150.109.52.213

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 26 17:50:59 serwer sshd\[17026\]: Invalid user ravi from 150.109.52.213 port 54186 Sep 26 17:50:59 serwer sshd\[17026\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.213 Sep 26 17:51:01 serwer sshd\[17026\]: Failed password for invalid user ravi from 150.109.52.213 port 54186 ssh2 ...	2020-09-29 05:31:46
attackspam	Time: Sun Sep 27 08:55:39 2020 +0000 IP: 150.109.52.213 (HK/Hong Kong/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 27 08:45:43 3 sshd[9094]: Invalid user amir from 150.109.52.213 port 49488 Sep 27 08:45:45 3 sshd[9094]: Failed password for invalid user amir from 150.109.52.213 port 49488 ssh2 Sep 27 08:49:00 3 sshd[18256]: Invalid user edi from 150.109.52.213 port 57768 Sep 27 08:49:02 3 sshd[18256]: Failed password for invalid user edi from 150.109.52.213 port 57768 ssh2 Sep 27 08:55:34 3 sshd[3838]: Invalid user sandeep from 150.109.52.213 port 46082	2020-09-28 21:53:04
attack	srv02 Mass scanning activity detected Target: 22464 ..	2020-09-28 13:59:20
attackbots	Aug 25 14:14:01 inter-technics sshd[2789]: Invalid user juan from 150.109.52.213 port 59810 Aug 25 14:14:01 inter-technics sshd[2789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.213 Aug 25 14:14:01 inter-technics sshd[2789]: Invalid user juan from 150.109.52.213 port 59810 Aug 25 14:14:03 inter-technics sshd[2789]: Failed password for invalid user juan from 150.109.52.213 port 59810 ssh2 Aug 25 14:18:40 inter-technics sshd[3071]: Invalid user admin from 150.109.52.213 port 41100 ...	2020-08-25 20:41:30
attackbots	Aug 24 07:38:20 webhost01 sshd[10956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.213 Aug 24 07:38:23 webhost01 sshd[10956]: Failed password for invalid user jesse from 150.109.52.213 port 57682 ssh2 ...	2020-08-24 09:10:39
attackbots	Aug 16 11:54:48 vps46666688 sshd[7279]: Failed password for root from 150.109.52.213 port 54566 ssh2 ...	2020-08-17 02:35:57
attackspam	prod11 ...	2020-08-11 17:58:45
attack	(sshd) Failed SSH login from 150.109.52.213 (HK/Hong Kong/-): 10 in the last 3600 secs	2020-07-31 12:38:40
attackspambots	Bruteforce detected by fail2ban	2020-07-27 19:13:04
attack	SSH login attempts.	2020-07-10 02:52:49
attackbots	2020-06-18T20:05:14.037321ns386461 sshd\[27258\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.213 user=root 2020-06-18T20:05:16.398590ns386461 sshd\[27258\]: Failed password for root from 150.109.52.213 port 53854 ssh2 2020-06-18T20:23:12.358718ns386461 sshd\[10890\]: Invalid user admin from 150.109.52.213 port 54756 2020-06-18T20:23:12.363459ns386461 sshd\[10890\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.213 2020-06-18T20:23:14.049459ns386461 sshd\[10890\]: Failed password for invalid user admin from 150.109.52.213 port 54756 ssh2 ...	2020-06-19 04:40:05

Comments on same subnet:

