IP address

Search at other sites:
--139.5.108.172
Shodan(more info)
Passive DNS
Tags:
IP blacklists
blocklist.de SSH
139.5.108.172 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-04-27 22:05:00.255000
Was present on blacklist at: 2026-04-09 04:05, 2026-04-09 10:05, 2026-04-09 16:05, 2026-04-09 22:05, 2026-04-10 04:05, 2026-04-10 10:05, 2026-04-10 16:05, 2026-04-10 22:05, 2026-04-21 10:05, 2026-04-21 16:05, 2026-04-21 22:05, 2026-04-22 04:05, 2026-04-22 10:05, 2026-04-22 16:05, 2026-04-22 22:05, 2026-04-23 04:05, 2026-04-24 16:05, 2026-04-24 22:05, 2026-04-26 04:05, 2026-04-27 10:05, 2026-04-27 16:05, 2026-04-27 22:05
Echelon SSH connection attempt
139.5.108.172 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-04-23 09:35:00.931000
Was present on blacklist at: 2026-04-09 09:35, 2026-04-10 09:35, 2026-04-11 09:35, 2026-04-12 09:35, 2026-04-13 09:35, 2026-04-14 09:35, 2026-04-15 09:35, 2026-04-16 09:35, 2026-04-17 09:35, 2026-04-19 09:35, 2026-04-20 09:35, 2026-04-21 09:35, 2026-04-22 09:35, 2026-04-23 09:35
Echelon SSH bruteforce
139.5.108.172 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-09 09:35:01.374000
Was present on blacklist at: 2026-04-09 09:35, 2026-04-10 09:35, 2026-04-11 09:35, 2026-04-12 09:35, 2026-04-13 09:35, 2026-04-14 09:35, 2026-04-15 09:35, 2026-04-16 09:35, 2026-04-17 09:35, 2026-04-19 09:35, 2026-04-20 09:35, 2026-04-21 09:35, 2026-04-22 09:35, 2026-04-23 09:35, 2026-05-03 09:35, 2026-05-04 09:35, 2026-05-05 09:35, 2026-05-07 09:35, 2026-05-08 09:35, 2026-05-09 09:35
AbuseIPDB
139.5.108.172 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-04-23 04:00:00.626000
Was present on blacklist at: 2026-04-11 04:00, 2026-04-12 04:00, 2026-04-13 04:00, 2026-04-14 04:00, 2026-04-18 04:00, 2026-04-21 04:00, 2026-04-23 04:00

Threat categories

TLRoleCategoryDetails
50 src scan
25 src login protocol: ssh
DShield reports (IP summary, reports)
2026-04-11
Number of reports: 50
Distinct targets: 5
2026-04-14
Number of reports: 58
Distinct targets: 5
2026-04-15
Number of reports: 58
Distinct targets: 5
2026-04-16
Number of reports: 25
Distinct targets: 3
2026-04-19
Number of reports: 56
Distinct targets: 3
2026-04-20
Number of reports: 30
Distinct targets: 5
2026-04-21
Number of reports: 21
Distinct targets: 3
2026-04-22
Number of reports: 123
Distinct targets: 7
2026-04-24
Number of reports: 52
Distinct targets: 4
2026-04-25
Number of reports: 47
Distinct targets: 7
2026-04-28
Number of reports: 44
Distinct targets: 10
2026-04-29
Number of reports: 74
Distinct targets: 16
2026-04-30
Number of reports: 74
Distinct targets: 16
2026-05-01
Number of reports: 44
Distinct targets: 10
2026-05-02
Number of reports: 33
Distinct targets: 15
2026-05-03
Number of reports: 33
Distinct targets: 15
Origin AS
AS142002 - SCLOUDPTELTD-AS
BGP Prefix
139.5.108.0/24
geo
China
🕑 Asia/Shanghai
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
139.5.108.0 - 139.5.111.255
reserved_range
0
Shodan's InternetDB
Open ports: 80
Tags: eol-product
CPEs: cpe:/a:php:php:8.0.30, cpe:/a:f5:nginx:1.20.1, cpe:/a:jquery:jquery, cpe:/a:mysql:mysql, cpe:/a:wordpress:wordpress
ts_added
2026-04-09 04:06:33.687000
ts_last_update
2026-05-12 04:06:40.706000

Warden event timeline

DShield event timeline

Presence on blacklists