106.52.130.57 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-05-01 02:57:40
attackbotsspam	Apr 28 08:37:32 mail sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.57 Apr 28 08:37:35 mail sshd[1030]: Failed password for invalid user yuta from 106.52.130.57 port 33148 ssh2 ...	2020-04-28 17:06:35

Type

Details

Datetime

attack

Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)

2020-05-01 02:57:40

attackbotsspam

Apr 28 08:37:32 mail sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.57 
Apr 28 08:37:35 mail sshd[1030]: Failed password for invalid user yuta from 106.52.130.57 port 33148 ssh2
...

2020-04-28 17:06:35

Comments on same subnet:

IP	Type	Details	Datetime
106.52.130.172	attackspam	Sep 16 14:27:57 eventyay sshd[15449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Sep 16 14:28:00 eventyay sshd[15449]: Failed password for invalid user user from 106.52.130.172 port 40200 ssh2 Sep 16 14:33:36 eventyay sshd[15550]: Failed password for root from 106.52.130.172 port 39292 ssh2 ...	2020-09-17 01:47:16
106.52.130.172	attack	Sep 16 05:02:06 ny01 sshd[3415]: Failed password for root from 106.52.130.172 port 50000 ssh2 Sep 16 05:06:55 ny01 sshd[4034]: Failed password for root from 106.52.130.172 port 42400 ssh2	2020-09-16 18:04:12
106.52.130.172	attack	prod8 ...	2020-09-10 20:34:52
106.52.130.172	attackspambots	Sep 10 03:50:38 havingfunrightnow sshd[15556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Sep 10 03:50:41 havingfunrightnow sshd[15556]: Failed password for invalid user lpchao from 106.52.130.172 port 37786 ssh2 Sep 10 03:55:53 havingfunrightnow sshd[15625]: Failed password for root from 106.52.130.172 port 34262 ssh2 ...	2020-09-10 12:23:08
106.52.130.172	attackbots	2020-09-09T16:50:56.393747abusebot-2.cloudsearch.cf sshd[23875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 user=root 2020-09-09T16:50:58.280223abusebot-2.cloudsearch.cf sshd[23875]: Failed password for root from 106.52.130.172 port 39480 ssh2 2020-09-09T16:54:46.221673abusebot-2.cloudsearch.cf sshd[23889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 user=root 2020-09-09T16:54:48.349128abusebot-2.cloudsearch.cf sshd[23889]: Failed password for root from 106.52.130.172 port 47820 ssh2 2020-09-09T16:58:42.405606abusebot-2.cloudsearch.cf sshd[23898]: Invalid user abning19 from 106.52.130.172 port 56170 2020-09-09T16:58:42.411938abusebot-2.cloudsearch.cf sshd[23898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 2020-09-09T16:58:42.405606abusebot-2.cloudsearch.cf sshd[23898]: Invalid user abning19 from 106.52.130.1 ...	2020-09-10 03:09:36
106.52.130.172	attackbots	Aug 30 05:32:30 mockhub sshd[21011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Aug 30 05:32:32 mockhub sshd[21011]: Failed password for invalid user wade from 106.52.130.172 port 54908 ssh2 ...	2020-08-30 22:55:57