IP	Type	Details	Datetime
150.109.52.25	attack	Invalid user mario from 150.109.52.25 port 38768	2020-03-27 07:26:59
150.109.52.205	attack	...	2020-03-22 17:25:36
150.109.52.25	attackspam	Mar 22 09:10:33 server sshd\[13505\]: Invalid user ftpd from 150.109.52.25 Mar 22 09:10:33 server sshd\[13505\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Mar 22 09:10:34 server sshd\[13505\]: Failed password for invalid user ftpd from 150.109.52.25 port 47760 ssh2 Mar 22 09:35:45 server sshd\[18953\]: Invalid user storm from 150.109.52.25 Mar 22 09:35:45 server sshd\[18953\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 ...	2020-03-22 14:47:41
150.109.52.205	attackspambots	IP blocked	2020-03-22 06:16:12
150.109.52.205	attackbots	Invalid user joe from 150.109.52.205 port 56062	2020-03-20 18:16:40
150.109.52.25	attackspambots	Jan 9 13:30:04 pi sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Jan 9 13:30:06 pi sshd[15126]: Failed password for invalid user ts3srv from 150.109.52.25 port 53262 ssh2	2020-03-13 23:20:37
150.109.52.25	attackbotsspam	Mar 10 21:29:19 ovpn sshd\[1522\]: Invalid user speech-dispatcher from 150.109.52.25 Mar 10 21:29:19 ovpn sshd\[1522\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Mar 10 21:29:21 ovpn sshd\[1522\]: Failed password for invalid user speech-dispatcher from 150.109.52.25 port 59326 ssh2 Mar 10 21:36:55 ovpn sshd\[3546\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 user=root Mar 10 21:36:58 ovpn sshd\[3546\]: Failed password for root from 150.109.52.25 port 35194 ssh2	2020-03-11 06:05:14
150.109.52.25	attackbots	Mar 9 08:24:41 hcbbdb sshd\[31055\]: Invalid user feul from 150.109.52.25 Mar 9 08:24:41 hcbbdb sshd\[31055\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Mar 9 08:24:43 hcbbdb sshd\[31055\]: Failed password for invalid user feul from 150.109.52.25 port 42006 ssh2 Mar 9 08:31:37 hcbbdb sshd\[31740\]: Invalid user to from 150.109.52.25 Mar 9 08:31:37 hcbbdb sshd\[31740\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25	2020-03-09 16:50:56
150.109.52.25	attackspam	Mar 4 10:11:03 ns381471 sshd[4962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Mar 4 10:11:04 ns381471 sshd[4962]: Failed password for invalid user ibpliups from 150.109.52.25 port 43084 ssh2	2020-03-04 17:11:17
150.109.52.25	attackspambots	Feb 25 08:00:01 hcbbdb sshd\[18309\]: Invalid user zgl from 150.109.52.25 Feb 25 08:00:01 hcbbdb sshd\[18309\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Feb 25 08:00:02 hcbbdb sshd\[18309\]: Failed password for invalid user zgl from 150.109.52.25 port 35312 ssh2 Feb 25 08:07:03 hcbbdb sshd\[19062\]: Invalid user master from 150.109.52.25 Feb 25 08:07:03 hcbbdb sshd\[19062\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25	2020-02-25 17:45:58
150.109.52.25	attackspambots	Unauthorized connection attempt detected from IP address 150.109.52.25 to port 2220 [J]	2020-02-23 16:35:24
150.109.52.25	attack	Unauthorized connection attempt detected from IP address 150.109.52.25 to port 2220 [J]	2020-01-19 06:26:35
150.109.52.25	attackbots	Unauthorized connection attempt detected from IP address 150.109.52.25 to port 2220 [J]	2020-01-15 17:47:54
150.109.52.25	attackspam	$f2bV_matches	2020-01-11 21:48:07
150.109.52.25	attackbots	Dec 13 14:04:16 Ubuntu-1404-trusty-64-minimal sshd\[25501\]: Invalid user kepler from 150.109.52.25 Dec 13 14:04:16 Ubuntu-1404-trusty-64-minimal sshd\[25501\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25 Dec 13 14:04:19 Ubuntu-1404-trusty-64-minimal sshd\[25501\]: Failed password for invalid user kepler from 150.109.52.25 port 60092 ssh2 Dec 13 14:12:05 Ubuntu-1404-trusty-64-minimal sshd\[30099\]: Invalid user allinson from 150.109.52.25 Dec 13 14:12:05 Ubuntu-1404-trusty-64-minimal sshd\[30099\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.52.25	2019-12-13 21:54:27

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 150.109.52.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50385
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;150.109.52.213.			IN	A

