo3A52oFbHzhXjwiDgfUih0UoHGvI4v2DM48fAKREE199opR0doXzdhVYcjNhBiTS04srgUWMVqVM0bwPx5pTV90YT1Wv4QP3Rog53z_jmk7p1Hz3iA9ht3wmkLjpEjygG7-sRVdf3O6oOg2Ld7ygLg2Ld7ygLg2Ld7ygLg2Ld7yhLJgU2uqkJ-1VQvDtAYFeN3-lTh4us3AbIec6rgtwb3xssy9DLQCbNeINRMQYdW9XrfmzyfGDxwceEkM07FCy7i1cV8jwmUpToRbCofo-JFNUPwaL6PSZSVD9kE-z3mEjxJJu0gpwAH6TOJl0_c1pDSgvECCZPMGW3TcNKpG28DZ-xpZhB-muCk3zhXJvvxa7jJVKKH0QrOlKUheHwNlpRLfu5tm20ovr1c23baEX16-faVL-n-Z1Wri1BftaR0k21vWV1_i-QCMTEABYNJwjVttPRMrH74OSTjNINe-Snkh-Gw8nPP0oUbEnN-n6URF50OFy2eaFtAlb3QqolRj-7w2WbF1JjIrFs80Kq5a5ZNilTnFZU7PWCYqjVvdDNr5fGxdVGpDxOLjKz9XQpuxNUPpm-x56t9L3vJrEX-dHBEfIrViqQXtgoFa-XiJXJh7ZSWSdiPeP0lz4-ukHwF8dH5_OO7zl-aLvhwfhQjh2VrJ6B1TNrykJxoix0OcpCDtHFibJQnCgLXY6yMIOiixNlIYcoC12OslDJ6uIErcfEiSs5RGXqXZmi1FwO1HY4BD8_G1f4AbCnTTqBjuSfF6UPSM9Dctg9OBJ-zfTR0q79SNjpatcmAIY4BzNpcCFC5kualP22vMmLowWcjRvAdYVD9esrRotKm3i9bzndpMk1K-C2ydRwfeMtW9TGe7ggAjExXDgwMlZL2HAjL2Wa9obCZ3oIm2V-dpvOlS_vBRWLl8B1gyD0D07LvmIQqdRK0ANRN7FyQ0mdzkDS8kUhuHFB7uGjj6SdG-moLtiU8b6n6kRHz_mFsBsS7aRzIR0XurZzcJLl1aLm4QN86Mvh6pSAVOzqjpMMpZv7S0gaeC0KdNImR4uZmVabjp9at9ZKoYcE53rUt0wgO-UpN97ANTY1xTnNCODRfMBlpQu4sje_oeurV2uB_bu8EvUORgCKW5dJQfXw4eHhP8VOC9w&pv=34f3bf4ad19511e7b2769a5345c674ba&au=766579b4d0b411e78d8e42e834a7e014
23:00:43	\|\|adnxs.com^	--	script	https://acdn.adnxs.com/prebid/c/7084/pb.js
23:00:43			script	https://slickdeals.net/scripts/bundles/deal-details.js?5593
23:00:43			script	https://static.slickdealscdn.com/attachment/scripts/dtm/c892f1eac160eb3408344e556adf4907856f9e5d/satelliteLib-9e56d9738bad4a2ae2ab51ebe156481ca119b94b.js?50
23:00:43			script	https://slickdeals.net/min/5593/g=js&n=at
23:00:43			inline-script	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
23:00:43			doc	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys
	https://slickdeals.net/f/10881667-small-appliances-cuisinart-hand-mixer-5-qt-bella-programmable-slow-cooker-bella-rocket-blender-more-8-each-after-12-rebate-free-store-pickup-at-macys

Friday, October 13, 2017

What's all this fuss about Coin Hive

I took a couple of picks from a site that delivers Coin Hive to your browser in an ethical way so I took a couple of picks of the resource's it was using to share with whomever is interested.

One thing I must say though is I think he should throttle down the CPU usage if at all possible.

Also I would much rather support a web site with Coin Hive than with ads.

This was how I started Coin Hive and can view my contribution to the site:

This is a view of Chrome's task manger:

This is a view of Windows resource Monitor:

Friday, October 6, 2017

Easy update LEDE Reboot 17.01.3 with opkg script

Update 03/11/2019:This script also works on Firmware Version Openwrt 18.06.2

Update 08/01/2018:This script also works on Firmware Version Openwrt 18.06.1

This script also works on Firmware Version LEDE Reboot

17.01.0,17.01.1, 17.01.2, 17.01.3, 17.01.4, 17.01.5, 17.01.6

Easy update LEDE Reboot 17.01.3 with opkg script

Warning: Make sure you have space to hold all the updates ---OpenWRT will not check---

I suggest only doing this if you have EXTroot running with lots of space . (Wiki Link)

You may brick your router

First things first although this should work on any router running LEDE 17.01.2 to 17.01.3 17.01.4 I am using a TP-Link TL-WDR4300 v1 So do your homework and make sure it will work for your router before attempting this. It was written for OpenWrt originally (I think ?) so should work for many routers.

