139.199.112.48

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): V6Yun (Beijing) Network Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Jul 9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) Jul 9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08	2019-07-10 15:16:10

类型

评论内容

时间

attackspambots

Jul  9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) 
Jul  9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08

2019-07-10 15:16:10

相同子网IP讨论:

IP	类型	评论内容	时间
139.199.112.85	attackspam	2020-02-26T02:58:39.452830shield sshd\[17911\]: Invalid user magda from 139.199.112.85 port 47870 2020-02-26T02:58:39.457308shield sshd\[17911\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 2020-02-26T02:58:40.685184shield sshd\[17911\]: Failed password for invalid user magda from 139.199.112.85 port 47870 ssh2 2020-02-26T03:02:20.107745shield sshd\[18494\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root 2020-02-26T03:02:22.008133shield sshd\[18494\]: Failed password for root from 139.199.112.85 port 35760 ssh2	2020-02-26 11:04:42
139.199.112.85	attackspambots	Feb 23 06:45:14 localhost sshd\[10040\]: Invalid user HTTP from 139.199.112.85 port 58878 Feb 23 06:45:14 localhost sshd\[10040\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 23 06:45:16 localhost sshd\[10040\]: Failed password for invalid user HTTP from 139.199.112.85 port 58878 ssh2	2020-02-23 13:50:47
139.199.112.85	attackbots	Feb 18 01:23:50 MK-Soft-VM8 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 18 01:23:52 MK-Soft-VM8 sshd[30053]: Failed password for invalid user monkey from 139.199.112.85 port 34720 ssh2 ...	2020-02-18 09:25:42
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-31 09:32:29
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-23 14:19:57
139.199.112.85	attackbots	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-19 01:02:36
139.199.112.85	attack	Invalid user suratinah from 139.199.112.85 port 59786	2020-01-01 07:30:32
139.199.112.85	attackspambots	Dec 30 21:32:32 web9 sshd\[6551\]: Invalid user ts3srv from 139.199.112.85 Dec 30 21:32:32 web9 sshd\[6551\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Dec 30 21:32:34 web9 sshd\[6551\]: Failed password for invalid user ts3srv from 139.199.112.85 port 37822 ssh2 Dec 30 21:33:59 web9 sshd\[6744\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root Dec 30 21:34:02 web9 sshd\[6744\]: Failed password for root from 139.199.112.85 port 46974 ssh2	2019-12-31 15:42:21
139.199.112.85	attackspam	Aug 25 10:19:03 pornomens sshd\[32285\]: Invalid user server from 139.199.112.85 port 47538 Aug 25 10:19:03 pornomens sshd\[32285\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 25 10:19:05 pornomens sshd\[32285\]: Failed password for invalid user server from 139.199.112.85 port 47538 ssh2 ...	2019-08-25 18:50:09
139.199.112.85	attackspambots	Aug 19 21:30:21 SilenceServices sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 19 21:30:23 SilenceServices sshd[7589]: Failed password for invalid user tiny from 139.199.112.85 port 56990 ssh2 Aug 19 21:33:07 SilenceServices sshd[9233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-08-20 07:05:47
139.199.112.85	attackbots	Jul 14 09:17:18 OPSO sshd\[19458\]: Invalid user tomcat1 from 139.199.112.85 port 42258 Jul 14 09:17:18 OPSO sshd\[19458\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 14 09:17:20 OPSO sshd\[19458\]: Failed password for invalid user tomcat1 from 139.199.112.85 port 42258 ssh2 Jul 14 09:21:22 OPSO sshd\[19955\]: Invalid user james from 139.199.112.85 port 49558 Jul 14 09:21:22 OPSO sshd\[19955\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-07-14 15:24:32
139.199.112.85	attackbotsspam	Jul 12 11:47:10 icinga sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 12 11:47:12 icinga sshd[1206]: Failed password for invalid user hp from 139.199.112.85 port 41806 ssh2 ...	2019-07-12 18:20:11
139.199.112.85	attackspambots	Jun 25 13:16:03 srv-4 sshd\[14903\]: Invalid user sysadmin from 139.199.112.85 Jun 25 13:16:03 srv-4 sshd\[14903\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jun 25 13:16:06 srv-4 sshd\[14903\]: Failed password for invalid user sysadmin from 139.199.112.85 port 41054 ssh2 ...	2019-06-25 18:27:02

