139.99.2.13 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: PT. Cloud Hosting Indonesia

Hostname: unknown

Organization: OVH SAS

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Brute forcing Wordpress login	2019-08-13 14:17:31
attackspambots	xmlrpc attack	2019-07-23 13:05:11
attack	www.ft-1848-basketball.de 139.99.2.13 \[23/Jun/2019:12:05:17 +0200\] "POST /wp-login.php HTTP/1.1" 200 2174 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.ft-1848-basketball.de 139.99.2.13 \[23/Jun/2019:12:05:18 +0200\] "POST /wp-login.php HTTP/1.1" 200 2144 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-06-23 18:24:34

Type

Details

Datetime

attackspambots

Brute forcing Wordpress login

2019-08-13 14:17:31

attackspambots

xmlrpc attack

2019-07-23 13:05:11

attack

www.ft-1848-basketball.de 139.99.2.13 \[23/Jun/2019:12:05:17 +0200\] "POST /wp-login.php HTTP/1.1" 200 2174 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
www.ft-1848-basketball.de 139.99.2.13 \[23/Jun/2019:12:05:18 +0200\] "POST /wp-login.php HTTP/1.1" 200 2144 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"

2019-06-23 18:24:34

Comments on same subnet:

IP	Type	Details	Datetime
139.99.222.79	spambotsattackproxynormal	Super win	2022-06-06 06:47:34
139.99.203.12	attackspambots	Oct 6 18:07:32 scw-gallant-ride sshd[18950]: Failed password for root from 139.99.203.12 port 50320 ssh2	2020-10-07 02:23:59
139.99.203.12	attack	$f2bV_matches	2020-10-06 18:20:20
139.99.219.208	attackbots	5x Failed Password	2020-10-04 08:15:40
139.99.238.150	attackbots	$f2bV_matches	2020-10-04 03:14:53
139.99.219.208	attackbots	detected by Fail2Ban	2020-10-04 00:41:33
139.99.238.150	attackbots	Oct 3 08:51:54 itv-usvr-01 sshd[28621]: Invalid user cloudera from 139.99.238.150 Oct 3 08:51:54 itv-usvr-01 sshd[28621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.238.150 Oct 3 08:51:54 itv-usvr-01 sshd[28621]: Invalid user cloudera from 139.99.238.150 Oct 3 08:51:56 itv-usvr-01 sshd[28621]: Failed password for invalid user cloudera from 139.99.238.150 port 56232 ssh2	2020-10-03 19:07:48
139.99.219.208	attackspam	detected by Fail2Ban	2020-10-03 16:30:33
139.99.238.150	attack	Sep 30 12:05:18 rocket sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.238.150 Sep 30 12:05:20 rocket sshd[6208]: Failed password for invalid user postmaster from 139.99.238.150 port 59568 ssh2 ...	2020-10-01 03:03:51
139.99.219.208	attack	[f2b] sshd bruteforce, retries: 1	2020-10-01 02:59:10
139.99.238.150	attackspam	Sep 30 12:05:18 rocket sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.238.150 Sep 30 12:05:20 rocket sshd[6208]: Failed password for invalid user postmaster from 139.99.238.150 port 59568 ssh2 ...	2020-09-30 19:16:49
139.99.203.12	attackspambots	Sep 24 11:34:25 gw1 sshd[17805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.203.12 Sep 24 11:34:28 gw1 sshd[17805]: Failed password for invalid user sandbox from 139.99.203.12 port 56940 ssh2 ...	2020-09-24 22:23:01
139.99.203.12	attackspam	Sep 24 11:12:30 gw1 sshd[17259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.203.12 Sep 24 11:12:32 gw1 sshd[17259]: Failed password for invalid user minecraft from 139.99.203.12 port 34858 ssh2 ...	2020-09-24 14:15:22
139.99.203.12	attackbots	2020-09-24T02:28:50.439441hostname sshd[12857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.203.12 user=root 2020-09-24T02:28:52.294815hostname sshd[12857]: Failed password for root from 139.99.203.12 port 37342 ssh2 2020-09-24T02:31:52.026106hostname sshd[14044]: Invalid user teamspeak from 139.99.203.12 port 53466 ...	2020-09-24 05:42:47
139.99.239.230	attackbotsspam	139.99.239.230 (AU/Australia/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 23 08:05:36 server2 sshd[29455]: Failed password for root from 139.99.239.230 port 54690 ssh2 Sep 23 08:06:25 server2 sshd[29972]: Failed password for root from 211.23.167.152 port 54474 ssh2 Sep 23 08:08:49 server2 sshd[31240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.18.159.82 user=root Sep 23 08:05:51 server2 sshd[29627]: Failed password for root from 106.13.176.163 port 47966 ssh2 Sep 23 08:05:49 server2 sshd[29627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.176.163 user=root IP Addresses Blocked:	2020-09-23 20:36:18

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.99.2.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24265
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.99.2.13.			IN	A

;; AUTHORITY SECTION:
.			3457	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019050100 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Thu May 02 01:00:47 +08 2019
;; MSG SIZE  rcvd: 115

