139.219.6.52 - IPInfo

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: Microsoft (China) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH Brute Force	2020-03-07 20:52:47
attackspambots	Feb 16 07:27:46 sachi sshd\[15659\]: Invalid user crew from 139.219.6.52 Feb 16 07:27:46 sachi sshd\[15659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.6.52 Feb 16 07:27:49 sachi sshd\[15659\]: Failed password for invalid user crew from 139.219.6.52 port 36706 ssh2 Feb 16 07:31:03 sachi sshd\[15981\]: Invalid user r3dmine from 139.219.6.52 Feb 16 07:31:03 sachi sshd\[15981\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.6.52	2020-02-17 04:47:53
attackbots	$f2bV_matches	2020-02-09 05:09:56

Type

Details

Datetime

attack

SSH Brute Force

2020-03-07 20:52:47

attackspambots

Feb 16 07:27:46 sachi sshd\[15659\]: Invalid user crew from 139.219.6.52
Feb 16 07:27:46 sachi sshd\[15659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.6.52
Feb 16 07:27:49 sachi sshd\[15659\]: Failed password for invalid user crew from 139.219.6.52 port 36706 ssh2
Feb 16 07:31:03 sachi sshd\[15981\]: Invalid user r3dmine from 139.219.6.52
Feb 16 07:31:03 sachi sshd\[15981\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.6.52

2020-02-17 04:47:53

attackbots

$f2bV_matches

2020-02-09 05:09:56

Comments on same subnet:

IP	Type	Details	Datetime
139.219.6.50	attackspam	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 2838 [T]	2020-05-09 03:59:22
139.219.6.50	attackbots	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 8251 [T]	2020-03-25 19:51:52
139.219.6.50	attackspam	1184/tcp 51111/tcp 25375/tcp... [2020-01-17/03-16]30pkt,30pt.(tcp)	2020-03-17 09:54:35
139.219.6.50	attackbotsspam	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 6820 [J]	2020-03-03 01:07:17
139.219.6.50	attackbotsspam	" "	2020-02-18 04:47:58
139.219.6.50	attackbots	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 5774 [J]	2020-02-01 17:13:30
139.219.6.50	attack	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 5985 [J]	2020-01-30 16:25:29
139.219.6.50	attackbots	Portscan or hack attempt detected by psad/fwsnort	2020-01-20 23:22:05
139.219.6.50	attackspam	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 12713 [T]	2020-01-20 08:50:15
139.219.6.50	attackbots	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 12713 [T]	2020-01-11 00:53:04
139.219.6.50	attackbotsspam	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 10628 [T]	2020-01-10 18:45:32
139.219.6.50	attackbotsspam	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 8304 [T]	2020-01-09 05:23:45
139.219.6.50	attackspambots	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 1325 [J]	2020-01-07 03:58:53
139.219.6.50	attackbots	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 6169	2020-01-02 20:43:54
139.219.6.50	attack	Unauthorized connection attempt detected from IP address 139.219.6.50 to port 6169	2020-01-01 21:23:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.219.6.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65473
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.219.6.52.			IN	A

;; AUTHORITY SECTION:
.			124	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020800 1800 900 604800 86400

;; Query time: 251 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 09 05:09:53 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 52.6.219.139.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 52.6.219.139.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
139.59.22.169	attack	$f2bV_matches	2020-01-08 05:45:34
92.169.103.184	attack	Jan 7 23:12:16 ns381471 sshd[13602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.169.103.184 Jan 7 23:12:18 ns381471 sshd[13602]: Failed password for invalid user zwt from 92.169.103.184 port 58036 ssh2	2020-01-08 06:13:56
218.92.0.164	attackspambots	2020-01-05 12:26:10 -> 2020-01-07 20:05:11 : 42 login attempts (218.92.0.164)	2020-01-08 06:09:49
82.209.197.111	attackbots	Automatic report - Banned IP Access	2020-01-08 06:00:00
176.228.65.39	attackspambots	2020-01-07T21:19:47.032578homeassistant sshd[19101]: Invalid user RPM from 176.228.65.39 port 50324 2020-01-07T21:19:47.136642homeassistant sshd[19101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.228.65.39 ...	2020-01-08 06:15:54
122.144.211.235	attackspam	Unauthorized connection attempt detected from IP address 122.144.211.235 to port 2220 [J]	2020-01-08 06:14:58
144.91.80.99	attackbotsspam	Unauthorized connection attempt detected from IP address 144.91.80.99 to port 902 [J]	2020-01-08 06:00:26
51.144.127.39	attackbots	20/1/7@16:20:28: FAIL: Alarm-Intrusion address from=51.144.127.39 ...	2020-01-08 05:44:23
112.85.42.174	attackbots	Jan 7 23:00:20 MK-Soft-Root1 sshd[22443]: Failed password for root from 112.85.42.174 port 25011 ssh2 Jan 7 23:00:26 MK-Soft-Root1 sshd[22443]: Failed password for root from 112.85.42.174 port 25011 ssh2 ...	2020-01-08 06:01:42
49.235.84.51	attackspam	Jan 7 22:04:18 icinga sshd[41566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.84.51 Jan 7 22:04:20 icinga sshd[41566]: Failed password for invalid user hadoop from 49.235.84.51 port 52816 ssh2 Jan 7 22:19:59 icinga sshd[56462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.84.51 ...	2020-01-08 06:08:27
1.20.210.209	attackbots	01/07/2020-22:20:01.559461 1.20.210.209 Protocol: 6 ET POLICY Cleartext WordPress Login	2020-01-08 06:06:54
174.138.0.164	attackspam	01/07/2020-22:20:22.465978 174.138.0.164 Protocol: 6 ET POLICY Cleartext WordPress Login	2020-01-08 05:49:33
222.186.175.202	attackbotsspam	SSH login attempts	2020-01-08 05:45:18
140.237.191.63	attack	2020-01-07 15:19:25 dovecot_login authenticator failed for (jncis) [140.237.191.63]:63539 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liuting@lerctr.org) 2020-01-07 15:19:32 dovecot_login authenticator failed for (prapg) [140.237.191.63]:63539 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liuting@lerctr.org) 2020-01-07 15:19:44 dovecot_login authenticator failed for (idtti) [140.237.191.63]:63539 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liuting@lerctr.org) ...	2020-01-08 06:18:25
159.192.96.253	attack	SSH authentication failure x 6 reported by Fail2Ban ...	2020-01-08 06:21:14

Recently Reported IPs

206.103.150.101	62.215.176.225	198.13.207.101	70.129.153.214
147.253.166.190	162.243.128.48	186.20.130.183	12.27.148.134
88.250.254.90	99.3.152.248	122.104.120.103	62.155.135.218
187.18.199.19	95.15.40.3	68.177.42.143	3.30.8.6
157.41.190.242	7.24.84.49	223.14.61.2	113.234.172.246