157.245.239.1 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SSH login attempts with user root.	2019-11-30 06:17:14

Comments on same subnet:

IP	Type	Details	Datetime
157.245.239.139	attackbots	Nov 29 13:57:11 scivo sshd[26481]: Invalid user fake from 157.245.239.139 Nov 29 13:57:11 scivo sshd[26481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.139 Nov 29 13:57:13 scivo sshd[26481]: Failed password for invalid user fake from 157.245.239.139 port 49200 ssh2 Nov 29 13:57:13 scivo sshd[26481]: Received disconnect from 157.245.239.139: 11: Bye Bye [preauth] Nov 29 13:57:14 scivo sshd[26483]: Invalid user admin from 157.245.239.139 Nov 29 13:57:14 scivo sshd[26483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.139 Nov 29 13:57:16 scivo sshd[26483]: Failed password for invalid user admin from 157.245.239.139 port 34524 ssh2 Nov 29 13:57:17 scivo sshd[26483]: Received disconnect from 157.245.239.139: 11: Bye Bye [preauth] Nov 29 13:57:18 scivo sshd[26485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.1........ -------------------------------	2019-11-29 14:04:21

Type

Details

Datetime

157.245.239.139

attackbots

Nov 29 13:57:11 scivo sshd[26481]: Invalid user fake from 157.245.239.139
Nov 29 13:57:11 scivo sshd[26481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.139 
Nov 29 13:57:13 scivo sshd[26481]: Failed password for invalid user fake from 157.245.239.139 port 49200 ssh2
Nov 29 13:57:13 scivo sshd[26481]: Received disconnect from 157.245.239.139: 11: Bye Bye [preauth]
Nov 29 13:57:14 scivo sshd[26483]: Invalid user admin from 157.245.239.139
Nov 29 13:57:14 scivo sshd[26483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.139 
Nov 29 13:57:16 scivo sshd[26483]: Failed password for invalid user admin from 157.245.239.139 port 34524 ssh2
Nov 29 13:57:17 scivo sshd[26483]: Received disconnect from 157.245.239.139: 11: Bye Bye [preauth]
Nov 29 13:57:18 scivo sshd[26485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.239.1........
-------------------------------

2019-11-29 14:04:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 157.245.239.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36685
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;157.245.239.1.			IN	A

;; AUTHORITY SECTION:
.			541	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112901 1800 900 604800 86400

