89.1.66.100 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: NetCologne Gesellschaft fur Telekommunikation mbH

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Sep 15 13:13:40 datenbank sshd[95418]: Failed password for root from 89.1.66.100 port 55418 ssh2 Sep 15 13:18:20 datenbank sshd[95428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.1.66.100 user=root Sep 15 13:18:22 datenbank sshd[95428]: Failed password for root from 89.1.66.100 port 60402 ssh2 ...	2020-09-15 22:18:05
attackbots	Tried sshing with brute force.	2020-09-15 14:14:54
attack	$f2bV_matches	2020-09-15 06:24:45

Type

Details

Datetime

attackspam

Sep 15 13:13:40 datenbank sshd[95418]: Failed password for root from 89.1.66.100 port 55418 ssh2
Sep 15 13:18:20 datenbank sshd[95428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.1.66.100  user=root
Sep 15 13:18:22 datenbank sshd[95428]: Failed password for root from 89.1.66.100 port 60402 ssh2
...

2020-09-15 22:18:05

attackbots

Tried sshing with brute force.

2020-09-15 14:14:54

attack

$f2bV_matches

2020-09-15 06:24:45

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.1.66.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17963
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.1.66.100.			IN	A

;; AUTHORITY SECTION:
.			152	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091402 1800 900 604800 86400

;; Query time: 143 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 15 06:24:42 CST 2020
;; MSG SIZE  rcvd: 115