I found a found a pretty cool script on GitHub written by https://github.com/tavinus and downloadable here https://github.com/tavinus/opkg-upgrade that is extremely easy to use.

Here we go: SSH into LEDE

# opkg update

# opkg install curl

# curl -k -sSL https://raw.githubusercontent.com/tavinus/opkg-upgrade/master/opkg-upgrade.sh -o ./opkg-upgrade.sh && chmod +x ./opkg-upgrade.sh && ./opkg-upgrade.sh

I did not think I needed any updates since 17.01.3 has only been recently released but here is the output.

I saved a copy of the script to pastebin just in case it disappears for whatever reason:
https://pastebin.com/0fLPngzp

Update:03/11/2019

Note:
I run the command

# echo "nameserver 1.1.1.1" | tee -a /etc/resolv.conf

To make sure the router has a proper DNS server, I have had problems in the past with this so now I just do it to save time just in case.

Tuesday, July 18, 2017

Is your ISP Rogers Canada- Unfortunately if you use Speedtest.net it is probably lying to you

Does Rogers ISP Canada cache the download test to increase SpeedTest.net test results

I have been using Pihole as a DNS server on my network for about 3 months now and love it so much that I have 2 instances running on 2 separate computers in VMware workstation,

Recently a user over at Reddit came up with an interesting project ( also Here and Here ) that uses the Pihole Web gui to perform a speed test on a regular basis.

I let the test run for about 2 days and it seems that it makes a few requests that are local to me and owned by my ISP.

Does this prove that Speedtest.net is flat out lying to you about your results, Well not really but I would be very leary about any result you get.

Thursday, May 18, 2017

My results of POC Stealing Windows Credentials Using Google Chrome

I was reading an article written by Bosko Stankovic from Defence Code Titled Stealing Windows Credentials Using Google Chrome and in it he had a POC that in theory could lead Chrome web browser to download malicious code and simply opening the folder would lead to running the malicious code.

In his article he stated that Chrome gave no warning that something was being downloaded. In my case I was warned so I sent him a email with my results, The strange thing is that in his email it seems we are running the same version of chrome --- Version 58.0.3029.110 (64-bit)

Here are my results:

Highlighting the text andd selecting go to page results:

I have made Video of my results.

Note: My poor old laptop is very slow

Note 2: Sorry about having to use Flash I don't think I have any control over the format of video used

Two Links to the authors website with different results than mine.

http://www.defensecode.com/public/Bosko/ChromeVideo1.webm
http://www.defensecode.com/public/Bosko/ChromeVideo2.webm

Sunday, May 14, 2017

May 14 IP's that my router does not like

Update to my router log 05/14/2017
I wonder if any of these IP's are related to the ransomware attacks

17 94.245.121.252
9 50.168.76.255
8 91.134.218.255
8 24.89.6.255
6 203.173.158.255
6 112.207.57.255
5 91.138.215.255
5 186.88.186.255
5 175.170.3.255
5 141.0.11.241
4 49.151.138.255
4 151.42.0.255
4 112.211.123.255
3 94.249.51.255
3 84.208.221.255
3 54.174.16.255
2 46.190.11.255
2 192.0.72.3
1 90.94.202.255
1 90.203.168.255
1 88.73.249.255
1 87.127.159.156
1 79.113.11.255
1 77.180.243.255
1 67.193.245.255
1 41.182.39.255
1 37.228.107.241
1 34.207.90.255
1 31.46.223.255
1 31.168.182.255
1 31.13.74.1
1 27.68.43.255
1 24.224.226.255
1 192.0.77.32
1 184.7.69.255
1 180.52.56.200
1 178.166.44.255
1 176.111.45.255
1 167.250.178.255
1 163.172.214.231
1 151.224.112.255
1 122.2.248.255
1 115.76.221.255
1 114.249.172.255
1 104.37.200.255

Update:
June 2 2017

14 90.191.204.255
6 79.151.8.255
5 94.245.121.252
5 192.168.1.3
4 171.76.103.255
4 112.210.212.255
3 89.143.113.255
3 36.74.106.255
3 188.55.224.255
3 156.194.108.255
2 95.18.66.255
2 94.99.174.255
2 83.216.94.255
2 27.74.180.255
2 179.181.188.255
1 90.193.106.255
1 86.137.202.255
1 49.151.138.255
1 49.146.83.255
1 46.186.161.70
1 45.46.49.255
1 31.166.108.255
1 31.154.81.19
1 27.32.160.166
1 23.206.226.183
1 186.104.64.255
1 150.107.8.255
1 1.129.96.7
1 112.211.187.255
1 104.88.48.154

