139.199.108.74

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Sep 5 06:02:53 markkoudstaal sshd[12209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.74 Sep 5 06:02:55 markkoudstaal sshd[12209]: Failed password for invalid user deploy from 139.199.108.74 port 56202 ssh2 Sep 5 06:07:17 markkoudstaal sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.74	2019-09-05 12:14:09

类型

评论内容

时间

attack

Sep  5 06:02:53 markkoudstaal sshd[12209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.74
Sep  5 06:02:55 markkoudstaal sshd[12209]: Failed password for invalid user deploy from 139.199.108.74 port 56202 ssh2
Sep  5 06:07:17 markkoudstaal sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.74

2019-09-05 12:14:09

相同子网IP讨论:

IP	类型	评论内容	时间
139.199.108.83	attackspam	Aug 29 22:09:42 ns382633 sshd\[8755\]: Invalid user hadoop from 139.199.108.83 port 36236 Aug 29 22:09:42 ns382633 sshd\[8755\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 Aug 29 22:09:44 ns382633 sshd\[8755\]: Failed password for invalid user hadoop from 139.199.108.83 port 36236 ssh2 Aug 29 22:21:27 ns382633 sshd\[10909\]: Invalid user eddie from 139.199.108.83 port 33008 Aug 29 22:21:27 ns382633 sshd\[10909\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83	2020-08-30 08:07:22
139.199.108.83	attackbots	Jul 14 03:53:33 ip-172-31-61-156 sshd[18256]: Failed password for invalid user timo from 139.199.108.83 port 44162 ssh2 Jul 14 03:53:30 ip-172-31-61-156 sshd[18256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 Jul 14 03:53:30 ip-172-31-61-156 sshd[18256]: Invalid user timo from 139.199.108.83 Jul 14 03:53:33 ip-172-31-61-156 sshd[18256]: Failed password for invalid user timo from 139.199.108.83 port 44162 ssh2 Jul 14 03:56:09 ip-172-31-61-156 sshd[18444]: Invalid user yg from 139.199.108.83 ...	2020-07-14 12:22:34
139.199.108.83	attackbotsspam	Jun 24 08:50:47 vps sshd[3851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 Jun 24 08:50:49 vps sshd[3851]: Failed password for invalid user yar from 139.199.108.83 port 37722 ssh2 Jun 24 08:56:16 vps sshd[4118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 ...	2020-06-24 16:25:03
139.199.108.83	attack	Invalid user mariadb from 139.199.108.83 port 34400	2020-06-18 01:58:04
139.199.108.83	attack	Jun 14 22:01:04 ns382633 sshd\[8007\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 user=root Jun 14 22:01:07 ns382633 sshd\[8007\]: Failed password for root from 139.199.108.83 port 37604 ssh2 Jun 14 22:07:53 ns382633 sshd\[9029\]: Invalid user nodeproxy from 139.199.108.83 port 49828 Jun 14 22:07:53 ns382633 sshd\[9029\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 Jun 14 22:07:55 ns382633 sshd\[9029\]: Failed password for invalid user nodeproxy from 139.199.108.83 port 49828 ssh2	2020-06-15 05:25:13
139.199.108.83	attackspambots	Jun 10 06:34:39 vps687878 sshd\[31312\]: Failed password for invalid user danar from 139.199.108.83 port 42298 ssh2 Jun 10 06:39:06 vps687878 sshd\[31761\]: Invalid user xjd from 139.199.108.83 port 36970 Jun 10 06:39:06 vps687878 sshd\[31761\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 Jun 10 06:39:08 vps687878 sshd\[31761\]: Failed password for invalid user xjd from 139.199.108.83 port 36970 ssh2 Jun 10 06:43:43 vps687878 sshd\[32304\]: Invalid user ftpuser from 139.199.108.83 port 59876 Jun 10 06:43:43 vps687878 sshd\[32304\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 ...	2020-06-10 16:46:32
