139.99.45.201 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: OVH Singapore Pte. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Automatic report - XMLRPC Attack	2020-04-30 20:40:25
attackbotsspam	xmlrpc attack	2020-04-29 03:54:13
attack	Automatic report - XMLRPC Attack	2020-04-03 06:20:07
attack	CMS (WordPress or Joomla) login attempt.	2020-03-06 13:14:12
attackspam	Automatic report - XMLRPC Attack	2020-02-18 13:47:45
attackspam	139.99.45.201 - - [01/Feb/2020:04:58:40 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.99.45.201 - - [01/Feb/2020:04:58:41 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-02-01 13:07:47
attack	139.99.45.201 - - \[06/Jan/2020:21:54:07 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 139.99.45.201 - - \[06/Jan/2020:21:54:10 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 139.99.45.201 - - \[06/Jan/2020:21:54:11 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 802 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-01-07 04:55:06

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.99.45.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17821
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.99.45.201.			IN	A

;; AUTHORITY SECTION:
.			586	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020010601 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jan 07 04:55:03 CST 2020
;; MSG SIZE  rcvd: 117

Host info

201.45.99.139.in-addr.arpa domain name pointer welcome.huynhhieu.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
201.45.99.139.in-addr.arpa	name = welcome.huynhhieu.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.89.138.148	attackspambots	Apr 11 14:18:49 host sshd[7970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.138.148 user=root Apr 11 14:18:52 host sshd[7970]: Failed password for root from 51.89.138.148 port 58970 ssh2 ...	2020-04-11 22:38:20
222.186.180.142	attackspam	Apr 11 16:19:38 plex sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.142 user=root Apr 11 16:19:41 plex sshd[10079]: Failed password for root from 222.186.180.142 port 56585 ssh2	2020-04-11 22:32:45
178.154.200.136	attack	[Sat Apr 11 19:18:58.633183 2020] [:error] [pid 7944:tid 139985714099968] [client 178.154.200.136:33014] [client 178.154.200.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XpG1sskz5Lc7f6enOkJEkgAAAhw"] ...	2020-04-11 22:31:58
120.92.2.217	attack	Apr 11 16:45:47 lukav-desktop sshd\[19563\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.2.217 user=root Apr 11 16:45:49 lukav-desktop sshd\[19563\]: Failed password for root from 120.92.2.217 port 30888 ssh2 Apr 11 16:50:19 lukav-desktop sshd\[19721\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.2.217 user=root Apr 11 16:50:21 lukav-desktop sshd\[19721\]: Failed password for root from 120.92.2.217 port 6828 ssh2 Apr 11 16:52:15 lukav-desktop sshd\[19788\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.2.217 user=root	2020-04-11 22:04:28
181.174.160.20	attackbotsspam	(sshd) Failed SSH login from 181.174.160.20 (PY/Paraguay/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 11 14:18:37 ubnt-55d23 sshd[25747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.174.160.20 user=root Apr 11 14:18:39 ubnt-55d23 sshd[25747]: Failed password for root from 181.174.160.20 port 38908 ssh2	2020-04-11 22:47:46
40.123.207.179	attackspam	Apr 11 08:28:34 server1 sshd\[8420\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.123.207.179 user=nagios Apr 11 08:28:36 server1 sshd\[8420\]: Failed password for nagios from 40.123.207.179 port 54788 ssh2 Apr 11 08:33:39 server1 sshd\[9672\]: Invalid user jairo from 40.123.207.179 Apr 11 08:33:39 server1 sshd\[9672\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.123.207.179 Apr 11 08:33:41 server1 sshd\[9672\]: Failed password for invalid user jairo from 40.123.207.179 port 36654 ssh2 ...	2020-04-11 22:35:27
219.233.49.247	attack	DATE:2020-04-11 14:19:25, IP:219.233.49.247, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-04-11 22:02:19
139.155.21.186	attackspambots	Apr 11 20:35:15 webhost01 sshd[16061]: Failed password for root from 139.155.21.186 port 42172 ssh2 ...	2020-04-11 21:58:10
138.197.222.141	attackbots	2020-04-11T15:08:42.290936cyberdyne sshd[1382821]: Failed password for invalid user admin from 138.197.222.141 port 60606 ssh2 2020-04-11T15:12:47.829697cyberdyne sshd[1383049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.222.141 user=root 2020-04-11T15:12:49.659183cyberdyne sshd[1383049]: Failed password for root from 138.197.222.141 port 40516 ssh2 2020-04-11T15:16:48.769726cyberdyne sshd[1383230]: Invalid user smb from 138.197.222.141 port 48648 ...	2020-04-11 21:58:58
217.61.109.80	attackbotsspam	Apr 11 16:17:08 pornomens sshd\[21190\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.61.109.80 user=root Apr 11 16:17:09 pornomens sshd\[21190\]: Failed password for root from 217.61.109.80 port 44274 ssh2 Apr 11 16:21:26 pornomens sshd\[21241\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.61.109.80 user=root ...	2020-04-11 22:27:55
51.77.151.175	attackbots	20 attempts against mh-ssh on cloud	2020-04-11 22:05:20
106.12.47.171	attack	Apr 11 14:02:34 ns382633 sshd\[31603\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.47.171 user=root Apr 11 14:02:36 ns382633 sshd\[31603\]: Failed password for root from 106.12.47.171 port 47212 ssh2 Apr 11 14:16:47 ns382633 sshd\[1909\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.47.171 user=root Apr 11 14:16:48 ns382633 sshd\[1909\]: Failed password for root from 106.12.47.171 port 45450 ssh2 Apr 11 14:18:59 ns382633 sshd\[2180\]: Invalid user postmaster from 106.12.47.171 port 42824 Apr 11 14:18:59 ns382633 sshd\[2180\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.47.171	2020-04-11 22:31:31
154.16.202.232	attackspam	Apr 11 14:18:43 host5 sshd[16499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.16.202.232 user=root Apr 11 14:18:45 host5 sshd[16499]: Failed password for root from 154.16.202.232 port 59358 ssh2 ...	2020-04-11 22:45:50
198.46.233.148	attackbots	Apr 11 14:04:11 ns382633 sshd\[31814\]: Invalid user james from 198.46.233.148 port 49574 Apr 11 14:04:11 ns382633 sshd\[31814\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.46.233.148 Apr 11 14:04:13 ns382633 sshd\[31814\]: Failed password for invalid user james from 198.46.233.148 port 49574 ssh2 Apr 11 14:18:42 ns382633 sshd\[2135\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.46.233.148 user=root Apr 11 14:18:44 ns382633 sshd\[2135\]: Failed password for root from 198.46.233.148 port 47508 ssh2	2020-04-11 22:44:19
219.233.49.201	attackbotsspam	DATE:2020-04-11 14:19:27, IP:219.233.49.201, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-04-11 22:00:45

Recently Reported IPs

222.5.192.6	61.89.158.185	122.181.170.21	72.252.200.55
109.84.115.20	117.31.76.130	32.220.153.13	34.199.67.197
185.81.145.77	98.155.53.120	92.191.15.216	134.226.141.217
58.126.53.61	203.90.23.109	110.99.26.179	51.77.206.189
113.25.198.24	75.30.128.142	63.180.137.55	31.208.233.27