{
"ip": "90.191.204.255",
"hostname": "No Hostname",
"city": "",
"region": "",
"country": "EE",
"loc": "59.0000,26.0000",
"org": "AS3249 Telia Eesti AS"
}{
"ip": "79.151.8.255",
"hostname": "No Hostname",
"city": "Badajoz",
"region": "Extremadura",
"country": "ES",
"loc": "38.8779,-6.9706",
"org": "AS3352 TELEFONICA DE ESPANA",
"postal": "06001"
}{
"ip": "94.245.121.252",
"hostname": "No Hostname",
"city": "Dublin",
"region": "Leinster",
"country": "IE",
"loc": "53.3389,-6.2595",
"org": "AS8075 Microsoft Corporation"
}{
"ip": "192.168.1.3",
"bogon": true
}{
"ip": "171.76.103.255",
"hostname": "No Hostname",
"city": "Rajajinagar",
"region": "Karnataka",
"country": "IN",
"loc": "12.9847,77.5491",
"org": "AS24560 Bharti Airtel Ltd., Telemedia Services"
}{
"ip": "112.210.212.255",
"hostname": "No Hostname",
"city": "Dauis",
"region": "Bohol",
"country": "PH",
"loc": "9.6253,123.8658",
"org": "AS9299 Philippine Long Distance Telephone Company"
}{
"ip": "89.143.113.255",
"hostname": "No Hostname",
"city": "Kranj",
"region": "Kranj",
"country": "SI",
"loc": "46.2389,14.3556",
"org": "AS5603 Telekom Slovenije d.d.",
"postal": "4000"
}{
"ip": "36.74.106.255",
"hostname": "No Hostname",
"city": "Balerejo",
"region": "East Java",
"country": "ID",
"loc": "-7.5568,111.5804",
"org": "AS17974 PT Telekomunikasi Indonesia"
}{
"ip": "188.55.224.255",
"hostname": "No Hostname",
"city": "Jeddah",
"region": "Makkah Province",
"country": "SA",
"loc": "21.5169,39.2192",
"org": "AS25019 Saudi Telecom Company JSC"
}{
"ip": "156.194.108.255",
"hostname": "No Hostname",
"city": "Omrania",
"region": "Giza",
"country": "EG",
"loc": "29.9981,31.1986",
"org": "AS8452 TE-AS"
}{
"ip": "95.18.66.255",
"hostname": "No Hostname",
"city": "Salamanca",
"region": "Castille and León",
"country": "ES",
"loc": "40.9688,-5.6639",
"org": "AS12715 Orange Espagne S.A.U.",
"postal": "37003"
}{
"ip": "94.99.174.255",
"hostname": "No Hostname",
"city": "Jeddah",
"region": "Makkah Province",
"country": "SA",
"loc": "21.5169,39.2192",
"org": "AS25019 Saudi Telecom Company JSC"
}{
"ip": "83.216.94.255",
"hostname": "my83-216-94-255.cust.relish.net",
"city": "London",
"region": "England",
"country": "GB",
"loc": "51.5092,-0.0955",
"org": "AS29009 UK Broadband Ltd.",
"postal": "EC4N"
}{
"ip": "27.74.180.255",
"hostname": "No Hostname",
"city": "Ho Chi Minh City",
"region": "Ho Chi Minh City",
"country": "VN",
"loc": "10.8142,106.6438",
"org": "AS7552 Vietel Corporation"
}{
"ip": "179.181.188.255",
"hostname": "179.181.188.255.dynamic.adsl.gvt.net.br",
"city": "Goiânia",
"region": "Goias",
"country": "BR",
"loc": "-16.7010,-49.2668",
"org": "AS18881 TELEFÔNICA BRASIL S.A"
}{
"ip": "90.193.106.255",
"hostname": "5ac16aff.bb.sky.com",
"city": "Rowley Regis",
"region": "England",
"country": "GB",
"loc": "52.4833,-2.0667",
"org": "AS5607 Sky UK Limited",
"postal": "B65"
}{
"ip": "86.137.202.255",
"hostname": "No Hostname",
"city": "Winchester",
"region": "England",
"country": "GB",
"loc": "51.0833,-1.3500",
"org": "AS2856 British Telecommunications PLC",
"postal": "SO22"
}{
"ip": "49.151.138.255",
"hostname": "No Hostname",
"city": "",
"region": "National Capital Region",
"country": "PH",
"loc": "14.6492,120.9826",
"org": "AS9299 Philippine Long Distance Telephone Company",
"postal": "1106"
}{
"ip": "49.146.83.255",
"hostname": "No Hostname",
"city": "Pasig",
"region": "National Capital Region",
"country": "PH",
"loc": "14.5732,121.0697",
"org": "AS9299 Philippine Long Distance Telephone Company",
"postal": "1600"
}{
"ip": "46.186.161.70",
"hostname": "No Hostname",
"city": "Kuwait City",
"region": "Al Asimah",
"country": "KW",
"loc": "29.3697,47.9783",
"org": "AS42961 Mobile Telecommunications Company"
}{
"ip": "45.46.49.255",
"hostname": "cpe-45-46-49-255.maine.res.rr.com",
"city": "Lewiston",
"region": "Maine",
"country": "US",
"loc": "44.0845,-70.1696",
"org": "AS11351 Time Warner Cable Internet LLC",
"postal": "04240"
}{
"ip": "31.166.108.255",
"hostname": "No Hostname",
"city": "Ru'ays",
"region": "Makkah",
"country": "SA",
"loc": "21.5236,39.1794",
"org": "AS35819 Bayanat Al-Oula For Network Services"
}{
"ip": "31.154.81.19",
"hostname": "No Hostname",
"city": "",
"region": "",
"country": "IL",
"loc": "31.5000,34.7500",
"org": "AS12400 Partner Communications Ltd."
}{
"ip": "27.32.160.166",
"hostname": "No Hostname",
"city": "Mulgrave",
"region": "Victoria",
"country": "AU",
"loc": "-37.9167,145.2000",
"org": "AS7545 TPG Internet Pty Ltd",
"postal": "3170"
}{
"ip": "23.206.226.183",
"hostname": "a23-206-226-183.deploy.static.akamaitechnologies.com",
"city": "Cambridge",
"region": "Massachusetts",
"country": "US",
"loc": "42.3626,-71.0843",
"org": "AS16625 Akamai Technologies, Inc.",
"postal": "02142"
}{
"ip": "186.104.64.255",
"hostname": "No Hostname",
"city": "Talca",
"region": "Maule",
"country": "CL",
"loc": "-35.4264,-71.6554",
"org": "AS7418 TELEFÓNICA CHILE S.A."
}{
"ip": "150.107.8.255",
"hostname": "No Hostname",
"city": "Noida",
"region": "Uttar Pradesh",
"country": "IN",
"loc": "28.5700,77.3200",
"org": "AS17747 SITI NETWORKS LIMITED",
"postal": "201301"
}{
"ip": "1.129.96.7",
"hostname": "No Hostname",
"city": "Sydney",
"region": "New South Wales",
"country": "AU",
"loc": "-33.7912,151.1298",
"org": "AS1221 Telstra Pty Ltd",
"postal": "2113"
}{
"ip": "112.211.187.255",
"hostname": "No Hostname",
"city": "Cavite City",
"region": "Calabarzon",
"country": "PH",
"loc": "14.4837,120.8988",
"org": "AS9299 Philippine Long Distance Telephone Company",
"postal": "4100"
}{
"ip": "104.88.48.154",
"hostname": "a104-88-48-154.deploy.static.akamaitechnologies.com",
"city": "Cambridge",
"region": "Massachusetts",
"country": "US",
"loc": "42.3626,-71.0843",
"org": "AS2914 NTT America, Inc.",
"postal": "02142"
}

