城市(city): unknown
省份(region): unknown
国家(country): Singapore
运营商(isp): Choopa LLC
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): Data Center/Web Hosting/Transit
| 类型 | 评论内容 | 时间 |
|---|---|---|
| attackbots | Invalid user tc from 139.180.137.254 port 39268 |
2020-01-10 23:07:33 |
| attackbots | (sshd) Failed SSH login from 139.180.137.254 (SG/Singapore/139.180.137.254.vultr.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jan 8 01:27:15 svr sshd[2962991]: Invalid user gameservers from 139.180.137.254 port 38980 Jan 8 01:27:17 svr sshd[2962991]: Failed password for invalid user gameservers from 139.180.137.254 port 38980 ssh2 Jan 8 01:44:44 svr sshd[3020581]: Invalid user server from 139.180.137.254 port 55294 Jan 8 01:44:46 svr sshd[3020581]: Failed password for invalid user server from 139.180.137.254 port 55294 ssh2 Jan 8 01:48:06 svr sshd[3031942]: Invalid user aiq from 139.180.137.254 port 59084 |
2020-01-08 18:19:01 |
| attack | Dec 5 05:50:12 sbg01 sshd[10065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 Dec 5 05:50:14 sbg01 sshd[10065]: Failed password for invalid user admin from 139.180.137.254 port 33640 ssh2 Dec 5 05:56:42 sbg01 sshd[10126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 |
2019-12-05 13:49:28 |
| attackbotsspam | Dec 5 01:11:55 vibhu-HP-Z238-Microtower-Workstation sshd\[5153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 user=root Dec 5 01:11:57 vibhu-HP-Z238-Microtower-Workstation sshd\[5153\]: Failed password for root from 139.180.137.254 port 41110 ssh2 Dec 5 01:20:10 vibhu-HP-Z238-Microtower-Workstation sshd\[5619\]: Invalid user stoklosa from 139.180.137.254 Dec 5 01:20:10 vibhu-HP-Z238-Microtower-Workstation sshd\[5619\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 Dec 5 01:20:12 vibhu-HP-Z238-Microtower-Workstation sshd\[5619\]: Failed password for invalid user stoklosa from 139.180.137.254 port 52748 ssh2 ... |
2019-12-05 03:53:44 |
| attack | detected by Fail2Ban |
2019-12-04 00:54:10 |
| attack | 2019-12-01 07:00:33 server sshd[42235]: Failed password for invalid user test from 139.180.137.254 port 43538 ssh2 |
2019-12-02 00:25:11 |
| attackspam | Lines containing failures of 139.180.137.254 Nov 25 20:27:58 shared07 sshd[15838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 user=r.r Nov 25 20:28:00 shared07 sshd[15838]: Failed password for r.r from 139.180.137.254 port 43568 ssh2 Nov 25 20:28:00 shared07 sshd[15838]: Received disconnect from 139.180.137.254 port 43568:11: Bye Bye [preauth] Nov 25 20:28:00 shared07 sshd[15838]: Disconnected from authenticating user r.r 139.180.137.254 port 43568 [preauth] Nov 25 20:57:50 shared07 sshd[25744]: Invalid user selamat from 139.180.137.254 port 49668 Nov 25 20:57:50 shared07 sshd[25744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 Nov 25 20:57:52 shared07 sshd[25744]: Failed password for invalid user selamat from 139.180.137.254 port 49668 ssh2 Nov 25 20:57:52 shared07 sshd[25744]: Received disconnect from 139.180.137.254 port 49668:11: Bye Bye [preauth]........ ------------------------------ |
2019-11-27 04:09:31 |
| attack | Nov 23 13:28:19 debian sshd\[21531\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 user=root Nov 23 13:28:20 debian sshd\[21531\]: Failed password for root from 139.180.137.254 port 58760 ssh2 Nov 23 13:34:54 debian sshd\[21939\]: Invalid user oooo from 139.180.137.254 port 51406 Nov 23 13:34:54 debian sshd\[21939\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.137.254 ... |
2019-11-23 18:38:47 |
| attackspambots | $f2bV_matches |
2019-11-22 14:13:09 |
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 139.180.137.163 | attack | Registration form abuse |
2020-06-30 23:56:29 |
| 139.180.137.38 | attackbots | 2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63683 I=\[193.107.88.166\]:25 input="CONNECT 35.170.216.115:443 HTTP/" 2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63707 I=\[193.107.88.166\]:25 input="\004\001\001�\#��s" 2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63728 I=\[193.107.88.166\]:25 input="\005\001" ... |
