78.11.91.52 - IPInfo

基本信息:

城市(city): Mniow

省份(region): Świętokrzyskie

国家(country): Poland

运营商(isp): ASCOM Networks

主机名(hostname): unknown

机构(organization): Netia SA

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Aug 16 18:06:51 rigel postfix/smtpd[26907]: connect from unknown[78.11.91.52] Aug 16 18:06:51 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL CRAM-MD5 authentication failed: authentication failure Aug 16 18:06:51 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL PLAIN authentication failed: authentication failure Aug 16 18:06:52 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL LOGIN authentication failed: authentication failure Aug 16 18:06:52 rigel postfix/smtpd[26907]: disconnect from unknown[78.11.91.52] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=78.11.91.52	2019-08-17 03:53:04

类型

评论内容

时间

attackspam

Aug 16 18:06:51 rigel postfix/smtpd[26907]: connect from unknown[78.11.91.52]
Aug 16 18:06:51 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL CRAM-MD5 authentication failed: authentication failure
Aug 16 18:06:51 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL PLAIN authentication failed: authentication failure
Aug 16 18:06:52 rigel postfix/smtpd[26907]: warning: unknown[78.11.91.52]: SASL LOGIN authentication failed: authentication failure
Aug 16 18:06:52 rigel postfix/smtpd[26907]: disconnect from unknown[78.11.91.52]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=78.11.91.52

2019-08-17 03:53:04

相同子网IP讨论:

IP	类型	评论内容	时间
78.11.91.123	attack	SMTP/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-09-11 04:41:44
78.11.91.137	attack	SMTP/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-09-11 04:37:06
78.11.91.17	attackbotsspam	Unauthorized SMTP/IMAP/POP3 connection attempt	2019-08-19 08:54:57

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 78.11.91.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4273
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;78.11.91.52.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081601 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 17 03:53:00 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

Host 52.91.11.78.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 52.91.11.78.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
188.166.231.47	attackspam	Apr 16 10:06:41 scw-6657dc sshd[31818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.231.47 Apr 16 10:06:41 scw-6657dc sshd[31818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.231.47 Apr 16 10:06:43 scw-6657dc sshd[31818]: Failed password for invalid user glassfish from 188.166.231.47 port 32956 ssh2 ...	2020-04-16 19:04:41
89.40.114.6	attackspam	Invalid user gpas from 89.40.114.6 port 44070	2020-04-16 18:25:28
103.219.112.1	attackbots	Apr 16 09:38:35 debian-2gb-nbg1-2 kernel: \[9281696.748795\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=103.219.112.1 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20533 PROTO=TCP SPT=1033 DPT=12183 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-16 19:01:40
222.99.84.121	attackbots	2020-04-15 UTC: (50x) - VM,andrew,b2,ba,bonaka,digitalocean,easy,elasticsearch,factorio,ftpuser,hadoop,ik,jsserver,king,larch,majordomo,man,master,masterkey,minecraft,mv,odoo,oleg,org,postgres(2x),r00t,rhodecode,root(6x),smkim,stop,student,support,swift,team,test(2x),tong,ts3,ubuntu(2x),user,user1,vinay,weixin	2020-04-16 19:00:18
82.135.27.20	attack	SSH Bruteforce attack	2020-04-16 19:05:55
27.217.93.79	attackspambots	Banned by Fail2Ban.	2020-04-16 18:54:49
114.106.74.41	attack	[2020/4/14 下午 12:19:32] [1036] SMTP 服務接受從 114.106.74.41 來的連線 [2020/4/14 下午 12:19:43] [1036] SMTP 服務不提供服務給從 114.106.74.41 來的連線, 因為寄件人( CHINA-HACKER@114.106.74.41 ) [2020/4/14 下午 12:19:43] [1036] SMTP 服務中斷從 114.106.74.41 來的連線	2020-04-16 19:06:37
139.59.169.37	attackspambots	Invalid user admin from 139.59.169.37 port 56880	2020-04-16 18:38:00
206.189.73.164	attackspambots	(sshd) Failed SSH login from 206.189.73.164 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 16 12:47:27 ubnt-55d23 sshd[22018]: Invalid user test from 206.189.73.164 port 33822 Apr 16 12:47:29 ubnt-55d23 sshd[22018]: Failed password for invalid user test from 206.189.73.164 port 33822 ssh2	2020-04-16 19:06:19
92.222.67.68	attack	Tried sshing with brute force.	2020-04-16 18:54:20
94.191.119.125	attack	Apr 16 11:17:32 gw1 sshd[5672]: Failed password for root from 94.191.119.125 port 52198 ssh2 ...	2020-04-16 18:36:35
84.141.246.166	attackspambots	Apr 16 12:17:33 minden010 postfix/smtpd[22186]: NOQUEUE: reject: RCPT from p548DF6A6.dip0.t-ipconnect.de[84.141.246.166]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Apr 16 12:17:33 minden010 postfix/smtpd[26673]: NOQUEUE: reject: RCPT from p548DF6A6.dip0.t-ipconnect.de[84.141.246.166]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Apr 16 12:17:34 minden010 postfix/smtpd[26671]: NOQUEUE: reject: RCPT from p548DF6A6.dip0.t-ipconnect.de[84.141.246.166]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Apr 16 12:17:34 minden010 postfix/smtpd[26671]: NOQUEUE: reject: RCPT from p548DF6A6.dip0.t-ipconnect.de[84.141.246.166]: 450 4.7.1 : He ...	2020-04-16 19:05:36
1.11.201.18	attackbotsspam	web-1 [ssh_2] SSH Attack	2020-04-16 18:43:25
113.70.87.86	attack	Honeypot attack, port: 5555, PTR: PTR record not found	2020-04-16 18:28:55
49.88.112.71	attack	2020-04-16T10:32:03.180878shield sshd\[28459\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root 2020-04-16T10:32:04.799956shield sshd\[28459\]: Failed password for root from 49.88.112.71 port 57843 ssh2 2020-04-16T10:32:07.459155shield sshd\[28459\]: Failed password for root from 49.88.112.71 port 57843 ssh2 2020-04-16T10:32:09.863281shield sshd\[28459\]: Failed password for root from 49.88.112.71 port 57843 ssh2 2020-04-16T10:37:35.464260shield sshd\[28922\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root	2020-04-16 18:37:39

最近上报的IP列表

119.245.155.212	198.199.98.20	44.72.140.71	134.110.237.153
95.211.34.65	206.191.103.148	140.230.190.240	51.68.251.221
116.100.254.210	121.11.81.32	63.143.166.55	58.131.98.222
167.71.215.36	61.159.237.85	140.97.197.24	125.27.90.63
219.30.117.163	111.181.119.46	53.45.99.174	206.57.101.156