89.1.211.139 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): Netcologne Gesellschaft Fur Telekommunikation mbH

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2019-06-23 21:47:27,450 [snip] proftpd[25896] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found 2019-06-23 21:47:32,144 [snip] proftpd[25926] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found 2019-06-23 21:47:38,207 [snip] proftpd[25940] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found[...]	2019-06-24 12:09:22

类型

评论内容

时间

attack

2019-06-23 21:47:27,450 [snip] proftpd[25896] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found
2019-06-23 21:47:32,144 [snip] proftpd[25926] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found
2019-06-23 21:47:38,207 [snip] proftpd[25940] [snip] (cgn-89-1-211-139.nc.de[89.1.211.139]): USER Lelli (Login failed): No such user found[...]

2019-06-24 12:09:22

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.1.211.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36672
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.1.211.139.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062301 1800 900 604800 86400

;; Query time: 8 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jun 24 12:09:15 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

139.211.1.89.in-addr.arpa domain name pointer cgn-89-1-211-139.nc.de.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
139.211.1.89.in-addr.arpa	name = cgn-89-1-211-139.nc.de.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
46.101.204.20	attackspambots	(sshd) Failed SSH login from 46.101.204.20 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 25 06:36:27 server sshd[31471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.204.20 user=root Sep 25 06:36:29 server sshd[31471]: Failed password for root from 46.101.204.20 port 44070 ssh2 Sep 25 07:03:33 server sshd[3088]: Invalid user spring from 46.101.204.20 Sep 25 07:03:33 server sshd[3088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.204.20 Sep 25 07:03:35 server sshd[3088]: Failed password for invalid user spring from 46.101.204.20 port 35224 ssh2	2020-09-25 17:47:02
13.72.79.186	attackspambots	Sep 25 06:20:13 hidden sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.72.79.186 Sep 25 06:20:15 hidden sshd[20127]: Failed password for invalid user admin from 13.72.79.186 port 28787 ssh2 Sep 25 11:30:12 hidden sshd[62348]: Invalid user admin from 13.72.79.186 port 20848	2020-09-25 17:53:03
112.85.42.185	attack	Sep 25 06:30:07 funkybot sshd[11437]: Failed password for root from 112.85.42.185 port 59551 ssh2 Sep 25 06:30:09 funkybot sshd[11437]: Failed password for root from 112.85.42.185 port 59551 ssh2 ...	2020-09-25 18:03:22
83.234.218.42	attackspam	srvr3: (mod_security) mod_security (id:920350) triggered by 83.234.218.42 (RU/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/24 22:36:57 [error] 213524#0: 963 [client 83.234.218.42] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160097981723.743749"] [ref "o0,14v21,14"], client: 83.234.218.42, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-25 18:13:43
190.24.57.38	attackbotsspam	firewall-block, port(s): 9527/tcp	2020-09-25 17:50:34
154.127.82.66	attack	SSH Brute-Force attacks	2020-09-25 17:51:37
13.82.87.55	attack	2020-09-24 UTC: (2x) - root(2x)	2020-09-25 17:46:21
36.99.180.242	attackspam	Sep 25 11:59:29 vpn01 sshd[30409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.99.180.242 Sep 25 11:59:31 vpn01 sshd[30409]: Failed password for invalid user testuser from 36.99.180.242 port 47174 ssh2 ...	2020-09-25 18:03:51
64.227.8.111	attackspam	Sep 24 19:54:26 hpm sshd\[6272\]: Invalid user melissa from 64.227.8.111 Sep 24 19:54:26 hpm sshd\[6272\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.8.111 Sep 24 19:54:28 hpm sshd\[6272\]: Failed password for invalid user melissa from 64.227.8.111 port 33920 ssh2 Sep 24 20:01:20 hpm sshd\[6749\]: Invalid user username from 64.227.8.111 Sep 24 20:01:20 hpm sshd\[6749\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.8.111	2020-09-25 17:48:51
37.187.135.130	attackbotsspam	37.187.135.130 - - [25/Sep/2020:06:27:33 +0100] "POST /wp-login.php HTTP/1.1" 200 2265 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.187.135.130 - - [25/Sep/2020:06:27:34 +0100] "POST /wp-login.php HTTP/1.1" 200 2231 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.187.135.130 - - [25/Sep/2020:06:27:34 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-25 17:43:36
203.212.251.76	attackspam	DATE:2020-09-24 23:06:44, IP:203.212.251.76, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-09-25 17:49:18
201.76.129.142	attackbotsspam	Honeypot attack, port: 445, PTR: 20176129142.tvninternet.com.br.	2020-09-25 18:17:27
145.249.104.47	attackspam	Brute force blocker - service: exim2 - aantal: 25 - Sun Aug 26 18:30:10 2018	2020-09-25 17:44:44
151.80.149.223	attackbotsspam	Invalid user administrator from 151.80.149.223 port 47072	2020-09-25 17:47:32
145.239.82.192	attack	Sep 25 10:41:28 OPSO sshd\[2550\]: Invalid user testuser from 145.239.82.192 port 40650 Sep 25 10:41:28 OPSO sshd\[2550\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.82.192 Sep 25 10:41:30 OPSO sshd\[2550\]: Failed password for invalid user testuser from 145.239.82.192 port 40650 ssh2 Sep 25 10:44:58 OPSO sshd\[3110\]: Invalid user cash from 145.239.82.192 port 42890 Sep 25 10:44:58 OPSO sshd\[3110\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.82.192	2020-09-25 17:45:02

最近上报的IP列表

86.124.207.90	191.53.199.224	187.120.141.124	180.120.94.18
125.125.225.53	89.210.124.102	1.60.126.202	178.255.168.151
149.12.219.22	49.67.68.254	186.227.37.254	217.174.235.98
201.220.158.243	105.140.105.182	141.8.144.7	179.42.160.2
179.174.47.250	121.232.120.114	207.112.86.112	138.36.189.123