159.89.49.139 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Sep 11 13:17:19 vps sshd[4906]: Failed password for root from 159.89.49.139 port 55720 ssh2 Sep 11 13:25:33 vps sshd[5279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.139 Sep 11 13:25:35 vps sshd[5279]: Failed password for invalid user 1andrewscudder from 159.89.49.139 port 55654 ssh2 ...	2020-09-11 20:00:11
attack	SSH-BruteForce	2020-09-11 12:06:33
attack	20 attempts against mh-ssh on cloud	2020-09-11 04:29:32
attackbotsspam	Sep 9 05:03:54 jane sshd[27457]: Failed password for root from 159.89.49.139 port 50364 ssh2 ...	2020-09-10 01:33:19
attackbots	Aug 19 23:51:31 root sshd[21537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.139 user=root Aug 19 23:51:33 root sshd[21537]: Failed password for root from 159.89.49.139 port 34650 ssh2 ...	2020-08-20 06:49:15
attackbots	Aug 19 12:48:28 jane sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.139 Aug 19 12:48:29 jane sshd[11391]: Failed password for invalid user superadmin from 159.89.49.139 port 43418 ssh2 ...	2020-08-19 18:50:18

相同子网IP讨论:

IP	类型	评论内容	时间
159.89.49.238	attackbots	Invalid user info from 159.89.49.238 port 57490	2020-10-03 06:28:10
159.89.49.238	attackbotsspam	Invalid user paulo from 159.89.49.238 port 43424	2020-10-03 01:56:48
159.89.49.238	attackspambots	Invalid user paulo from 159.89.49.238 port 43424	2020-10-02 22:24:56
159.89.49.238	attackbots	Invalid user info from 159.89.49.238 port 57490	2020-10-02 18:56:31
159.89.49.238	attackbotsspam	Oct 2 07:53:08 sshgateway sshd\[21268\]: Invalid user share from 159.89.49.238 Oct 2 07:53:08 sshgateway sshd\[21268\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.238 Oct 2 07:53:09 sshgateway sshd\[21268\]: Failed password for invalid user share from 159.89.49.238 port 57366 ssh2	2020-10-02 15:31:24
159.89.49.238	attack	159.89.49.238 (US/United States/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Oct 1 19:28:46 server sshd[661]: Failed password for root from 116.228.233.91 port 59700 ssh2 Oct 1 19:28:44 server sshd[661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.228.233.91 user=root Oct 1 19:41:30 server sshd[2722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.238 user=root Oct 1 19:38:07 server sshd[2180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.225.85 user=root Oct 1 19:28:09 server sshd[592]: Failed password for root from 160.251.15.58 port 56900 ssh2 Oct 1 19:38:09 server sshd[2180]: Failed password for root from 206.189.225.85 port 47452 ssh2 IP Addresses Blocked: 116.228.233.91 (CN/China/-)	2020-10-02 01:48:01
159.89.49.238	attackspambots	Oct 1 10:53:34 host1 sshd[244823]: Failed password for invalid user travel from 159.89.49.238 port 33482 ssh2 Oct 1 10:58:09 host1 sshd[245115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.238 user=root Oct 1 10:58:10 host1 sshd[245115]: Failed password for root from 159.89.49.238 port 41706 ssh2 Oct 1 10:58:09 host1 sshd[245115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.238 user=root Oct 1 10:58:10 host1 sshd[245115]: Failed password for root from 159.89.49.238 port 41706 ssh2 ...	2020-10-01 17:54:35
159.89.49.183	attackbots	Invalid user info from 159.89.49.183 port 39918	2020-09-28 06:24:55
159.89.49.183	attackbots	Sep 27 03:18:25 web1 sshd\[26282\]: Invalid user sam from 159.89.49.183 Sep 27 03:18:25 web1 sshd\[26282\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.183 Sep 27 03:18:27 web1 sshd\[26282\]: Failed password for invalid user sam from 159.89.49.183 port 45274 ssh2 Sep 27 03:22:31 web1 sshd\[26562\]: Invalid user operador from 159.89.49.183 Sep 27 03:22:31 web1 sshd\[26562\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.49.183	2020-09-27 22:48:13
159.89.49.183	attackspam	Sep 19 10:12:23 ny01 sshd[31129]: Failed password for root from 159.89.49.183 port 59752 ssh2 Sep 19 10:15:57 ny01 sshd[31522]: Failed password for root from 159.89.49.183 port 59480 ssh2	2020-09-19 22:21:36
159.89.49.183	attackbots	Sep 19 07:49:23 piServer sshd[367]: Failed password for root from 159.89.49.183 port 51688 ssh2 Sep 19 07:53:28 piServer sshd[915]: Failed password for root from 159.89.49.183 port 33586 ssh2 ...	2020-09-19 14:13:08
159.89.49.183	attack	SSH Invalid Login	2020-09-19 05:50:58
159.89.49.183	attackspam	Sep 17 18:25:26 PorscheCustomer sshd[1501]: Failed password for root from 159.89.49.183 port 58788 ssh2 Sep 17 18:29:38 PorscheCustomer sshd[1637]: Failed password for root from 159.89.49.183 port 42286 ssh2 ...	2020-09-18 00:36:06
159.89.49.183	attackbotsspam	SSH Invalid Login	2020-09-17 16:38:01
159.89.49.183	attackspambots	SSH Invalid Login	2020-09-17 07:42:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.49.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44122
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.89.49.139.			IN	A

