139.59.4.54 - IPInfo

Basic Info

City: Bengaluru

Region: Karnataka

Country: India

Internet Service Provider: Digital Ocean Inc.

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	web-1 [ssh] SSH Attack	2019-07-01 17:22:16

Comments on same subnet:

IP	Type	Details	Datetime
139.59.41.222	attack	Fraud connect	2024-05-17 13:22:44
139.59.40.233	attackspambots	139.59.40.233 - - [12/Oct/2020:13:00:34 +0000] "POST /wp-login.php HTTP/1.1" 200 2077 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.40.233 - - [12/Oct/2020:13:00:37 +0000] "POST /wp-login.php HTTP/1.1" 200 2055 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.40.233 - - [12/Oct/2020:13:00:41 +0000] "POST /wp-login.php HTTP/1.1" 200 2052 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.40.233 - - [12/Oct/2020:13:00:44 +0000] "POST /wp-login.php HTTP/1.1" 200 2052 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 139.59.40.233 - - [12/Oct/2020:13:00:45 +0000] "POST /xmlrpc.php HTTP/1.1" 200 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-"	2020-10-13 00:00:47
139.59.40.233	attack	139.59.40.233 - - [12/Oct/2020:04:39:08 +0100] "POST /wp-login.php HTTP/1.1" 200 2141 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.40.233 - - [12/Oct/2020:04:39:11 +0100] "POST /wp-login.php HTTP/1.1" 200 2125 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.40.233 - - [12/Oct/2020:04:39:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-12 15:24:37
139.59.43.196	attackspambots	139.59.43.196 is unauthorized and has been banned by fail2ban	2020-10-10 04:25:38
139.59.46.167	attackspam	Oct 9 18:04:57 cho sshd[306173]: Failed password for root from 139.59.46.167 port 47238 ssh2 Oct 9 18:09:02 cho sshd[306376]: Invalid user vagrant from 139.59.46.167 port 51624 Oct 9 18:09:02 cho sshd[306376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.46.167 Oct 9 18:09:02 cho sshd[306376]: Invalid user vagrant from 139.59.46.167 port 51624 Oct 9 18:09:03 cho sshd[306376]: Failed password for invalid user vagrant from 139.59.46.167 port 51624 ssh2 ...	2020-10-10 02:06:29
139.59.43.196	attack	probing for vulnerabilities, found a honeypot	2020-10-09 20:23:36
139.59.46.167	attackbots	5x Failed Password	2020-10-09 17:51:12
139.59.43.196	attack	Automatic report - XMLRPC Attack	2020-10-09 12:11:21
139.59.42.174	attackbotsspam	non-SMTP command used ...	2020-10-09 02:13:07
139.59.42.174	attackspambots	non-SMTP command used ...	2020-10-08 18:11:01
139.59.40.240	attackbotsspam	Oct 6 00:07:06 rancher-0 sshd[488183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.40.240 user=root Oct 6 00:07:08 rancher-0 sshd[488183]: Failed password for root from 139.59.40.240 port 56898 ssh2 ...	2020-10-06 06:15:31
139.59.40.240	attackbots	$f2bV_matches	2020-10-05 22:20:50
139.59.40.240	attackbots	2020-10-05T05:20:09.281796randservbullet-proofcloud-66.localdomain sshd[29534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.40.240 user=root 2020-10-05T05:20:11.144033randservbullet-proofcloud-66.localdomain sshd[29534]: Failed password for root from 139.59.40.240 port 49718 ssh2 2020-10-05T05:24:42.393105randservbullet-proofcloud-66.localdomain sshd[29566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.40.240 user=root 2020-10-05T05:24:44.064917randservbullet-proofcloud-66.localdomain sshd[29566]: Failed password for root from 139.59.40.240 port 46138 ssh2 ...	2020-10-05 14:14:28
139.59.46.226	attackspam	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-05 05:52:34
139.59.4.145	attackspam	139.59.4.145 - - [04/Oct/2020:17:02:07 +0100] "POST /wp-login.php HTTP/1.1" 200 2463 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.4.145 - - [04/Oct/2020:17:02:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2407 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.4.145 - - [04/Oct/2020:17:02:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-05 03:38:34

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.59.4.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63202
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.59.4.54.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040501 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Apr 06 03:18:37 +08 2019
;; MSG SIZE  rcvd: 115