{

"ip": "94.245.121.252",

"hostname": "No Hostname",

"city": "Dublin",

"region": "Leinster",

"country": "IE",

"loc": "53.3389,-6.2595",

"org": "AS8075 Microsoft Corporation"

}{

"ip": "50.168.76.255",

"hostname": "c-50-168-76-255.hsd1.ca.comcast.net",

"city": "San Francisco",

"region": "California",

"country": "US",

"loc": "37.7587,-122.4381",

"org": "AS7922 Comcast Cable Communications, LLC",

"postal": "94114"

}{

"ip": "91.134.218.255",

"hostname": "No Hostname",

"city": "",

"region": "",

"country": "FR",

"loc": "48.8582,2.3387",

"org": "AS16276 OVH SAS"

}{

"ip": "24.89.6.255",

"hostname": "dyn-6-255.myactv.net",

"city": "Saint James",

"region": "Maryland",

"country": "US",

"loc": "39.5626,-77.7580",

"org": "AS14291 Antietam Cable Television, Inc",

"postal": "21781"

}{

"ip": "203.173.158.255",

"hostname": "No Hostname",

"city": "Christchurch",

"region": "Canterbury",

"country": "NZ",

"loc": "-43.5831,172.6644",

"org": "AS9500 Vodafone NZ Maintainer Object",

"postal": "8022"

}{

"ip": "112.207.57.255",

"hostname": "No Hostname",

"city": "Intramuros",

"region": "National Capital Region",

"country": "PH",

"loc": "14.5906,120.9759",

"org": "AS9299 Philippine Long Distance Telephone Company",

"postal": "1018"

}{

"ip": "91.138.215.255",

"hostname": "No Hostname",

"city": "Athens",

"region": "Attica",

"country": "GR",

"loc": "37.9833,23.7333",

"org": "AS3329 VODAFONE-PANAFON HELLENIC TELECOMMUNICATIONS COMPANY SA"

}{

"ip": "186.88.186.255",

"hostname": "186-88-186-255.genericrev.cantv.net",

"city": "Maturín",

"region": "Monagas",

"country": "VE",

"loc": "9.7500,-63.1767",

"org": "AS8048 CANTV Servicios, Venezuela"

}{

"ip": "175.170.3.255",

"hostname": "No Hostname",

"city": "Dalian",

"region": "Liaoning",

"country": "CN",

"loc": "38.9122,121.6022",

"org": "AS4837 CNCGROUP China169 Backbone"

}{

"ip": "141.0.11.241",

"hostname": "global-4-lvs-colossus-1.opera-mini.net",

"city": "",

"region": "",

"country": "US",

"loc": "38.0000,-97.0000",

"org": "AS39832 Opera Software AS"

