212.129.139.59

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Aug 29 21:41:16 plex-server sshd[744928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 Aug 29 21:41:16 plex-server sshd[744928]: Invalid user lloyd from 212.129.139.59 port 45032 Aug 29 21:41:17 plex-server sshd[744928]: Failed password for invalid user lloyd from 212.129.139.59 port 45032 ssh2 Aug 29 21:45:34 plex-server sshd[747179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 user=root Aug 29 21:45:36 plex-server sshd[747179]: Failed password for root from 212.129.139.59 port 49810 ssh2 ...	2020-08-30 05:59:30
attackbots	2020-08-21T16:06:35.147759snf-827550 sshd[4330]: Invalid user mct from 212.129.139.59 port 45304 2020-08-21T16:06:36.665149snf-827550 sshd[4330]: Failed password for invalid user mct from 212.129.139.59 port 45304 ssh2 2020-08-21T16:12:47.103353snf-827550 sshd[4385]: Invalid user ba from 212.129.139.59 port 45002 ...	2020-08-22 03:33:21
attackbotsspam	2020-08-17T05:33:09.847777shield sshd\[12542\]: Invalid user ssc from 212.129.139.59 port 49958 2020-08-17T05:33:09.855624shield sshd\[12542\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 2020-08-17T05:33:11.253406shield sshd\[12542\]: Failed password for invalid user ssc from 212.129.139.59 port 49958 ssh2 2020-08-17T05:38:56.710332shield sshd\[13031\]: Invalid user admin from 212.129.139.59 port 56160 2020-08-17T05:38:56.716544shield sshd\[13031\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59	2020-08-17 19:25:15
attackspambots	Aug 16 19:22:45 rotator sshd\[2239\]: Invalid user tux from 212.129.139.59Aug 16 19:22:47 rotator sshd\[2239\]: Failed password for invalid user tux from 212.129.139.59 port 41056 ssh2Aug 16 19:25:02 rotator sshd\[2270\]: Invalid user test from 212.129.139.59Aug 16 19:25:05 rotator sshd\[2270\]: Failed password for invalid user test from 212.129.139.59 port 41236 ssh2Aug 16 19:27:19 rotator sshd\[3082\]: Invalid user mari from 212.129.139.59Aug 16 19:27:21 rotator sshd\[3082\]: Failed password for invalid user mari from 212.129.139.59 port 41418 ssh2 ...	2020-08-17 03:21:29
attackbotsspam	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-07-24T15:31:04Z and 2020-07-24T16:50:40Z	2020-07-25 03:10:06
attack	Jul 4 14:09:50 ns3164893 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 user=root Jul 4 14:09:52 ns3164893 sshd[28139]: Failed password for root from 212.129.139.59 port 44064 ssh2 ...	2020-07-05 01:25:38
attackspambots	Jul 4 10:00:04 lnxded64 sshd[29045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59	2020-07-04 19:17:20
attackspam	5x Failed Password	2020-07-02 04:42:18
attack	Jun 20 21:54:20 dignus sshd[28655]: Invalid user update from 212.129.139.59 port 38138 Jun 20 21:54:20 dignus sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 Jun 20 21:54:22 dignus sshd[28655]: Failed password for invalid user update from 212.129.139.59 port 38138 ssh2 Jun 20 21:58:31 dignus sshd[28975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 user=root Jun 20 21:58:32 dignus sshd[28975]: Failed password for root from 212.129.139.59 port 59274 ssh2 ...	2020-06-21 13:13:33
attackbots	Jun 20 01:03:00 prox sshd[18534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.59 Jun 20 01:03:02 prox sshd[18534]: Failed password for invalid user aaliyah from 212.129.139.59 port 50800 ssh2	2020-06-20 08:23:03

相同子网IP讨论:

IP	类型	评论内容	时间
212.129.139.44	attackbots	Jun 27 12:15:27 ms-srv sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.44 user=root Jun 27 12:15:30 ms-srv sshd[12500]: Failed password for invalid user root from 212.129.139.44 port 32790 ssh2	2020-03-09 04:09:00
212.129.139.44	attackspambots	Jun 27 12:15:27 ms-srv sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.44 user=root Jun 27 12:15:30 ms-srv sshd[12500]: Failed password for invalid user root from 212.129.139.44 port 32790 ssh2	2020-02-15 23:43:08
212.129.139.44	attackbots	Aug 24 09:53:22 nextcloud sshd\[27900\]: Invalid user apagar from 212.129.139.44 Aug 24 09:53:22 nextcloud sshd\[27900\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.44 Aug 24 09:53:23 nextcloud sshd\[27900\]: Failed password for invalid user apagar from 212.129.139.44 port 34170 ssh2 ...	2019-08-24 16:28:26
212.129.139.44	attackspambots	Aug 21 12:25:52 friendsofhawaii sshd\[13702\]: Invalid user hack from 212.129.139.44 Aug 21 12:25:52 friendsofhawaii sshd\[13702\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.44 Aug 21 12:25:54 friendsofhawaii sshd\[13702\]: Failed password for invalid user hack from 212.129.139.44 port 59972 ssh2 Aug 21 12:29:18 friendsofhawaii sshd\[14009\]: Invalid user emily from 212.129.139.44 Aug 21 12:29:18 friendsofhawaii sshd\[14009\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.139.44	2019-08-22 06:45:25
212.129.139.44	attackspam	Invalid user eva from 212.129.139.44 port 37946	2019-08-20 17:56:11

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.129.139.59
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27345
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.129.139.59.			IN	A

;; AUTHORITY SECTION:
.			512	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061901 1800 900 604800 86400

