184.105.139.111

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Hurricane Electric LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	srv02 Mass scanning activity detected Target: 11211 ..	2020-06-29 21:49:52
attackbots	firewall-block, port(s): 5900/tcp	2020-04-26 01:41:25

相同子网IP讨论:

IP	类型	评论内容	时间
184.105.139.105	attackproxy	Compromised IP	2024-05-09 23:09:39
184.105.139.109	attackproxy	Vulnerability Scanner	2024-04-30 12:59:43
184.105.139.70	attack	Vulnerability Scanner	2024-04-20 00:30:49
184.105.139.90	botsattackproxy	Ddos bot	2024-04-20 00:26:45
184.105.139.68	attack	Vulnerability Scanner	2024-04-10 01:16:38
184.105.139.69	proxy	VPN fraud	2023-05-15 19:23:33
184.105.139.120	proxy	VPN fraud	2023-05-10 13:17:43
184.105.139.103	proxy	VPN fraud	2023-03-20 14:02:25
184.105.139.99	proxy	VPN fraud	2023-03-20 13:57:09
184.105.139.74	proxy	VPN	2023-01-30 14:03:54
184.105.139.86	proxy	VPN	2023-01-19 13:51:12
184.105.139.124	attackproxy	VPN	2022-12-29 20:40:24
184.105.139.124	attack	VPN	2022-12-29 20:40:21
184.105.139.126	proxy	Attack VPN	2022-12-09 13:59:02
184.105.139.70	attackbotsspam	TCP (SYN) 184.105.139.70:51140 -> port 5900, len 40	2020-10-14 04:24:47

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 184.105.139.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5798
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;184.105.139.111.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019051800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat May 18 18:08:18 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

111.139.105.184.in-addr.arpa is an alias for 111.64-26.139.105.184.in-addr.arpa.
111.64-26.139.105.184.in-addr.arpa domain name pointer scan-01l.shadowserver.org.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
111.139.105.184.in-addr.arpa	canonical name = 111.64-26.139.105.184.in-addr.arpa.
111.64-26.139.105.184.in-addr.arpa	name = scan-01l.shadowserver.org.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
46.166.133.162	attackbots	May 11 11:06:25 debian-2gb-nbg1-2 kernel: \[11446853.176439\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=46.166.133.162 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=33451 PROTO=TCP SPT=2850 DPT=23 WINDOW=13338 RES=0x00 SYN URGP=0	2020-05-11 19:34:05
143.255.0.22	attackspambots	(smtpauth) Failed SMTP AUTH login from 143.255.0.22 (BR/Brazil/143.255.0-22.alogtelecom.com.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-05-11 08:18:20 plain authenticator failed for ([143.255.0.22]) [143.255.0.22]: 535 Incorrect authentication data (set_id=job@samerco.com)	2020-05-11 19:19:41
167.172.235.94	attackspambots	May 11 13:16:36 inter-technics sshd[11090]: Invalid user deploy from 167.172.235.94 port 35838 May 11 13:16:36 inter-technics sshd[11090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.235.94 May 11 13:16:36 inter-technics sshd[11090]: Invalid user deploy from 167.172.235.94 port 35838 May 11 13:16:38 inter-technics sshd[11090]: Failed password for invalid user deploy from 167.172.235.94 port 35838 ssh2 May 11 13:21:10 inter-technics sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.235.94 user=root May 11 13:21:12 inter-technics sshd[11398]: Failed password for root from 167.172.235.94 port 60092 ssh2 ...	2020-05-11 19:24:28
61.152.70.126	attackspam	2020-05-11 11:56:07,527 fail2ban.actions: WARNING [ssh] Ban 61.152.70.126	2020-05-11 19:29:19
200.38.233.253	attack	Telnet Server BruteForce Attack	2020-05-11 19:24:03
60.246.2.204	attackbots	(imapd) Failed IMAP login from 60.246.2.204 (MO/Macao/nz2l204.bb60246.ctm.net): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: May 11 08:18:11 ir1 dovecot[264309]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=60.246.2.204, lip=5.63.12.44, session=	2020-05-11 19:26:38
167.172.195.227	attackspambots	Brute-force attempt banned	2020-05-11 19:17:30
103.91.181.25	attackbots	2020-05-11 04:40:48.675762-0500 localhost sshd[52000]: Failed password for invalid user nagios from 103.91.181.25 port 58588 ssh2	2020-05-11 19:17:01
221.229.174.149	attack	05/10/2020-23:48:25.655975 221.229.174.149 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-05-11 19:21:59
198.27.122.201	attackbotsspam	May 11 13:08:23 buvik sshd[27437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.27.122.201 May 11 13:08:26 buvik sshd[27437]: Failed password for invalid user sentry from 198.27.122.201 port 40912 ssh2 May 11 13:11:50 buvik sshd[28070]: Invalid user ubuntu from 198.27.122.201 ...	2020-05-11 19:22:21
113.177.95.204	attackspambots	SSH Brute-Force Attack	2020-05-11 19:27:51
129.150.177.146	attack	May 10 21:06:03 debian sshd[28145]: Unable to negotiate with 129.150.177.146 port 3594: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] May 10 23:47:41 debian sshd[3211]: Unable to negotiate with 129.150.177.146 port 3594: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] ...	2020-05-11 19:48:46
118.24.106.210	attackbotsspam	$f2bV_matches	2020-05-11 19:39:31
103.108.87.161	attackspam	Invalid user user1 from 103.108.87.161 port 40028	2020-05-11 19:54:28
210.74.13.5	attackspam	May 11 12:48:08 vmd48417 sshd[15630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.74.13.5	2020-05-11 19:42:35

最近上报的IP列表

171.172.8.97	239.220.42.47	98.92.150.131	45.6.203.196
222.72.149.154	202.191.121.218	95.87.25.234	83.167.17.144
83.142.127.26	79.106.225.132	57.138.77.133	171.105.200.225
78.171.10.146	78.92.96.0	216.191.63.143	99.6.63.177
188.77.85.25	176.126.45.166	78.169.13.175	215.30.55.206