139.59.21.101 - IPInfo

Basic Info

City: Bengaluru

Region: Karnataka

Country: India

Internet Service Provider: Digital Ocean Inc.

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Mar 14 04:11:40 motanud sshd\[29004\]: Invalid user cpanel from 139.59.21.101 port 46812 Mar 14 04:11:40 motanud sshd\[29004\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.21.101 Mar 14 04:11:43 motanud sshd\[29004\]: Failed password for invalid user cpanel from 139.59.21.101 port 46812 ssh2	2019-08-11 04:19:35

Type

Details

Datetime

attack

Mar 14 04:11:40 motanud sshd\[29004\]: Invalid user cpanel from 139.59.21.101 port 46812
Mar 14 04:11:40 motanud sshd\[29004\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.21.101
Mar 14 04:11:43 motanud sshd\[29004\]: Failed password for invalid user cpanel from 139.59.21.101 port 46812 ssh2

2019-08-11 04:19:35

Comments on same subnet:

IP	Type	Details	Datetime
139.59.215.171	attack	2020-10-13T02:06:50.771160vps-web1.h3z.jp sshd[15016]: Invalid user ftpuser from 139.59.215.171 port 51442 2020-10-13T02:08:04.431562vps-web1.h3z.jp sshd[15026]: Invalid user ftpuser from 139.59.215.171 port 35640 2020-10-13T02:08:41.876310vps-web1.h3z.jp sshd[15032]: Invalid user postgres from 139.59.215.171 port 55970 ...	2020-10-13 01:11:47
139.59.215.171	attack	2020-10-12T11:11:07.239948mail.standpoint.com.ua sshd[32054]: Invalid user steam from 139.59.215.171 port 60818 2020-10-12T11:11:07.242903mail.standpoint.com.ua sshd[32054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.215.171 2020-10-12T11:11:07.239948mail.standpoint.com.ua sshd[32054]: Invalid user steam from 139.59.215.171 port 60818 2020-10-12T11:11:08.523134mail.standpoint.com.ua sshd[32054]: Failed password for invalid user steam from 139.59.215.171 port 60818 ssh2 2020-10-12T11:11:48.644489mail.standpoint.com.ua sshd[32129]: Invalid user centos from 139.59.215.171 port 56396 ...	2020-10-12 16:34:23
139.59.215.241	attackbots	139.59.215.241 - - [10/Oct/2020:22:22:10 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [10/Oct/2020:22:22:11 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [10/Oct/2020:22:22:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-11 04:38:14
139.59.212.248	attackbotsspam	Oct 3 09:02:34 hidden postfix/postscreen[61878]: DNSBL rank 3 for [139.59.212.248]:33318	2020-10-11 01:24:45
139.59.215.241	attackbotsspam	139.59.215.241 - - [10/Oct/2020:11:36:45 +0100] "POST /wp-login.php HTTP/1.1" 200 2556 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [10/Oct/2020:11:36:47 +0100] "POST /wp-login.php HTTP/1.1" 200 2539 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [10/Oct/2020:11:36:47 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-10 20:37:04
139.59.212.248	attackbotsspam	Oct 3 09:02:34 hidden postfix/postscreen[61878]: DNSBL rank 3 for [139.59.212.248]:33318	2020-10-10 17:17:27
