139.59.254.74 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: Digital Ocean Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	POST /xmlrpc.php. Part of botnet attack -- 34 POST requests from 19 different IP addresses.	2019-12-27 00:20:59

Comments on same subnet:

IP	Type	Details	Datetime
139.59.254.93	attackspam	2020-07-23T18:09:35.869779sd-86998 sshd[24209]: Invalid user admin from 139.59.254.93 port 44669 2020-07-23T18:09:35.872143sd-86998 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 2020-07-23T18:09:35.869779sd-86998 sshd[24209]: Invalid user admin from 139.59.254.93 port 44669 2020-07-23T18:09:37.829171sd-86998 sshd[24209]: Failed password for invalid user admin from 139.59.254.93 port 44669 ssh2 2020-07-23T18:14:05.587757sd-86998 sshd[24805]: Invalid user frontdesk from 139.59.254.93 port 55963 ...	2020-07-24 01:00:25
139.59.254.93	attackbots	Auto Fail2Ban report, multiple SSH login attempts.	2020-07-18 23:52:57
139.59.254.93	attack	Invalid user uftp from 139.59.254.93 port 46139	2020-07-18 16:47:29
139.59.254.93	attackbots	Jul 15 07:13:19 firewall sshd[29092]: Invalid user ldm from 139.59.254.93 Jul 15 07:13:21 firewall sshd[29092]: Failed password for invalid user ldm from 139.59.254.93 port 46584 ssh2 Jul 15 07:16:50 firewall sshd[29180]: Invalid user git from 139.59.254.93 ...	2020-07-15 18:17:57
139.59.254.93	attackbots	2020-07-14T02:26:05.419125server.mjenks.net sshd[1687138]: Invalid user arjun from 139.59.254.93 port 39917 2020-07-14T02:26:05.426453server.mjenks.net sshd[1687138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 2020-07-14T02:26:05.419125server.mjenks.net sshd[1687138]: Invalid user arjun from 139.59.254.93 port 39917 2020-07-14T02:26:07.067755server.mjenks.net sshd[1687138]: Failed password for invalid user arjun from 139.59.254.93 port 39917 ssh2 2020-07-14T02:29:32.057302server.mjenks.net sshd[1687531]: Invalid user mother from 139.59.254.93 port 41650 ...	2020-07-14 17:11:29
139.59.254.93	attack	Jul 9 12:13:47 rotator sshd\[5668\]: Invalid user tujikai from 139.59.254.93Jul 9 12:13:49 rotator sshd\[5668\]: Failed password for invalid user tujikai from 139.59.254.93 port 42755 ssh2Jul 9 12:16:57 rotator sshd\[6474\]: Invalid user liviu from 139.59.254.93Jul 9 12:16:59 rotator sshd\[6474\]: Failed password for invalid user liviu from 139.59.254.93 port 40490 ssh2Jul 9 12:19:58 rotator sshd\[6543\]: Failed password for mail from 139.59.254.93 port 38045 ssh2Jul 9 12:22:48 rotator sshd\[7349\]: Invalid user tweety from 139.59.254.93 ...	2020-07-09 18:38:20
139.59.254.93	attackbotsspam	Jul 7 20:13:19 mout sshd[11165]: Invalid user amie from 139.59.254.93 port 60657	2020-07-08 02:31:53
139.59.254.93	attackspam	Jul 4 17:28:27 firewall sshd[14512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 Jul 4 17:28:27 firewall sshd[14512]: Invalid user mina from 139.59.254.93 Jul 4 17:28:29 firewall sshd[14512]: Failed password for invalid user mina from 139.59.254.93 port 44369 ssh2 ...	2020-07-05 05:03:40
139.59.254.93	attackspam	Jun 25 14:24:42 eventyay sshd[2732]: Failed password for root from 139.59.254.93 port 43810 ssh2 Jun 25 14:26:08 eventyay sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 Jun 25 14:26:10 eventyay sshd[2785]: Failed password for invalid user willy from 139.59.254.93 port 55344 ssh2 ...	2020-06-25 23:13:06
139.59.254.93	attack	Jun 25 11:51:19 eventyay sshd[28828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 Jun 25 11:51:22 eventyay sshd[28828]: Failed password for invalid user shreya1 from 139.59.254.93 port 35411 ssh2 Jun 25 11:54:39 eventyay sshd[28915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 ...	2020-06-25 18:15:16
139.59.254.93	attackspambots	2020-06-15T23:57:56.942534lavrinenko.info sshd[19342]: Invalid user test1 from 139.59.254.93 port 40978 2020-06-15T23:57:56.952248lavrinenko.info sshd[19342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 2020-06-15T23:57:56.942534lavrinenko.info sshd[19342]: Invalid user test1 from 139.59.254.93 port 40978 2020-06-15T23:57:59.526681lavrinenko.info sshd[19342]: Failed password for invalid user test1 from 139.59.254.93 port 40978 ssh2 2020-06-16T00:01:39.181004lavrinenko.info sshd[19554]: Invalid user rd from 139.59.254.93 port 44816 ...	2020-06-16 06:06:37
139.59.254.93	attackbots	2020-06-15T09:14:38.821118n23.at sshd[27310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 2020-06-15T09:14:38.812822n23.at sshd[27310]: Invalid user abc from 139.59.254.93 port 37210 2020-06-15T09:14:40.575066n23.at sshd[27310]: Failed password for invalid user abc from 139.59.254.93 port 37210 ssh2 ...	2020-06-15 17:53:47
139.59.254.93	attackspambots	May 22 08:18:28 OPSO sshd\[18452\]: Invalid user wp-admin from 139.59.254.93 port 51568 May 22 08:18:28 OPSO sshd\[18452\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93 May 22 08:18:30 OPSO sshd\[18452\]: Failed password for invalid user wp-admin from 139.59.254.93 port 51568 ssh2 May 22 08:22:53 OPSO sshd\[19289\]: Invalid user kbt from 139.59.254.93 port 59399 May 22 08:22:53 OPSO sshd\[19289\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.254.93	2020-05-22 15:25:52
139.59.254.93	attack	SSH authentication failure x 6 reported by Fail2Ban ...	2020-05-20 00:27:27
139.59.254.93	attackspam	SSH Invalid Login	2020-05-12 05:57:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.254.74
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34055
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.254.74.			IN	A

;; AUTHORITY SECTION:
.			338	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122600 1800 900 604800 86400

;; Query time: 230 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Dec 27 00:20:51 CST 2019
;; MSG SIZE  rcvd: 117

Host info

74.254.59.139.in-addr.arpa domain name pointer notification.website500k.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
74.254.59.139.in-addr.arpa	name = notification.website500k.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
212.70.149.36	attackspam	2020-08-29 21:32:37 dovecot_login authenticator failed for $User$ \[212.70.149.36\]: 535 Incorrect authentication data $set_id=amt@org.ua$2020-08-29 21:32:56 dovecot_login authenticator failed for $User$ \[212.70.149.36\]: 535 Incorrect authentication data $set_id=alum@org.ua$2020-08-29 21:33:17 dovecot_login authenticator failed for $User$ \[212.70.149.36\]: 535 Incorrect authentication data $set_id=alpha2@org.ua$ ...	2020-08-30 02:43:47
118.163.91.125	attackspam	Aug 29 17:58:46 localhost sshd\[18266\]: Invalid user webmin from 118.163.91.125 port 36562 Aug 29 17:58:46 localhost sshd\[18266\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.163.91.125 Aug 29 17:58:48 localhost sshd\[18266\]: Failed password for invalid user webmin from 118.163.91.125 port 36562 ssh2 ...	2020-08-30 03:05:23
192.241.220.23	attackspam	srv.marc-hoffrichter.de:443 192.241.220.23 - - [29/Aug/2020:14:04:57 +0200] "GET / HTTP/1.1" 403 4817 "-" "Mozilla/5.0 zgrab/0.x"	2020-08-30 02:49:29
125.34.240.29	attack	(imapd) Failed IMAP login from 125.34.240.29 (CN/China/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Aug 29 22:21:35 ir1 dovecot[3110802]: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=125.34.240.29, lip=5.63.12.44, TLS, session=	2020-08-30 02:30:15
112.85.42.94	attack	Aug 29 21:16:43 pkdns2 sshd\[50114\]: Failed password for root from 112.85.42.94 port 43617 ssh2Aug 29 21:16:45 pkdns2 sshd\[50114\]: Failed password for root from 112.85.42.94 port 43617 ssh2Aug 29 21:16:48 pkdns2 sshd\[50114\]: Failed password for root from 112.85.42.94 port 43617 ssh2Aug 29 21:17:40 pkdns2 sshd\[50150\]: Failed password for root from 112.85.42.94 port 32148 ssh2Aug 29 21:20:19 pkdns2 sshd\[50292\]: Failed password for root from 112.85.42.94 port 26600 ssh2Aug 29 21:23:01 pkdns2 sshd\[50358\]: Failed password for root from 112.85.42.94 port 28116 ssh2 ...	2020-08-30 02:37:29
79.73.169.219	attackbots	Fail2Ban Ban Triggered Wordpress Sniffing	2020-08-30 02:54:51
144.217.92.167	attack	Aug 29 17:38:49 h1745522 sshd[17735]: Invalid user frappe from 144.217.92.167 port 57256 Aug 29 17:38:49 h1745522 sshd[17735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.92.167 Aug 29 17:38:49 h1745522 sshd[17735]: Invalid user frappe from 144.217.92.167 port 57256 Aug 29 17:38:51 h1745522 sshd[17735]: Failed password for invalid user frappe from 144.217.92.167 port 57256 ssh2 Aug 29 17:42:38 h1745522 sshd[18184]: Invalid user vftp from 144.217.92.167 port 35354 Aug 29 17:42:38 h1745522 sshd[18184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.92.167 Aug 29 17:42:38 h1745522 sshd[18184]: Invalid user vftp from 144.217.92.167 port 35354 Aug 29 17:42:40 h1745522 sshd[18184]: Failed password for invalid user vftp from 144.217.92.167 port 35354 ssh2 Aug 29 17:46:29 h1745522 sshd[18657]: Invalid user int from 144.217.92.167 port 41686 ...	2020-08-30 02:31:50