;; Query time: 63 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jun 20 08:23:00 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 59.139.129.212.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 59.139.129.212.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
104.208.243.202	attack	Abuse	2020-05-08 02:14:20
222.186.180.6	attackbotsspam	Too many connections or unauthorized access detected from Arctic banned ip	2020-05-08 02:03:01
118.89.122.104	attack	May 7 17:22:48 sshgateway sshd\[28278\]: Invalid user admin from 118.89.122.104 May 7 17:22:48 sshgateway sshd\[28278\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.122.104 May 7 17:22:50 sshgateway sshd\[28278\]: Failed password for invalid user admin from 118.89.122.104 port 50458 ssh2	2020-05-08 01:51:11
72.210.252.142	attackbots	72.210.252.142 US mail dovecot 2020-05-07 08:53:39 2020-05-08 08:53:39	2020-05-08 02:02:17
185.53.88.182	attackspambots	$f2bV_matches	2020-05-08 01:31:38
176.210.126.244	attackspam	20/5/7@13:22:57: FAIL: Alarm-Network address from=176.210.126.244 20/5/7@13:22:57: FAIL: Alarm-Network address from=176.210.126.244 ...	2020-05-08 01:45:45
222.186.173.142	attackspam	May 7 13:49:47 NPSTNNYC01T sshd[23846]: Failed password for root from 222.186.173.142 port 37440 ssh2 May 7 13:49:51 NPSTNNYC01T sshd[23846]: Failed password for root from 222.186.173.142 port 37440 ssh2 May 7 13:49:53 NPSTNNYC01T sshd[23846]: Failed password for root from 222.186.173.142 port 37440 ssh2 May 7 13:49:56 NPSTNNYC01T sshd[23846]: Failed password for root from 222.186.173.142 port 37440 ssh2 ...	2020-05-08 02:08:40
42.200.244.178	attackbotsspam	(sshd) Failed SSH login from 42.200.244.178 (HK/Hong Kong/42-200-244-178.static.imsbiz.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 7 19:08:24 amsweb01 sshd[23615]: Invalid user sabina from 42.200.244.178 port 57949 May 7 19:08:25 amsweb01 sshd[23615]: Failed password for invalid user sabina from 42.200.244.178 port 57949 ssh2 May 7 19:18:25 amsweb01 sshd[24321]: Invalid user joao from 42.200.244.178 port 38053 May 7 19:18:27 amsweb01 sshd[24321]: Failed password for invalid user joao from 42.200.244.178 port 38053 ssh2 May 7 19:23:10 amsweb01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.244.178 user=root	2020-05-08 01:35:48
81.17.16.124	attack	SSH authentication failure x 6 reported by Fail2Ban ...	2020-05-08 01:49:43
34.73.48.43	attack	[Fri May 08 00:22:54.667408 2020] [:error] [pid 3639:tid 139814552913664] [client 34.73.48.43:51995] [client 34.73.48.43] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "staklim-malang.info"] [uri "/robots.txt"] [unique_id "XrRD7pKgiLiqkzgMWnfe1QAAAWk"] ...	2020-05-08 01:47:57
46.38.144.32	attackspambots	May 7 19:32:37 nlmail01.srvfarm.net postfix/smtpd[260346]: warning: unknown[46.38.144.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 7 19:33:13 nlmail01.srvfarm.net postfix/smtpd[260348]: warning: unknown[46.38.144.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 7 19:33:50 nlmail01.srvfarm.net postfix/smtpd[260346]: warning: unknown[46.38.144.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 7 19:34:26 nlmail01.srvfarm.net postfix/smtpd[260346]: warning: unknown[46.38.144.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 7 19:35:02 nlmail01.srvfarm.net postfix/smtpd[260346]: warning: unknown[46.38.144.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-05-08 02:00:41
106.12.58.4	attack	SSH invalid-user multiple login attempts	2020-05-08 02:04:41
85.24.194.43	attack	May 7 19:54:05 vps647732 sshd[18191]: Failed password for root from 85.24.194.43 port 51262 ssh2 ...	2020-05-08 02:13:18
92.83.0.82	attackspambots	Port probing on unauthorized port 23	2020-05-08 01:35:28
201.48.135.216	attack	Lines containing failures of 201.48.135.216 May 7 09:17:46 jarvis sshd[22549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.135.216 user=r.r May 7 09:17:48 jarvis sshd[22549]: Failed password for r.r from 201.48.135.216 port 54017 ssh2 May 7 09:17:50 jarvis sshd[22549]: Received disconnect from 201.48.135.216 port 54017:11: Bye Bye [preauth] May 7 09:17:50 jarvis sshd[22549]: Disconnected from authenticating user r.r 201.48.135.216 port 54017 [preauth] May 7 09:21:23 jarvis sshd[23622]: Invalid user martina from 201.48.135.216 port 50834 May 7 09:21:23 jarvis sshd[23622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.135.216 May 7 09:21:25 jarvis sshd[23622]: Failed password for invalid user martina from 201.48.135.216 port 50834 ssh2 May 7 09:21:26 jarvis sshd[23622]: Received disconnect from 201.48.135.216 port 50834:11: Bye Bye [preauth] May 7 09:21:26 jarvis ........ ------------------------------	2020-05-08 02:05:38

最近上报的IP列表

190.20.22.108	51.195.166.169	70.108.172.3	209.16.70.44
192.141.53.1	126.178.71.247	12.164.203.9	12.203.101.48
108.130.8.35	61.221.114.23	68.102.148.36	190.229.99.92
41.115.47.152	1.210.80.79	3.104.130.180	115.53.100.92
107.121.74.210	205.245.188.85	63.246.200.65	197.10.27.239