139.59.147.218

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: Digital Ocean Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	xmlrpc attack	2020-10-06 05:38:03
attackbots	Automatic report - Banned IP Access	2020-10-05 21:42:20
attackbotsspam	memoran 139.59.147.218 [05/Oct/2020:09:39:59 "-" "POST /wp-login.php 200 6727 139.59.147.218 [05/Oct/2020:09:40:06 "-" "GET /wp-login.php 200 6618 139.59.147.218 [05/Oct/2020:09:40:12 "-" "POST /wp-login.php 200 6725	2020-10-05 13:36:21
attack	xmlrpc attack	2020-08-01 12:12:46
attackspambots	www.rbtierfotografie.de 139.59.147.218 [22/Jul/2020:08:24:27 +0200] "POST /wp-login.php HTTP/1.1" 200 6187 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.rbtierfotografie.de 139.59.147.218 [22/Jul/2020:08:24:27 +0200] "POST /wp-login.php HTTP/1.1" 200 6140 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-22 16:15:56
attackspam	[munged]::443 139.59.147.218 - - [04/Jul/2020:01:16:55 +0200] "POST /[munged]: HTTP/1.1" 200 6857 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-04 08:45:26
attackbots	139.59.147.218 - - [26/May/2020:09:41:56 +0200] "GET /wp-login.php HTTP/1.1" 200 5865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.147.218 - - [26/May/2020:09:41:58 +0200] "POST /wp-login.php HTTP/1.1" 200 6116 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.147.218 - - [26/May/2020:09:42:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-26 17:39:16
attackbots	WordPress login Brute force / Web App Attack on client site.	2020-05-06 05:29:09
attackspambots	Automatic report - XMLRPC Attack	2020-03-09 21:01:42

Comments on same subnet:

IP	Type	Details	Datetime
139.59.147.113	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-31 03:26:45
139.59.147.33	attackspambots	May 3 15:27:36 server sshd\[39243\]: Invalid user zimbra from 139.59.147.33 May 3 15:27:36 server sshd\[39243\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.147.33 May 3 15:27:38 server sshd\[39243\]: Failed password for invalid user zimbra from 139.59.147.33 port 33972 ssh2 ...	2019-07-12 07:32:11

Type

Details

Datetime

139.59.147.113

attack

MultiHost/MultiPort Probe, Scan, Hack -

2019-12-31 03:26:45

139.59.147.33

attackspambots

May  3 15:27:36 server sshd\[39243\]: Invalid user zimbra from 139.59.147.33
May  3 15:27:36 server sshd\[39243\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.147.33
May  3 15:27:38 server sshd\[39243\]: Failed password for invalid user zimbra from 139.59.147.33 port 33972 ssh2
...

2019-07-12 07:32:11

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.147.218
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21848
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.147.218.			IN	A

;; AUTHORITY SECTION:
.			578	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030900 1800 900 604800 86400