;; AUTHORITY SECTION:
.			453	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061801 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jun 19 04:40:00 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 213.52.109.150.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 213.52.109.150.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
212.142.226.93	attack	(imapd) Failed IMAP login from 212.142.226.93 (ES/Spain/93.212-142-226.static.clientes.euskaltel.es): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Apr 6 02:06:46 ir1 dovecot[566034]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=212.142.226.93, lip=5.63.12.44, TLS: Connection closed, session=	2020-04-06 08:23:39
51.77.118.129	attack	[2020-04-05 20:32:30] NOTICE[12114][C-00001d6d] chan_sip.c: Call from '' (51.77.118.129:50726) to extension '000442037699171' rejected because extension not found in context 'public'. [2020-04-05 20:32:30] SECURITY[12128] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-05T20:32:30.884-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="000442037699171",SessionID="0x7f020c04b958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/51.77.118.129/50726",ACLName="no_extension_match" [2020-04-05 20:42:03] NOTICE[12114][C-00001d75] chan_sip.c: Call from '' (51.77.118.129:56149) to extension '900442037699171' rejected because extension not found in context 'public'. [2020-04-05 20:42:03] SECURITY[12128] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-05T20:42:03.760-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="900442037699171",SessionID="0x7f020c04b958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/ ...	2020-04-06 08:47:22
112.85.42.180	attack	Apr 6 02:24:18 vps sshd[548349]: Failed password for root from 112.85.42.180 port 62918 ssh2 Apr 6 02:24:22 vps sshd[548349]: Failed password for root from 112.85.42.180 port 62918 ssh2 Apr 6 02:24:25 vps sshd[548349]: Failed password for root from 112.85.42.180 port 62918 ssh2 Apr 6 02:24:29 vps sshd[548349]: Failed password for root from 112.85.42.180 port 62918 ssh2 Apr 6 02:24:33 vps sshd[548349]: Failed password for root from 112.85.42.180 port 62918 ssh2 ...	2020-04-06 08:27:23
27.71.225.103	attackspam	RDP Brute-Force	2020-04-06 08:52:21
35.247.184.113	attackspambots	$f2bV_matches	2020-04-06 08:47:37
139.178.88.75	attackbotsspam	scan z	2020-04-06 08:24:07
41.111.135.199	attack	Apr 6 00:37:38 ncomp sshd[11830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.111.135.199 user=root Apr 6 00:37:40 ncomp sshd[11830]: Failed password for root from 41.111.135.199 port 45882 ssh2 Apr 6 00:45:20 ncomp sshd[12126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.111.135.199 user=root Apr 6 00:45:22 ncomp sshd[12126]: Failed password for root from 41.111.135.199 port 57456 ssh2	2020-04-06 08:26:28
128.199.129.68	attack	Scanned 3 times in the last 24 hours on port 22	2020-04-06 08:33:16
61.187.87.140	attack	B: Abusive ssh attack	2020-04-06 08:56:39
206.189.190.187	attackspambots	2020-04-05T23:43:14.182446Z e59a82af6bd5 New connection: 206.189.190.187:48716 (172.17.0.4:2222) [session: e59a82af6bd5] 2020-04-05T23:50:25.100488Z d370bfef3e72 New connection: 206.189.190.187:51034 (172.17.0.4:2222) [session: d370bfef3e72]	2020-04-06 08:41:56
103.42.57.65	attackbotsspam	Apr 6 02:11:55 nextcloud sshd\[17744\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.42.57.65 user=root Apr 6 02:11:57 nextcloud sshd\[17744\]: Failed password for root from 103.42.57.65 port 45276 ssh2 Apr 6 02:16:09 nextcloud sshd\[22475\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.42.57.65 user=root	2020-04-06 08:23:11
222.186.31.135	attackbots	Apr 6 02:57:46 host5 sshd[32254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.31.135 user=root Apr 6 02:57:47 host5 sshd[32254]: Failed password for root from 222.186.31.135 port 28688 ssh2 ...	2020-04-06 09:00:59
94.130.237.96	attackbotsspam	[Mon Apr 06 04:36:54.650773 2020] [:error] [pid 435:tid 140022815487744] [client 94.130.237.96:49324] [client 94.130.237.96] ModSecurity: Access denied with code 403 (phase 2). Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){12})" at ARGS:id. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1255"] [id "942430"] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: :prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal- found within ARGS:id: 1064:prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-5-11-juli-2016"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platfo ...	2020-04-06 08:21:56
45.126.74.195	attackspam	SSH brutforce	2020-04-06 08:41:35
193.248.33.189	attack	Apr 6 02:14:12 vmd26974 sshd[7672]: Failed password for root from 193.248.33.189 port 41608 ssh2 ...	2020-04-06 08:56:01

Recently Reported IPs

209.122.197.238	103.229.87.2	61.64.177.20	5.182.247.132
47.30.190.166	186.46.149.82	179.216.90.127	125.94.149.98
45.139.221.67	78.186.35.173	47.8.188.139	66.70.134.139
187.217.169.3	122.178.248.148	183.98.121.165	70.141.37.6
20.113.115.51	89.232.100.186	1.2.141.222	164.250.196.133