139.59.23.231 - IPInfo

基本信息:

城市(city): Bengaluru

省份(region): Karnataka

国家(country): India

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): DigitalOcean, LLC

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
botsattack	139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" 139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET HTTP/1.1" 400 182 "-" "-" 139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET HTTP/1.1" 400 182 "-" "-"	2019-04-24 19:28:05
attack	ZmEu是个phpMyAdmin脆弱性检查工具，可以发现phpMyAdmin的漏洞，从而进行攻击 139.59.23.231 - - [20/Apr/2019:10:24:06 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 498 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:07 +0800] "GET /phpMyAdmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:08 +0800] "GET /phpmyadmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /scripts/setup.php/index.php HTTP/1.1" 404 484 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:11 +0800] "GET HTTP/1.1" 400 0 "-" "-" 139.59.23.231 - - [20/Apr/2019:10:24:12 +0800] "GET HTTP/1.1" 400 0 "-" "-"	2019-04-20 10:49:01
attack	139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" 139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /phpMyAdmin/ HTTP/1.1" 301 194 "-" "ZmEu" 139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /phpmyadmin/ HTTP/1.1" 301 194 "-" "ZmEu"	2019-04-12 08:15:40

类型

评论内容

时间

botsattack

139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu"
139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET  HTTP/1.1" 400 182 "-" "-"
139.59.23.231 - - [24/Apr/2019:19:27:23 +0800] "GET  HTTP/1.1" 400 182 "-" "-"

2019-04-24 19:28:05

attack

ZmEu是个phpMyAdmin脆弱性检查工具，可以发现phpMyAdmin的漏洞，从而进行攻击
139.59.23.231 - - [20/Apr/2019:10:24:06 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 498 "-" "ZmEu"
139.59.23.231 - - [20/Apr/2019:10:24:07 +0800] "GET /phpMyAdmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
139.59.23.231 - - [20/Apr/2019:10:24:08 +0800] "GET /phpmyadmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /scripts/setup.php/index.php HTTP/1.1" 404 484 "-" "ZmEu"
139.59.23.231 - - [20/Apr/2019:10:24:11 +0800] "GET HTTP/1.1" 400 0 "-" "-"
139.59.23.231 - - [20/Apr/2019:10:24:12 +0800] "GET HTTP/1.1" 400 0 "-" "-"

2019-04-20 10:49:01

attack

139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu"
139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /phpMyAdmin/ HTTP/1.1" 301 194 "-" "ZmEu"
139.59.23.231 - - [12/Apr/2019:08:13:30 +0800] "GET /phpmyadmin/ HTTP/1.1" 301 194 "-" "ZmEu"

2019-04-12 08:15:40

相同子网IP讨论:

IP	类型	评论内容	时间
139.59.232.188	attackspambots	$f2bV_matches	2020-10-14 09:09:45
139.59.230.61	attack	Oct 12 03:20:19 dhoomketu sshd[3780358]: Invalid user harris from 139.59.230.61 port 63512 Oct 12 03:20:19 dhoomketu sshd[3780358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.230.61 Oct 12 03:20:19 dhoomketu sshd[3780358]: Invalid user harris from 139.59.230.61 port 63512 Oct 12 03:20:21 dhoomketu sshd[3780358]: Failed password for invalid user harris from 139.59.230.61 port 63512 ssh2 Oct 12 03:24:30 dhoomketu sshd[3780491]: Invalid user yonemitsu from 139.59.230.61 port 64553 ...	2020-10-13 01:19:41
139.59.239.38	attackbotsspam	Oct 12 18:39:57 abendstille sshd\[20123\]: Invalid user kjayroe from 139.59.239.38 Oct 12 18:39:57 abendstille sshd\[20123\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 Oct 12 18:40:00 abendstille sshd\[20123\]: Failed password for invalid user kjayroe from 139.59.239.38 port 34830 ssh2 Oct 12 18:43:53 abendstille sshd\[24774\]: Invalid user andrey from 139.59.239.38 Oct 12 18:43:53 abendstille sshd\[24774\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 ...	2020-10-13 00:54:28
139.59.232.44	attackspam	(sshd) Failed SSH login from 139.59.232.44 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 12 04:38:08 server4 sshd[20897]: Invalid user thom from 139.59.232.44 Oct 12 04:38:08 server4 sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.232.44 Oct 12 04:38:10 server4 sshd[20897]: Failed password for invalid user thom from 139.59.232.44 port 39804 ssh2 Oct 12 04:52:15 server4 sshd[30516]: Invalid user alyson from 139.59.232.44 Oct 12 04:52:15 server4 sshd[30516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.232.44	2020-10-12 23:59:12
139.59.230.61	attackbotsspam	Oct 12 03:20:19 dhoomketu sshd[3780358]: Invalid user harris from 139.59.230.61 port 63512 Oct 12 03:20:19 dhoomketu sshd[3780358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.230.61 Oct 12 03:20:19 dhoomketu sshd[3780358]: Invalid user harris from 139.59.230.61 port 63512 Oct 12 03:20:21 dhoomketu sshd[3780358]: Failed password for invalid user harris from 139.59.230.61 port 63512 ssh2 Oct 12 03:24:30 dhoomketu sshd[3780491]: Invalid user yonemitsu from 139.59.230.61 port 64553 ...	2020-10-12 16:42:09
139.59.239.38	attackbotsspam	Failed password for root from 139.59.239.38 port 47072 ssh2	2020-10-12 16:18:32
139.59.232.44	attack	Oct 12 07:42:47 lavrea sshd[303213]: Invalid user reno from 139.59.232.44 port 55712 ...	2020-10-12 15:22:52
139.59.232.188	attack	SSH Bruteforce Attempt on Honeypot	2020-10-08 04:57:48
139.59.232.188	attackbotsspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-07 21:20:34
139.59.232.188	attack	SSH login attempts.	2020-10-07 13:07:55
139.59.232.188	attackspambots	Invalid user jobs from 139.59.232.188 port 42489	2020-09-30 20:22:32
139.59.239.38	attackspam	Invalid user gtekautomation from 139.59.239.38 port 49724	2020-09-23 01:15:06
139.59.239.38	attackspambots	Sep 22 09:25:53 host2 sshd[829202]: Invalid user jack from 139.59.239.38 port 35336 Sep 22 09:25:56 host2 sshd[829202]: Failed password for invalid user jack from 139.59.239.38 port 35336 ssh2 Sep 22 09:30:16 host2 sshd[830693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 user=root Sep 22 09:30:18 host2 sshd[830693]: Failed password for root from 139.59.239.38 port 45342 ssh2 Sep 22 09:34:28 host2 sshd[831339]: Invalid user frederick from 139.59.239.38 port 55350 ...	2020-09-22 17:18:41
139.59.239.38	attackspambots	Sep 18 15:58:06 host2 sshd[112992]: Failed password for root from 139.59.239.38 port 40196 ssh2 Sep 18 16:00:31 host2 sshd[113033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 user=root Sep 18 16:00:32 host2 sshd[113033]: Failed password for root from 139.59.239.38 port 45924 ssh2 Sep 18 16:00:31 host2 sshd[113033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 user=root Sep 18 16:00:32 host2 sshd[113033]: Failed password for root from 139.59.239.38 port 45924 ssh2 ...	2020-09-18 22:12:54
139.59.239.38	attack	139.59.239.38 (SG/Singapore/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 18 02:18:30 server5 sshd[29103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.101.206.56 user=root Sep 18 02:17:17 server5 sshd[28646]: Failed password for root from 194.243.61.184 port 24329 ssh2 Sep 18 02:17:46 server5 sshd[28965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.38 user=root Sep 18 02:17:47 server5 sshd[28965]: Failed password for root from 139.59.239.38 port 39476 ssh2 Sep 18 02:18:17 server5 sshd[29060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.91.114 user=root Sep 18 02:18:19 server5 sshd[29060]: Failed password for root from 212.64.91.114 port 45974 ssh2 IP Addresses Blocked: 222.101.206.56 (KR/South Korea/-) 194.243.61.184 (IT/Italy/-)	2020-09-18 14:27:53