139.59.212.248	attack	Oct 4 22:32:46 web01.agentur-b-2.de postfix/smtpd[1795543]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:32:46 web01.agentur-b-2.de postfix/smtpd[1795543]: lost connection after AUTH from unknown[139.59.212.248] Oct 4 22:36:31 web01.agentur-b-2.de postfix/smtpd[1795503]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:36:31 web01.agentur-b-2.de postfix/smtpd[1795503]: lost connection after AUTH from unknown[139.59.212.248] Oct 4 22:37:20 web01.agentur-b-2.de postfix/smtpd[1795498]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:37:20 web01.agentur-b-2.de postfix/smtpd[1795498]: lost connection after AUTH from unknown[139.59.212.248]	2020-10-05 05:31:26
139.59.211.245	attackspam	SSH brutforce	2020-10-05 04:59:23
139.59.212.248	attackspambots	Oct 4 06:04:42 web01.agentur-b-2.de postfix/smtpd[1400041]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 06:04:42 web01.agentur-b-2.de postfix/smtpd[1400041]: lost connection after AUTH from unknown[139.59.212.248] Oct 4 06:08:26 web01.agentur-b-2.de postfix/smtpd[1400041]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 06:08:26 web01.agentur-b-2.de postfix/smtpd[1400041]: lost connection after AUTH from unknown[139.59.212.248] Oct 4 06:09:15 web01.agentur-b-2.de postfix/smtpd[1400041]: warning: unknown[139.59.212.248]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-10-04 21:26:15
139.59.211.245	attackbots	Oct 4 14:52:35 host sshd[18768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.211.245 user=root Oct 4 14:52:37 host sshd[18768]: Failed password for root from 139.59.211.245 port 38516 ssh2 ...	2020-10-04 20:53:33
139.59.211.245	attackspambots	detected by Fail2Ban	2020-10-04 12:36:51
139.59.211.245	attackbots	Sep 30 20:24:04 buvik sshd[11406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.211.245 Sep 30 20:24:06 buvik sshd[11406]: Failed password for invalid user allan from 139.59.211.245 port 44884 ssh2 Sep 30 20:30:58 buvik sshd[12480]: Invalid user ftpuser from 139.59.211.245 ...	2020-10-01 03:01:08
139.59.211.245	attack	Invalid user administrador from 139.59.211.245 port 40100	2020-09-30 19:13:32
139.59.215.241	attackbotsspam	139.59.215.241 - - [19/Sep/2020:16:13:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2371 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:16:13:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2342 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:16:13:03 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-20 01:56:43
139.59.215.241	attackbotsspam	139.59.215.241 - - [19/Sep/2020:06:55:27 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:06:55:27 +0200] "POST /wp-login.php HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:06:55:28 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:06:55:28 +0200] "POST /wp-login.php HTTP/1.1" 200 2697 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:06:55:28 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.215.241 - - [19/Sep/2020:06:55:28 +0200] "POST /wp-login.php HTTP/1.1" 200 2696 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-09-19 17:48:19

