185.39.11.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Switzerland

Internet Service Provider: Network Dedicated SAS

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Multiport scan : 26 ports scanned 3405 3407 3409 3414 3416 3419 3420 3422 3433 3437 3439 3441 3442 3447 3449 3452 3456 3466 3467 3469 3471 3472 3475 3483 3485 3497	2020-07-08 07:41:17
attackspambots	Jul 7 20:38:24 debian-2gb-nbg1-2 kernel: \[16405706.863420\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12757 PROTO=TCP SPT=44833 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-08 03:03:20
attackspam	TCP (SYN) 185.39.11.55:44833 -> port 3442, len 44	2020-07-07 16:50:40
attackbotsspam	TCP (SYN) 185.39.11.55:44833 -> port 3486, len 44	2020-07-06 23:48:09
attackspambots	Jul 5 15:43:56 debian-2gb-nbg1-2 kernel: \[16215249.736070\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=34 PROTO=TCP SPT=52837 DPT=3537 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-05 21:49:01
attackspambots	Jul 4 11:18:04 debian-2gb-nbg1-2 kernel: \[16112903.666078\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3355 PROTO=TCP SPT=40417 DPT=3547 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-04 17:35:02
attack	Jul 1 02:10:18 debian-2gb-nbg1-2 kernel: \[15820854.559589\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=39777 PROTO=TCP SPT=43286 DPT=3302 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-02 05:56:41
attack	SmallBizIT.US 5 packets to tcp(3302,3338,3340,3345,3349)	2020-07-02 03:14:46
attack	SmallBizIT.US 4 packets to tcp(3300,3317,3333,3342)	2020-07-01 02:34:34
attack	TCP (SYN) 185.39.11.55:59572 -> port 3224, len 44	2020-06-26 22:01:20
attackspambots	[H1.VM8] Blocked by UFW	2020-06-23 15:19:54
attackbotsspam	firewall-block, port(s): 3111/tcp, 3135/tcp	2020-06-23 01:09:55
attackbotsspam	scans 8 times in preceeding hours on the ports (in chronological order) 3103 3090 3093 3101 3081 3106 3091 3102 resulting in total of 102 scans from 185.39.8.0/22 block.	2020-06-21 20:21:13
attackspambots	[MK-VM1] Blocked by UFW	2020-06-21 07:35:56
attackspambots	firewall-block, port(s): 20254/tcp, 20274/tcp	2020-06-16 19:57:27
attack	Jun 15 07:45:08 debian-2gb-nbg1-2 kernel: \[14458616.907432\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=36872 PROTO=TCP SPT=43288 DPT=20282 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-15 14:00:05
attackspam	TCP (SYN) 185.39.11.55:49575 -> port 20233, len 44	2020-06-14 18:45:26
attackbots	SmallBizIT.US 8 packets to tcp(20164,20167,20169,20177,20180,20184,20185,20188)	2020-06-12 06:02:57
attack	SIP/5060 Probe, BF, Hack -	2020-06-11 18:25:45
attackspambots	TCP (SYN) 185.39.11.55:52827 -> port 20134, len 44	2020-06-11 04:26:48
attack	06/08/2020-16:25:32.174615 185.39.11.55 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-06-09 05:39:42
attackspambots	Jun 8 02:55:38 debian kernel: [476696.815910] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=185.39.11.55 DST=89.252.131.35 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=26377 PROTO=TCP SPT=52827 DPT=20129 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-08 08:15:42
attackbotsspam	06/06/2020-12:13:20.358258 185.39.11.55 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-06-07 00:38:45
attackbots	[H1] Blocked by UFW	2020-06-06 13:27:01
attack	TCP (SYN) 185.39.11.55:49870 -> port 20051, len 44	2020-06-05 14:44:02

Comments on same subnet:

