139.180.218.107

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Singapore

运营商(isp): Choopa LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139 [T]	2020-04-15 02:39:07
attackspambots	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139 [T]	2020-01-16 02:30:45
attackbotsspam	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139 [T]	2020-01-07 03:59:15
attackbotsspam	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 445	2020-01-04 09:22:05
attackbotsspam	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139	2020-01-01 03:38:05
attackspambots	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139	2019-12-31 08:25:25
attackbotsspam	Unauthorized connection attempt detected from IP address 139.180.218.107 to port 139	2019-12-31 02:59:06

相同子网IP讨论:

IP	类型	评论内容	时间
139.180.218.204	attackbotsspam	2019-07-07T10:06:43.522119lon01.zurich-datacenter.net sshd\[32318\]: Invalid user info from 139.180.218.204 port 48756 2019-07-07T10:06:43.527097lon01.zurich-datacenter.net sshd\[32318\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204 2019-07-07T10:06:45.594800lon01.zurich-datacenter.net sshd\[32318\]: Failed password for invalid user info from 139.180.218.204 port 48756 ssh2 2019-07-07T10:12:24.442502lon01.zurich-datacenter.net sshd\[32552\]: Invalid user can from 139.180.218.204 port 46236 2019-07-07T10:12:24.448647lon01.zurich-datacenter.net sshd\[32552\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204 ...	2019-07-07 17:46:42
139.180.218.204	attackspam	Jul 6 20:07:05 shadeyouvpn sshd[5327]: Address 139.180.218.204 maps to 139.180.218.204.vultr.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jul 6 20:07:05 shadeyouvpn sshd[5327]: Invalid user qbiomedical from 139.180.218.204 Jul 6 20:07:05 shadeyouvpn sshd[5327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204 Jul 6 20:07:07 shadeyouvpn sshd[5327]: Failed password for invalid user qbiomedical from 139.180.218.204 port 38346 ssh2 Jul 6 20:07:07 shadeyouvpn sshd[5327]: Received disconnect from 139.180.218.204: 11: Bye Bye [preauth] Jul 6 20:10:57 shadeyouvpn sshd[7931]: Address 139.180.218.204 maps to 139.180.218.204.vultr.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jul 6 20:10:57 shadeyouvpn sshd[7931]: Invalid user test from 139.180.218.204 Jul 6 20:10:57 shadeyouvpn sshd[7931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 t........ -------------------------------	2019-07-07 11:45:43

类型

评论内容

时间

139.180.218.204

attackbotsspam

2019-07-07T10:06:43.522119lon01.zurich-datacenter.net sshd\[32318\]: Invalid user info from 139.180.218.204 port 48756
2019-07-07T10:06:43.527097lon01.zurich-datacenter.net sshd\[32318\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204
2019-07-07T10:06:45.594800lon01.zurich-datacenter.net sshd\[32318\]: Failed password for invalid user info from 139.180.218.204 port 48756 ssh2
2019-07-07T10:12:24.442502lon01.zurich-datacenter.net sshd\[32552\]: Invalid user can from 139.180.218.204 port 46236
2019-07-07T10:12:24.448647lon01.zurich-datacenter.net sshd\[32552\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204
...

2019-07-07 17:46:42

139.180.218.204

attackspam

Jul  6 20:07:05 shadeyouvpn sshd[5327]: Address 139.180.218.204 maps to 139.180.218.204.vultr.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul  6 20:07:05 shadeyouvpn sshd[5327]: Invalid user qbiomedical from 139.180.218.204
Jul  6 20:07:05 shadeyouvpn sshd[5327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.180.218.204 
Jul  6 20:07:07 shadeyouvpn sshd[5327]: Failed password for invalid user qbiomedical from 139.180.218.204 port 38346 ssh2
Jul  6 20:07:07 shadeyouvpn sshd[5327]: Received disconnect from 139.180.218.204: 11: Bye Bye [preauth]
Jul  6 20:10:57 shadeyouvpn sshd[7931]: Address 139.180.218.204 maps to 139.180.218.204.vultr.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jul  6 20:10:57 shadeyouvpn sshd[7931]: Invalid user test from 139.180.218.204
Jul  6 20:10:57 shadeyouvpn sshd[7931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 t........
-------------------------------

2019-07-07 11:45:43

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.180.218.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55628
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.180.218.107.		IN	A

;; AUTHORITY SECTION:
.			250	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019123001 1800 900 604800 86400

;; Query time: 38 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 31 02:59:02 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