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.21.101
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50140
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.21.101.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019032900 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Mar 30 00:11:22 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 101.21.59.139.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 101.21.59.139.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
200.0.236.210	attack	Apr 17 09:02:51 vtv3 sshd[7109]: Invalid user alejos from 200.0.236.210 port 57752 Apr 17 09:02:51 vtv3 sshd[7109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.0.236.210 Apr 21 07:59:00 vtv3 sshd[13822]: Invalid user Owner from 200.0.236.210 port 52938 Apr 21 07:59:00 vtv3 sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.0.236.210 Apr 21 07:59:02 vtv3 sshd[13822]: Failed password for invalid user Owner from 200.0.236.210 port 52938 ssh2 Apr 21 08:05:49 vtv3 sshd[17298]: Invalid user packer from 200.0.236.210 port 48454 Apr 21 08:05:49 vtv3 sshd[17298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.0.236.210 Aug 18 13:32:59 vtv3 sshd[26821]: Invalid user jira from 200.0.236.210 port 40828 Aug 18 13:32:59 vtv3 sshd[26821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.0.236.210 Aug 18 13:33:00 vtv3 sshd[26821]: Failed	2019-12-18 23:26:51
92.118.37.53	attackbots	12/18/2019-10:30:40.780041 92.118.37.53 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-19 00:00:24
217.132.233.173	attackspam	Chat Spam	2019-12-18 23:26:24
109.196.82.214	attackbots	Autoban 109.196.82.214 AUTH/CONNECT	2019-12-18 23:22:15
45.134.179.240	attackspambots	Dec 18 15:37:07 debian-2gb-nbg1-2 kernel: \[332600.290177\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.134.179.240 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62911 PROTO=TCP SPT=52652 DPT=4404 WINDOW=1024 RES=0x00 SYN URGP=0	2019-12-18 23:39:19
62.210.185.4	attackbotsspam	C1,WP GET /wp-login.php	2019-12-18 23:30:08
93.78.205.197	attack	2019-12-18 08:37:04 H=(unknown.pol.volia.net) [93.78.205.197]:37267 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/query/ip/93.78.205.197) 2019-12-18 08:37:04 H=(unknown.pol.volia.net) [93.78.205.197]:37267 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/query/ip/93.78.205.197) 2019-12-18 08:37:05 H=(unknown.pol.volia.net) [93.78.205.197]:37267 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) ...	2019-12-18 23:45:23
159.203.30.120	attackspambots	Dec 18 16:13:03 [host] sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.30.120 user=backup Dec 18 16:13:05 [host] sshd[8659]: Failed password for backup from 159.203.30.120 port 45636 ssh2 Dec 18 16:19:23 [host] sshd[8893]: Invalid user rinke from 159.203.30.120	2019-12-18 23:36:02
61.223.51.151	attackbotsspam	" "	2019-12-18 23:24:20
51.15.118.122	attack	Dec 18 16:09:39 eventyay sshd[6514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.118.122 Dec 18 16:09:41 eventyay sshd[6514]: Failed password for invalid user sammy from 51.15.118.122 port 59554 ssh2 Dec 18 16:16:22 eventyay sshd[6776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.118.122 ...	2019-12-18 23:16:58
66.70.189.209	attackbotsspam	Dec 18 15:37:23 icinga sshd[11938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.70.189.209 Dec 18 15:37:26 icinga sshd[11938]: Failed password for invalid user mosvold from 66.70.189.209 port 35353 ssh2 ...	2019-12-18 23:27:44
106.75.17.245	attackbotsspam	Dec 18 15:31:11 microserver sshd[24482]: Invalid user wu from 106.75.17.245 port 44532 Dec 18 15:31:11 microserver sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.17.245 Dec 18 15:31:13 microserver sshd[24482]: Failed password for invalid user wu from 106.75.17.245 port 44532 ssh2 Dec 18 15:37:00 microserver sshd[25354]: Invalid user sjcho from 106.75.17.245 port 36336 Dec 18 15:37:00 microserver sshd[25354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.17.245 Dec 18 15:48:25 microserver sshd[27047]: Invalid user webmaster from 106.75.17.245 port 48116 Dec 18 15:48:25 microserver sshd[27047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.17.245 Dec 18 15:48:26 microserver sshd[27047]: Failed password for invalid user webmaster from 106.75.17.245 port 48116 ssh2 Dec 18 15:54:16 microserver sshd[27911]: Invalid user eli from 106.75.17.245 port 39866 Dec 1	2019-12-18 23:31:19
149.202.43.72	attackbotsspam	SS5,WP GET /wp-login.php	2019-12-18 23:34:24
91.23.33.175	attack	Invalid user mysql from 91.23.33.175 port 17084 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.23.33.175 Failed password for invalid user mysql from 91.23.33.175 port 17084 ssh2 Invalid user odle from 91.23.33.175 port 62833 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.23.33.175	2019-12-18 23:27:19
103.28.53.146	attack	SS5,WP GET /wp-login.php	2019-12-18 23:57:47

Recently Reported IPs

142.93.247.243	134.175.114.210	128.199.255.146	123.207.150.226
121.8.154.178	118.25.93.64	111.230.63.104	106.0.36.114
104.238.116.19	93.100.138.129	91.121.69.25	89.109.190.50
88.178.87.109	85.214.199.251	83.140.141.30	82.80.140.33
59.46.36.114	54.37.205.20	51.254.201.64	46.163.72.218