Loading...

219.140.165.85 is in Wuhan, China

219.140.165.85 is known for brute force.

The report has been created on Apr 28, 2017 20:45:41
The IP address 219.140.165.85 belongs to China Telecom ISP in Wuhan (Hubei, 12), China (30.5800991058 and 114.273399353). The hostname is 219.140.165.85.
China (People's Republic of China, CHN) is a Upper middle income country in East Asia & Pacific. The currency is Chinese yuan.
As of Apr 28, 2017 20:45:41 we have 6 complaint(s) about 219.140.165.85. Based on our records, the 219.140.165.85 has been involved in brute force, etc.

219.140.165.85

IP Address Country:  China (CN)
IP Address Region:12 Hubei
IP Address City:Wuhan
IP Postal Code
IP Address Area Code0
IP Metro Code0
IP Address Latitude:30.5800991058
IP Address Longitude:114.273399353
IP Address ISP: China Telecom
Organisation:
IP Address Proxy:
IP Address Host:219.140.165.85
Map is loading...

If 219.140.165.85 is causing you trouble (doing SPAM, brute-force, DOS attack, phishing, or other fraud), you can report the abuser right here!



We have 6 complaints about 219.140.165.85


Anonymous user from 41.188.51.211 in Madagascar
>4 months agoSSH Brute Force - in Brute Force
"Using Fail2Ban I have been getting one email each day that the IP address 221.232.0.0 - 221.235.255.255 and netname of CHINANET-HB is trying to access SSH."

Anonymous user from 85.238.99.46 in Ukraine
>5 years agoBrute Force - in Brute Force
"Mar 3 18:08:28 server1298 sshd[7365]: User bin from 219.140.165.85 not allowed because not listed in AllowUsers
Mar 3 18:08:28 server1298 sshd[7371]: input_userauth_request: invalid user bin
Mar 3 18:08:28 server1298 sshd[7365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=bin
Mar 3 18:08:28 server1298 sshd[7368]: User bin from 219.140.165.85 not allowed because not listed in AllowUsers
Mar 3 18:08:28 server1298 sshd[7372]: input_userauth_request: invalid user bin
Mar 3 18:08:28 server1298 sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=bin
Mar 3 18:08:30 server1298 sshd[7365]: Failed password for invalid user bin from 219.140.165.85 port 54904 ssh2
Mar 3 18:08:30 server1298 sshd[7368]: Failed password for invalid user bin from 219.140.165.85 port 34746 ssh2
Mar 3 18:08:31 server1298 sshd[7371]: Received disconnect from 219.140.165.85: 11: Bye Bye
Mar 3 18:08:34 server1298 sshd[7372]: Connection closed by 219.140.165.85
"

Anonymous user from 194.44.31.236 in Ukraine
>5 years agovery strong bruteforcing - in Brute Force
"Mar 2 08:11:54 saraksh sshd[9998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=root
Mar 2 08:11:56 saraksh sshd[9998]: Failed password for root from 219.140.165.85 port 33133 ssh2
Mar 2 08:11:56 saraksh sshd[9999]: Received disconnect from 219.140.165.85: 11: Bye Bye
Mar 2 08:11:59 saraksh unix_chkpwd[10004]: password check failed for user (root)
Mar 2 08:11:59 saraksh sshd[10002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=root
Mar 2 08:12:02 saraksh sshd[10002]: Failed password for root from 219.140.165.85 port 34695 ssh2
Mar 2 08:12:03 saraksh sshd[10003]: Received disconnect from 219.140.165.85: 11: Bye Bye
Mar 2 08:12:06 saraksh unix_chkpwd[10007]: password check failed for user (root)
Mar 2 08:12:06 saraksh sshd[10005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=root
Mar 2 08:12:08 saraksh sshd[10005]: Failed password for root from 219.140.165.85 port 36521 ssh2
Mar 2 08:12:08 saraksh sshd[10006]: Received disconnect from 219.140.165.85: 11: Bye Bye
Mar 2 10:45:34 saraksh sshd[10315]: Did not receive identification string from 193.171.155.29
"

Anonymous user from 141.41.69.106 in Germany
>5 years agoSSH Brute Force - in Brute Force
"Feb 27 17:42:41 XXXXXX sshd[17637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85 user=root
Feb 27 17:42:43 XXXXXX sshd[17637]: Failed password for root from 219.140.165.85 port 46421 ssh2"