}{

"ip": "49.151.138.255",

"hostname": "No Hostname",

"city": "",

"region": "National Capital Region",

"country": "PH",

"loc": "14.6492,120.9826",

"org": "AS9299 Philippine Long Distance Telephone Company",

"postal": "1106"

}{

"ip": "151.42.0.255",

"hostname": "No Hostname",

"city": "Bologna",

"region": "Emilia-Romagna",

"country": "IT",

"loc": "44.4938,11.3387",

"org": "AS1267 Wind Telecomunicazioni SpA",

"postal": "40131"

}{

"ip": "112.211.123.255",

"hostname": "No Hostname",

"city": "Vergara",

"region": "National Capital Region",

"country": "PH",

"loc": "14.5766,121.0262",

"org": "AS9299 Philippine Long Distance Telephone Company",

"postal": "1551"

}{

"ip": "94.249.51.255",

"hostname": "No Hostname",

"city": "Umm Nuwarah",

"region": "`Amman",

"country": "JO",

"loc": "31.9333,35.8000",

"org": "AS8376 Jordan Data Communications Company LLC"

}{

"ip": "84.208.221.255",

"hostname": "No Hostname",

"city": "Oslo",

"region": "Oslo County",

"country": "NO",

"loc": "59.9050,10.7487",

"org": "AS41164 Get AS",

"postal": "0001"

}{

"ip": "54.174.16.255",

"hostname": "ec2-54-174-16-255.compute-1.amazonaws.com",

"city": "Ashburn",

"region": "Virginia",

"country": "US",

"loc": "39.0481,-77.4728",

"org": "AS14618 Amazon.com, Inc.",

"postal": "20149"

}{

"ip": "46.190.11.255",

"hostname": "No Hostname",

"city": "Keratsini",

"region": "Attica",

"country": "GR",

"loc": "37.9625,23.6197",

"org": "AS25472 WIND HELLAS TELECOMMUNICATIONS SA"

}{

"ip": "192.0.72.3",

"hostname": "No Hostname",

"city": "San Francisco",

"region": "California",

"country": "US",

"loc": "37.7484,-122.4156",

"org": "AS2635 Automattic, Inc",

"postal": "94110"

}{

"ip": "90.94.202.255",

"hostname": "No Hostname",

"city": "",

"region": "",

"country": "ES",

"loc": "40.4000,-3.6833",

"org": "AS12715 Orange Espagne S.A.U."

}{

"ip": "90.203.168.255",

"hostname": "5acba8ff.bb.sky.com",

"city": "Cardiff",

"region": "Cardiff",

"country": "GB",

"loc": "51.5196,-3.1196",

"org": "AS5607 Sky UK Limited",

"postal": "CF30"

}{

"ip": "88.73.249.255",

"hostname": "dslb-088-073-249-255.088.073.pools.vodafone-ip.de",

"city": "Werdau",

"region": "Saxony",

"country": "DE",

"loc": "50.7167,12.3667",

"org": "AS3209 Vodafone GmbH",

"postal": "08412"

}{

"ip": "87.127.159.156",

"hostname": "87-127-159-156.static.enta.net",

"city": "Goole",

"region": "East Riding of Yorkshire",

"country": "GB",

"loc": "53.7167,-0.8667",

"org": "AS8468 ENTANET International Limited",

"postal": "DM14"

}{

"ip": "79.113.11.255",

"hostname": "No Hostname",

"city": "Salonta",

"region": "Bihor",

"country": "RO",

"loc": "46.8000,21.6500",

"org": "AS8708 RCS & RDS SA",

"postal": "415500"

}{

"ip": "77.180.243.255",

"hostname": "No Hostname",

"city": "Berlin",

"region": "Land Berlin",

"country": "DE",

"loc": "52.5155,13.4062",

"org": "AS6805 Telefonica Germany GmbH & Co.OHG",

"postal": "10317"

}{

"ip": "67.193.245.255",

"hostname": "d67-193-245-255.home3.cgocable.net",

"city": "Kingston",

"region": "Ontario",

"country": "CA",

"loc": "44.2569,-76.4717",

"org": "AS7992 Cogeco Cable",

"postal": "K7K"

}{

"ip": "41.182.39.255",

"hostname": "No Hostname",

"city": "Okahandja",

"region": "Otjozondjupa",

"country": "NA",

"loc": "-21.9833,16.9167",

"org": "AS36996 Telecom Namibia"

}{

"ip": "37.228.107.241",

"hostname": "global-4-lvs-hopper-1.opera-mini.net",

"city": "Ashburn",

"region": "Virginia",

"country": "US",

"loc": "39.0180,-77.5390",

"org": "AS39832 Opera Software AS",

"postal": "20147"

}{

"ip": "34.207.90.255",

"hostname": "ec2-34-207-90-255.compute-1.amazonaws.com",

"city": "Garwood",

"region": "New Jersey",

"country": "US",

"loc": "40.6518,-74.3229",

"org": "AS14618 Amazon.com, Inc.",

"postal": "07027"

}{

"ip": "31.46.223.255",

"hostname": "No Hostname",

"city": "Cigand",

"region": "Borsod-Abaúj-Zemplén",

"country": "HU",

"loc": "48.2500,21.9000",

"org": "AS5483 Magyar Telekom plc.",

"postal": "3973"

}{

"ip": "31.168.182.255",

"hostname": "No Hostname",

"city": "Ramat Gan",

"region": "Tel Aviv",

"country": "IL",

"loc": "32.0806,34.8142",

"org": "AS8551 Bezeq International-Ltd"

}{

"ip": "31.13.74.1",

"hostname": "edge-star-shv-01-ord1.facebook.com",

"city": "",

"region": "",

"country": "IE",

"loc": "53.3472,-6.2439",

"org": "AS32934 Facebook, Inc."