Host info

13.2.99.139.in-addr.arpa domain name pointer sgx51.cloudhost.id.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
13.2.99.139.in-addr.arpa	name = sgx51.cloudhost.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
94.102.51.30	attack	19/7/31@23:32:18: FAIL: Alarm-Intrusion address from=94.102.51.30 ...	2019-08-01 13:58:31
200.29.100.224	attackbots	Aug 1 06:44:38 yabzik sshd[13656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.100.224 Aug 1 06:44:40 yabzik sshd[13656]: Failed password for invalid user staff from 200.29.100.224 port 39490 ssh2 Aug 1 06:51:55 yabzik sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.100.224	2019-08-01 14:17:16
51.75.147.100	attack	Aug 1 08:57:50 vibhu-HP-Z238-Microtower-Workstation sshd\[18300\]: Invalid user app from 51.75.147.100 Aug 1 08:57:50 vibhu-HP-Z238-Microtower-Workstation sshd\[18300\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.147.100 Aug 1 08:57:52 vibhu-HP-Z238-Microtower-Workstation sshd\[18300\]: Failed password for invalid user app from 51.75.147.100 port 59842 ssh2 Aug 1 09:01:54 vibhu-HP-Z238-Microtower-Workstation sshd\[18403\]: Invalid user hi from 51.75.147.100 Aug 1 09:01:54 vibhu-HP-Z238-Microtower-Workstation sshd\[18403\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.147.100 ...	2019-08-01 14:05:40
77.247.110.58	attack	Port Scan detected from 77.247.110.58 (NL/Netherlands/-). 4 hits in the last 280 seconds	2019-08-01 14:37:12
187.120.135.128	attack	Aug 1 05:28:42 xeon postfix/smtpd[3876]: warning: unknown[187.120.135.128]: SASL PLAIN authentication failed: authentication failure	2019-08-01 13:56:21
73.42.41.14	attackbots	Jul 21 08:27:29 dallas01 sshd[1715]: Failed password for root from 73.42.41.14 port 46123 ssh2 Jul 21 08:27:32 dallas01 sshd[1715]: Failed password for root from 73.42.41.14 port 46123 ssh2 Jul 21 08:27:34 dallas01 sshd[1715]: Failed password for root from 73.42.41.14 port 46123 ssh2 Jul 21 08:27:36 dallas01 sshd[1715]: Failed password for root from 73.42.41.14 port 46123 ssh2	2019-08-01 13:43:05
178.62.30.135	attack	Aug 1 07:47:42 [host] sshd[16049]: Invalid user demo from 178.62.30.135 Aug 1 07:47:42 [host] sshd[16049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.30.135 Aug 1 07:47:44 [host] sshd[16049]: Failed password for invalid user demo from 178.62.30.135 port 42392 ssh2	2019-08-01 14:13:34
134.175.118.68	attackbots	Time: Wed Jul 31 23:01:36 2019 -0400 IP: 134.175.118.68 (CN/China/-) Failures: 20 (WordPressBruteForcePOST) Interval: 3600 seconds Blocked: Permanent Block	2019-08-01 14:14:02
119.5.170.84	attackbots	" "	2019-08-01 14:20:07
198.211.101.74	attackbots	Aug 1 07:53:27 dedicated sshd[16485]: Invalid user sammy from 198.211.101.74 port 39762	2019-08-01 14:12:21
68.183.148.29	attackbots	Aug 1 02:13:18 plusreed sshd[28150]: Invalid user liquide from 68.183.148.29 ...	2019-08-01 14:15:44
14.139.120.70	attackbotsspam	Aug 1 08:43:32 server sshd\[32211\]: Invalid user test from 14.139.120.70 port 41146 Aug 1 08:43:32 server sshd\[32211\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.139.120.70 Aug 1 08:43:34 server sshd\[32211\]: Failed password for invalid user test from 14.139.120.70 port 41146 ssh2 Aug 1 08:48:37 server sshd\[18043\]: User root from 14.139.120.70 not allowed because listed in DenyUsers Aug 1 08:48:37 server sshd\[18043\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.139.120.70 user=root	2019-08-01 13:49:12
193.231.9.4	attackbots	Aug 1 05:22:57 mxgate1 postfix/postscreen[21867]: CONNECT from [193.231.9.4]:39354 to [176.31.12.44]:25 Aug 1 05:22:57 mxgate1 postfix/dnsblog[21908]: addr 193.231.9.4 listed by domain bl.spamcop.net as 127.0.0.2 Aug 1 05:22:57 mxgate1 postfix/dnsblog[21910]: addr 193.231.9.4 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Aug 1 05:23:03 mxgate1 postfix/postscreen[21867]: DNSBL rank 2 for [193.231.9.4]:39354 Aug 1 05:23:04 mxgate1 postfix/tlsproxy[21943]: CONNECT from [193.231.9.4]:39354 Aug x@x Aug 1 05:23:04 mxgate1 postfix/postscreen[21867]: DISCONNECT [193.231.9.4]:39354 Aug 1 05:23:04 mxgate1 postfix/tlsproxy[21943]: DISCONNECT [193.231.9.4]:39354 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=193.231.9.4	2019-08-01 14:17:54
182.61.43.179	attack	$f2bV_matches	2019-08-01 14:08:53
144.217.243.216	attackbotsspam	Aug 1 05:22:23 localhost sshd\[22845\]: Invalid user user1 from 144.217.243.216 port 39882 Aug 1 05:22:23 localhost sshd\[22845\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.243.216 Aug 1 05:22:25 localhost sshd\[22845\]: Failed password for invalid user user1 from 144.217.243.216 port 39882 ssh2 Aug 1 05:28:19 localhost sshd\[22989\]: Invalid user story from 144.217.243.216 port 41778 Aug 1 05:28:19 localhost sshd\[22989\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.243.216 ...	2019-08-01 13:45:38

Recently Reported IPs

4.229.105.80	117.53.45.17	118.16.84.216	90.84.224.152
111.177.55.214	46.182.6.179	113.140.3.81	138.244.162.107
96.142.22.112	213.140.197.32	200.220.138.10	37.127.149.186
89.252.133.61	83.111.128.37	60.50.173.169	90.79.68.237
88.26.254.242	209.205.209.34	14.231.98.23	198.71.241.18