139.199.108.83	attack	" "	2020-06-04 22:19:48
139.199.108.83	attackspam	May 26 01:23:29 nas sshd[24155]: Failed password for root from 139.199.108.83 port 46390 ssh2 May 26 01:33:13 nas sshd[24485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 May 26 01:33:15 nas sshd[24485]: Failed password for invalid user hargreaves from 139.199.108.83 port 59174 ssh2 ...	2020-05-26 09:48:13
139.199.108.83	attackspambots	May 24 15:15:24 inter-technics sshd[16003]: Invalid user jtrejo from 139.199.108.83 port 36546 May 24 15:15:24 inter-technics sshd[16003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.83 May 24 15:15:24 inter-technics sshd[16003]: Invalid user jtrejo from 139.199.108.83 port 36546 May 24 15:15:25 inter-technics sshd[16003]: Failed password for invalid user jtrejo from 139.199.108.83 port 36546 ssh2 May 24 15:20:23 inter-technics sshd[16257]: Invalid user admin from 139.199.108.83 port 59552 ...	2020-05-24 22:16:06
139.199.108.83	attack	W 5701,/var/log/auth.log,-,-	2020-05-23 07:26:36
139.199.108.83	attack	21 attempts against mh-ssh on cloud	2020-05-03 14:50:05
139.199.108.70	attack	Oct 12 12:11:52 vps691689 sshd[8879]: Failed password for root from 139.199.108.70 port 47544 ssh2 Oct 12 12:16:42 vps691689 sshd[8955]: Failed password for root from 139.199.108.70 port 56652 ssh2 ...	2019-10-12 18:21:24
139.199.108.70	attackbots	Sep 26 23:51:29 friendsofhawaii sshd\[11063\]: Invalid user wv from 139.199.108.70 Sep 26 23:51:30 friendsofhawaii sshd\[11063\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70 Sep 26 23:51:32 friendsofhawaii sshd\[11063\]: Failed password for invalid user wv from 139.199.108.70 port 36502 ssh2 Sep 26 23:55:40 friendsofhawaii sshd\[11392\]: Invalid user tpuser from 139.199.108.70 Sep 26 23:55:40 friendsofhawaii sshd\[11392\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70	2019-09-27 20:06:01
139.199.108.70	attackspambots	Sep 9 01:59:09 php1 sshd\[3901\]: Invalid user ubuntu from 139.199.108.70 Sep 9 01:59:09 php1 sshd\[3901\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70 Sep 9 01:59:11 php1 sshd\[3901\]: Failed password for invalid user ubuntu from 139.199.108.70 port 56700 ssh2 Sep 9 02:04:49 php1 sshd\[4630\]: Invalid user demo from 139.199.108.70 Sep 9 02:04:49 php1 sshd\[4630\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70	2019-09-09 21:52:22
139.199.108.70	attackspambots	Aug 22 02:39:49 lcdev sshd\[13633\]: Invalid user mathilde from 139.199.108.70 Aug 22 02:39:49 lcdev sshd\[13633\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70 Aug 22 02:39:51 lcdev sshd\[13633\]: Failed password for invalid user mathilde from 139.199.108.70 port 43114 ssh2 Aug 22 02:44:44 lcdev sshd\[14084\]: Invalid user kumari from 139.199.108.70 Aug 22 02:44:44 lcdev sshd\[14084\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.108.70	2019-08-22 23:23:30

