Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: NetCologne Gesellschaft fur Telekommunikation mbH

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:
Type Details Datetime
attackspam
Sep 15 13:13:40 datenbank sshd[95418]: Failed password for root from 89.1.66.100 port 55418 ssh2
Sep 15 13:18:20 datenbank sshd[95428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.1.66.100  user=root
Sep 15 13:18:22 datenbank sshd[95428]: Failed password for root from 89.1.66.100 port 60402 ssh2
...
2020-09-15 22:18:05
attackbots
Tried sshing with brute force.
2020-09-15 14:14:54
attack
$f2bV_matches
2020-09-15 06:24:45
Comments on same subnet:
No discussion about this subnet yet..
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.1.66.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17963
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.1.66.100.			IN	A

;; AUTHORITY SECTION:
.			152	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091402 1800 900 604800 86400

;; Query time: 143 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 15 06:24:42 CST 2020
;; MSG SIZE  rcvd: 115
Host info
100.66.1.89.in-addr.arpa domain name pointer mx03.haubnerdc.com.
Nslookup info:
Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
100.66.1.89.in-addr.arpa	name = mx03.haubnerdc.com.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
203.66.168.81 attackspam
Aug 11 12:03:36 havingfunrightnow sshd[30669]: Failed password for root from 203.66.168.81 port 35672 ssh2
Aug 11 12:10:38 havingfunrightnow sshd[31560]: Failed password for root from 203.66.168.81 port 58382 ssh2
...
2020-08-11 19:35:28
54.36.143.169 attackspambots
[2020-08-11 06:25:15] NOTICE[1185][C-00000e6c] chan_sip.c: Call from '' (54.36.143.169:58737) to extension '011442820539007' rejected because extension not found in context 'public'.
[2020-08-11 06:25:15] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-11T06:25:15.679-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011442820539007",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/54.36.143.169/58737",ACLName="no_extension_match"
[2020-08-11 06:26:01] NOTICE[1185][C-00000e6d] chan_sip.c: Call from '' (54.36.143.169:57865) to extension '9011442820539007' rejected because extension not found in context 'public'.
[2020-08-11 06:26:01] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-11T06:26:01.808-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011442820539007",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UD
...
2020-08-11 19:57:19
222.186.169.192 attackspam
Aug 11 00:53:42 web1 sshd\[31573\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.169.192  user=root
Aug 11 00:53:44 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2
Aug 11 00:53:48 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2
Aug 11 00:53:51 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2
Aug 11 00:53:54 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2
2020-08-11 19:26:33
31.184.199.114 attack
Aug 11 00:55:50 web1 sshd\[31755\]: Invalid user 0 from 31.184.199.114
Aug 11 00:55:50 web1 sshd\[31755\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.184.199.114
Aug 11 00:55:52 web1 sshd\[31755\]: Failed password for invalid user 0 from 31.184.199.114 port 39240 ssh2
Aug 11 00:56:00 web1 sshd\[31776\]: Invalid user 22 from 31.184.199.114
Aug 11 00:56:00 web1 sshd\[31776\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.184.199.114
2020-08-11 19:38:12
49.235.156.47 attackspam
Aug  7 08:10:17 Ubuntu-1404-trusty-64-minimal sshd\[5707\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47  user=root
Aug  7 08:10:19 Ubuntu-1404-trusty-64-minimal sshd\[5707\]: Failed password for root from 49.235.156.47 port 33206 ssh2