}{

"ip": "27.68.43.255",

"hostname": "No Hostname",

"city": "Hanoi",

"region": "Thanh Pho Ha Noi",

"country": "VN",

"loc": "21.0333,105.8500",

"org": "AS7552 Vietel Corporation"

}{

"ip": "24.224.226.255",

"hostname": "blk-224-226-255.eastlink.ca",

"city": "Halifax",

"region": "Nova Scotia",

"country": "CA",

"loc": "44.6310,-63.6405",

"org": "AS11260 EastLink",

"postal": "B3N"

}{

"ip": "192.0.77.32",

"hostname": "wordpress.com",

"city": "San Francisco",

"region": "California",

"country": "US",

"loc": "37.7484,-122.4156",

"org": "AS2635 Automattic, Inc",

"postal": "94110"

}{

"ip": "184.7.69.255",

"hostname": "nv-iptv-184-7-69-255.dhcp.centurylinkservices.net",

"city": "Las Vegas",

"region": "Nevada",

"country": "US",

"loc": "36.1720,-115.2094",

"org": "AS4283 Savvis",

"postal": "89107"

}{

"ip": "180.52.56.200",

"hostname": "No Hostname",

"city": "Okayama",

"region": "Okayama",

"country": "JP",

"loc": "34.6617,133.9350",

"org": "AS4713 NTT Communications Corporation",

"postal": "700-0824"

}{

"ip": "178.166.44.255",

"hostname": "No Hostname",

"city": "Lisbon",

"region": "Lisbon",

"country": "PT",

"loc": "38.7167,-9.1333",

"org": "AS12353 Vodafone Portugal - Communicacoes Pessoais S.A.",

"postal": "1049-056"

}{

"ip": "176.111.45.255",

"hostname": "No Hostname",

"city": "Donetsk",

"region": "Donets'ka Oblast'",

"country": "UA",

"loc": "47.9917,37.7759",

"org": "AS57960 PE Snitcar Olexandr Antonovich"

}{

"ip": "167.250.178.255",

"hostname": "No Hostname",

"city": "Imaruí",

"region": "Santa Catarina",

"country": "BR",

"loc": "-28.3500,-48.8167",

"org": "AS265209 Carlos Alves da Silva - ME",

"postal": "88770"

}{

"ip": "163.172.214.231",

"hostname": "163-172-214-231.rev.poneytelecom.eu",

"city": "Amsterdam",

"region": "North Holland",

"country": "NL",

"loc": "52.3500,4.9167",

"org": "AS12876 ONLINE S.A.S.",

"postal": "1091"

}{

"ip": "151.224.112.255",

"hostname": "No Hostname",

"city": "Haslingden",

"region": "England",

"country": "GB",

"loc": "53.7000,-2.3333",

"org": "AS5607 Sky UK Limited",

"postal": "BB4"

}{

"ip": "122.2.248.255",

"hostname": "No Hostname",

"city": "Sampaloc",

"region": "Calabarzon",

"country": "PH",

"loc": "14.2530,121.6374",

"org": "AS9299 Philippine Long Distance Telephone Company",

"postal": "1229"

}{

"ip": "115.76.221.255",

"hostname": "No Hostname",

"city": "Hanoi",

"region": "Thanh Pho Ha Noi",

"country": "VN",

"loc": "21.0333,105.8500",

"org": "AS7552 Vietel Corporation"

}{

"ip": "114.249.172.255",

"hostname": "No Hostname",

"city": "Beijing",

"region": "Beijing",

"country": "CN",

"loc": "39.9289,116.3883",

"org": "AS4808 China Unicom Beijing Province Network"

}{

"ip": "104.37.200.255",

"hostname": "104-37-200-255.tr.cgocable.ca",

"city": "Trois-Rivières",

"region": "Quebec",

"country": "CA",

"loc": "46.3695,-72.6789",

"org": "AS11290 Cogeco Cable Holdings Inc",

"postal": "G9A"

}

malicious IP , Script Kiddie , skiddie , bunny , Black , hat , hacker , script kiddies , script kiddy , hacker , lamer , noob , cracker , hack , 1337 , Banned IP , DoS attack , Smurf , attack packets , FIN Scan

Friday, March 31, 2017

IP's that my router does not like

For the past year or so every few months when I am bored and have nothing to do I will take a look

at my router logs and see who and where they are trying to hack me from.

I know that 99 percent of the IP's in my log the owners have absolutely no idea what their machine is

doing behind their backs I hope that somehow they get the idea to Google their IP and find this post

and try to remedy it.

