139.199.112.48

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): V6Yun (Beijing) Network Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Jul 9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) Jul 9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08	2019-07-10 15:16:10

类型

评论内容

时间

attackspambots

Jul  9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) 
Jul  9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08

2019-07-10 15:16:10

相同子网IP讨论:

IP	类型	评论内容	时间
139.199.112.85	attackspam	2020-02-26T02:58:39.452830shield sshd\[17911\]: Invalid user magda from 139.199.112.85 port 47870 2020-02-26T02:58:39.457308shield sshd\[17911\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 2020-02-26T02:58:40.685184shield sshd\[17911\]: Failed password for invalid user magda from 139.199.112.85 port 47870 ssh2 2020-02-26T03:02:20.107745shield sshd\[18494\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root 2020-02-26T03:02:22.008133shield sshd\[18494\]: Failed password for root from 139.199.112.85 port 35760 ssh2	2020-02-26 11:04:42
139.199.112.85	attackspambots	Feb 23 06:45:14 localhost sshd\[10040\]: Invalid user HTTP from 139.199.112.85 port 58878 Feb 23 06:45:14 localhost sshd\[10040\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 23 06:45:16 localhost sshd\[10040\]: Failed password for invalid user HTTP from 139.199.112.85 port 58878 ssh2	2020-02-23 13:50:47
139.199.112.85	attackbots	Feb 18 01:23:50 MK-Soft-VM8 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 18 01:23:52 MK-Soft-VM8 sshd[30053]: Failed password for invalid user monkey from 139.199.112.85 port 34720 ssh2 ...	2020-02-18 09:25:42
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-31 09:32:29
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-23 14:19:57
139.199.112.85	attackbots	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-19 01:02:36
139.199.112.85	attack	Invalid user suratinah from 139.199.112.85 port 59786	2020-01-01 07:30:32
139.199.112.85	attackspambots	Dec 30 21:32:32 web9 sshd\[6551\]: Invalid user ts3srv from 139.199.112.85 Dec 30 21:32:32 web9 sshd\[6551\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Dec 30 21:32:34 web9 sshd\[6551\]: Failed password for invalid user ts3srv from 139.199.112.85 port 37822 ssh2 Dec 30 21:33:59 web9 sshd\[6744\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root Dec 30 21:34:02 web9 sshd\[6744\]: Failed password for root from 139.199.112.85 port 46974 ssh2	2019-12-31 15:42:21
139.199.112.85	attackspam	Aug 25 10:19:03 pornomens sshd\[32285\]: Invalid user server from 139.199.112.85 port 47538 Aug 25 10:19:03 pornomens sshd\[32285\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 25 10:19:05 pornomens sshd\[32285\]: Failed password for invalid user server from 139.199.112.85 port 47538 ssh2 ...	2019-08-25 18:50:09
139.199.112.85	attackspambots	Aug 19 21:30:21 SilenceServices sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 19 21:30:23 SilenceServices sshd[7589]: Failed password for invalid user tiny from 139.199.112.85 port 56990 ssh2 Aug 19 21:33:07 SilenceServices sshd[9233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-08-20 07:05:47
139.199.112.85	attackbots	Jul 14 09:17:18 OPSO sshd\[19458\]: Invalid user tomcat1 from 139.199.112.85 port 42258 Jul 14 09:17:18 OPSO sshd\[19458\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 14 09:17:20 OPSO sshd\[19458\]: Failed password for invalid user tomcat1 from 139.199.112.85 port 42258 ssh2 Jul 14 09:21:22 OPSO sshd\[19955\]: Invalid user james from 139.199.112.85 port 49558 Jul 14 09:21:22 OPSO sshd\[19955\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-07-14 15:24:32
139.199.112.85	attackbotsspam	Jul 12 11:47:10 icinga sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 12 11:47:12 icinga sshd[1206]: Failed password for invalid user hp from 139.199.112.85 port 41806 ssh2 ...	2019-07-12 18:20:11
139.199.112.85	attackspambots	Jun 25 13:16:03 srv-4 sshd\[14903\]: Invalid user sysadmin from 139.199.112.85 Jun 25 13:16:03 srv-4 sshd\[14903\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jun 25 13:16:06 srv-4 sshd\[14903\]: Failed password for invalid user sysadmin from 139.199.112.85 port 41054 ssh2 ...	2019-06-25 18:27:02

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.199.112.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51824
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.199.112.48.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 10 15:16:02 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 48.112.199.139.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 48.112.199.139.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
62.112.11.9	attack	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-06-19T22:04:09Z and 2020-06-19T23:03:52Z	2020-06-20 07:34:48
182.105.161.95	attackspambots	Lines containing failures of 182.105.161.95 Jun 19 18:54:00 neweola postfix/smtpd[21960]: connect from unknown[182.105.161.95] Jun 19 18:54:00 neweola postfix/smtpd[21960]: NOQUEUE: reject: RCPT from unknown[182.105.161.95]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo= Jun 19 18:54:01 neweola postfix/smtpd[21960]: disconnect from unknown[182.105.161.95] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4 Jun 19 18:54:01 neweola postfix/smtpd[21960]: connect from unknown[182.105.161.95] Jun 19 18:54:02 neweola postfix/smtpd[21960]: lost connection after AUTH from unknown[182.105.161.95] Jun 19 18:54:02 neweola postfix/smtpd[21960]: disconnect from unknown[182.105.161.95] ehlo=1 auth=0/1 commands=1/2 Jun 19 18:54:02 neweola postfix/smtpd[21960]: connect from unknown[182.105.161.95] Jun 19 18:54:03 neweola postfix/smtpd[21960]: lost connection after AUTH from unknown[182.105.161.95] Jun 19 18:54:03 neweola postfix/smtpd[21960]: ........ ------------------------------	2020-06-20 07:50:30
156.203.206.51	attackspambots	Lines containing failures of 156.203.206.51 Jun 20 00:59:19 keyhelp sshd[5453]: Invalid user admin from 156.203.206.51 port 41994 Jun 20 00:59:19 keyhelp sshd[5453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.203.206.51 Jun 20 00:59:21 keyhelp sshd[5453]: Failed password for invalid user admin from 156.203.206.51 port 41994 ssh2 Jun 20 00:59:22 keyhelp sshd[5453]: Connection closed by invalid user admin 156.203.206.51 port 41994 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=156.203.206.51	2020-06-20 07:56:56
218.92.0.223	attackspambots	Jun 20 01:44:47 vpn01 sshd[2310]: Failed password for root from 218.92.0.223 port 51412 ssh2 Jun 20 01:44:51 vpn01 sshd[2310]: Failed password for root from 218.92.0.223 port 51412 ssh2 ...	2020-06-20 07:50:08
51.91.100.177	attack	Jun 20 01:24:41 vps647732 sshd[10052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.100.177 Jun 20 01:24:43 vps647732 sshd[10052]: Failed password for invalid user amssys from 51.91.100.177 port 43710 ssh2 ...	2020-06-20 07:36:09
121.204.195.194	attackbots	RDP Brute-Force	2020-06-20 08:11:20
69.59.79.3	attackbotsspam	2020-06-19T22:56:06.639604abusebot-8.cloudsearch.cf sshd[8656]: Invalid user abcd from 69.59.79.3 port 41422 2020-06-19T22:56:06.649964abusebot-8.cloudsearch.cf sshd[8656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-69-59-79-3.nctv.com 2020-06-19T22:56:06.639604abusebot-8.cloudsearch.cf sshd[8656]: Invalid user abcd from 69.59.79.3 port 41422 2020-06-19T22:56:08.086089abusebot-8.cloudsearch.cf sshd[8656]: Failed password for invalid user abcd from 69.59.79.3 port 41422 ssh2 2020-06-19T23:03:40.711462abusebot-8.cloudsearch.cf sshd[9180]: Invalid user caozheng from 69.59.79.3 port 47692 2020-06-19T23:03:40.719861abusebot-8.cloudsearch.cf sshd[9180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-69-59-79-3.nctv.com 2020-06-19T23:03:40.711462abusebot-8.cloudsearch.cf sshd[9180]: Invalid user caozheng from 69.59.79.3 port 47692 2020-06-19T23:03:42.481713abusebot-8.cloudsearch.cf sshd[9180]: Fail ...	2020-06-20 07:43:42
178.89.47.100	attackbotsspam	SMB Server BruteForce Attack	2020-06-20 07:34:08
14.63.167.192	attack	2020-06-20T02:34:52.673734lavrinenko.info sshd[31801]: Invalid user contas from 14.63.167.192 port 48172 2020-06-20T02:34:52.683471lavrinenko.info sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.167.192 2020-06-20T02:34:52.673734lavrinenko.info sshd[31801]: Invalid user contas from 14.63.167.192 port 48172 2020-06-20T02:34:54.100844lavrinenko.info sshd[31801]: Failed password for invalid user contas from 14.63.167.192 port 48172 ssh2 2020-06-20T02:38:24.003371lavrinenko.info sshd[31889]: Invalid user stats from 14.63.167.192 port 48270 ...	2020-06-20 07:53:17
77.247.181.162	attack	GET /wp-config.php-original HTTP/1.1	2020-06-20 07:53:06
183.88.240.194	attack	Too Many Connections Or General Abuse	2020-06-20 07:46:49
129.204.31.77	attackbotsspam	Jun 19 16:03:20 mockhub sshd[14422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.31.77 Jun 19 16:03:21 mockhub sshd[14422]: Failed password for invalid user Administrator from 129.204.31.77 port 44118 ssh2 ...	2020-06-20 08:06:07
177.106.216.126	attackspambots	Lines containing failures of 177.106.216.126 Jun 20 00:53:16 shared06 sshd[16012]: Invalid user admin from 177.106.216.126 port 48762 Jun 20 00:53:16 shared06 sshd[16012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.106.216.126 Jun 20 00:53:19 shared06 sshd[16012]: Failed password for invalid user admin from 177.106.216.126 port 48762 ssh2 Jun 20 00:53:20 shared06 sshd[16012]: Connection closed by invalid user admin 177.106.216.126 port 48762 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=177.106.216.126	2020-06-20 07:47:09
129.211.42.153	attackbots	2020-06-19T22:57:48.615997abusebot-5.cloudsearch.cf sshd[16680]: Invalid user user from 129.211.42.153 port 59312 2020-06-19T22:57:48.621443abusebot-5.cloudsearch.cf sshd[16680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.42.153 2020-06-19T22:57:48.615997abusebot-5.cloudsearch.cf sshd[16680]: Invalid user user from 129.211.42.153 port 59312 2020-06-19T22:57:50.726037abusebot-5.cloudsearch.cf sshd[16680]: Failed password for invalid user user from 129.211.42.153 port 59312 ssh2 2020-06-19T23:03:14.067014abusebot-5.cloudsearch.cf sshd[16748]: Invalid user testuser from 129.211.42.153 port 59192 2020-06-19T23:03:14.073653abusebot-5.cloudsearch.cf sshd[16748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.42.153 2020-06-19T23:03:14.067014abusebot-5.cloudsearch.cf sshd[16748]: Invalid user testuser from 129.211.42.153 port 59192 2020-06-19T23:03:15.596510abusebot-5.cloudsearch.cf sshd[1674 ...	2020-06-20 08:12:15
213.212.63.61	attackspambots	20/6/19@19:03:09: FAIL: Alarm-Network address from=213.212.63.61 ...	2020-06-20 08:12:32

最近上报的IP列表

73.143.57.102	134.209.206.136	200.119.125.194	5.206.237.50
128.199.246.188	129.204.76.34	180.121.129.195	221.227.250.199
76.79.131.32	114.231.12.200	191.193.187.254	212.7.220.156
188.131.145.123	148.70.249.72	190.197.75.192	77.40.105.231
27.111.143.248	142.93.71.94	63.152.245.81	216.220.56.25