139.199.112.48

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): V6Yun (Beijing) Network Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Jul 9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) Jul 9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 Jul 9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08	2019-07-10 15:16:10

类型

评论内容

时间

attackspambots

Jul  9 19:18:15 localhost kernel: [13958488.835801] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958488.835834] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=62521 DF PROTO=TCP SPT=42994 DPT=6379 SEQ=1296604 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405900402080A03BD3CE50000000001030307) 
Jul  9 19:18:15 localhost kernel: [13958489.075846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=139.199.112.48 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=918 DF PROTO=TCP SPT=34260 DPT=7002 WINDOW=29200 RES=0x00 SYN URGP=0 
Jul  9 19:18:15 localhost kernel: [13958489.075871] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08

2019-07-10 15:16:10

相同子网IP讨论:

IP	类型	评论内容	时间
139.199.112.85	attackspam	2020-02-26T02:58:39.452830shield sshd\[17911\]: Invalid user magda from 139.199.112.85 port 47870 2020-02-26T02:58:39.457308shield sshd\[17911\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 2020-02-26T02:58:40.685184shield sshd\[17911\]: Failed password for invalid user magda from 139.199.112.85 port 47870 ssh2 2020-02-26T03:02:20.107745shield sshd\[18494\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root 2020-02-26T03:02:22.008133shield sshd\[18494\]: Failed password for root from 139.199.112.85 port 35760 ssh2	2020-02-26 11:04:42
139.199.112.85	attackspambots	Feb 23 06:45:14 localhost sshd\[10040\]: Invalid user HTTP from 139.199.112.85 port 58878 Feb 23 06:45:14 localhost sshd\[10040\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 23 06:45:16 localhost sshd\[10040\]: Failed password for invalid user HTTP from 139.199.112.85 port 58878 ssh2	2020-02-23 13:50:47
139.199.112.85	attackbots	Feb 18 01:23:50 MK-Soft-VM8 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Feb 18 01:23:52 MK-Soft-VM8 sshd[30053]: Failed password for invalid user monkey from 139.199.112.85 port 34720 ssh2 ...	2020-02-18 09:25:42
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-31 09:32:29
139.199.112.85	attack	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-23 14:19:57
139.199.112.85	attackbots	Unauthorized connection attempt detected from IP address 139.199.112.85 to port 2220 [J]	2020-01-19 01:02:36
139.199.112.85	attack	Invalid user suratinah from 139.199.112.85 port 59786	2020-01-01 07:30:32
139.199.112.85	attackspambots	Dec 30 21:32:32 web9 sshd\[6551\]: Invalid user ts3srv from 139.199.112.85 Dec 30 21:32:32 web9 sshd\[6551\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Dec 30 21:32:34 web9 sshd\[6551\]: Failed password for invalid user ts3srv from 139.199.112.85 port 37822 ssh2 Dec 30 21:33:59 web9 sshd\[6744\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 user=root Dec 30 21:34:02 web9 sshd\[6744\]: Failed password for root from 139.199.112.85 port 46974 ssh2	2019-12-31 15:42:21
139.199.112.85	attackspam	Aug 25 10:19:03 pornomens sshd\[32285\]: Invalid user server from 139.199.112.85 port 47538 Aug 25 10:19:03 pornomens sshd\[32285\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 25 10:19:05 pornomens sshd\[32285\]: Failed password for invalid user server from 139.199.112.85 port 47538 ssh2 ...	2019-08-25 18:50:09
139.199.112.85	attackspambots	Aug 19 21:30:21 SilenceServices sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Aug 19 21:30:23 SilenceServices sshd[7589]: Failed password for invalid user tiny from 139.199.112.85 port 56990 ssh2 Aug 19 21:33:07 SilenceServices sshd[9233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-08-20 07:05:47
139.199.112.85	attackbots	Jul 14 09:17:18 OPSO sshd\[19458\]: Invalid user tomcat1 from 139.199.112.85 port 42258 Jul 14 09:17:18 OPSO sshd\[19458\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 14 09:17:20 OPSO sshd\[19458\]: Failed password for invalid user tomcat1 from 139.199.112.85 port 42258 ssh2 Jul 14 09:21:22 OPSO sshd\[19955\]: Invalid user james from 139.199.112.85 port 49558 Jul 14 09:21:22 OPSO sshd\[19955\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85	2019-07-14 15:24:32
139.199.112.85	attackbotsspam	Jul 12 11:47:10 icinga sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jul 12 11:47:12 icinga sshd[1206]: Failed password for invalid user hp from 139.199.112.85 port 41806 ssh2 ...	2019-07-12 18:20:11
139.199.112.85	attackspambots	Jun 25 13:16:03 srv-4 sshd\[14903\]: Invalid user sysadmin from 139.199.112.85 Jun 25 13:16:03 srv-4 sshd\[14903\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.112.85 Jun 25 13:16:06 srv-4 sshd\[14903\]: Failed password for invalid user sysadmin from 139.199.112.85 port 41054 ssh2 ...	2019-06-25 18:27:02