106.52.130.172	attackbotsspam	Aug 20 22:26:50 abendstille sshd\[14015\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 user=root Aug 20 22:26:52 abendstille sshd\[14015\]: Failed password for root from 106.52.130.172 port 49222 ssh2 Aug 20 22:29:08 abendstille sshd\[16056\]: Invalid user kitty from 106.52.130.172 Aug 20 22:29:08 abendstille sshd\[16056\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Aug 20 22:29:10 abendstille sshd\[16056\]: Failed password for invalid user kitty from 106.52.130.172 port 46776 ssh2 ...	2020-08-21 04:53:48
106.52.130.172	attackspambots	Aug 19 18:58:31 firewall sshd[3571]: Invalid user matlab from 106.52.130.172 Aug 19 18:58:33 firewall sshd[3571]: Failed password for invalid user matlab from 106.52.130.172 port 47212 ssh2 Aug 19 19:04:27 firewall sshd[3767]: Invalid user ams from 106.52.130.172 ...	2020-08-20 07:42:24
106.52.130.172	attackbotsspam	Aug 17 04:47:12 django-0 sshd[2036]: Invalid user sergio from 106.52.130.172 ...	2020-08-17 13:19:03
106.52.130.172	attackspambots	Aug 14 20:13:48 serwer sshd\[3660\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 user=root Aug 14 20:13:51 serwer sshd\[3660\]: Failed password for root from 106.52.130.172 port 38310 ssh2 Aug 14 20:18:58 serwer sshd\[4108\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 user=root ...	2020-08-15 02:24:37
106.52.130.172	attackspam	2020-08-11 UTC: (32x) - root(32x)	2020-08-12 18:35:56
106.52.130.172	attackspambots	$f2bV_matches	2020-08-10 07:26:53
106.52.130.172	attack	Aug 8 23:56:34 webhost01 sshd[16627]: Failed password for root from 106.52.130.172 port 36748 ssh2 ...	2020-08-09 01:05:28
106.52.130.172	attackbotsspam	Aug 4 09:14:43 game-panel sshd[19476]: Failed password for root from 106.52.130.172 port 38212 ssh2 Aug 4 09:17:39 game-panel sshd[19638]: Failed password for root from 106.52.130.172 port 44246 ssh2	2020-08-05 00:33:14
106.52.130.172	attackspam	Jul 21 11:22:27 cumulus sshd[27281]: Invalid user vladimir from 106.52.130.172 port 57684 Jul 21 11:22:27 cumulus sshd[27281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Jul 21 11:22:28 cumulus sshd[27281]: Failed password for invalid user vladimir from 106.52.130.172 port 57684 ssh2 Jul 21 11:22:33 cumulus sshd[27281]: Received disconnect from 106.52.130.172 port 57684:11: Bye Bye [preauth] Jul 21 11:22:33 cumulus sshd[27281]: Disconnected from 106.52.130.172 port 57684 [preauth] Jul 21 11:53:01 cumulus sshd[30159]: Invalid user nagios from 106.52.130.172 port 45540 Jul 21 11:53:01 cumulus sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Jul 21 11:53:03 cumulus sshd[30159]: Failed password for invalid user nagios from 106.52.130.172 port 45540 ssh2 Jul 21 11:53:03 cumulus sshd[30159]: Received disconnect from 106.52.130.172 port 45540:11: Bye B........ -------------------------------	2020-07-26 07:26:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.52.130.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18293
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.52.130.57.			IN	A

