Sending lots of packets into the firewall. abuse@megapath.com email fails. recently attempted to DDOS apache requesting wpad.dat. Samples: 2015 Mar 18 09:23:07 database kernel: IPTables-Dropped: IN=eth0 OUT= MAC=00:14:85:be: ce:87:b8:e6:25:f6:f8:49:08:00 SRC=67.102.166.13 DST=*.*.*.* LEN=48 TOS=0x0 0 PREC=0x00 TTL=112 ID=10557 DF PROTO=TCP SPT=59364 DPT=3306 WINDOW=8192 RES=0x0 0 SYN URGP=0 2016 access_log:67.102.166.13 - - [07/Feb/2016:04:52:54 -0800] "GET /wpad.dat HTTP/1. 1" 404 276 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, l ike Gecko) Chrome/47.0.2526.111 Safari/537.36" access_log:67.102.166.13 - - [07/Feb/2016:04:56:39 -0800] "GET /wpad.dat HTTP/1. 1" 404 285 "-" "Microsoft NCSI" access_log:67.102.166.13 - - [07/Feb/2016:04:58:04 -0800] "GET /wpad.dat HTTP/1. 1" 404 285 "-" "WinHttp-Autoproxy-Service/5.1" access_log:67.102.166.13 - - [07/Feb/2016:04:59:31 -0800] "GET /wpad.dat HTTP/1. 1" 404 285 "-" "-" access_log:67.102.166.13 - - [07/Feb/2016:04:59:32 -0800] "GET /wpad.dat HTTP/1. 1" 404 285 "-" "-" access_log:67.102.166.13 - - [07/Feb/2016:05:00:32 -0800] "GET /wpad.dat HTTP/1. 1" 404 285 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.3; Win64; .NET4. 0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; HPDTDF JS; GWX:DOWNLOADED; IDCRL 10.6.3.9600.17415; IDCRL-cfg 16.0.25256.0; App svchost .exe, 6.3.9600.17415, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})"
abuse@megapath.com fails. Sample error: Reporting-MTA: dns;megapath.net Received-From-MTA: dns;smtp-cld.megapath.net Arrival-Date: Sat, 13 Feb 2016 23:29:12 +0000 Original-Recipient: rfc822;abuse@megapath.com Final-Recipient: rfc822;dl_abuse@alpine.megapath.net Action: failed Status: 5.1.1 Diagnostic-Code: smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ---- <abuse@core.megapath.com>: Command died with status 32: " /www/myenet/cgi-bin/opbot/tt_email/mail_filter.pl". Command output: DBD::Oracle::st execute failed: ORA-06550: line 1, column 42: PLS-00172: string literal too long (DBD ERROR: error possibly near <*> indicator at char 41 in 'BEGIN mis.ticket_manager.make_gen_tt('0',<*>'
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 67.102.166.13 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.