;; Query time: 43 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 09 21:01:38 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 218.147.59.139.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 218.147.59.139.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.31.83	attack	Jun 17 16:12:02 mellenthin sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.31.83 user=root Jun 17 16:12:04 mellenthin sshd[21850]: Failed password for invalid user root from 222.186.31.83 port 46177 ssh2	2020-06-17 22:20:48
103.113.90.128	attackspam	2020-06-17 06:54:18.747247-0500 localhost smtpd[67314]: NOQUEUE: reject: RCPT from unknown[103.113.90.128]: 554 5.7.1 Service unavailable; Client host [103.113.90.128] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<00ea8753.nyidat.xyz>	2020-06-17 22:41:43
180.76.179.43	attackspambots	SSH Brute-Force. Ports scanning.	2020-06-17 22:57:52
116.98.95.83	attack	Unauthorized connection attempt from IP address 116.98.95.83 on Port 445(SMB)	2020-06-17 22:26:28
94.84.154.130	attack	Unauthorized connection attempt from IP address 94.84.154.130 on Port 445(SMB)	2020-06-17 22:26:06
121.204.166.240	attackspam	Automatic report BANNED IP	2020-06-17 22:37:29
109.94.171.132	attackspam	Lines containing failures of 109.94.171.132 Jun 17 13:37:07 shared10 sshd[1852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.94.171.132 user=r.r Jun 17 13:37:09 shared10 sshd[1852]: Failed password for r.r from 109.94.171.132 port 46508 ssh2 Jun 17 13:37:09 shared10 sshd[1852]: Received disconnect from 109.94.171.132 port 46508:11: Bye Bye [preauth] Jun 17 13:37:09 shared10 sshd[1852]: Disconnected from authenticating user r.r 109.94.171.132 port 46508 [preauth] Jun 17 13:53:00 shared10 sshd[7638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.94.171.132 user=r.r Jun 17 13:53:03 shared10 sshd[7638]: Failed password for r.r from 109.94.171.132 port 57542 ssh2 Jun 17 13:53:03 shared10 sshd[7638]: Received disconnect from 109.94.171.132 port 57542:11: Bye Bye [preauth] Jun 17 13:53:03 shared10 sshd[7638]: Disconnected from authenticating user r.r 109.94.171.132 port 57542 [preaut........ ------------------------------	2020-06-17 22:50:36
167.172.238.159	attackspam	SSH Brute-Forcing (server1)	2020-06-17 22:19:31
108.12.225.85	attackbotsspam	Brute force attempt	2020-06-17 22:52:19
181.226.245.204	attackbots	Unauthorized connection attempt from IP address 181.226.245.204 on Port 445(SMB)	2020-06-17 22:31:25
193.109.225.250	attackbotsspam	2020-06-17T13:43:30.105818MailD postfix/smtpd[6944]: NOQUEUE: reject: RCPT from smtp03.inteligo.pl[193.109.225.250]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= 2020-06-17T13:43:31.955635MailD postfix/smtpd[6944]: NOQUEUE: reject: RCPT from smtp03.inteligo.pl[193.109.225.250]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= 2020-06-17T14:03:32.758519MailD postfix/smtpd[8590]: NOQUEUE: reject: RCPT from smtp03.inteligo.pl[193.109.225.250]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=	2020-06-17 22:21:14
182.75.8.126	attack	Unauthorized connection attempt from IP address 182.75.8.126 on Port 445(SMB)	2020-06-17 22:37:04
27.22.31.235	attackspambots	Jun 17 08:00:12 esmtp postfix/smtpd[25796]: lost connection after AUTH from unknown[27.22.31.235] Jun 17 08:00:14 esmtp postfix/smtpd[25796]: lost connection after AUTH from unknown[27.22.31.235] Jun 17 08:00:15 esmtp postfix/smtpd[25796]: lost connection after AUTH from unknown[27.22.31.235] Jun 17 08:00:17 esmtp postfix/smtpd[25796]: lost connection after AUTH from unknown[27.22.31.235] Jun 17 08:00:18 esmtp postfix/smtpd[25796]: lost connection after AUTH from unknown[27.22.31.235] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=27.22.31.235	2020-06-17 22:44:52
5.39.86.52	attackbotsspam	SSH invalid-user multiple login try	2020-06-17 22:47:54
117.4.80.26	attackspambots	Unauthorized connection attempt from IP address 117.4.80.26 on Port 445(SMB)	2020-06-17 22:58:27

Recently Reported IPs

110.227.216.32	163.172.244.188	171.239.11.119	216.164.32.177
110.78.148.165	168.101.250.194	5.181.90.36	111.91.86.118
83.66.86.205	46.63.74.89	178.171.23.15	177.12.245.94
116.159.123.240	77.9.62.106	97.154.68.113	176.158.78.230
203.205.27.218	39.37.129.161	90.139.58.172	11.77.1.1