Anonymous user from 71.212.69.96 in United States
>5 years agoSSH brute-force attack - in Brute Force
"Feb 17 13:46:10 ODO sshd[26703]: Invalid user root from 219.140.165.85
Feb 17 13:46:10 ODO sshd[26703]: input_userauth_request: invalid user root
Feb 17 13:46:10 ODO sshd[26703]: error: Could not get shadow information for NOUSER
Feb 17 13:46:10 ODO sshd[26703]: Failed password for invalid user root from 219.140.165.85 port 49391 ssh2
Feb 17 13:46:10 ODO sshd[26703]: Received disconnect from 219.140.165.85: 11: Bye Bye
Feb 17 13:46:12 ODO sshd[26706]: Invalid user root from 219.140.165.85
Feb 17 13:46:12 ODO sshd[26706]: input_userauth_request: invalid user root
Feb 17 13:46:12 ODO sshd[26706]: error: Could not get shadow information for NOUSER
Feb 17 13:46:12 ODO sshd[26706]: Failed password for invalid user root from 219.140.165.85 port 50913 ssh2
Feb 17 13:46:12 ODO sshd[26706]: Received disconnect from 219.140.165.85: 11: Bye Bye
Feb 17 13:46:14 ODO sshd[26710]: Invalid user root from 219.140.165.85
Feb 17 13:46:14 ODO sshd[26710]: input_userauth_request: invalid user root
Feb 17 13:46:14 ODO sshd[26710]: error: Could not get shadow information for NOUSER
Feb 17 13:46:14 ODO sshd[26710]: Failed password for invalid user root from 219.140.165.85 port 52483 ssh2
Feb 17 13:46:14 ODO sshd[26710]: Received disconnect from 219.140.165.85: 11: Bye Bye
Feb 17 13:46:16 ODO sshd[26713]: Invalid user root from 219.140.165.85
Feb 17 13:46:16 ODO sshd[26713]: input_userauth_request: invalid user root
Feb 17 13:46:16 ODO sshd[26713]: error: Could not get shadow information for NOUSER
Feb 17 13:46:16 ODO sshd[26713]: Failed password for invalid user root from 219.140.165.85 port 53857 ssh2
Feb 17 13:46:16 ODO sshd[26713]: Received disconnect from 219.140.165.85: 11: Bye Bye
Feb 17 13:46:18 ODO sshd[26758]: Invalid user root from 219.140.165.85
Feb 17 13:46:18 ODO sshd[26758]: input_userauth_request: invalid user root
Feb 17 13:46:18 ODO sshd[26758]: error: Could not get shadow information for NOUSER
Feb 17 13:46:18 ODO sshd[26758]: Failed password for invalid user root from 219.140.165.85 port 54837 ssh2
Feb 17 13:46:18 ODO sshd[26758]: Received disconnect from 219.140.165.85: 11: Bye Bye
Feb 17 13:46:20 ODO sshd[26762]: Invalid user root from 219.140.165.85

18 additional attempts, including user "bin" and "zt""

bobcat
>5 years agoMassive SSH attack on an entire subnet - in Brute Force
"Extract from tcpdump at Feb 1st 2012 (time in CET):
16:21:52.499114 IP 219.140.165.85.4955 > 213.52.52.60.22: Flags [S], seq 1743718686, win 65535, options [mss 1460,nop,nop,sackOK], length 0
16:21:52.499118 IP 219.140.165.85.4955 > 213.52.55.180.22: Flags [S], seq 564192223, win 65535, options [mss 1460,nop,nop,sackOK], length 0
16:21:52.499123 IP 219.140.165.85.4955 > 213.52.52.154.22: Flags [S], seq 949323640, win 65535, options [mss 1460,nop,nop,sackOK], length 0
16:21:52.499128 IP 219.140.165.85.4955 > 213.52.54.126.22: Flags [S], seq 303418362, win 65535, options [mss 1460,nop,nop,sackOK], length 0
16:21:52.499133 IP 219.140.165.85.4955 > 213.52.54.227.22: Flags [S], seq 1684624319, win 65535, options [mss 1460,nop,nop,sackOK], length 0

Most likely a bot doing survey for SSH servers."