2020-02-05 01:09:06 |
| 139.180.137.216 | attackbotsspam | 2019-08-1522:17:51dovecot_plainauthenticatorfailedfor\(g6juv4vfbuu59gqmke3kyvmued6kn\)[14.225.3.16]:55054:535Incorrectauthenticationdata\(set_id=info\)2019-08-1522:11:59dovecot_plainauthenticatorfailedfor\(ikxtaqzpbvzha0h5pkxxrvvcaow9u613\)[14.225.3.16]:42385:535Incorrectauthenticationdata\(set_id=info\)2019-08-1522:10:53dovecot_plainauthenticatorfailedfor\(dv4orrvgfo0fhuvj0p0tjntekssvsz\)[139.180.137.216]:40118:535Incorrectauthenticationdata\(set_id=info\)2019-08-1521:58:52dovecot_plainauthenticatorfailedfor\([191.53.195.232]\)[191.53.195.232]:37092:535Incorrectauthenticationdata\(set_id=info\)2019-08-1521:44:41dovecot_plainauthenticatorfailedfor\([177.21.198.140]\)[177.21.198.140]:32780:535Incorrectauthenticationdata\(set_id=info\)2019-08-1521:29:56dovecot_plainauthenticatorfailedfor\([138.36.200.238]\)[138.36.200.238]:52220:535Incorrectauthenticationdata\(set_id=info\)2019-08-1522:12:19dovecot_plainauthenticatorfailedforip-192-169-216-124.ip.secureserver.net\(comgn6j34cvvnuxh64r090jhs1\)[192.169.216.124]:5 |
2019-08-16 07:38:42 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.180.137.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7434
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.180.137.254. IN A
;; AUTHORITY SECTION:
. 571 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019112101 1800 900 604800 86400
;; Query time: 973 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Nov 22 14:13:03 CST 2019
;; MSG SIZE rcvd: 119254.137.180.139.in-addr.arpa domain name pointer 139.180.137.254.vultr.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
254.137.180.139.in-addr.arpa name = 139.180.137.254.vultr.com.
Authoritative answers can be found from:| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 103.253.42.39 | attack | Rude login attack (39 tries in 1d) |
2019-10-09 02:06:42 |
| 222.186.15.110 | attackbots | Oct 8 19:17:41 icinga sshd[55104]: Failed password for root from 222.186.15.110 port 60581 ssh2 Oct 8 19:17:45 icinga sshd[55104]: Failed password for root from 222.186.15.110 port 60581 ssh2 Oct 8 19:17:49 icinga sshd[55104]: Failed password for root from 222.186.15.110 port 60581 ssh2 ... |
2019-10-09 02:07:22 |
| 118.25.12.59 | attack | Oct 8 16:00:04 vmanager6029 sshd\[20328\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.12.59 user=root Oct 8 16:00:05 vmanager6029 sshd\[20328\]: Failed password for root from 118.25.12.59 port 51166 ssh2 Oct 8 16:05:18 vmanager6029 sshd\[20440\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.12.59 user=root |
2019-10-09 01:50:11 |
| 159.253.146.20 | attackbotsspam | Oct 8 19:09:55 h2177944 kernel: \[3430680.860107\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=159.253.146.20 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=80 ID=19851 DF PROTO=TCP SPT=63099 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 8 19:10:54 h2177944 kernel: \[3430739.258091\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=159.253.146.20 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=75 ID=53754 DF PROTO=TCP SPT=65187 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 8 19:12:36 h2177944 kernel: \[3430841.708408\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=159.253.146.20 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=79 ID=54621 DF PROTO=TCP SPT=65250 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 8 19:13:27 h2177944 kernel: \[3430892.548774\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=159.253.146.20 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=79 ID=55337 DF PROTO=TCP SPT=54537 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 8 19:13:27 h2177944 kernel: \[3430892.718738\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=159.253.146.20 DST=8 |
2019-10-09 01:57:21 |
