159.192.139.70

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: CAT Telecom Public Company Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Host Scan	2019-12-20 18:46:58

Comments on same subnet:

IP	Type	Details	Datetime
159.192.139.125	attack	Feb1205:57:11server6sshd[29292]:refusedconnectfrom159.192.139.125\(159.192.139.125\)Feb1205:57:11server6sshd[29293]:refusedconnectfrom159.192.139.125\(159.192.139.125\)Feb1205:57:11server6sshd[29294]:refusedconnectfrom159.192.139.125\(159.192.139.125\)Feb1205:57:11server6sshd[29295]:refusedconnectfrom159.192.139.125\(159.192.139.125\)Feb1205:57:19server6sshd[29304]:refusedconnectfrom159.192.139.125\(159.192.139.125\)	2020-02-12 14:16:51
159.192.139.106	attackbotsspam	SSH invalid-user multiple login attempts	2019-12-11 20:08:09
159.192.139.106	attack	Unauthorized connection attempt from IP address 159.192.139.106 on Port 445(SMB)	2019-11-20 01:45:45
159.192.139.106	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-21 03:10:23,206 INFO [shellcode_manager] (159.192.139.106) no match, writing hexdump (246e0795beca36c923f25aa0a860126a :1864263) - MS17010 (EternalBlue)	2019-09-21 17:02:06

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.192.139.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27126
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.192.139.70.			IN	A

;; AUTHORITY SECTION:
.			372	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121902 1800 900 604800 86400

;; Query time: 118 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Dec 20 18:46:55 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 70.139.192.159.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 70.139.192.159.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.242.46.135	attackbots	[portscan] tcp/23 [TELNET] *(RWIN=1571)(07041030)	2019-07-04 16:00:35
186.248.175.2	attackspambots	proto=tcp . spt=36263 . dpt=25 . (listed on Blocklist de Jul 03) (433)	2019-07-04 15:52:08
115.144.178.105	attack	445/tcp 445/tcp 445/tcp... [2019-06-03/07-04]5pkt,1pt.(tcp)	2019-07-04 15:38:30
58.250.86.44	attack	/var/log/messages:Jul 1 19:11:41 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1562008301.818:71070): pid=13416 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=13417 suid=74 rport=54286 laddr=104.167.106.93 lport=22 exe="/usr/sbin/sshd" hostname=? addr=58.250.86.44 terminal=? res=success' /var/log/messages:Jul 1 19:11:41 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1562008301.822:71071): pid=13416 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=13417 suid=74 rport=54286 laddr=104.167.106.93 lport=22 exe="/usr/sbin/sshd" hostname=? addr=58.250.86.44 terminal=? res=success' /var/log/messages:Jul 1 19:11:41 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns........ -------------------------------	2019-07-04 06:16:43
49.231.222.13	attack	445/tcp 445/tcp 445/tcp... [2019-05-06/07-04]13pkt,1pt.(tcp)	2019-07-04 15:58:06
175.107.192.153	attackbots	[SMB remote code execution attempt: port tcp/445] [scan/connect: 2 time(s)] *(RWIN=1024)(07041030)	2019-07-04 15:41:46
45.122.220.136	attackspambots	TCP src-port=54282 dst-port=25 dnsbl-sorbs abuseat-org barracuda (696)	2019-07-04 06:20:41
210.211.96.112	attackbots	Jul 4 07:36:17 MK-Soft-VM4 sshd\[2724\]: Invalid user clark from 210.211.96.112 port 47982 Jul 4 07:36:17 MK-Soft-VM4 sshd\[2724\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.211.96.112 Jul 4 07:36:19 MK-Soft-VM4 sshd\[2724\]: Failed password for invalid user clark from 210.211.96.112 port 47982 ssh2 ...	2019-07-04 15:47:23
162.241.43.67	attack	TCP src-port=36406 dst-port=25 dnsbl-sorbs abuseat-org spamcop (695)	2019-07-04 06:21:58
37.182.196.65	attackspambots	445/tcp 445/tcp 445/tcp... [2019-06-17/07-04]5pkt,1pt.(tcp)	2019-07-04 15:50:15
221.1.221.246	attackspambots	56476/tcp 56476/tcp 56476/tcp... [2019-07-01/04]4pkt,1pt.(tcp)	2019-07-04 15:32:52
185.220.102.4	attackspambots	detected by Fail2Ban	2019-07-04 15:40:41
61.246.62.85	attackspambots	Jul 3 23:27:11 ubuntu-2gb-nbg1-dc3-1 sshd[10575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.246.62.85 Jul 3 23:27:13 ubuntu-2gb-nbg1-dc3-1 sshd[10575]: Failed password for invalid user teamspeak3 from 61.246.62.85 port 58683 ssh2 ...	2019-07-04 06:20:05
46.182.6.249	attackbots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(07041030)	2019-07-04 15:40:24
153.36.240.126	attackbots	Jul 4 07:26:56 MK-Soft-VM6 sshd\[30340\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.240.126 user=root Jul 4 07:26:58 MK-Soft-VM6 sshd\[30340\]: Failed password for root from 153.36.240.126 port 57132 ssh2 Jul 4 07:27:01 MK-Soft-VM6 sshd\[30340\]: Failed password for root from 153.36.240.126 port 57132 ssh2 ...	2019-07-04 15:33:51

Recently Reported IPs

178.229.118.38	213.138.7.227	214.187.104.210	99.9.183.80
163.230.18.144	14.177.182.2	185.121.94.20	78.47.16.52
250.6.79.14	198.179.211.92	209.231.43.211	120.14.167.48
62.183.44.150	40.92.20.16	225.100.21.112	185.210.219.155
37.40.208.133	67.209.68.102	46.20.54.211	185.3.55.212