WHOIS for 219.140.165.85

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-4]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 219.140.0.0 - 219.140.255.255
netname: CHINANET-HB-WH
country: CN
descr: Chinanet network in Wuhan city Hubei province
admin-c: CHW9-AP
admin-c: CHA1-AP
tech-c: YH51-AP
tech-c: WX145-AP
status: ASSIGNED NON-PORTABLE
changed: zhangyl@dc.wh.hb.cn 20030922
mnt-by: MAINT-CN-CHINANET-HB
source: APNIC

role: CHINANET HB WH
address: No.1 HongShan Road Wuhan city
address: Hubei Province P.R.China
country: CN
phone: +86-27-87811065
phone: +86-27-87897599
fax-no: +86-27-87811653
e-mail: ip_admin_wh@public.wh.hb.cn
remarks: send spam reports to spam_wh@public.wh.hb.cn
remarks: and abuse reports to abuse_wh@public.wh.hb.cn
remarks: Please include detailed information and
remarks: times in GMT+8
admin-c: WX145-AP
tech-c: YH51-AP
tech-c: WX145-AP
nic-hdl: CHW9-AP
notify: ip_admin_hb@public.wh.hb.cn
mnt-by: MAINT-CN-CHINANET-HB
changed: zhangyl68@public.wh.hb.cn 20031114
source: APNIC
changed: hm-changed@apnic.net 20111114

role: CHINANET HB ADMIN
address: 8th floor of JinGuang Building
address: #232 of Macao Road
address: HanKou Wuhan Hubei Province
address: P.R.China
country: CN
phone: +86 27 82862199
fax-no: +86 27 82861499
e-mail: ip_admin_hb@public.wh.hb.cn
remarks: send spam reports to spam_hb@public.wh.hb.cn
remarks: and abuse reports to abuse_hb@public.wh.hb.cn
remarks: Please include detailed information and
remarks: times in GMT+8
admin-c: YZ83-AP
admin-c: ZC77-AP
tech-c: YZ83-AP
tech-c: ZC77-AP
nic-hdl: CHA1-AP
notify: ip_admin_hb@public.wh.hb.cn
mnt-by: MAINT-CN-CHINANET-HB
changed: zhangyl68@public.wh.hb.cn 20031114
source: APNIC
changed: hm-changed@apnic.net 20111114

person: WANG XI
address: No.1 Hongshan Road
address: Wuchang, Wuhan,Hubei province
address: P.R.China
country: CN
phone: +86-27-87270127
fax-no: +86-27-87313806
e-mail: wxi@dc.wh.hb.cn
nic-hdl: WX145-AP
mnt-by: MAINT-CN-CHINANET-HB
changed: jennyzhang@21cn.com 20020409
source: APNIC

person: Ying Hai
nic-hdl: YH51-AP
e-mail: yhai@dc.wh.hb.cn
address: No.1 HongShan Road
address: Wuhan Hubei province
address: P.R.China
phone: +86-27-87811065
fax-no: +86-27-87811653
country: CN
changed: zhangyl@dc.wh.hb.cn 20030919
mnt-by: MAINT-NEW
source: APNIC


Abusing IP Addresses from the same C block

IP AddressAbuseComplaints
219.140.165.23fraud:1 complaints

Other Brute Force Complaints

>5 years ago China221.122.66.23"Massive SSH attack on an entire subnet"
>5 years ago China220.163.43.66"Attempted SQL server hack"
>5 years ago United States204.14.210.149"Massive SSH brute force, targets an entire subnet"
>5 years ago Korea, Republic Of211.191.168.118"SSH"
>5 years ago Korea, Republic Of110.4.107.2"SSH"
>5 years ago China118.145.25.67"ban"
>5 years ago 199.68.197.238"ban"
>5 years ago China60.171.214.30"ban"
>5 years ago China218.75.49.242"spy"
>5 years ago Belgium194.78.18.226"DirBuster"

Domains in the same C Block as 219.140.165.85

IP AddressDomainRank
219.140.165.130lovewh.com690999
219.140.165.17027.cn814567
219.140.165.17wenbanzhu.com480908
219.140.165.1718dao.org840394
219.140.165.17jamesqi.com147557
219.140.165.1718dao.net121649
219.140.165.17chahaoba.com49158
219.140.165.17youbianku.com34129
219.140.165.19bgo.cn28875
219.140.165.281717pk.com51509
219.140.165.5151qianqian.com288097
219.140.165.52cfjc168.com859810