218.92.0.173	attackspambots	Aug 29 20:29:08 nextcloud sshd\[25398\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.173 user=root Aug 29 20:29:10 nextcloud sshd\[25398\]: Failed password for root from 218.92.0.173 port 28753 ssh2 Aug 29 20:29:35 nextcloud sshd\[25928\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.173 user=root	2020-08-30 02:49:01
103.207.7.216	attackspambots	Autoban 103.207.7.216 AUTH/CONNECT	2020-08-30 03:08:12
208.109.8.138	attackspam	208.109.8.138 - - [29/Aug/2020:16:20:28 +0100] "POST /wp-login.php HTTP/1.1" 200 2369 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.8.138 - - [29/Aug/2020:16:20:30 +0100] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.8.138 - - [29/Aug/2020:16:20:31 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-30 02:31:33
222.186.173.238	attackspam	Aug 29 18:57:27 instance-2 sshd[2668]: Failed password for root from 222.186.173.238 port 1948 ssh2 Aug 29 18:57:31 instance-2 sshd[2668]: Failed password for root from 222.186.173.238 port 1948 ssh2 Aug 29 18:57:35 instance-2 sshd[2668]: Failed password for root from 222.186.173.238 port 1948 ssh2 Aug 29 18:57:39 instance-2 sshd[2668]: Failed password for root from 222.186.173.238 port 1948 ssh2	2020-08-30 02:58:05
62.234.217.203	attackbots	Aug 29 13:54:50 srv-ubuntu-dev3 sshd[94914]: Invalid user mahesh from 62.234.217.203 Aug 29 13:54:50 srv-ubuntu-dev3 sshd[94914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.217.203 Aug 29 13:54:50 srv-ubuntu-dev3 sshd[94914]: Invalid user mahesh from 62.234.217.203 Aug 29 13:54:53 srv-ubuntu-dev3 sshd[94914]: Failed password for invalid user mahesh from 62.234.217.203 port 52340 ssh2 Aug 29 13:59:42 srv-ubuntu-dev3 sshd[95453]: Invalid user rohit from 62.234.217.203 Aug 29 13:59:43 srv-ubuntu-dev3 sshd[95453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.217.203 Aug 29 13:59:42 srv-ubuntu-dev3 sshd[95453]: Invalid user rohit from 62.234.217.203 Aug 29 13:59:44 srv-ubuntu-dev3 sshd[95453]: Failed password for invalid user rohit from 62.234.217.203 port 56908 ssh2 Aug 29 14:04:24 srv-ubuntu-dev3 sshd[96030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser ...	2020-08-30 03:06:40
192.241.235.243	attack	Hit honeypot r.	2020-08-30 02:46:16
139.162.116.133	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/29 15:49:44 [error] 27704#0: 112472 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "15987161847.535630"] [ref "o0,13v21,13"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-30 03:07:41
45.10.88.238	attackspambots	Diirectory traversal	2020-08-30 02:41:07

Recently Reported IPs

119.39.46.119	36.251.250.3	222.79.48.169	185.186.245.124
175.152.109.218	117.109.233.142	171.150.184.106	88.38.76.153
34.65.91.150	27.224.137.113	128.234.142.199	23.225.205.46
23.225.121.122	202.28.33.232	242.244.24.140	202.195.100.158
228.3.39.247	101.103.226.131	173.196.187.94	61.76.43.148