;; Query time: 122 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Nov 30 06:17:11 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 1.239.245.157.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 1.239.245.157.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
119.29.121.229	attackbotsspam	"Unauthorized connection attempt on SSHD detected"	2020-08-22 00:00:24
51.83.66.171	attackspambots	scans 6 times in preceeding hours on the ports (in chronological order) 9998 1025 27017 9050 2375 4000 resulting in total of 6 scans from 51.83.66.0/23 block.	2020-08-21 23:49:04
188.166.150.254	attack	2020-08-21T16:28:57.159866vps751288.ovh.net sshd\[21643\]: Invalid user ftpadmin from 188.166.150.254 port 38764 2020-08-21T16:28:57.168066vps751288.ovh.net sshd\[21643\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=shanechrisbarker.co.uk 2020-08-21T16:28:59.457132vps751288.ovh.net sshd\[21643\]: Failed password for invalid user ftpadmin from 188.166.150.254 port 38764 ssh2 2020-08-21T16:32:50.708505vps751288.ovh.net sshd\[21653\]: Invalid user root1 from 188.166.150.254 port 47808 2020-08-21T16:32:50.715542vps751288.ovh.net sshd\[21653\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=shanechrisbarker.co.uk	2020-08-21 23:37:08
65.96.150.113	attackbots	Aug 21 07:45:05 josie sshd[19539]: Invalid user admin from 65.96.150.113 Aug 21 07:45:06 josie sshd[19539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.96.150.113 Aug 21 07:45:08 josie sshd[19539]: Failed password for invalid user admin from 65.96.150.113 port 53352 ssh2 Aug 21 07:45:08 josie sshd[19540]: Received disconnect from 65.96.150.113: 11: Bye Bye Aug 21 07:45:08 josie sshd[19545]: Invalid user admin from 65.96.150.113 Aug 21 07:45:08 josie sshd[19545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.96.150.113 Aug 21 07:45:10 josie sshd[19545]: Failed password for invalid user admin from 65.96.150.113 port 53423 ssh2 Aug 21 07:45:10 josie sshd[19546]: Received disconnect from 65.96.150.113: 11: Bye Bye Aug 21 07:45:11 josie sshd[19554]: Invalid user admin from 65.96.150.113 Aug 21 07:45:11 josie sshd[19554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 eu........ -------------------------------	2020-08-21 23:41:25
213.154.70.102	attackbots	Aug 21 15:39:49 rush sshd[30407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.154.70.102 Aug 21 15:39:51 rush sshd[30407]: Failed password for invalid user abs from 213.154.70.102 port 44526 ssh2 Aug 21 15:42:53 rush sshd[30511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.154.70.102 ...	2020-08-21 23:47:21
83.189.29.81	attackbotsspam	Aug 21 13:36:33 plesk sshd[14705]: Bad protocol version identification '' from 83.189.29.81 port 40266 Aug 21 13:36:34 plesk sshd[14706]: Invalid user plexuser from 83.189.29.81 Aug 21 13:36:36 plesk sshd[14706]: Failed password for invalid user plexuser from 83.189.29.81 port 40550 ssh2 Aug 21 13:36:36 plesk sshd[14706]: Connection closed by 83.189.29.81 [preauth] Aug 21 13:36:40 plesk sshd[14708]: Failed password for r.r from 83.189.29.81 port 42358 ssh2 Aug 21 13:36:40 plesk sshd[14708]: Connection closed by 83.189.29.81 [preauth] Aug 21 13:36:43 plesk sshd[14710]: Failed password for r.r from 83.189.29.81 port 44878 ssh2 Aug 21 13:36:43 plesk sshd[14710]: Connection closed by 83.189.29.81 [preauth] Aug 21 13:36:47 plesk sshd[14712]: Failed password for r.r from 83.189.29.81 port 46832 ssh2 Aug 21 13:36:48 plesk sshd[14712]: Connection closed by 83.189.29.81 [preauth] Aug 21 13:36:51 plesk sshd[14714]: Failed password for r.r from 83.189.29.81 port 49338 ssh2 Aug 21 ........ -------------------------------	2020-08-21 23:52:32
82.147.93.63	attackspambots	Dovecot Invalid User Login Attempt.	2020-08-21 23:48:36
81.68.141.71	attackbots	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-21T15:14:06Z and 2020-08-21T15:25:30Z	2020-08-21 23:50:39
69.94.140.230	attackbotsspam	Postfix attempt blocked due to public blacklist entry	2020-08-22 00:07:06
217.171.12.154	attackspambots	Aug 21 13:46:40 game-panel sshd[14020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.171.12.154 Aug 21 13:46:42 game-panel sshd[14020]: Failed password for invalid user bob from 217.171.12.154 port 45804 ssh2 Aug 21 13:51:07 game-panel sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.171.12.154	2020-08-21 23:36:18
124.41.243.22	attackbotsspam	srvr1: (mod_security) mod_security (id:942100) triggered by 124.41.243.22 (NP/-/22.243.41.124.dynamic.wlink.com.np): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:04:31 [error] 482759#0: 840458 [client 124.41.243.22] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801147167.463630"] [ref ""], client: 124.41.243.22, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%29%29+OR+++%28%286466%3D0 HTTP/1.1" [redacted]	2020-08-21 23:48:05
172.81.209.10	attackbotsspam	2020-08-21 09:01:56.266547-0500 localhost sshd[1370]: Failed password for invalid user ts3 from 172.81.209.10 port 50848 ssh2	2020-08-21 23:26:54
218.92.0.251	attackspam	Aug 21 15:20:04 localhost sshd[85435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.251 user=root Aug 21 15:20:06 localhost sshd[85435]: Failed password for root from 218.92.0.251 port 34449 ssh2 Aug 21 15:20:10 localhost sshd[85435]: Failed password for root from 218.92.0.251 port 34449 ssh2 Aug 21 15:20:04 localhost sshd[85435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.251 user=root Aug 21 15:20:06 localhost sshd[85435]: Failed password for root from 218.92.0.251 port 34449 ssh2 Aug 21 15:20:10 localhost sshd[85435]: Failed password for root from 218.92.0.251 port 34449 ssh2 Aug 21 15:20:04 localhost sshd[85435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.251 user=root Aug 21 15:20:06 localhost sshd[85435]: Failed password for root from 218.92.0.251 port 34449 ssh2 Aug 21 15:20:10 localhost sshd[85435]: Failed password fo ...	2020-08-21 23:24:17
46.105.95.84	attackspambots	Aug 21 14:55:16 marvibiene sshd[18670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.105.95.84 user=root Aug 21 14:55:19 marvibiene sshd[18670]: Failed password for root from 46.105.95.84 port 57858 ssh2 Aug 21 15:04:02 marvibiene sshd[18738]: Invalid user charly from 46.105.95.84 port 33752	2020-08-21 23:29:44
129.205.135.171	attackspam	srvr1: (mod_security) mod_security (id:942100) triggered by 129.205.135.171 (ZA/-/129-205-135-171.dynamic.macrolan.co.za): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:05 [error] 482759#0: 840539 [client 129.205.135.171] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801150536.056070"] [ref ""], client: 129.205.135.171, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%29%29%29+OR+++%28%28%284032%3D0 HTTP/1.1" [redacted]	2020-08-21 23:19:46

Recently Reported IPs

140.143.241.2	140.143.230.1	73.21.1.237	14.192.210.2
14.162.80.1	14.63.169.3	14.18.189.6	189.187.238.197
139.199.219.2	139.99.141.2	138.68.242.4	138.197.36.1
138.36.188.1	134.209.70.2	120.232.39.163	132.232.53.4
129.226.122.1	129.204.94.8	128.199.44.1	128.199.224.2