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.199.112.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51824
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.199.112.48.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 10 15:16:02 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 48.112.199.139.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 48.112.199.139.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
181.41.216.143	attackbotsspam	Nov 29 11:54:33 mailserver postfix/smtpd[59629]: NOQUEUE: reject: RCPT from unknown[181.41.216.143]: 450 4.7.1 Client host rejected: cannot find your hostname, [181.41.216.143]; from= to=<[hidden]> proto=ESMTP helo=<[181.41.216.131]> Nov 29 11:54:33 mailserver postfix/smtpd[59629]: NOQUEUE: reject: RCPT from unknown[181.41.216.143]: 450 4.7.1 Client host rejected: cannot find your hostname, [181.41.216.143]; from= to=<[hidden]> proto=ESMTP helo=<[181.41.216.131]> Nov 29 11:54:33 mailserver postfix/smtpd[59629]: NOQUEUE: reject: RCPT from unknown[181.41.216.143]: 450 4.7.1 Client host rejected: cannot find your hostname, [181.41.216.143]; from= to=<[hidden]> proto=ESMTP helo=<[181.41.216.131]> Nov 29 11:54:33 mailserver postfix/smtpd[59629]: NOQUEUE: reject: RCPT from unknown[181.41.216.143]: 450 4.7.1 Client host rejected: cannot find your hostname, [181.41.216.143]; from= to=<[hidden]> proto=ESMTP helo=<[181.41.21	2019-11-29 19:37:17
117.121.100.228	attackbotsspam	Invalid user nobody123456 from 117.121.100.228 port 58202 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.121.100.228 Failed password for invalid user nobody123456 from 117.121.100.228 port 58202 ssh2 Invalid user password from 117.121.100.228 port 35056 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.121.100.228	2019-11-29 19:46:19
188.213.212.60	attackbots	Nov 29 07:21:40 exim[7187]: [1\51] 1iaZeq-0001rv-MD H=sturdy.yarkaci.com (sturdy.hanhlee.com) [188.213.212.60] F= rejected after DATA: This message scored 101.3 spam points.	2019-11-29 19:30:25
106.13.52.159	attack	Nov 29 11:02:57 woltan sshd[826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.52.159	2019-11-29 19:24:01
201.163.180.183	attackbotsspam	Nov 29 10:53:10 * sshd[21717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.163.180.183 Nov 29 10:53:13 * sshd[21717]: Failed password for invalid user hortvath from 201.163.180.183 port 48142 ssh2	2019-11-29 19:41:06
165.227.28.181	attack	165.227.28.181 - - \[29/Nov/2019:10:31:01 +0000\] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 165.227.28.181 - - \[29/Nov/2019:10:31:02 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-11-29 19:35:15
114.101.253.119	attackspambots	SASL broute force	2019-11-29 19:51:43
121.134.159.21	attackbotsspam	2019-11-29T07:19:06.318217shield sshd\[28625\]: Invalid user dog123 from 121.134.159.21 port 47388 2019-11-29T07:19:06.322472shield sshd\[28625\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.134.159.21 2019-11-29T07:19:07.708628shield sshd\[28625\]: Failed password for invalid user dog123 from 121.134.159.21 port 47388 ssh2 2019-11-29T07:22:53.504902shield sshd\[29187\]: Invalid user icoming from 121.134.159.21 port 55638 2019-11-29T07:22:53.509404shield sshd\[29187\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.134.159.21	2019-11-29 19:56:53
218.111.88.185	attackbotsspam	$f2bV_matches	2019-11-29 19:28:18
167.71.236.40	attack	WordPress login Brute force / Web App Attack on client site.	2019-11-29 19:42:53
123.206.22.145	attackspambots	Nov 29 01:52:22 plusreed sshd[15538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.206.22.145 user=root Nov 29 01:52:23 plusreed sshd[15538]: Failed password for root from 123.206.22.145 port 50230 ssh2 ...	2019-11-29 19:36:25
106.51.33.29	attackbotsspam	blacklist username ts3bot Invalid user ts3bot from 106.51.33.29 port 40976	2019-11-29 19:51:01
145.239.89.243	attack	k+ssh-bruteforce	2019-11-29 19:25:51
193.169.252.69	attackbots	RDP: Windows Remote Desktop Administrator Connection Attempt	2019-11-29 19:58:36
103.244.241.163	attackspambots	Port 1433 Scan	2019-11-29 19:43:11

最近上报的IP列表

73.143.57.102	134.209.206.136	200.119.125.194	5.206.237.50
128.199.246.188	129.204.76.34	180.121.129.195	221.227.250.199
76.79.131.32	114.231.12.200	191.193.187.254	212.7.220.156
188.131.145.123	148.70.249.72	190.197.75.192	77.40.105.231
27.111.143.248	142.93.71.94	63.152.245.81	216.220.56.25