;; AUTHORITY SECTION:
.			332	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081900 1800 900 604800 86400

;; Query time: 69 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Aug 19 18:50:12 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 139.49.89.159.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 139.49.89.159.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
115.110.249.114	attack	Aug 1 06:25:44 srv-4 sshd\[26642\]: Invalid user ts3 from 115.110.249.114 Aug 1 06:25:44 srv-4 sshd\[26642\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.110.249.114 Aug 1 06:25:45 srv-4 sshd\[26642\]: Failed password for invalid user ts3 from 115.110.249.114 port 46866 ssh2 ...	2019-08-01 17:15:56
157.230.163.6	attackspambots	Aug 1 07:47:54 docs sshd\[63727\]: Invalid user geraldo from 157.230.163.6Aug 1 07:47:57 docs sshd\[63727\]: Failed password for invalid user geraldo from 157.230.163.6 port 38856 ssh2Aug 1 07:52:07 docs sshd\[63911\]: Invalid user nologin from 157.230.163.6Aug 1 07:52:10 docs sshd\[63911\]: Failed password for invalid user nologin from 157.230.163.6 port 32926 ssh2Aug 1 07:56:21 docs sshd\[64104\]: Invalid user test from 157.230.163.6Aug 1 07:56:23 docs sshd\[64104\]: Failed password for invalid user test from 157.230.163.6 port 55210 ssh2 ...	2019-08-01 17:11:47
112.26.41.234	attack	Caught in portsentry honeypot	2019-08-01 17:27:54
202.79.34.91	attackbots	Honeypot hit.	2019-08-01 17:26:44
104.155.201.226	attackspambots	Aug 1 08:34:57 ip-172-31-62-245 sshd\[7871\]: Invalid user wwwww from 104.155.201.226\ Aug 1 08:34:59 ip-172-31-62-245 sshd\[7871\]: Failed password for invalid user wwwww from 104.155.201.226 port 54198 ssh2\ Aug 1 08:39:51 ip-172-31-62-245 sshd\[7979\]: Failed password for sys from 104.155.201.226 port 49402 ssh2\ Aug 1 08:44:49 ip-172-31-62-245 sshd\[8001\]: Invalid user nagios from 104.155.201.226\ Aug 1 08:44:51 ip-172-31-62-245 sshd\[8001\]: Failed password for invalid user nagios from 104.155.201.226 port 44696 ssh2\	2019-08-01 17:02:57
201.174.46.234	attack	Aug 1 09:47:52 vps647732 sshd[19022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.174.46.234 Aug 1 09:47:54 vps647732 sshd[19022]: Failed password for invalid user qian from 201.174.46.234 port 55095 ssh2 ...	2019-08-01 18:05:56
49.83.36.31	attack	20 attempts against mh-ssh on ice.magehost.pro	2019-08-01 18:09:41
13.73.105.153	attack	Aug 1 07:38:01 SilenceServices sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.73.105.153 Aug 1 07:38:03 SilenceServices sshd[28197]: Failed password for invalid user getmail from 13.73.105.153 port 49630 ssh2 Aug 1 07:44:16 SilenceServices sshd[32637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.73.105.153	2019-08-01 17:52:42
