IP address

Passive DNS

Tags: Scanner

IP blacklists

blocklist.de SSH

139.59.96.105 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-03-15 11:05:05.344000
Was present on blacklist at: 2025-03-06 23:05, 2025-03-07 05:05, 2025-03-07 11:05, 2025-03-07 17:05, 2025-03-07 23:05, 2025-03-08 05:05, 2025-03-08 11:05, 2025-03-08 17:05, 2025-03-08 23:05, 2025-03-09 05:05, 2025-03-09 11:05, 2025-03-09 17:05, 2025-03-09 23:05, 2025-03-10 05:05, 2025-03-10 11:05, 2025-03-10 17:05, 2025-03-10 23:05, 2025-03-11 05:05, 2025-03-11 11:05, 2025-03-11 17:05, 2025-03-11 23:05, 2025-03-12 05:05, 2025-03-12 11:05, 2025-03-12 17:05, 2025-03-12 23:05, 2025-03-13 05:05, 2025-03-13 11:05, 2025-03-13 17:05, 2025-03-13 23:05, 2025-03-14 05:05, 2025-03-14 11:05, 2025-03-14 17:05, 2025-03-14 23:05, 2025-03-15 05:05, 2025-03-15 11:05

AbuseIPDB

139.59.96.105 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-03-15 05:00:00.559000
Was present on blacklist at: 2025-03-07 05:00, 2025-03-08 05:00, 2025-03-09 05:00, 2025-03-10 05:00, 2025-03-11 05:00, 2025-03-12 05:00, 2025-03-13 05:00, 2025-03-14 05:00, 2025-03-15 05:00

UCEPROTECT L1

139.59.96.105 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-03-19 16:45:00.755000
Was present on blacklist at: 2025-03-07 16:45, 2025-03-08 00:45, 2025-03-08 08:45, 2025-03-09 00:45, 2025-03-09 08:45, 2025-03-09 16:45, 2025-03-10 00:45, 2025-03-10 08:45, 2025-03-10 16:45, 2025-03-11 00:45, 2025-03-11 08:45, 2025-03-11 16:45, 2025-03-12 00:45, 2025-03-12 08:45, 2025-03-12 16:45, 2025-03-13 00:45, 2025-03-13 08:45, 2025-03-13 16:45, 2025-03-14 00:45, 2025-03-14 08:45, 2025-03-14 16:45, 2025-03-15 00:45, 2025-03-15 08:45, 2025-03-15 16:45, 2025-03-16 00:45, 2025-03-16 08:45, 2025-03-16 16:45, 2025-03-17 00:45, 2025-03-17 08:45, 2025-03-17 16:45, 2025-03-18 00:45, 2025-03-18 08:45, 2025-03-18 16:45, 2025-03-19 00:45, 2025-03-19 08:45, 2025-03-19 16:45

Warden events (2028)

2025-03-13: ReconScanning (node.368407): 132; ReconScanning (node.9c1411): 48; AttemptLogin (node.d2ecc6): 2; AttemptLogin (node.e47683): 1; AttemptLogin (node.9c160c): 1; ReconScanning (node.4dc198): 62
2025-03-12: ReconScanning (node.4dc198): 57; ReconScanning (node.368407): 188; ReconScanning (node.9c1411): 61; AttemptLogin (node.9c160c): 3
2025-03-11: ReconScanning (node.368407): 183; ReconScanning (node.9c1411): 54; ReconScanning (node.4dc198): 53; AttemptLogin (node.9c160c): 5; AttemptLogin (node.d2ecc6): 3
2025-03-10: ReconScanning (node.368407): 195; ReconScanning (node.4dc198): 72; AttemptLogin (node.ee25b8): 1; AttemptLogin (node.e47683): 1; AttemptLogin (node.d2ecc6): 2; ReconScanning (node.9c1411): 31; AttemptLogin (node.9c160c): 1; AttemptLogin (node.b7f4d1): 1
2025-03-09: ReconScanning (node.4dc198): 126; ReconScanning (node.368407): 190; AttemptLogin (node.9c160c): 2; AttemptLogin (node.d2ecc6): 2; AttemptLogin (node.ee25b8): 1; AttemptLogin (node.b7f4d1): 1
2025-03-08: ReconScanning (node.368407): 192; AttemptLogin (node.b7f4d1): 1; ReconScanning (node.4dc198): 59; AttemptLogin (node.9c160c): 1
2025-03-07: ReconScanning (node.368407): 197; AttemptLogin (node.ee25b8): 1; AttemptLogin (node.9c160c): 3; ReconScanning (node.4dc198): 21; AttemptLogin (node.d2ecc6): 1
2025-03-06: ReconScanning (node.368407): 66; AttemptLogin (node.d2ecc6): 2; ReconScanning (node.4dc198): 5

DShield reports (IP summary, reports)

2025-03-06: Number of reports: 509; Distinct targets: 162
2025-03-07: Number of reports: 1437; Distinct targets: 279
2025-03-08: Number of reports: 1537; Distinct targets: 303
2025-03-09: Number of reports: 1404; Distinct targets: 298
2025-03-10: Number of reports: 1609; Distinct targets: 283
2025-03-11: Number of reports: 1584; Distinct targets: 304
2025-03-12: Number of reports: 1453; Distinct targets: 308
2025-03-13: Number of reports: 1130; Distinct targets: 264

OTX pulses

[67cede9a85af662116e9515c] 2025-03-10 12:44:09.986000 | SSH honeypot logs for 2025-03-10

Author name:	jnazario
Pulse modified:	2025-03-10 12:44:09.986000
Indicator created:	2025-03-10 12:44:10
Indicator role:	None
Indicator title:
Indicator expiration:	2025-04-09 12:00:00

[67d02c601b45d60d9eb2eb54] 2025-03-11 12:28:16.556000 | SSH honeypot logs for 2025-03-11

Author name:	jnazario
Pulse modified:	2025-03-11 12:28:16.556000
Indicator created:	2025-03-11 12:28:18
Indicator role:	None
Indicator title:
Indicator expiration:	2025-04-10 12:00:00

Origin AS: AS14061 - DIGITALOCEAN-ASN
BGP Prefix: 139.59.96.0/20
geo: Singapore, Singapore; 🕑 Asia/Singapore
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 139.59.0.0 - 139.59.255.255
last_activity: 2025-03-13 17:19:34
last_warden_event: 2025-03-13 17:19:34
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 443, 3306; Tags: eol-product, cloud, database; CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.2p1, cpe:/a:f5:nginx:1.18.0, cpe:/o:linux:linux_kernel, cpe:/a:mariadb:mariadb
ts_added: 2025-03-06 15:13:20.804000
ts_last_update: 2025-05-06 15:13:31.264000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses