104.248.139.86

基本信息:

城市(city): Frankfurt am Main

省份(region): Hesse

国家(country): Germany

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	$f2bV_matches	2019-12-24 07:19:04
attackbots	Dec 14 14:23:22 sanyalnet-awsem3-1 sshd[10843]: Connection from 104.248.139.86 port 54772 on 172.30.0.184 port 22 Dec 14 14:23:23 sanyalnet-awsem3-1 sshd[10843]: Invalid user sinilau from 104.248.139.86 Dec 14 14:23:23 sanyalnet-awsem3-1 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.86 Dec 14 14:23:25 sanyalnet-awsem3-1 sshd[10843]: Failed password for invalid user sinilau from 104.248.139.86 port 54772 ssh2 Dec 14 14:23:25 sanyalnet-awsem3-1 sshd[10843]: Received disconnect from 104.248.139.86: 11: Bye Bye [preauth] Dec 14 14:30:11 sanyalnet-awsem3-1 sshd[11039]: Connection from 104.248.139.86 port 58628 on 172.30.0.184 port 22 Dec 14 14:30:12 sanyalnet-awsem3-1 sshd[11039]: Invalid user daniiel from 104.248.139.86 Dec 14 14:30:12 sanyalnet-awsem3-1 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.86 ........ ----------------------------------------------- https://www.blockli	2019-12-15 03:16:13

类型

评论内容

时间

attackbotsspam

$f2bV_matches

2019-12-24 07:19:04

attackbots

Dec 14 14:23:22 sanyalnet-awsem3-1 sshd[10843]: Connection from 104.248.139.86 port 54772 on 172.30.0.184 port 22
Dec 14 14:23:23 sanyalnet-awsem3-1 sshd[10843]: Invalid user sinilau from 104.248.139.86
Dec 14 14:23:23 sanyalnet-awsem3-1 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.86 
Dec 14 14:23:25 sanyalnet-awsem3-1 sshd[10843]: Failed password for invalid user sinilau from 104.248.139.86 port 54772 ssh2
Dec 14 14:23:25 sanyalnet-awsem3-1 sshd[10843]: Received disconnect from 104.248.139.86: 11: Bye Bye [preauth]
Dec 14 14:30:11 sanyalnet-awsem3-1 sshd[11039]: Connection from 104.248.139.86 port 58628 on 172.30.0.184 port 22
Dec 14 14:30:12 sanyalnet-awsem3-1 sshd[11039]: Invalid user daniiel from 104.248.139.86
Dec 14 14:30:12 sanyalnet-awsem3-1 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.86 


........
-----------------------------------------------
https://www.blockli

2019-12-15 03:16:13

相同子网IP讨论:

IP	类型	评论内容	时间
104.248.139.121	attackspambots	May 14 08:55:32 NPSTNNYC01T sshd[14068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 May 14 08:55:34 NPSTNNYC01T sshd[14068]: Failed password for invalid user user from 104.248.139.121 port 49288 ssh2 May 14 08:59:01 NPSTNNYC01T sshd[14354]: Failed password for root from 104.248.139.121 port 56564 ssh2 ...	2020-05-14 21:25:45
104.248.139.121	attackbotsspam	May 3 06:22:00 legacy sshd[5370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 May 3 06:22:02 legacy sshd[5370]: Failed password for invalid user mf from 104.248.139.121 port 40166 ssh2 May 3 06:25:38 legacy sshd[5637]: Failed password for root from 104.248.139.121 port 49638 ssh2 ...	2020-05-03 12:34:29
104.248.139.121	attackspam	SSH auth scanning - multiple failed logins	2020-04-30 07:33:34
104.248.139.121	attack	2020-04-27T13:03:38.800886abusebot-3.cloudsearch.cf sshd[30948]: Invalid user hung from 104.248.139.121 port 41966 2020-04-27T13:03:38.810081abusebot-3.cloudsearch.cf sshd[30948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 2020-04-27T13:03:38.800886abusebot-3.cloudsearch.cf sshd[30948]: Invalid user hung from 104.248.139.121 port 41966 2020-04-27T13:03:40.381859abusebot-3.cloudsearch.cf sshd[30948]: Failed password for invalid user hung from 104.248.139.121 port 41966 ssh2 2020-04-27T13:07:22.168837abusebot-3.cloudsearch.cf sshd[31229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 user=root 2020-04-27T13:07:24.161636abusebot-3.cloudsearch.cf sshd[31229]: Failed password for root from 104.248.139.121 port 53746 ssh2 2020-04-27T13:11:04.475551abusebot-3.cloudsearch.cf sshd[31503]: Invalid user znc from 104.248.139.121 port 37302 ...	2020-04-27 22:58:33
104.248.139.121	attackbots	Apr 27 11:44:11 dev0-dcde-rnet sshd[22559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 Apr 27 11:44:14 dev0-dcde-rnet sshd[22559]: Failed password for invalid user udp from 104.248.139.121 port 52906 ssh2 Apr 27 11:50:16 dev0-dcde-rnet sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121	2020-04-27 18:07:05
104.248.139.121	attackspam	Unauthorised connection attempt detected at AUO NODE 1. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-04-24 23:09:01
104.248.139.121	attackbotsspam	Invalid user od from 104.248.139.121 port 53734	2020-04-23 04:11:27
104.248.139.121	attack	Wordpress malicious attack:[sshd]	2020-04-20 12:17:42
104.248.139.121	attackspam	Apr 20 00:12:29 debian-2gb-nbg1-2 kernel: \[9593314.391754\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=104.248.139.121 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=23968 PROTO=TCP SPT=59620 DPT=19842 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-20 08:07:04
104.248.139.121	attackbots	scans once in preceeding hours on the ports (in chronological order) 19153 resulting in total of 5 scans from 104.248.0.0/16 block.	2020-04-20 00:13:49
104.248.139.121	attack	Apr 17 13:56:38 sso sshd[29563]: Failed password for root from 104.248.139.121 port 42032 ssh2 Apr 17 14:00:28 sso sshd[30000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 ...	2020-04-17 22:34:21
104.248.139.121	attackbotsspam	Apr 17 09:49:30 vpn01 sshd[24030]: Failed password for root from 104.248.139.121 port 47328 ssh2 ...	2020-04-17 16:50:57
104.248.139.121	attackspambots	Apr 8 06:00:12 sso sshd[10238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 Apr 8 06:00:14 sso sshd[10238]: Failed password for invalid user aman from 104.248.139.121 port 60516 ssh2 ...	2020-04-08 12:18:20
104.248.139.121	attackspam	(sshd) Failed SSH login from 104.248.139.121 (DE/Germany/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 4 09:34:42 ubnt-55d23 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 user=root Apr 4 09:34:44 ubnt-55d23 sshd[17241]: Failed password for root from 104.248.139.121 port 43664 ssh2	2020-04-04 16:11:55
104.248.139.121	attack	Mar 28 16:31:05 dev0-dcde-rnet sshd[3144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121 Mar 28 16:31:06 dev0-dcde-rnet sshd[3144]: Failed password for invalid user oracle from 104.248.139.121 port 41678 ssh2 Mar 28 16:41:28 dev0-dcde-rnet sshd[3230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.139.121	2020-03-29 00:22:33

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.139.86
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19451
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.139.86.			IN	A

;; AUTHORITY SECTION:
.			572	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121401 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 15 03:16:08 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 86.139.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 86.139.248.104.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
173.252.87.3	attack	[Sun Apr 12 10:50:15.307549 2020] [:error] [pid 3625:tid 140295004800768] [client 173.252.87.3:48640] [client 173.252.87.3] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/IcoMoon.woff"] [unique_id "XpKP96LL@8cf6BWsPUlIZwAAAAE"] ...	2020-04-12 18:05:31
49.234.70.67	attack	2020-04-11 UTC: (5x) - asterisk,root(2x),server1,test	2020-04-12 17:49:34
45.143.220.52	attackbotsspam	[2020-04-12 06:06:48] NOTICE[12114] chan_sip.c: Registration from '' failed for '45.143.220.52:40988' - Wrong password [2020-04-12 06:06:48] SECURITY[12128] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-04-12T06:06:48.472-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9706",SessionID="0x7f020c088288",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.220.52/40988",Challenge="14d1fa81",ReceivedChallenge="14d1fa81",ReceivedHash="67fea1ad7d28fa25a9a982024bc471ff" [2020-04-12 06:06:56] NOTICE[12114] chan_sip.c: Registration from '' failed for '45.143.220.52:51776' - Wrong password [2020-04-12 06:06:56] SECURITY[12128] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-04-12T06:06:56.879-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="101101",SessionID="0x7f020c167898",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.14 ...	2020-04-12 18:09:32
202.70.80.27	attackbotsspam	Apr 12 06:52:39 server sshd[13011]: Failed password for root from 202.70.80.27 port 36650 ssh2 Apr 12 06:55:57 server sshd[13670]: Failed password for invalid user mysql from 202.70.80.27 port 34406 ssh2 Apr 12 06:59:18 server sshd[14400]: Failed password for invalid user alessia from 202.70.80.27 port 60342 ssh2	2020-04-12 17:31:00
156.96.153.17	attack	SSH Brute-Force reported by Fail2Ban	2020-04-12 17:35:49
203.19.33.149	attack	firewall-block, port(s): 445/tcp	2020-04-12 18:11:12
141.98.81.99	attackbots	2020-04-11 UTC: (3x) - Administrator(2x),root	2020-04-12 17:56:19
185.36.81.57	attackbotsspam	(smtpauth) Failed SMTP AUTH login from 185.36.81.57 (LT/Republic of Lithuania/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2020-04-12 11:11:46 login authenticator failed for (User) [185.36.81.57]: 535 Incorrect authentication data (set_id=jared) 2020-04-12 11:11:48 login authenticator failed for (User) [185.36.81.57]: 535 Incorrect authentication data (set_id=jared) 2020-04-12 11:35:17 login authenticator failed for (User) [185.36.81.57]: 535 Incorrect authentication data (set_id=harvard) 2020-04-12 11:35:19 login authenticator failed for (User) [185.36.81.57]: 535 Incorrect authentication data (set_id=harvard) 2020-04-12 11:58:49 login authenticator failed for (User) [185.36.81.57]: 535 Incorrect authentication data (set_id=cgfhnfr)	2020-04-12 18:03:59
76.0.248.143	attack	Apr 12 06:26:04 XXXXXX sshd[61881]: Invalid user backuppc from 76.0.248.143 port 35382	2020-04-12 17:47:18
173.252.87.45	attackbots	[Sun Apr 12 10:50:14.537271 2020] [:error] [pid 3610:tid 140294988015360] [client 173.252.87.45:34642] [client 173.252.87.45] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/system-v98.css"] [unique_id "XpKP9seJ7QLCrtS-d9zLuQAAAAE"] ...	2020-04-12 18:08:22
213.121.19.241	attackspam	Port probing on unauthorized port 22	2020-04-12 17:34:35
111.231.59.112	attackspam	Apr 12 11:59:01 h2829583 sshd[13686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.59.112	2020-04-12 18:09:06
109.169.210.153	attackspambots	20/4/12@02:08:56: FAIL: Alarm-Network address from=109.169.210.153 20/4/12@02:08:56: FAIL: Alarm-Network address from=109.169.210.153 ...	2020-04-12 17:45:10
162.210.196.100	attackbotsspam	Automatic report - Banned IP Access	2020-04-12 17:37:24
51.15.129.164	attackspambots	$f2bV_matches	2020-04-12 17:59:56

最近上报的IP列表

74.237.58.183	91.68.97.112	123.148.144.224	117.207.221.225
108.189.101.77	207.17.232.70	52.213.110.147	54.173.81.250
82.229.80.37	80.5.202.79	178.66.62.212	209.33.39.72
121.90.227.145	32.230.241.192	191.132.226.104	180.183.249.222
111.15.129.40	191.55.130.9	27.44.134.146	34.234.60.177