| 114.226.245.157 | attackspambots | Unauthorised access (Oct 8) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=49157 TCP DPT=8080 WINDOW=11794 SYN Unauthorised access (Oct 8) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=9569 TCP DPT=8080 WINDOW=46723 SYN Unauthorised access (Oct 7) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=4729 TCP DPT=8080 WINDOW=11794 SYN Unauthorised access (Oct 6) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=59991 TCP DPT=8080 WINDOW=11794 SYN Unauthorised access (Oct 6) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=43896 TCP DPT=8080 WINDOW=46723 SYN Unauthorised access (Oct 6) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=46381 TCP DPT=8080 WINDOW=11794 SYN Unauthorised access (Oct 6) SRC=114.226.245.157 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=58639 TCP DPT=8080 WINDOW=11794 SYN |
2019-10-09 02:03:38 |
| 176.58.124.134 | attackbotsspam | [Tue Oct 08 14:46:19.320998 2019] [:error] [pid 223273] [client 176.58.124.134:46704] [client 176.58.124.134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "200.132.59.212"] [uri "/default"] [unique_id "XZzLawsDafO7W8IVbtVkpQAAAAQ"] ... |
2019-10-09 02:16:07 |
| 210.177.54.141 | attack | $f2bV_matches |
2019-10-09 02:01:37 |
| 144.217.255.89 | attackspambots | 2019-10-08T16:59:06.197312abusebot.cloudsearch.cf sshd\[24912\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns542132.ip-144-217-255.net user=root |
2019-10-09 01:53:38 |
| 219.157.132.185 | attackspambots | Aug 18 13:09:33 dallas01 sshd[5642]: Failed password for root from 219.157.132.185 port 60478 ssh2 Aug 18 13:09:40 dallas01 sshd[5642]: Failed password for root from 219.157.132.185 port 60478 ssh2 Aug 18 13:09:42 dallas01 sshd[5642]: Failed password for root from 219.157.132.185 port 60478 ssh2 Aug 18 13:09:45 dallas01 sshd[5642]: Failed password for root from 219.157.132.185 port 60478 ssh2 Aug 18 13:09:45 dallas01 sshd[5642]: error: maximum authentication attempts exceeded for root from 219.157.132.185 port 60478 ssh2 [preauth] |
2019-10-09 02:18:58 |
| 54.39.138.246 | attackbots | SSH bruteforce (Triggered fail2ban) |
2019-10-09 01:46:13 |
| 149.202.56.194 | attack | Oct 8 19:25:24 pornomens sshd\[14172\]: Invalid user Red123 from 149.202.56.194 port 54662 Oct 8 19:25:24 pornomens sshd\[14172\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.202.56.194 Oct 8 19:25:25 pornomens sshd\[14172\]: Failed password for invalid user Red123 from 149.202.56.194 port 54662 ssh2 ... |
2019-10-09 01:56:22 |
| 121.225.84.124 | attack | Oct 8 13:51:39 archiv sshd[18398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.225.84.124 user=r.r Oct 8 13:51:41 archiv sshd[18398]: Failed password for r.r from 121.225.84.124 port 11373 ssh2 Oct 8 13:51:41 archiv sshd[18398]: Received disconnect from 121.225.84.124 port 11373:11: Bye Bye [preauth] Oct 8 13:51:41 archiv sshd[18398]: Disconnected from 121.225.84.124 port 11373 [preauth] Oct 8 14:03:43 archiv sshd[18560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.225.84.124 user=r.r Oct 8 14:03:45 archiv sshd[18560]: Failed password for r.r from 121.225.84.124 port 34314 ssh2 Oct 8 14:03:46 archiv sshd[18560]: Received disconnect from 121.225.84.124 port 34314:11: Bye Bye [preauth] Oct 8 14:03:46 archiv sshd[18560]: Disconnected from 121.225.84.124 port 34314 [preauth] Oct 8 14:07:30 archiv sshd[18638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 ........ ------------------------------- |
2019-10-09 02:14:30 |
| 71.6.142.86 | attackbots | Automated reporting of Vulnerability scanning |
2019-10-09 01:44:22 |
| 159.89.111.136 | attack | 2019-10-08T17:26:47.626887shield sshd\[29595\]: Invalid user Step123 from 159.89.111.136 port 42914 2019-10-08T17:26:47.633566shield sshd\[29595\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.111.136 2019-10-08T17:26:49.625724shield sshd\[29595\]: Failed password for invalid user Step123 from 159.89.111.136 port 42914 ssh2 2019-10-08T17:30:48.418429shield sshd\[29982\]: Invalid user Living2017 from 159.89.111.136 port 53078 2019-10-08T17:30:48.424044shield sshd\[29982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.111.136 |
2019-10-09 01:57:50 |
| 223.204.241.139 | attack | Automatic report - Port Scan Attack |
2019-10-09 01:54:55 |