I first got interested in who was trying to hack my computer in the late 1990's when I got my first dial

up internet connection, I was using a firewall (can't remember the name) and it would log all the IP's

that were trying to access my computer, I would then scan the IP"s for services and most of the time

I would find something.

The funny thing about script kiddies back then was that they loved Yahoo Messenger, I guess they liked

bragging about who they had scanned or hacked, But the funny thing about messenger back then was

that it installed a server on port 80 of your computer with all the info about your account. There was

either very little or no warning at all about this during the install, If you dug deep into the settings you

could disable it but most people had no idea that they installed a server.

I remember connecting to their IP and scaring the hell out of a lot of script kiddies, Fun times were had

with all the things I would tell them either who I was (bullshit) or what I could or would do to them

(also bullshit).

About my Router

There is nothing special about my Router, It was supplied by my ISP 5 or so years ago, One of the options is to log

Include in Log

Attempted access to allowed sites

Attempted access to blocked sites and services

Connections to the Web-based interface of this Router

Router operation (startup, get time etc)

Known DoS attacks and Port Scans

Port Forwarding / Port Triggering

Wireless access

A typical log looks like this

Snippet:

[DoS attack: Smurf] attack packets in last 20 sec from ip [37.36.153.255], Wednesday, Mar 29,2017 10:45:26

[DoS attack: Smurf] attack packets in last 20 sec from ip [37.36.153.255], Wednesday, Mar 29,2017 10:45:03

[DoS attack: Smurf] attack packets in last 20 sec from ip [71.3.9.255], Wednesday, Mar 29,2017 08:00:29

[DoS attack: Smurf] attack packets in last 20 sec from ip [91.134.218.255], Wednesday, Mar 29,2017 06:28:44

[DoS attack: Smurf] attack packets in last 20 sec from ip [188.238.96.255], Tuesday, Mar 28,2017 12:21:24

[DoS attack: Smurf] attack packets in last 20 sec from ip [188.238.96.255], Tuesday, Mar 28,2017 12:16:43

[DoS attack: Smurf] attack packets in last 20 sec from ip [188.238.96.255], Tuesday, Mar 28,2017 12:03:22

[DoS attack: Smurf] attack packets in last 20 sec from ip [188.238.96.255], Tuesday, Mar 28,2017 12:02:03

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 09:27:29

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 09:22:50

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 09:22:29

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 09:21:18

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 07:33:48

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 07:29:00

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 07:28:34

[DoS attack: Smurf] attack packets in last 20 sec from ip [93.138.85.255], Tuesday, Mar 28,2017 07:27:24

[DoS attack: Smurf] attack packets in last 20 sec from ip [24.156.209.255], Tuesday, Mar 28,2017 06:26:40

[DoS attack: Smurf] attack packets in last 20 sec from ip [24.156.209.255], Tuesday, Mar 28,2017 06:22:13

[DoS attack: Smurf] attack packets in last 20 sec from ip [5.54.255.255], Tuesday, Mar 28,2017 01:53:07

[DoS attack: Smurf] attack packets in last 20 sec from ip [161.18.10.255], Tuesday, Mar 28,2017 01:52:43

[DoS attack: Teardrop] attack packets in last 20 sec from ip [93.85.180.214], Monday, Mar 27,2017 13:53:41

[DoS attack: Smurf] attack packets in last 20 sec from ip [112.203.105.255], Monday, Mar 27,2017 09:30:38

[DoS attack: FIN Scan] attack packets in last 20 sec from ip [54.172.226.126], Sunday, Mar 26,2017 14:24:26

[DoS attack: Smurf] attack packets in last 20 sec from ip [49.147.30.255], Saturday, Mar 25,2017 15:42:10

I use a few linux commands to find out where these attacks are coming from.

Strip IP's

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' log_mar30 > strip0IP

Counting names

awk '{for(w=1;w<=NF;w++) print $w}' strip0IP | sort | uniq -c | sort -nr >uniqueIP

Remove the numbers from counting IP's

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' uniqueIP > uniqueIP1

Find info on IP's

cat uniqueIP1 | xargs -I% curl -s http://ipinfo.io/%/ | paste -d","> detailinfo

I end up with this

Log March 23 to Mar 30 2017

198 37.36.153.255

8 93.138.85.255

4 188.238.96.255

3 49.147.30.255

2 93.142.192.255

2 24.156.209.255

1 93.85.180.214

1 91.134.218.255

1 80.91.166.255

1 71.3.9.255

1 5.54.255.255

1 54.172.226.126

1 40.138.170.255

1 36.70.140.255

1 178.221.36.255

1 176.59.38.255

1 167.60.134.255

1 161.18.10.255

1 112.203.105.255

{

"ip": "37.36.153.255",

"hostname": "No Hostname",

"city": "Jalib Ash Shuyukh",

"region": "Al Kuwayt",

"country": "KW",

"loc": "29.2586,47.9242",

"org": "AS42961 Mobile Telecommunications Company"