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.23.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36781
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.23.231.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041102 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 12 08:15:37 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 231.23.59.139.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 231.23.59.139.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
188.214.132.67	attack	ET SCAN Sipvicious Scan - port: 5060 proto: UDP cat: Attempted Information Leak	2020-06-01 03:57:51
82.202.197.233	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 74 - port: 3757 proto: TCP cat: Misc Attack	2020-06-01 04:15:42
222.174.57.170	attackspambots	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-06-01 03:51:27
87.251.166.70	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 80 - port: 37777 proto: TCP cat: Misc Attack	2020-06-01 04:11:39
195.54.160.212	attack	Persistent port scanning [12 denied]	2020-06-01 03:56:15
185.153.199.201	attack	ET DROP Dshield Block Listed Source group 1 - port: 3039 proto: TCP cat: Misc Attack	2020-06-01 04:00:27
94.102.49.190	attackbots	Port Scan detected! ...	2020-06-01 04:06:52
64.225.22.43	attack	Port scan denied	2020-06-01 04:20:42
109.236.60.42	attackspam	ET SCAN Sipvicious Scan - port: 5060 proto: UDP cat: Attempted Information Leak	2020-06-01 04:04:00
103.145.12.125	attackbots	[2020-05-31 15:50:24] NOTICE[1157] chan_sip.c: Registration from '"8012" ' failed for '103.145.12.125:5828' - Wrong password [2020-05-31 15:50:24] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-31T15:50:24.235-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="8012",SessionID="0x7f5f10678288",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.125/5828",Challenge="68b466f8",ReceivedChallenge="68b466f8",ReceivedHash="c5cdbd7f257e3975ef4596b5f483d23b" [2020-05-31 15:50:24] NOTICE[1157] chan_sip.c: Registration from '"8012" ' failed for '103.145.12.125:5828' - Wrong password [2020-05-31 15:50:24] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-31T15:50:24.465-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="8012",SessionID="0x7f5f10227d48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP ...	2020-06-01 04:04:25
51.91.68.39	attack	Port scan denied	2020-06-01 03:48:27
79.124.62.66	attack	[MK-VM4] Blocked by UFW	2020-06-01 04:18:08
46.21.101.144	attackbots	TCP (SYN) 46.21.101.144:41316 -> port 445, len 44	2020-06-01 03:49:25
91.222.249.70	attackspam	TCP (SYN) 91.222.249.70:56500 -> port 23, len 40	2020-06-01 04:09:01
201.163.56.82	attack	May 31 19:36:04 minden010 sshd[29422]: Failed password for root from 201.163.56.82 port 38658 ssh2 May 31 19:36:10 minden010 sshd[29469]: Failed password for root from 201.163.56.82 port 53946 ssh2 ...	2020-06-01 03:52:21

最近上报的IP列表

159.203.169.16	188.119.44.233	101.95.162.58	14.248.67.186
201.51.119.244	62.108.37.74	92.46.124.203	5.125.133.182
180.244.118.98	129.130.18.149	37.236.208.23	180.232.66.58
222.254.76.73	182.76.31.227	196.65.174.46	118.171.82.212
64.202.131.53	222.212.80.189	36.85.122.252	46.201.173.138