IP address
Tags:
Login attempts
Scanner
- IP blacklists
DataPlane SSH login
139.59.4.0 is listed on the DataPlane SSH login blacklist.
Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-02 07:10:02.387000
Was present on blacklist at:
2025-11-25 15:10,
2025-11-25 19:10,
2025-11-26 03:10,
2025-11-26 07:10,
2025-11-26 15:10,
2025-11-26 19:10,
2025-11-27 03:10,
2025-11-27 07:10,
2025-11-27 15:10,
2025-11-27 19:10,
2025-11-28 03:10,
2025-11-28 07:10,
2025-11-28 15:10,
2025-11-28 19:10,
2025-11-29 03:10,
2025-11-29 07:10,
2025-11-29 15:10,
2025-11-29 19:10,
2025-11-30 03:10,
2025-11-30 07:10,
2025-11-30 15:10,
2025-11-30 19:10,
2025-12-01 03:10,
2025-12-01 07:10,
2025-12-01 15:10,
2025-12-01 19:10,
2025-12-02 03:10,
2025-12-02 07:10
blocklist.de Apache
139.59.4.0 is listed on the blocklist.de Apache blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-11-27 17:05:00.567000
Was present on blacklist at:
2025-11-25 17:05,
2025-11-25 23:05,
2025-11-26 05:05,
2025-11-26 11:05,
2025-11-26 17:05,
2025-11-26 23:05,
2025-11-27 11:05,
2025-11-27 17:05
blocklist.de web-login
139.59.4.0 is listed on the blocklist.de web-login blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-11-27 17:05:00.492000
Was present on blacklist at:
2025-11-25 17:05,
2025-11-25 23:05,
2025-11-26 05:05,
2025-11-26 11:05,
2025-11-26 17:05,
2025-11-26 23:05,
2025-11-27 05:05,
2025-11-27 11:05,
2025-11-27 17:05
BruteForceBlocker
139.59.4.0 is listed on the BruteForceBlocker blacklist.
Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-18 03:52:00.241000
Was present on blacklist at:
2025-11-26 03:52,
2025-11-27 03:52,
2025-11-28 03:52,
2025-11-29 03:52,
2025-11-30 03:52,
2025-12-01 03:52,
2025-12-02 03:52,
2025-12-03 03:52,
2025-12-04 03:52,
2025-12-05 03:52,
2025-12-06 03:52,
2025-12-07 03:52,
2025-12-08 03:52,
2025-12-09 03:52,
2025-12-10 03:52,
2025-12-11 03:52,
2025-12-12 03:52,
2025-12-13 03:52,
2025-12-14 03:52,
2025-12-15 03:52,
2025-12-16 03:52,
2025-12-17 03:52,
2025-12-18 03:52
FireHOL anonymizers
139.59.4.0 is listed on the FireHOL anonymizers blacklist.
Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed:
secondary (
feed detail page)
Last checked at:
2025-12-18 12:05:10
Was present on blacklist at:
2025-11-28 12:05,
2025-11-29 12:05,
2025-11-30 12:05,
2025-12-01 12:05,
2025-12-02 12:05,
2025-12-03 12:05,
2025-12-04 12:05,
2025-12-05 12:05,
2025-12-06 12:05,
2025-12-07 12:05,
2025-12-08 12:05,
2025-12-09 12:05,
2025-12-10 12:05,
2025-12-11 12:05,
2025-12-12 12:05,
2025-12-13 12:05,
2025-12-14 12:05,
2025-12-15 12:05,
2025-12-16 12:05,
2025-12-17 12:05,
2025-12-18 12:05
CI Army
139.59.4.0 is listed on the CI Army blacklist.
Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-12 03:50:00.954000
Was present on blacklist at:
2025-12-12 03:50
- Warden events (29)
- 2025-11-29
-
-
ReconScanning (node.9c1411): 4
- 2025-11-28
-
-
ReconScanning (node.9c1411): 3
- 2025-11-25
-
-
ReconScanning (node.4dc198): 6
-
ReconScanning (node.368407): 3
-
AttemptLogin (node.7c0a3c): 9
-
IntrusionUserCompromise (node.7c0a3c): 1
-
AttemptLogin (node.03e7a9): 3
- Origin AS
- AS14061 - DIGITALOCEAN-ASN
- BGP Prefix
- 139.59.0.0/20
- geo
-
India, Bengaluru
- 🕑 Asia/Kolkata
- hostname
- (null)
- Address block ('inetnum' or 'NetRange' in whois database)
- 139.59.0.0 - 139.59.255.255
- last_activity
- 2025-11-29 06:42:57
- last_warden_event
- 2025-11-29 06:42:57
- rep
- 0.0
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 22, 80, 443
- Tags: cloud, eol-product
- CPEs: cpe:/o:linux:linux_kernel, cpe:/a:f5:nginx:1.18.0, cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux
- ts_added
- 2025-11-25 12:13:48.717000
- ts_last_update
- 2025-12-18 12:13:50.035000
Warden event timeline
DShield event timeline
Presence on blacklists