IP	Type	Details	Datetime
185.39.11.105	attackspambots	TCP (SYN) 185.39.11.105:60389 -> port 3129, len 44	2020-10-14 02:41:09
185.39.11.105	attackspam	port	2020-10-13 17:54:45
185.39.11.32	attackspam	ET DROP Spamhaus DROP Listed Traffic Inbound group 23 - port: 3372 proto: tcp cat: Misc Attackbytes: 60	2020-10-08 06:23:50
185.39.11.32	attack	TCP (SYN) 185.39.11.32:44326 -> port 3386, len 44	2020-10-07 22:43:27
185.39.11.32	attackspambots	ET DROP Spamhaus DROP Listed Traffic Inbound group 23 - port: 3363 proto: tcp cat: Misc Attackbytes: 60	2020-10-07 14:46:55
185.39.11.105	attackbotsspam	TCP (SYN) 185.39.11.105:50274 -> port 8080, len 44	2020-10-07 07:10:53
185.39.11.105	attack	[05/Oct/2020:17:47:11 -0400] "POST /cgi-bin/web_json.cgi HTTP/1.1" "Mozilla/5.0"	2020-10-06 23:31:39
185.39.11.105	attackbots	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-06 15:20:40
185.39.11.32	attack	Found on CINS badguys / proto=6 . srcport=48620 . dstport=445 SMB . (3269)	2020-09-29 07:05:50
185.39.11.32	attack	Persistent port scanning [16 denied]	2020-09-28 23:36:00
185.39.11.32	attack	Persistent port scanning [16 denied]	2020-09-28 15:38:50
185.39.11.109	attack	port scan	2020-09-21 20:32:07
185.39.11.109	attackspam	[Mon Sep 14 21:34:59 2020] - Syn Flood From IP: 185.39.11.109 Port: 52084	2020-09-21 12:23:06
185.39.11.109	attackbots	Too many connection attempt to nonexisting ports	2020-09-21 04:14:40
185.39.11.109	attackspambots	[H1.VM1] Blocked by UFW	2020-09-20 01:46:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 185.39.11.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43895
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;185.39.11.55.			IN	A

;; AUTHORITY SECTION:
.			549	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060500 1800 900 604800 86400

;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jun 05 14:43:56 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 55.11.39.185.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 55.11.39.185.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
14.229.177.125	attackspam	Unauthorized connection attempt from IP address 14.229.177.125 on Port 445(SMB)	2019-11-02 18:08:45
36.255.134.172	attackbotsspam	Automatic report - Port Scan Attack	2019-11-02 18:00:20
109.69.67.17	attackbotsspam	Automatic report - XMLRPC Attack	2019-11-02 18:14:59
14.192.238.140	attack	Automatic report - Port Scan Attack	2019-11-02 18:14:00
118.25.196.31	attackspam	Automatic report - Banned IP Access	2019-11-02 18:33:29
203.171.227.205	attackspambots	$f2bV_matches	2019-11-02 18:19:25
119.29.174.51	attack	Connection by 119.29.174.51 on port: 23 got caught by honeypot at 11/2/2019 7:35:20 AM	2019-11-02 18:24:29
138.94.160.57	attack	Invalid user oracle from 138.94.160.57 port 55882 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.94.160.57 Failed password for invalid user oracle from 138.94.160.57 port 55882 ssh2 Invalid user gitlab-runner from 138.94.160.57 port 37594 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.94.160.57	2019-11-02 18:34:06
165.227.96.190	attackbotsspam	Nov 2 06:05:17 lnxweb62 sshd[29121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.96.190	2019-11-02 18:20:08
191.33.138.134	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/191.33.138.134/ BR - 1H : (391) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : BR NAME ASN : ASN18881 IP : 191.33.138.134 CIDR : 191.33.128.0/18 PREFIX COUNT : 938 UNIQUE IP COUNT : 4233472 ATTACKS DETECTED ASN18881 : 1H - 6 3H - 10 6H - 18 12H - 40 24H - 72 DateTime : 2019-11-02 04:45:09 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-02 18:09:51
49.235.134.72	attack	SSH Brute-Force attacks	2019-11-02 17:59:14
49.151.137.160	attackspam	Unauthorized connection attempt from IP address 49.151.137.160 on Port 445(SMB)	2019-11-02 18:00:02
185.100.85.190	attackbots	www.plussize.fitness 185.100.85.190 \[02/Nov/2019:07:31:13 +0100\] "POST /xmlrpc.php HTTP/1.0" 301 499 "-" "Mozilla/5.0 $Windows NT 6.1$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/68.0.3440.106 Safari/537.36" plussize.fitness 185.100.85.190 \[02/Nov/2019:07:31:14 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 3777 "-" "Mozilla/5.0 $Windows NT 6.1$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/68.0.3440.106 Safari/537.36"	2019-11-02 18:23:34
139.199.127.60	attackspambots	(sshd) Failed SSH login from 139.199.127.60 (CN/China/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Nov 2 07:40:02 andromeda sshd[16673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.127.60 user=root Nov 2 07:40:03 andromeda sshd[16673]: Failed password for root from 139.199.127.60 port 40940 ssh2 Nov 2 07:52:44 andromeda sshd[18138]: Invalid user egg from 139.199.127.60 port 51212	2019-11-02 18:23:13
120.26.204.236	attackbotsspam	port scan and connect, tcp 5432 (postgresql)	2019-11-02 18:17:47

Recently Reported IPs

137.31.30.243	236.115.145.59	253.90.37.3	9.227.232.224
45.118.32.154	104.243.32.171	43.249.51.47	185.39.10.45
213.221.152.135	43.229.11.9	128.74.209.126	168.90.114.136
46.105.15.231	41.79.19.24	144.34.178.15	111.162.206.67
84.17.47.54	66.249.76.129	157.245.125.187	196.36.1.106