Host info

Host 54.4.59.139.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 54.4.59.139.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.13.30.80	attack	Oct 21 12:41:38 penfold sshd[18648]: Invalid user Adminixxxr from 106.13.30.80 port 40146 Oct 21 12:41:38 penfold sshd[18648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.30.80 Oct 21 12:41:40 penfold sshd[18648]: Failed password for invalid user Adminixxxr from 106.13.30.80 port 40146 ssh2 Oct 21 12:41:42 penfold sshd[18648]: Received disconnect from 106.13.30.80 port 40146:11: Bye Bye [preauth] Oct 21 12:41:42 penfold sshd[18648]: Disconnected from 106.13.30.80 port 40146 [preauth] Oct 21 13:06:44 penfold sshd[19601]: Invalid user dev from 106.13.30.80 port 54170 Oct 21 13:06:44 penfold sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.30.80 Oct 21 13:06:46 penfold sshd[19601]: Failed password for invalid user dev from 106.13.30.80 port 54170 ssh2 Oct 21 13:06:47 penfold sshd[19601]: Received disconnect from 106.13.30.80 port 54170:11: Bye Bye [preauth] Oct 2........ -------------------------------	2019-10-24 00:31:26
27.2.140.222	attackbots	Port Scan	2019-10-24 00:42:17
188.131.128.221	attack	Oct 21 12:12:55 lvps5-35-247-183 sshd[13744]: Invalid user gnats from 188.131.128.221 Oct 21 12:12:55 lvps5-35-247-183 sshd[13744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.128.221 Oct 21 12:12:58 lvps5-35-247-183 sshd[13744]: Failed password for invalid user gnats from 188.131.128.221 port 46956 ssh2 Oct 21 12:12:58 lvps5-35-247-183 sshd[13744]: Received disconnect from 188.131.128.221: 11: Bye Bye [preauth] Oct 21 12:26:43 lvps5-35-247-183 sshd[14096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.128.221 user=r.r Oct 21 12:26:45 lvps5-35-247-183 sshd[14096]: Failed password for r.r from 188.131.128.221 port 56304 ssh2 Oct 21 12:26:46 lvps5-35-247-183 sshd[14096]: Received disconnect from 188.131.128.221: 11: Bye Bye [preauth] Oct 21 12:31:42 lvps5-35-247-183 sshd[14186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188......... -------------------------------	2019-10-24 00:02:05
180.168.156.212	attack	Oct 23 14:36:39 pkdns2 sshd\[13925\]: Invalid user maya from 180.168.156.212Oct 23 14:36:41 pkdns2 sshd\[13925\]: Failed password for invalid user maya from 180.168.156.212 port 50397 ssh2Oct 23 14:40:38 pkdns2 sshd\[14134\]: Invalid user address from 180.168.156.212Oct 23 14:40:39 pkdns2 sshd\[14134\]: Failed password for invalid user address from 180.168.156.212 port 32006 ssh2Oct 23 14:44:39 pkdns2 sshd\[14254\]: Invalid user sylvia from 180.168.156.212Oct 23 14:44:41 pkdns2 sshd\[14254\]: Failed password for invalid user sylvia from 180.168.156.212 port 13611 ssh2 ...	2019-10-24 00:43:53
198.108.67.108	attackbotsspam	10/23/2019-09:00:39.714846 198.108.67.108 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-24 00:21:30
159.0.200.153	attackbotsspam	Automatic report - XMLRPC Attack	2019-10-24 00:26:10
88.214.26.8	attackbots	Oct 23 19:48:53 areeb-Workstation sshd[27946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.214.26.8 Oct 23 19:48:55 areeb-Workstation sshd[27946]: Failed password for invalid user admin from 88.214.26.8 port 38894 ssh2 ...	2019-10-24 00:21:08
118.41.11.46	attack	2019-10-23T15:46:53.938423abusebot-5.cloudsearch.cf sshd\[6310\]: Invalid user rakesh from 118.41.11.46 port 36242	2019-10-24 00:03:09
79.197.111.101	attack	SSH login attempts brute force.	2019-10-24 00:13:05
170.238.46.6	attackbots	Oct 23 17:48:21 MK-Soft-VM5 sshd[7288]: Failed password for root from 170.238.46.6 port 44694 ssh2 ...	2019-10-24 00:22:19
198.108.67.38	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-24 00:24:54
185.158.9.115	attackbots	GET /adminer.php 404	2019-10-24 00:27:50
220.133.245.86	attackbots	Port Scan	2019-10-24 00:16:33
104.155.194.63	attackspam	Port Scan	2019-10-24 00:26:36
164.39.7.99	attackbots	164.39.7.99 - - \[23/Oct/2019:15:48:24 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 164.39.7.99 - - \[23/Oct/2019:15:48:24 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-10-24 00:39:04

Recently Reported IPs

151.80.155.98	129.204.141.3	107.170.196.44	105.225.134.11
104.248.57.21	103.245.181.208	94.142.140.23	94.67.109.144
93.157.87.134	89.41.106.8	84.196.147.249	78.32.127.26
36.66.149.211	12.247.179.122	182.73.66.66	54.93.184.121
216.167.162.37	78.189.178.206	58.171.108.172	186.192.16.222