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.199.108.74
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25500
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.199.108.74.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090402 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Sep 05 12:14:01 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 74.108.199.139.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 74.108.199.139.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.76.54.86	attackbotsspam	Aug 6 21:12:56 server sshd[42108]: Failed password for root from 180.76.54.86 port 43090 ssh2 Aug 6 21:16:30 server sshd[43225]: Failed password for root from 180.76.54.86 port 33152 ssh2 Aug 6 21:19:57 server sshd[44268]: Failed password for root from 180.76.54.86 port 50182 ssh2	2020-08-07 04:14:58
185.220.101.14	attackspam	GET /wp-config.php.1 HTTP/1.1	2020-08-07 03:54:27
101.124.70.81	attackbots	...	2020-08-07 04:17:35
13.49.137.29	attackspam	GET /.git/HEAD HTTP/1.1	2020-08-07 04:11:39
125.31.24.141	attack	119 requests, including : GET /phpMyAdmin5/index.php?lang=en HTTP/1.1 GET /phpmyadmin2018/index.php?lang=en HTTP/1.1 GET /PMA2017/index.php?lang=en HTTP/1.1 GET /index.php?lang=en HTTP/1.1 GET /mysqlmanager/index.php?lang=en HTTP/1.1 GET /administrator/pma/index.php?lang=en HTTP/1.1 GET /phpmyadmin2019/index.php?lang=en HTTP/1.1 GET /sql/phpMyAdmin/index.php?lang=en HTTP/1.1 GET /phpmyadmin2011/index.php?lang=en HTTP/1.1 GET /sql/sqlweb/index.php?lang=en HTTP/1.1 GET /sql/phpmyadmin2/index.php?lang=en HTTP/1.1 GET /administrator/PMA/index.php?lang=en HTTP/1.1 GET /myadmin/index.php?lang=en HTTP/1.1	2020-08-07 04:12:05
185.147.215.14	attackspam	[2020-08-06 15:42:01] NOTICE[1248] chan_sip.c: Registration from '' failed for '185.147.215.14:63072' - Wrong password [2020-08-06 15:42:01] SECURITY[1275] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-06T15:42:01.215-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="665",SessionID="0x7f272002e0a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.14/63072",Challenge="57069616",ReceivedChallenge="57069616",ReceivedHash="783d4bb75cd92c81eb429448f25eeff8" [2020-08-06 15:42:19] NOTICE[1248] chan_sip.c: Registration from '' failed for '185.147.215.14:55645' - Wrong password [2020-08-06 15:42:19] SECURITY[1275] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-06T15:42:19.721-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="461",SessionID="0x7f2720259e98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.14 ...	2020-08-07 03:44:39
128.199.143.89	attack	Aug 6 17:57:11 ovpn sshd\[31010\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.143.89 user=root Aug 6 17:57:13 ovpn sshd\[31010\]: Failed password for root from 128.199.143.89 port 33583 ssh2 Aug 6 18:12:37 ovpn sshd\[4674\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.143.89 user=root Aug 6 18:12:39 ovpn sshd\[4674\]: Failed password for root from 128.199.143.89 port 48926 ssh2 Aug 6 18:19:52 ovpn sshd\[7741\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.143.89 user=root	2020-08-07 03:43:52
3.8.124.207	attackbots	GET /.git/HEAD HTTP/1.1	2020-08-07 04:04:29
166.62.80.165	attackbotsspam	C1,WP GET /humor/wp-login.php	2020-08-07 04:13:16
27.147.151.178	attack	Dovecot Invalid User Login Attempt.	2020-08-07 04:17:07
91.121.221.195	attackspam	Aug 6 17:31:48 minden010 sshd[12841]: Failed password for root from 91.121.221.195 port 52938 ssh2 Aug 6 17:35:40 minden010 sshd[13454]: Failed password for root from 91.121.221.195 port 35540 ssh2 ...	2020-08-07 03:42:56
102.133.163.203	attackbots	X-Sender-IP: 102.133.163.203 X-SID-PRA: ALLIEDMOVENUC@QUOTE.TOASCYN0.COM X-SID-Result: NONE X-MS-Exchange-Organization-PCL: 2 X-Microsoft-Antispam: BCL:0; X-Forefront-Antispam-Report: CIP:102.133.163.203;CTRY:ZA;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:CustomercomSatisfactlionoplusoffersUyxgb.com;PTR:InfoDomainNonexistent;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:; X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2020 09:34:30.3634 (UTC)	2020-08-07 04:00:29
122.116.7.34	attack	Too many connections or unauthorized access detected from Arctic banned ip	2020-08-07 04:14:08
185.100.87.41	attack	GET /wp-config.php.swp HTTP/1.1	2020-08-07 03:59:15
156.96.156.138	attack	ET DROP Spamhaus DROP Listed Traffic Inbound group 12 - port: 8080 proto: tcp cat: Misc Attackbytes: 60	2020-08-07 04:03:44

最近上报的IP列表

255.204.98.172	24.76.166.16	151.53.104.157	47.91.187.133
159.229.105.207	92.57.35.56	3.247.101.161	196.49.249.252
165.227.92.60	78.200.188.186	187.176.190.225	217.22.170.3
3.1.124.239	204.59.58.203	18.84.54.16	189.186.139.189
130.150.204.98	43.101.229.94	192.227.252.30	60.223.255.14