187.44.126.204	attackbotsspam	michaelklotzbier.de 187.44.126.204 \[01/Aug/2019:08:16:33 +0200\] "POST /wp-login.php HTTP/1.1" 200 5838 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" michaelklotzbier.de 187.44.126.204 \[01/Aug/2019:08:16:35 +0200\] "POST /wp-login.php HTTP/1.1" 200 5795 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-08-01 17:09:27
188.166.150.79	attackbots	Aug 1 08:44:57 MK-Soft-VM5 sshd\[3391\]: Invalid user lxpopuser from 188.166.150.79 port 32884 Aug 1 08:44:57 MK-Soft-VM5 sshd\[3391\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.150.79 Aug 1 08:44:59 MK-Soft-VM5 sshd\[3391\]: Failed password for invalid user lxpopuser from 188.166.150.79 port 32884 ssh2 ...	2019-08-01 17:25:53
103.26.41.241	attackspam	Automatic report - Banned IP Access	2019-08-01 17:57:41
80.90.39.22	attackspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08011046)	2019-08-01 17:22:15
73.118.83.233	attack	Apr 22 16:36:00 ubuntu sshd[21558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.118.83.233 Apr 22 16:36:02 ubuntu sshd[21558]: Failed password for invalid user mongo from 73.118.83.233 port 39842 ssh2 Apr 22 16:38:47 ubuntu sshd[21649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.118.83.233 Apr 22 16:38:48 ubuntu sshd[21649]: Failed password for invalid user iQ from 73.118.83.233 port 36800 ssh2	2019-08-01 17:20:30
95.48.54.106	attack	Apr 21 16:35:18 ubuntu sshd[8482]: Failed password for invalid user development from 95.48.54.106 port 39480 ssh2 Apr 21 16:37:40 ubuntu sshd[8568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.48.54.106 Apr 21 16:37:43 ubuntu sshd[8568]: Failed password for invalid user xl from 95.48.54.106 port 36722 ssh2	2019-08-01 17:04:17
64.31.33.70	attackbots	\[2019-08-01 05:23:32\] NOTICE\[2288\] chan_sip.c: Registration from '"5027" \' failed for '64.31.33.70:5281' - Wrong password \[2019-08-01 05:23:32\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-01T05:23:32.801-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="5027",SessionID="0x7ff4d00cdaf8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/64.31.33.70/5281",Challenge="0cf526cc",ReceivedChallenge="0cf526cc",ReceivedHash="435b940988270990ddc71776585cd96b" \[2019-08-01 05:23:32\] NOTICE\[2288\] chan_sip.c: Registration from '"5027" \' failed for '64.31.33.70:5281' - Wrong password \[2019-08-01 05:23:32\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-01T05:23:32.906-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="5027",SessionID="0x7ff4d00ec4d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/64.3	2019-08-01 17:28:51

最近上报的IP列表

153.92.4.206	1.238.118.50	216.196.78.75	62.47.213.51
222.35.81.249	157.72.40.138	47.40.183.245	87.217.215.175
60.77.63.179	73.194.215.24	162.182.94.237	17.173.107.100
32.212.216.229	202.40.20.29	254.65.35.180	178.98.139.221
49.67.28.187	188.57.163.62	34.112.48.149	94.217.106.44