Aug  7 08:17:49 Ubuntu-1404-trusty-64-minimal sshd\[10541\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47  user=root
Aug  7 08:17:51 Ubuntu-1404-trusty-64-minimal sshd\[10541\]: Failed password for root from 49.235.156.47 port 46604 ssh2
Aug  7 08:21:02 Ubuntu-1404-trusty-64-minimal sshd\[13350\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47  user=root
2020-08-11 19:44:26
89.174.249.91 attackspambots
Attempted Brute Force (dovecot)
2020-08-11 19:27:52
118.24.2.141 attackbotsspam
2020-08-11T13:49:50.028352lavrinenko.info sshd[13493]: Failed password for root from 118.24.2.141 port 37138 ssh2
2020-08-11T13:50:41.621810lavrinenko.info sshd[13571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.2.141  user=root
2020-08-11T13:50:43.903403lavrinenko.info sshd[13571]: Failed password for root from 118.24.2.141 port 44458 ssh2
2020-08-11T13:51:32.587272lavrinenko.info sshd[13672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.2.141  user=root
2020-08-11T13:51:34.537663lavrinenko.info sshd[13672]: Failed password for root from 118.24.2.141 port 51774 ssh2
...
2020-08-11 19:46:57
106.12.156.236 attackspambots
Aug 11 07:52:27 nextcloud sshd\[19113\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.156.236  user=root
Aug 11 07:52:29 nextcloud sshd\[19113\]: Failed password for root from 106.12.156.236 port 54628 ssh2
Aug 11 07:55:04 nextcloud sshd\[21873\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.156.236  user=root
2020-08-11 19:53:59
196.52.43.128 attackspam
 TCP (SYN) 196.52.43.128:50330 -> port 5001, len 44
2020-08-11 19:22:22
111.229.63.223 attackbots
Aug 11 03:43:30 ip-172-31-61-156 sshd[30416]: Failed password for root from 111.229.63.223 port 37898 ssh2
Aug 11 03:43:29 ip-172-31-61-156 sshd[30416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.63.223  user=root
Aug 11 03:43:30 ip-172-31-61-156 sshd[30416]: Failed password for root from 111.229.63.223 port 37898 ssh2
Aug 11 03:47:36 ip-172-31-61-156 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.63.223  user=root
Aug 11 03:47:37 ip-172-31-61-156 sshd[30607]: Failed password for root from 111.229.63.223 port 52482 ssh2
...
2020-08-11 19:31:47
189.80.37.70 attackbotsspam
Lines containing failures of 189.80.37.70
Aug  4 08:37:47 server-name sshd[5562]: User r.r from 189.80.37.70 not allowed because not listed in AllowUsers
Aug  4 08:37:47 server-name sshd[5562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.37.70  user=r.r
Aug  4 08:37:49 server-name sshd[5562]: Failed password for invalid user r.r from 189.80.37.70 port 52938 ssh2
Aug  4 08:37:49 server-name sshd[5562]: Received disconnect from 189.80.37.70 port 52938:11: Bye Bye [preauth]
Aug  4 08:37:49 server-name sshd[5562]: Disconnected from invalid user r.r 189.80.37.70 port 52938 [preauth]
Aug  4 09:38:11 server-name sshd[7928]: User r.r from 189.80.37.70 not allowed because not listed in AllowUsers
Aug  4 09:38:11 server-name sshd[7928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.37.70  user=r.r
Aug  4 09:38:12 server-name sshd[7928]: Failed password for invalid user r.r from 189.........
------------------------------
2020-08-11 19:52:14
69.117.38.224 attackspam
SIP/5060 Probe, BF, Hack -
2020-08-11 19:28:58
79.101.45.94 attackspambots
Dovecot Invalid User Login Attempt.
2020-08-11 19:58:17
183.217.193.115 attack
Server penetration trying other domain names than server publicly serves (ex https://localhost)
2020-08-11 19:21:48
177.21.138.111 attack
Automatic report - Port Scan Attack
2020-08-11 19:47:28

Recently Reported IPs

175.36.140.79 13.88.219.189 207.246.126.216 178.62.244.247
156.54.168.71 93.236.95.59 156.54.169.143 103.10.23.8
102.37.40.61 52.169.67.105 95.144.75.124 45.146.164.186
201.20.185.14 200.66.125.8 194.168.212.81 188.92.213.183
181.174.144.172 177.126.216.117 177.85.142.224 177.44.17.44