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.199.112.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51824
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.199.112.48.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 10 15:16:02 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 48.112.199.139.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 48.112.199.139.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
193.70.89.118	attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-25 10:30:54
103.221.142.194	attack	SSHD brute force attack detected from [103.221.142.194]	2020-09-25 10:24:53
49.206.228.138	attackbots	Sep 24 21:46:55 host1 sshd[263033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.206.228.138 user=mysql Sep 24 21:46:57 host1 sshd[263033]: Failed password for mysql from 49.206.228.138 port 37728 ssh2 Sep 24 21:51:21 host1 sshd[263354]: Invalid user programacion from 49.206.228.138 port 48216 Sep 24 21:51:21 host1 sshd[263354]: Invalid user programacion from 49.206.228.138 port 48216 ...	2020-09-25 10:18:57
106.13.125.248	attack	(sshd) Failed SSH login from 106.13.125.248 (CN/China/-): 5 in the last 3600 secs	2020-09-25 10:21:01
82.223.120.25	attack	82.223.120.25 - - [25/Sep/2020:03:21:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 82.223.120.25 - - [25/Sep/2020:03:21:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2529 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 82.223.120.25 - - [25/Sep/2020:03:21:40 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-25 10:47:50
51.116.182.194	attack	Sep 25 03:17:56 router sshd[20249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.116.182.194 Sep 25 03:17:59 router sshd[20249]: Failed password for invalid user fenson from 51.116.182.194 port 18565 ssh2 Sep 25 04:11:23 router sshd[20557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.116.182.194 ...	2020-09-25 10:24:39
106.13.39.56	attack	2020-09-24T21:15:01.0452211495-001 sshd[57159]: Invalid user gogs from 106.13.39.56 port 39018 2020-09-24T21:15:01.0483161495-001 sshd[57159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.39.56 2020-09-24T21:15:01.0452211495-001 sshd[57159]: Invalid user gogs from 106.13.39.56 port 39018 2020-09-24T21:15:03.2740591495-001 sshd[57159]: Failed password for invalid user gogs from 106.13.39.56 port 39018 ssh2 2020-09-24T21:17:55.6998301495-001 sshd[57354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.39.56 user=root 2020-09-24T21:17:57.4790901495-001 sshd[57354]: Failed password for root from 106.13.39.56 port 57938 ssh2 ...	2020-09-25 10:37:59
161.97.94.112	attack	Sep 25 07:31:37 web1 sshd[30283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.94.112 user=root Sep 25 07:31:39 web1 sshd[30283]: Failed password for root from 161.97.94.112 port 35224 ssh2 Sep 25 07:31:57 web1 sshd[30389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.94.112 user=root Sep 25 07:31:58 web1 sshd[30389]: Failed password for root from 161.97.94.112 port 57084 ssh2 Sep 25 07:37:32 web1 sshd[32255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.94.112 user=root Sep 25 07:37:34 web1 sshd[32255]: Failed password for root from 161.97.94.112 port 50974 ssh2 Sep 25 07:37:53 web1 sshd[32364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.94.112 user=root Sep 25 07:37:55 web1 sshd[32364]: Failed password for root from 161.97.94.112 port 44578 ssh2 Sep 25 07:43:30 web1 sshd[1862]: pam ...	2020-09-25 10:49:44
103.39.213.133	attack	(sshd) Failed SSH login from 103.39.213.133 (CN/China/Guangdong/Shenzhen (Nanshan Qu)/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 24 18:59:26 atlas sshd[27333]: Invalid user toto from 103.39.213.133 port 44932 Sep 24 18:59:27 atlas sshd[27333]: Failed password for invalid user toto from 103.39.213.133 port 44932 ssh2 Sep 24 19:07:37 atlas sshd[29270]: Invalid user ds from 103.39.213.133 port 42272 Sep 24 19:07:39 atlas sshd[29270]: Failed password for invalid user ds from 103.39.213.133 port 42272 ssh2 Sep 24 19:17:09 atlas sshd[31435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.39.213.133 user=root	2020-09-25 10:36:42
124.219.105.17	attack	Found on CINS badguys / proto=6 . srcport=47929 . dstport=1433 . (3308)	2020-09-25 10:27:14
206.189.136.185	attackspambots	Automatic Fail2ban report - Trying login SSH	2020-09-25 10:54:21
115.235.161.198	attackspam	Listed on abuseat.org plus zen-spamhaus / proto=6 . srcport=48019 . dstport=5555 . (3307)	2020-09-25 10:28:52
51.68.198.75	attackbotsspam	Sep 25 02:21:00 email sshd\[18385\]: Invalid user tanya from 51.68.198.75 Sep 25 02:21:00 email sshd\[18385\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.198.75 Sep 25 02:21:01 email sshd\[18385\]: Failed password for invalid user tanya from 51.68.198.75 port 49284 ssh2 Sep 25 02:24:44 email sshd\[19062\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.198.75 user=root Sep 25 02:24:46 email sshd\[19062\]: Failed password for root from 51.68.198.75 port 59714 ssh2 ...	2020-09-25 10:33:58
182.61.167.24	attackspambots	$f2bV_matches	2020-09-25 10:57:17
193.112.250.252	attack	Sep 25 07:18:22 gw1 sshd[22215]: Failed password for root from 193.112.250.252 port 54126 ssh2 ...	2020-09-25 10:56:42

最近上报的IP列表

73.143.57.102	134.209.206.136	200.119.125.194	5.206.237.50
128.199.246.188	129.204.76.34	180.121.129.195	221.227.250.199
76.79.131.32	114.231.12.200	191.193.187.254	212.7.220.156
188.131.145.123	148.70.249.72	190.197.75.192	77.40.105.231
27.111.143.248	142.93.71.94	63.152.245.81	216.220.56.25