107.218.180.139.in-addr.arpa domain name pointer 139.180.218.107.vultr.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
107.218.180.139.in-addr.arpa	name = 139.180.218.107.vultr.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
5.255.250.33	attack	IP: 5.255.250.33 ASN: AS13238 YANDEX LLC Port: World Wide Web HTTP 80 Found in one or more Blacklists Date: 21/06/2019 5:06:45 AM UTC	2019-06-21 17:25:03
121.42.152.155	attackspam	/wp-login.php	2019-06-21 17:24:04
77.96.122.46	attackspambots	proto=tcp . spt=43221 . dpt=25 . (listed on Blocklist de Jun 20) (336)	2019-06-21 18:09:05
0.0.0.77	attackbotsspam	masters-of-media.de 2a06:dd00:1:4:1::77 \[21/Jun/2019:06:36:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 5856 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" masters-of-media.de 2a06:dd00:1:4:1::77 \[21/Jun/2019:06:36:26 +0200\] "POST /wp-login.php HTTP/1.1" 200 5811 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-06-21 17:19:17
31.3.152.128	attack	\[2019-06-21 11:26:02\] NOTICE\[13863\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '31.3.152.128:1156' $callid: 1529105265-129406053-965824647$ - Failed to authenticate \[2019-06-21 11:26:02\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-06-21T11:26:02.834+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1529105265-129406053-965824647",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/31.3.152.128/1156",Challenge="1561109162/6e1f3880f9802f4746b82662265d9158",Response="4c0aaeae47f2ca92df4cb346ab464592",ExpectedResponse="" \[2019-06-21 11:26:02\] NOTICE\[4808\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '31.3.152.128:1156' $callid: 1529105265-129406053-965824647$ - Failed to authenticate \[2019-06-21 11:26:02\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",E	2019-06-21 17:29:32
94.176.64.125	attack	(Jun 21) LEN=40 TTL=245 ID=61512 DF TCP DPT=23 WINDOW=14600 SYN (Jun 21) LEN=40 TTL=245 ID=36739 DF TCP DPT=23 WINDOW=14600 SYN (Jun 21) LEN=40 TTL=245 ID=31358 DF TCP DPT=23 WINDOW=14600 SYN (Jun 21) LEN=40 TTL=245 ID=53313 DF TCP DPT=23 WINDOW=14600 SYN (Jun 21) LEN=40 TTL=245 ID=64231 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=32061 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=1969 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=8074 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=4056 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=5599 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=5586 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=54644 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=57899 DF TCP DPT=23 WINDOW=14600 SYN (Jun 20) LEN=40 TTL=245 ID=60622 DF TCP DPT=23 WINDOW=14600 SYN (Jun 19) LEN=40 TTL=245 ID=38073 DF TCP DPT=23 WINDOW=14600 SYN ...	2019-06-21 18:20:23
69.138.80.162	attack	Automatic report - Web App Attack	2019-06-21 17:14:56
80.82.77.240	attack	[portscan] tcp/21 [FTP] [portscan] tcp/22 [SSH] [portscan] tcp/23 [TELNET] [scan/connect: 6 time(s)] *(RWIN=1024)(06211034)	2019-06-21 18:10:43
191.205.7.229	attack	Unauthorised access (Jun 21) SRC=191.205.7.229 LEN=40 TTL=240 ID=8198 TCP DPT=445 WINDOW=1024 SYN	2019-06-21 17:21:24
94.102.78.122	attackbotsspam	Banned for posting to wp-login.php without referer {"log":"jordan300","pwd":"123","wp-submit":"Log In","redirect_to":"http:\/\/gabrielestates.online\/wp-admin\/","testcookie":"1"}	2019-06-21 18:05:16
140.143.236.227	attackspam	Jun 21 11:25:49 vps65 sshd\[30355\]: Invalid user jenkins from 140.143.236.227 port 35046 Jun 21 11:25:49 vps65 sshd\[30355\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.236.227 ...	2019-06-21 17:36:05
49.69.127.81	attackspambots	$f2bV_matches	2019-06-21 17:31:50
103.81.114.63	attackbots	$f2bV_matches	2019-06-21 17:17:47
104.40.2.56	attack	Jun 21 00:36:54 plusreed sshd[23061]: Invalid user webmaster from 104.40.2.56 ...	2019-06-21 17:13:52
190.69.63.4	attackbots	[ER hit] Tried to deliver spam. Already well known.	2019-06-21 18:12:43

最近上报的IP列表

113.220.19.21	113.91.208.249	113.69.131.193	112.197.110.121
112.5.172.26	111.20.227.22	110.251.235.113	110.164.129.40
106.225.220.41	118.104.5.34	191.154.39.154	101.108.182.185
164.226.225.139	101.20.43.249	190.212.3.144	86.90.142.68
120.225.161.84	131.115.166.252	60.12.94.186	108.212.5.3