211.104.20.145

Basic Info

City: unknown

Region: unknown

Country: Korea (Republic of)

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Time: Mon Sep 14 21:40:23 2020 +0000 IP: 211.104.20.145 (KR/South Korea/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 14 21:38:03 ca-47-ede1 sshd[86049]: Did not receive identification string from 211.104.20.145 port 40294 Sep 14 21:40:08 ca-47-ede1 sshd[86080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.104.20.145 user=root Sep 14 21:40:09 ca-47-ede1 sshd[86080]: Failed password for root from 211.104.20.145 port 49928 ssh2 Sep 14 21:40:21 ca-47-ede1 sshd[86084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.104.20.145 user=root Sep 14 21:40:22 ca-47-ede1 sshd[86084]: Failed password for root from 211.104.20.145 port 25020 ssh2	2020-09-17 02:17:08
attackspam	Auto Detect Rule! proto TCP (SYN), 211.104.20.145:48042->gjan.info:22, len 40	2020-09-16 18:34:19

Type

Details

Datetime

attackspambots

Time:     Mon Sep 14 21:40:23 2020 +0000
IP:       211.104.20.145 (KR/South Korea/-)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SSHD]

Log entries:

Sep 14 21:38:03 ca-47-ede1 sshd[86049]: Did not receive identification string from 211.104.20.145 port 40294
Sep 14 21:40:08 ca-47-ede1 sshd[86080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.104.20.145  user=root
Sep 14 21:40:09 ca-47-ede1 sshd[86080]: Failed password for root from 211.104.20.145 port 49928 ssh2
Sep 14 21:40:21 ca-47-ede1 sshd[86084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.104.20.145  user=root
Sep 14 21:40:22 ca-47-ede1 sshd[86084]: Failed password for root from 211.104.20.145 port 25020 ssh2

2020-09-17 02:17:08

attackspam

Auto Detect Rule!
proto TCP (SYN), 211.104.20.145:48042->gjan.info:22, len 40

2020-09-16 18:34:19

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 211.104.20.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37596
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;211.104.20.145.			IN	A

;; AUTHORITY SECTION:
.			385	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091600 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Sep 16 18:34:10 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 145.20.104.211.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 145.20.104.211.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.213.66.170	attackspam	SSH-BruteForce	2020-09-17 09:32:00
212.216.181.209	attack	Automatic report - Banned IP Access	2020-09-17 08:34:46
190.207.2.130	attackspam	Honeypot attack, port: 445, PTR: 190-207-2-130.dyn.dsl.cantv.net.	2020-09-17 09:11:53
116.54.21.218	attackbotsspam	Icarus honeypot on github	2020-09-17 08:33:59
134.122.72.221	attackspam	Sep 16 14:42:16 george sshd[6226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.72.221 user=root Sep 16 14:42:19 george sshd[6226]: Failed password for root from 134.122.72.221 port 55244 ssh2 Sep 16 14:46:24 george sshd[6291]: Invalid user rsync from 134.122.72.221 port 38764 Sep 16 14:46:24 george sshd[6291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.72.221 Sep 16 14:46:26 george sshd[6291]: Failed password for invalid user rsync from 134.122.72.221 port 38764 ssh2 ...	2020-09-17 09:18:23
59.120.19.123	attackspambots	Honeypot attack, port: 445, PTR: 59-120-19-123.HINET-IP.hinet.net.	2020-09-17 09:31:15
98.248.156.94	attackbots	"fail2ban match"	2020-09-17 08:33:14
45.55.60.215	attackbots	Trolling for resource vulnerabilities	2020-09-17 08:33:28
69.28.234.137	attack	Sep 17 01:29:21 vps333114 sshd[17527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.28.234.137 Sep 17 01:29:24 vps333114 sshd[17527]: Failed password for invalid user gdm from 69.28.234.137 port 34287 ssh2 ...	2020-09-17 09:12:34
180.180.241.93	attack	Sep 17 01:17:32 marvibiene sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.180.241.93 Sep 17 01:17:34 marvibiene sshd[11609]: Failed password for invalid user saikumar from 180.180.241.93 port 44886 ssh2 Sep 17 01:21:59 marvibiene sshd[11871]: Failed password for root from 180.180.241.93 port 56560 ssh2	2020-09-17 08:33:43
196.52.43.100	attackspambots	TCP (SYN) 196.52.43.100:53120 -> port 20, len 44	2020-09-17 09:20:32
114.67.110.58	attack	Banned for a week because repeated abuses, for example SSH, but not only	2020-09-17 08:32:48
177.91.132.242	attackbots	Sep 16 19:17:20 mailman postfix/smtpd[15820]: warning: 242-132-91-177.worldnetrn.com.br[177.91.132.242]: SASL PLAIN authentication failed: authentication failure	2020-09-17 08:41:53
103.85.234.214	attackspam	Listed on zen-spamhaus / proto=6 . srcport=11627 . dstport=139 . (1099)	2020-09-17 09:19:40
220.132.75.140	attackbots	2020-09-16T21:30:37+0200 Failed SSH Authentication/Brute Force Attack. (Server 9)	2020-09-17 09:15:50

Recently Reported IPs

202.83.44.89	124.70.109.204	47.30.157.149	252.94.229.201
94.234.55.181	221.115.227.0	213.226.253.25	188.92.214.180
188.92.209.136	187.109.46.56	186.216.70.163	182.183.186.226
181.174.144.188	181.114.208.214	181.114.208.27	178.213.123.99
177.85.23.169	177.67.165.68	177.8.154.207	170.83.189.36