;; AUTHORITY SECTION:
.			286	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042800 1800 900 604800 86400

;; Query time: 111 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Apr 28 17:06:30 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 57.130.52.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.130.52.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
220.248.30.58	attackbots	k+ssh-bruteforce	2020-04-18 20:06:40
118.24.40.136	attack	Apr 18 07:43:45 sip sshd[13541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.40.136 Apr 18 07:43:47 sip sshd[13541]: Failed password for invalid user xq from 118.24.40.136 port 39428 ssh2 Apr 18 08:01:48 sip sshd[20222]: Failed password for root from 118.24.40.136 port 40348 ssh2	2020-04-18 19:32:32
103.145.13.10	attackbots	04/18/2020-07:16:29.068433 103.145.13.10 Protocol: 17 ET SCAN Sipvicious Scan	2020-04-18 19:28:32
165.22.63.73	attackspam	2020-04-17 UTC: (20x) - admin,ah,er,ftpuser,hn,js,postgres(2x),root(7x),s,test,ubuntu(3x)	2020-04-18 19:30:47
210.183.21.48	attack	Apr 18 00:59:17 web9 sshd\[24958\]: Invalid user admin from 210.183.21.48 Apr 18 00:59:17 web9 sshd\[24958\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.21.48 Apr 18 00:59:20 web9 sshd\[24958\]: Failed password for invalid user admin from 210.183.21.48 port 6612 ssh2 Apr 18 01:03:33 web9 sshd\[25613\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.21.48 user=root Apr 18 01:03:34 web9 sshd\[25613\]: Failed password for root from 210.183.21.48 port 30170 ssh2	2020-04-18 19:45:40
14.176.104.47	attackspambots	2020-04-1814:03:301jPmC1-00044e-4y\<=info@whatsup2013.chH=$localhost$[14.176.104.47]:37670P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3128id=2d7d9ecdc6ed38341356e0b347808a86b518bd16@whatsup2013.chT="YouhavenewlikefromLaurelle"forkennethessex6@gmail.comtrythem@gmail.com2020-04-1814:02:581jPmBV-00043H-Kr\<=info@whatsup2013.chH=211-21-101-155.hinet-ip.hinet.net$localhost$[211.21.101.155]:49885P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3022id=87ec97c4cfe4313d1a5fe9ba4e89838fbc036b73@whatsup2013.chT="fromGordtoadellabib1983"foradellabib1983@gmail.comangelcommander101@gmail.com2020-04-1814:02:151jPmAo-0003z6-BC\<=info@whatsup2013.chH=$localhost$[14.183.67.113]:37170P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3011id=2f6291c2c9e2373b1c59efbc488f8589ba89c987@whatsup2013.chT="fromOzelltobs4049250"forbs4049250@gmail.comnugent878@gmail.com2020-04-1814:02:401jPmBD-00040h	2020-04-18 20:08:29
186.147.129.110	attackbotsspam	Apr 18 12:56:41 vps sshd[79344]: Failed password for root from 186.147.129.110 port 60194 ssh2 Apr 18 13:00:19 vps sshd[100201]: Invalid user vr from 186.147.129.110 port 60106 Apr 18 13:00:19 vps sshd[100201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.147.129.110 Apr 18 13:00:21 vps sshd[100201]: Failed password for invalid user vr from 186.147.129.110 port 60106 ssh2 Apr 18 13:04:07 vps sshd[118599]: Invalid user tomcat from 186.147.129.110 port 60010 ...	2020-04-18 19:28:19
5.77.27.35	attackbotsspam	TCP Port Scanning	2020-04-18 19:37:31
111.229.205.95	attackbotsspam	$f2bV_matches	2020-04-18 19:53:30
144.217.12.194	attackbotsspam	Invalid user winer from 144.217.12.194 port 51548	2020-04-18 19:47:32
117.240.14.27	attackbots	Port probing on unauthorized port 23	2020-04-18 19:56:51
196.44.191.3	attack	Apr 18 12:03:18 *** sshd[10638]: Invalid user qn from 196.44.191.3	2020-04-18 20:09:30
106.12.173.149	attack	2020-04-18T05:44:52.883060rocketchat.forhosting.nl sshd[15434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.173.149 user=root 2020-04-18T05:44:54.983177rocketchat.forhosting.nl sshd[15434]: Failed password for root from 106.12.173.149 port 45226 ssh2 2020-04-18T05:49:42.662151rocketchat.forhosting.nl sshd[15529]: Invalid user mysql from 106.12.173.149 port 53102 ...	2020-04-18 19:37:16
14.183.67.113	attack	2020-04-1814:03:301jPmC1-00044e-4y\<=info@whatsup2013.chH=$localhost$[14.176.104.47]:37670P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3128id=2d7d9ecdc6ed38341356e0b347808a86b518bd16@whatsup2013.chT="YouhavenewlikefromLaurelle"forkennethessex6@gmail.comtrythem@gmail.com2020-04-1814:02:581jPmBV-00043H-Kr\<=info@whatsup2013.chH=211-21-101-155.hinet-ip.hinet.net$localhost$[211.21.101.155]:49885P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3022id=87ec97c4cfe4313d1a5fe9ba4e89838fbc036b73@whatsup2013.chT="fromGordtoadellabib1983"foradellabib1983@gmail.comangelcommander101@gmail.com2020-04-1814:02:151jPmAo-0003z6-BC\<=info@whatsup2013.chH=$localhost$[14.183.67.113]:37170P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3011id=2f6291c2c9e2373b1c59efbc488f8589ba89c987@whatsup2013.chT="fromOzelltobs4049250"forbs4049250@gmail.comnugent878@gmail.com2020-04-1814:02:401jPmBD-00040h	2020-04-18 20:07:34
51.38.235.200	attackspam	k+ssh-bruteforce	2020-04-18 20:06:10

Recently Reported IPs

191.235.70.70	40.117.63.91	109.70.149.16	198.50.246.236
202.9.123.48	132.145.128.80	77.23.10.115	80.88.198.141
210.16.84.8	113.98.194.2	111.235.229.79	45.173.129.173
37.14.91.114	71.214.12.45	144.217.95.97	234.244.233.154
230.162.83.98	51.238.6.16	150.138.105.234	87.99.169.172