110.89.139.252

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Fujian Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 2 05:09:21 v22019058497090703 sshd[15664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.89.139.252 Sep 2 05:09:22 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2 Sep 2 05:09:25 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2 Sep 2 05:09:26 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=110.89.139.252	2019-09-02 11:57:20

Type

Details

Datetime

attack

Sep  2 05:09:21 v22019058497090703 sshd[15664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.89.139.252
Sep  2 05:09:22 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2
Sep  2 05:09:25 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2
Sep  2 05:09:26 v22019058497090703 sshd[15664]: Failed password for invalid user admin from 110.89.139.252 port 54844 ssh2


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=110.89.139.252

2019-09-02 11:57:20

Comments on same subnet:

IP	Type	Details	Datetime
110.89.139.21	attackbotsspam	Brute force SMTP login attempted. ...	2020-04-01 08:06:49
110.89.139.183	attack	Port Scan: TCP/2222	2019-09-10 18:15:59
110.89.139.21	attack	$f2bV_matches	2019-09-10 03:56:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 110.89.139.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34459
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;110.89.139.252.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090101 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Sep 02 11:57:13 CST 2019
;; MSG SIZE  rcvd: 118

Host info

252.139.89.110.in-addr.arpa domain name pointer 252.139.89.110.broad.ly.fj.dynamic.163data.com.cn.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
252.139.89.110.in-addr.arpa	name = 252.139.89.110.broad.ly.fj.dynamic.163data.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.55.177.230	attack	2019-11-03T16:35:12.579112shield sshd\[15680\]: Invalid user houting from 45.55.177.230 port 38232 2019-11-03T16:35:12.583699shield sshd\[15680\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.177.230 2019-11-03T16:35:14.948207shield sshd\[15680\]: Failed password for invalid user houting from 45.55.177.230 port 38232 ssh2 2019-11-03T16:39:37.227035shield sshd\[17574\]: Invalid user grouchy from 45.55.177.230 port 57410 2019-11-03T16:39:37.231326shield sshd\[17574\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.177.230	2019-11-04 04:39:54
182.75.170.150	attackbots	Unauthorized connection attempt from IP address 182.75.170.150 on Port 445(SMB)	2019-11-04 04:51:12
78.85.106.74	attackbots	Triggered: repeated knocking on closed ports.	2019-11-04 05:06:22
165.227.1.117	attack	Nov 3 17:38:24 bouncer sshd\[27228\]: Invalid user appuser from 165.227.1.117 port 37912 Nov 3 17:38:24 bouncer sshd\[27228\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.1.117 Nov 3 17:38:26 bouncer sshd\[27228\]: Failed password for invalid user appuser from 165.227.1.117 port 37912 ssh2 ...	2019-11-04 04:49:15
89.248.168.176	attackbots	Connection by 89.248.168.176 on port: 5938 got caught by honeypot at 11/3/2019 7:38:27 PM	2019-11-04 04:59:36
111.118.179.153	attack	[2019-11-0321:45:19 0100]info[cpaneld]111.118.179.153-titancap"POST/login/\?login_only=1HTTP/1.1"FAILEDLOGINcpaneld:accessdeniedforroot\,reseller\,anduserpassword[2019-11-0321:45:20 0100]info[cpaneld]111.118.179.153-titanc"POST/login/\?login_only=1HTTP/1.1"FAILEDLOGINcpaneld:invalidcpanelusertitanc$has_cpuser_filefailed$[2019-11-0321:45:21 0100]info[cpaneld]111.118.179.153-titanca"POST/login/\?login_only=1HTTP/1.1"FAILEDLOGINcpaneld:invalidcpanelusertitanca$has_cpuser_filefailed$[2019-11-0321:45:22 0100]info[cpaneld]111.118.179.153-titan"POST/login/\?login_only=1HTTP/1.1"FAILEDLOGINcpaneld:invalidcpanelusertitan$has_cpuser_filefailed$[2019-11-0321:45:22 0100]info[cpaneld]111.118.179.153-titancapi"POST/login/\?login_only=1HTTP/1.1"FAILEDLOGINcpaneld:invalidcpanelusertitancapi$has_cpuser_filefailed$	2019-11-04 04:58:37
174.21.101.242	attackspam	Triggered by Fail2Ban at Vostok web server	2019-11-04 05:16:41
54.152.215.48	attackbotsspam	Honeypot hit.	2019-11-04 05:15:11
187.131.211.5	attackbots	Nov 3 19:38:16 mail sshd[25111]: Failed password for root from 187.131.211.5 port 64206 ssh2 ...	2019-11-04 05:16:22
115.231.163.85	attackbotsspam	Nov 3 22:02:03 eventyay sshd[17633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.163.85 Nov 3 22:02:05 eventyay sshd[17633]: Failed password for invalid user Qaz!@#$123654 from 115.231.163.85 port 40844 ssh2 Nov 3 22:06:38 eventyay sshd[17647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.163.85 ...	2019-11-04 05:07:01
54.36.148.117	attackbots	Detected by ModSecurity. Request URI: /webmail/ip-redirect/	2019-11-04 05:01:12
138.94.160.57	attack	$f2bV_matches	2019-11-04 05:11:24
51.75.149.121	attack	[1:37618:1] "MALWARE-CNC Win.Trojan.Latentbot variant outbound connection" [Impact: Vulnerable] From "Stadium-PSE-FP_240.252" at Sun Nov 3 14:03:10 2019 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {tcp} 172.30.10.45:49319 (unknown)->51.75.149.121:443 (germany)	2019-11-04 04:52:02
79.124.8.108	attackbotsspam	Time: Sun Nov 3 11:24:04 2019 -0300 IP: 79.124.8.108 (GB/United Kingdom/-) Failures: 30 (smtpauth) Interval: 3600 seconds Blocked: Permanent Block	2019-11-04 05:00:09
185.176.27.126	attackbots	firewall-block, port(s): 20/tcp, 142/tcp, 604/tcp, 1492/tcp, 1522/tcp, 1525/tcp, 2161/tcp, 2374/tcp, 2883/tcp, 3129/tcp, 3162/tcp, 3209/tcp, 3273/tcp, 3414/tcp, 3514/tcp, 3555/tcp, 3729/tcp, 3743/tcp, 3776/tcp, 3942/tcp, 3945/tcp, 4061/tcp, 4213/tcp, 4379/tcp, 4473/tcp, 4767/tcp, 5087/tcp, 5148/tcp, 5305/tcp, 5337/tcp, 5491/tcp, 5497/tcp, 5535/tcp, 6107/tcp, 6644/tcp, 6732/tcp, 6926/tcp, 6995/tcp, 7132/tcp, 7255/tcp, 7349/tcp, 7531/tcp, 7692/tcp, 7700/tcp, 7733/tcp, 7776/tcp, 7859/tcp, 7911/tcp, 8007/tcp, 8166/tcp, 8336/tcp, 8400/tcp, 8475/tcp, 8701/tcp, 8748/tcp, 8824/tcp, 8992/tcp, 9011/tcp, 9152/tcp, 9250/tcp, 9368/tcp, 9398/tcp, 9614/tcp, 9792/tcp, 9805/tcp, 9994/tcp, 10153/tcp, 10242/tcp, 10294/tcp, 10576/tcp, 10590/tcp, 10670/tcp, 10676/tcp, 10694/tcp, 10731/tcp, 11412/tcp, 11525/tcp, 11600/tcp, 11652/tcp, 11840/tcp, 12269/tcp, 12286/tcp, 12301/tcp, 12753/tcp, 12916/tcp, 13367/tcp, 14054/tcp, 14233/tcp, 14909/tcp, 14933/tcp, 15036/tcp, 15191/tcp, 15318/tcp, 15397/tcp, 15440/tcp, 15508/tcp, 16169/tcp, 16	2019-11-04 04:45:22

Recently Reported IPs

123.15.88.59	20.34.20.55	74.83.196.67	119.173.13.44
196.28.101.118	60.167.20.252	122.6.233.206	83.110.96.159
212.23.215.84	192.44.77.36	139.87.99.225	174.109.129.88
114.99.14.200	177.206.208.46	192.95.15.93	130.44.183.198
185.7.220.173	153.152.234.11	100.210.79.136	71.141.149.162