139.162.2.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
139.162.214.192	spambotsattack	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2023-02-18 16:15:46
139.162.247.102	attack	OSSEC HIDS Notification. 2020 Oct 15 19:14:19 Received From: shared->/var/log/secure Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Oct 15 19:14:18 shared sshd[2970433]: ssh_dispatch_run_fatal: Connection from 139.162.247.102 port 41166: bignum is negative [preauth] --END OF NOTIFICATION	2020-10-20 08:52:36
139.162.217.250	attack	WebSpam Attack	2020-10-07 05:56:21
139.162.217.250	attackbots	WebSpam Attack	2020-10-06 22:09:25
139.162.217.250	attack	WebSpam Attack	2020-10-06 13:52:46
139.162.247.102	attack	firewall-block, port(s): 22/tcp	2020-10-01 03:25:46
139.162.247.102	attackspambots	honeypot 22 port	2020-09-30 01:51:04
139.162.247.102	attackspam	Sep 29 12:19:00 baraca inetd[76034]: refused connection from scan003.ampereinnotech.com, service sshd (tcp) Sep 29 12:19:01 baraca inetd[76035]: refused connection from scan003.ampereinnotech.com, service sshd (tcp) Sep 29 12:19:02 baraca inetd[76038]: refused connection from scan003.ampereinnotech.com, service sshd (tcp) ...	2020-09-29 17:51:13
139.162.247.102	attackbotsspam	IP 139.162.247.102 attacked honeypot on port: 22 at 9/26/2020 5:56:09 AM	2020-09-26 21:09:12
139.162.247.102	attackbotsspam	Sep2601:57:57server6sshd[14291]:refusedconnectfrom139.162.247.102$139.162.247.102$Sep2601:58:02server6sshd[14327]:refusedconnectfrom139.162.247.102$139.162.247.102$Sep2601:58:07server6sshd[14343]:refusedconnectfrom139.162.247.102$139.162.247.102$Sep2601:58:12server6sshd[14360]:refusedconnectfrom139.162.247.102$139.162.247.102$Sep2601:58:17server6sshd[14374]:refusedconnectfrom139.162.247.102$139.162.247.102$	2020-09-26 12:51:05
139.162.245.68	attackspam	Found on Block CINS-badguys / proto=6 . srcport=50055 . dstport=9200 . (3216)	2020-09-22 23:57:27
139.162.245.68	attackspam	Found on Block CINS-badguys / proto=6 . srcport=50055 . dstport=9200 . (3216)	2020-09-22 16:01:33
139.162.245.68	attackbotsspam	Found on Block CINS-badguys / proto=6 . srcport=50055 . dstport=9200 . (3216)	2020-09-22 08:05:11
139.162.252.121	attackspambots	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: li1537-121.members.linode.com.	2020-09-06 02:31:22
139.162.252.121	attack	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: li1537-121.members.linode.com.	2020-09-05 18:06:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.162.2.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34794
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;139.162.2.4.			IN	A

;; AUTHORITY SECTION:
.			473	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020702 1800 900 604800 86400

;; Query time: 78 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 08 09:49:39 CST 2022
;; MSG SIZE  rcvd: 104

Host info

4.2.162.139.in-addr.arpa domain name pointer 139-162-2-4.ip.linodeusercontent.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
4.2.162.139.in-addr.arpa	name = 139-162-2-4.ip.linodeusercontent.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.209.0.92	attack	11/11/2019-07:30:38.143419 185.209.0.92 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-11 14:49:11
119.28.222.88	attackspambots	Nov 11 06:04:09 web8 sshd\[1125\]: Invalid user server from 119.28.222.88 Nov 11 06:04:09 web8 sshd\[1125\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.222.88 Nov 11 06:04:11 web8 sshd\[1125\]: Failed password for invalid user server from 119.28.222.88 port 55596 ssh2 Nov 11 06:08:14 web8 sshd\[3627\]: Invalid user taa from 119.28.222.88 Nov 11 06:08:14 web8 sshd\[3627\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.222.88	2019-11-11 14:10:17
118.217.181.116	attack	masters-of-media.de 118.217.181.116 \[11/Nov/2019:05:57:08 +0100\] "POST /wp-login.php HTTP/1.1" 200 5855 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" masters-of-media.de 118.217.181.116 \[11/Nov/2019:05:57:11 +0100\] "POST /wp-login.php HTTP/1.1" 200 5811 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-11 14:26:30
62.234.141.187	attackbots	Nov 10 20:26:30 web9 sshd\[6785\]: Invalid user home from 62.234.141.187 Nov 10 20:26:30 web9 sshd\[6785\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.141.187 Nov 10 20:26:32 web9 sshd\[6785\]: Failed password for invalid user home from 62.234.141.187 port 44186 ssh2 Nov 10 20:31:19 web9 sshd\[7511\]: Invalid user admin from 62.234.141.187 Nov 10 20:31:19 web9 sshd\[7511\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.141.187	2019-11-11 14:47:49
173.226.134.224	attackbots	173.226.134.224 was recorded 5 times by 5 hosts attempting to connect to the following ports: 623. Incident counter (4h, 24h, all-time): 5, 16, 22	2019-11-11 14:23:14
155.4.32.16	attackspambots	Nov 11 08:30:27 sauna sshd[128360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.32.16 Nov 11 08:30:30 sauna sshd[128360]: Failed password for invalid user rebeca from 155.4.32.16 port 54123 ssh2 ...	2019-11-11 14:45:08
175.193.68.12	attackspam	[MonNov1105:57:39.2177642019][:error][pid8192:tid139667613599488][client175.193.68.12:46902][client175.193.68.12]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\$\\|\?=\?f$\?:open\\|write$\?\\\\\\\\$\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress$\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:widgetConfig[code].[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:widgetConfig[code]"][severity"CRITICAL"][hostname"148.251.104.71"][uri"/index.php"][unique_id"XcjqQ7VYKWnuLh@h5LMngQAAANQ"][MonNov1105:57:41.4045252019][:error][pid8006:tid139667773060864][client175.193.68.12:47090][client175.193.68.12]ModSecurity:Accessdenied	2019-11-11 14:07:42
103.76.21.181	attackspambots	Nov 11 06:38:36 ns41 sshd[27159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.76.21.181	2019-11-11 14:29:00
115.76.99.62	attackspambots	Automatic report - Port Scan Attack	2019-11-11 14:52:14
165.231.94.184	attackbots	Looking for resource vulnerabilities	2019-11-11 14:17:44
182.86.227.138	attackbotsspam	Automatic report - Port Scan Attack	2019-11-11 14:49:44
115.78.8.83	attackbots	Nov 10 20:26:39 auw2 sshd\[22605\]: Invalid user aharon from 115.78.8.83 Nov 10 20:26:39 auw2 sshd\[22605\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.8.83 Nov 10 20:26:42 auw2 sshd\[22605\]: Failed password for invalid user aharon from 115.78.8.83 port 40057 ssh2 Nov 10 20:31:13 auw2 sshd\[22958\]: Invalid user nahata from 115.78.8.83 Nov 10 20:31:13 auw2 sshd\[22958\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.8.83	2019-11-11 14:51:43
54.38.241.162	attackbotsspam	F2B jail: sshd. Time: 2019-11-11 07:14:15, Reported by: VKReport	2019-11-11 14:18:19
165.227.84.119	attackspambots	$f2bV_matches	2019-11-11 14:28:42
194.243.6.150	attackspam	2019-11-11T05:54:52.656936abusebot-5.cloudsearch.cf sshd\[493\]: Invalid user robert from 194.243.6.150 port 42520	2019-11-11 14:15:13

Recently Reported IPs

171.235.185.174	81.162.74.18	103.81.3.202	37.202.136.37
34.67.226.176	201.191.73.134	142.251.41.14	151.182.1.35
143.0.217.26	175.5.14.254	193.202.110.24	197.49.24.238
171.237.223.243	50.117.24.212	120.219.88.7	40.94.95.61
108.167.133.20	177.222.25.250	117.198.165.40	2.133.52.66