}{

"ip": "93.138.85.255",

"hostname": "93-138-85-255.adsl.net.t-com.hr",

"city": "Zagreb",

"region": "City of Zagreb",

"country": "HR",

"loc": "45.7333,15.9667",

"org": "AS5391 Hrvatski Telekom d.d.",

"postal": "10000"

}{

"ip": "188.238.96.255",

"hostname": "mobile-access-bcee60-255.dhcp.inet.fi",

"city": "Vantaa",

"region": "Uusimaa",

"country": "FI",

"loc": "60.3131,24.9507",

"org": "AS1759 TeliaSonera Finland Oyj",

"postal": "01300"

}{

"ip": "49.147.30.255",

"hostname": "No Hostname",

"city": "",

"region": "",

"country": "PH",

"loc": "14.5955,120.9721",

"org": "AS9299 Philippine Long Distance Telephone Company"

}{

"ip": "93.142.192.255",

"hostname": "93-142-192-255.adsl.net.t-com.hr",

"city": "Krizevci",

"region": "Koprivnicko-Krizevacka Zupanija",

"country": "HR",

"loc": "46.0265,16.5595",

"org": "AS5391 Hrvatski Telekom d.d.",

"postal": "48260"

}{

"ip": "24.156.209.255",

"hostname": "d24-156-209-255.home4.cgocable.net",

"city": "Belleville",

"region": "Ontario",

"country": "CA",

"loc": "44.1665,-77.4037",

"org": "AS7992 Cogeco Cable",

"postal": "K8P"

}{

"ip": "93.85.180.214",

"hostname": "No Hostname",

"city": "Minsk",

"region": "Minsk City",

"country": "BY",

"loc": "53.9000,27.5667",

"org": "AS6697 Republican Unitary Telecommunication Enterprise Beltelecom"

}{

"ip": "91.134.218.255",

"hostname": "No Hostname",

"city": "",

"region": "",

"country": "FR",

"loc": "48.8582,2.3387",

"org": "AS16276 OVH SAS"

}{

"ip": "80.91.166.255",

"hostname": "No Hostname",

"city": "Dnipro",

"region": "Dnipropetrovska Oblast'",

"country": "UA",

"loc": "48.4630,35.0390",

"org": "AS21219 PRIVATE JOINT STOCK COMPANY DATAGROUP"

}{

"ip": "71.3.9.255",

"hostname": "fl-71-3-9-255.dyn.embarqhsd.net",

"city": "Ocala",

"region": "Florida",

"country": "US",

"loc": "29.0879,-82.1949",

"org": "AS2379 Embarq Corporation",

"postal": "34476"

}{

"ip": "5.54.255.255",

"hostname": "No Hostname",

"city": "Athens",

"region": "Attica",

"country": "GR",

"loc": "37.9833,23.7333",

"org": "AS3329 VODAFONE-PANAFON HELLENIC TELECOMMUNICATIONS COMPANY SA"

}{

"ip": "54.172.226.126",

"hostname": "ec2-54-172-226-126.compute-1.amazonaws.com",

"city": "Ashburn",

"region": "Virginia",

"country": "US",

"loc": "39.0481,-77.4728",

"org": "AS14618 Amazon.com, Inc.",

"postal": "20149"

}{

"ip": "40.138.170.255",

"hostname": "h255.170.138.40.static.ip.windstream.net",

"city": "Cleveland",

"region": "Georgia",

"country": "US",

"loc": "34.5970,-83.7632",

"org": "AS7029 Windstream Communications LLC",

"postal": "30528"

}{

"ip": "36.70.140.255",

"hostname": "No Hostname",

"city": "Jakarta",

"region": "Jakarta",

"country": "ID",

"loc": "-6.1744,106.8294",

"org": "AS17974 PT Telekomunikasi Indonesia"

}{

"ip": "178.221.36.255",

"hostname": "No Hostname",

"city": "Belgrade",

"region": "",

"country": "RS",

"loc": "44.8186,20.4681",

"org": "AS8400 TELEKOM SRBIJA a.d."

}{

"ip": "176.59.38.255",

"hostname": "enode.176.59.38.255.tele2.ru",

"city": "Moscow",

"region": "Moscow City",

"country": "RU",

"loc": "55.7522,37.6156",

"org": "AS12958 T2 Mobile LLC",

"postal": "121374"

}{

"ip": "167.60.134.255",

"hostname": "No Hostname",

"city": "Montevideo",

"region": "Departamento de Montevideo",

"country": "UY",

"loc": "-34.8581,-56.1708",

"org": "AS6057 Administracion Nacional de Telecomunicaciones"

}{

"ip": "161.18.10.255",

"hostname": "No Hostname",

"city": "Bogotá",

"region": "Bogota D.C.",

"country": "CO",

"loc": "4.6492,-74.0628",

"org": "AS3816 COLOMBIA TELECOMUNICACIONES S.A. ESP"

}{

"ip": "112.203.105.255",

"hostname": "No Hostname",

"city": "Addition Hills",

"region": "National Capital Region",

"country": "PH",

"loc": "14.5946,121.0391",

"org": "AS9299 Philippine Long Distance Telephone Company",

"postal": "0410"

}