Host info

100.66.1.89.in-addr.arpa domain name pointer mx03.haubnerdc.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
100.66.1.89.in-addr.arpa	name = mx03.haubnerdc.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.66.168.81	attackspam	Aug 11 12:03:36 havingfunrightnow sshd[30669]: Failed password for root from 203.66.168.81 port 35672 ssh2 Aug 11 12:10:38 havingfunrightnow sshd[31560]: Failed password for root from 203.66.168.81 port 58382 ssh2 ...	2020-08-11 19:35:28
54.36.143.169	attackspambots	[2020-08-11 06:25:15] NOTICE[1185][C-00000e6c] chan_sip.c: Call from '' (54.36.143.169:58737) to extension '011442820539007' rejected because extension not found in context 'public'. [2020-08-11 06:25:15] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-11T06:25:15.679-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="011442820539007",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/54.36.143.169/58737",ACLName="no_extension_match" [2020-08-11 06:26:01] NOTICE[1185][C-00000e6d] chan_sip.c: Call from '' (54.36.143.169:57865) to extension '9011442820539007' rejected because extension not found in context 'public'. [2020-08-11 06:26:01] SECURITY[1203] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-11T06:26:01.808-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9011442820539007",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UD ...	2020-08-11 19:57:19
222.186.169.192	attackspam	Aug 11 00:53:42 web1 sshd\[31573\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.169.192 user=root Aug 11 00:53:44 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2 Aug 11 00:53:48 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2 Aug 11 00:53:51 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2 Aug 11 00:53:54 web1 sshd\[31573\]: Failed password for root from 222.186.169.192 port 24560 ssh2	2020-08-11 19:26:33
31.184.199.114	attack	Aug 11 00:55:50 web1 sshd\[31755\]: Invalid user 0 from 31.184.199.114 Aug 11 00:55:50 web1 sshd\[31755\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.184.199.114 Aug 11 00:55:52 web1 sshd\[31755\]: Failed password for invalid user 0 from 31.184.199.114 port 39240 ssh2 Aug 11 00:56:00 web1 sshd\[31776\]: Invalid user 22 from 31.184.199.114 Aug 11 00:56:00 web1 sshd\[31776\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.184.199.114	2020-08-11 19:38:12
49.235.156.47	attackspam	Aug 7 08:10:17 Ubuntu-1404-trusty-64-minimal sshd\[5707\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47 user=root Aug 7 08:10:19 Ubuntu-1404-trusty-64-minimal sshd\[5707\]: Failed password for root from 49.235.156.47 port 33206 ssh2 Aug 7 08:17:49 Ubuntu-1404-trusty-64-minimal sshd\[10541\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47 user=root Aug 7 08:17:51 Ubuntu-1404-trusty-64-minimal sshd\[10541\]: Failed password for root from 49.235.156.47 port 46604 ssh2 Aug 7 08:21:02 Ubuntu-1404-trusty-64-minimal sshd\[13350\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.156.47 user=root	2020-08-11 19:44:26
89.174.249.91	attackspambots	Attempted Brute Force (dovecot)	2020-08-11 19:27:52
118.24.2.141	attackbotsspam	2020-08-11T13:49:50.028352lavrinenko.info sshd[13493]: Failed password for root from 118.24.2.141 port 37138 ssh2 2020-08-11T13:50:41.621810lavrinenko.info sshd[13571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.2.141 user=root 2020-08-11T13:50:43.903403lavrinenko.info sshd[13571]: Failed password for root from 118.24.2.141 port 44458 ssh2 2020-08-11T13:51:32.587272lavrinenko.info sshd[13672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.2.141 user=root 2020-08-11T13:51:34.537663lavrinenko.info sshd[13672]: Failed password for root from 118.24.2.141 port 51774 ssh2 ...	2020-08-11 19:46:57
106.12.156.236	attackspambots	Aug 11 07:52:27 nextcloud sshd\[19113\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.156.236 user=root Aug 11 07:52:29 nextcloud sshd\[19113\]: Failed password for root from 106.12.156.236 port 54628 ssh2 Aug 11 07:55:04 nextcloud sshd\[21873\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.156.236 user=root	2020-08-11 19:53:59
196.52.43.128	attackspam	TCP (SYN) 196.52.43.128:50330 -> port 5001, len 44	2020-08-11 19:22:22
111.229.63.223	attackbots	Aug 11 03:43:30 ip-172-31-61-156 sshd[30416]: Failed password for root from 111.229.63.223 port 37898 ssh2 Aug 11 03:43:29 ip-172-31-61-156 sshd[30416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.63.223 user=root Aug 11 03:43:30 ip-172-31-61-156 sshd[30416]: Failed password for root from 111.229.63.223 port 37898 ssh2 Aug 11 03:47:36 ip-172-31-61-156 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.63.223 user=root Aug 11 03:47:37 ip-172-31-61-156 sshd[30607]: Failed password for root from 111.229.63.223 port 52482 ssh2 ...	2020-08-11 19:31:47
189.80.37.70	attackbotsspam	Lines containing failures of 189.80.37.70 Aug 4 08:37:47 server-name sshd[5562]: User r.r from 189.80.37.70 not allowed because not listed in AllowUsers Aug 4 08:37:47 server-name sshd[5562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.37.70 user=r.r Aug 4 08:37:49 server-name sshd[5562]: Failed password for invalid user r.r from 189.80.37.70 port 52938 ssh2 Aug 4 08:37:49 server-name sshd[5562]: Received disconnect from 189.80.37.70 port 52938:11: Bye Bye [preauth] Aug 4 08:37:49 server-name sshd[5562]: Disconnected from invalid user r.r 189.80.37.70 port 52938 [preauth] Aug 4 09:38:11 server-name sshd[7928]: User r.r from 189.80.37.70 not allowed because not listed in AllowUsers Aug 4 09:38:11 server-name sshd[7928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.80.37.70 user=r.r Aug 4 09:38:12 server-name sshd[7928]: Failed password for invalid user r.r from 189......... ------------------------------	2020-08-11 19:52:14
69.117.38.224	attackspam	SIP/5060 Probe, BF, Hack -	2020-08-11 19:28:58
79.101.45.94	attackspambots	Dovecot Invalid User Login Attempt.	2020-08-11 19:58:17
183.217.193.115	attack	Server penetration trying other domain names than server publicly serves (ex https://localhost)	2020-08-11 19:21:48
177.21.138.111	attack	Automatic report - Port Scan Attack	2020-08-11 19:47:28

Recently Reported IPs

175.36.140.79	13.88.219.189	207.246.126.216	178.62.244.247
156.54.168.71	93.236.95.59	156.54.169.143	103.10.23.8
102.37.40.61	52.169.67.105	95.144.75.124	45.146.164.186
201.20.185.14	200.66.125.8	194.168.212.81	188.92.213.183
181.174.144.172	177.126.216.117	177.85.142.224	177.44.17.44