106.52.42.23 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	SSH login attempts.	2020-09-29 05:45:26
attackbots	Sep 28 15:08:14 buvik sshd[10111]: Invalid user admin from 106.52.42.23 Sep 28 15:08:14 buvik sshd[10111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.23 Sep 28 15:08:16 buvik sshd[10111]: Failed password for invalid user admin from 106.52.42.23 port 37192 ssh2 ...	2020-09-28 22:09:08
attack	IP blocked	2020-09-28 14:14:58
attack	Invalid user demo from 106.52.42.23 port 43142	2020-08-27 01:32:50
attack	Failed password for root from 106.52.42.23 port 54528 ssh2	2020-08-05 22:41:57
attack	Fail2Ban Ban Triggered	2020-08-04 21:31:38
attack	Jun 24 12:30:42 server sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.23 user=root Jun 24 12:30:44 server sshd[10118]: Failed password for invalid user root from 106.52.42.23 port 33238 ssh2 Jun 24 12:46:04 server sshd[11121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.23 Jun 24 12:46:06 server sshd[11121]: Failed password for invalid user xjg from 106.52.42.23 port 57236 ssh2	2020-07-22 08:51:22
attack	Jul 5 06:05:35 abendstille sshd\[6750\]: Invalid user dev from 106.52.42.23 Jul 5 06:05:35 abendstille sshd\[6750\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.23 Jul 5 06:05:37 abendstille sshd\[6750\]: Failed password for invalid user dev from 106.52.42.23 port 44760 ssh2 Jul 5 06:08:33 abendstille sshd\[9686\]: Invalid user admin from 106.52.42.23 Jul 5 06:08:33 abendstille sshd\[9686\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.23 ...	2020-07-05 20:18:12

Comments on same subnet:

IP	Type	Details	Datetime
106.52.42.153	attackspam	Aug 23 02:17:33 gw1 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 Aug 23 02:17:35 gw1 sshd[23205]: Failed password for invalid user tdi from 106.52.42.153 port 53252 ssh2 ...	2020-08-23 05:42:56
106.52.42.153	attackspambots	Aug 8 00:27:07 Ubuntu-1404-trusty-64-minimal sshd\[7317\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 user=root Aug 8 00:27:09 Ubuntu-1404-trusty-64-minimal sshd\[7317\]: Failed password for root from 106.52.42.153 port 44276 ssh2 Aug 8 00:33:57 Ubuntu-1404-trusty-64-minimal sshd\[13619\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 user=root Aug 8 00:33:59 Ubuntu-1404-trusty-64-minimal sshd\[13619\]: Failed password for root from 106.52.42.153 port 47862 ssh2 Aug 8 00:38:47 Ubuntu-1404-trusty-64-minimal sshd\[15206\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 user=root	2020-08-11 19:30:12
106.52.42.153	attackspambots	Aug 9 05:53:09 mout sshd[16724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 user=root Aug 9 05:53:11 mout sshd[16724]: Failed password for root from 106.52.42.153 port 40182 ssh2	2020-08-09 14:39:17
106.52.42.153	attackspambots	Port scanning [2 denied]	2020-08-04 14:34:38
106.52.42.153	attackspambots	Port scan denied	2020-08-03 01:06:36
106.52.42.153	attackbotsspam	$f2bV_matches	2020-07-31 05:40:37
106.52.42.153	attackbots	Invalid user syy from 106.52.42.153 port 38974	2020-07-28 19:13:53
106.52.42.153	attack	TCP (SYN) 106.52.42.153:44009 -> port 8342, len 44	2020-07-25 17:27:22
106.52.42.153	attackbots	SIP/5060 Probe, BF, Hack -	2020-07-23 17:01:21
106.52.42.153	attackbotsspam	Fail2Ban Ban Triggered	2020-07-19 22:04:25
106.52.42.153	attackbotsspam	firewall-block, port(s): 22174/tcp	2020-07-16 21:03:06
106.52.42.153	attackspam	22512/tcp 14943/tcp 23504/tcp... [2020-06-21/07-08]54pkt,19pt.(tcp)	2020-07-08 20:12:05
106.52.42.153	attack	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2020-06-28 20:12:58
106.52.42.153	attack	Jun 20 07:35:59 journals sshd\[79964\]: Invalid user cloud from 106.52.42.153 Jun 20 07:35:59 journals sshd\[79964\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 Jun 20 07:36:01 journals sshd\[79964\]: Failed password for invalid user cloud from 106.52.42.153 port 50944 ssh2 Jun 20 07:39:16 journals sshd\[80298\]: Invalid user admin from 106.52.42.153 Jun 20 07:39:16 journals sshd\[80298\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 ...	2020-06-20 14:39:42
106.52.42.153	attackspambots	Jun 19 08:03:06 minden010 sshd[10268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 Jun 19 08:03:08 minden010 sshd[10268]: Failed password for invalid user admin from 106.52.42.153 port 48384 ssh2 Jun 19 08:04:52 minden010 sshd[10510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.42.153 ...	2020-06-19 14:23:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.52.42.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.52.42.23.			IN	A

;; AUTHORITY SECTION:
.			268	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020070500 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 05 20:18:05 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 23.42.52.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		100.100.2.138
Address:	100.100.2.138#53

** server can't find 23.42.52.106.in-addr.arpa.: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
182.255.0.136	attackbotsspam	Jan 26 01:49:57 tuotantolaitos sshd[9012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.255.0.136 Jan 26 01:49:59 tuotantolaitos sshd[9012]: Failed password for invalid user support from 182.255.0.136 port 48778 ssh2 ...	2020-01-26 08:00:00
160.16.74.198	attackspam	$f2bV_matches	2020-01-26 07:54:34
81.22.45.25	attack	firewall-block, port(s): 4000/tcp, 10000/tcp, 11000/tcp	2020-01-26 08:05:37
2.228.149.174	attack	Unauthorized connection attempt detected from IP address 2.228.149.174 to port 2220 [J]	2020-01-26 08:00:51
159.203.201.39	attackspambots	01/26/2020-00:49:43.522121 159.203.201.39 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-01-26 07:55:23
185.200.118.88	attackbots	Portscan or hack attempt detected by psad/fwsnort	2020-01-26 08:01:46
123.156.187.132	attack	Unauthorized connection attempt detected from IP address 123.156.187.132 to port 6656 [T]	2020-01-26 08:31:14
140.86.12.31	attackspambots	Jan 26 00:03:28 MainVPS sshd[4686]: Invalid user admin from 140.86.12.31 port 23495 Jan 26 00:03:28 MainVPS sshd[4686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.86.12.31 Jan 26 00:03:28 MainVPS sshd[4686]: Invalid user admin from 140.86.12.31 port 23495 Jan 26 00:03:30 MainVPS sshd[4686]: Failed password for invalid user admin from 140.86.12.31 port 23495 ssh2 Jan 26 00:11:09 MainVPS sshd[19074]: Invalid user dm from 140.86.12.31 port 50028 ...	2020-01-26 08:00:27
202.131.152.2	attackbotsspam	Invalid user jb from 202.131.152.2 port 60705	2020-01-26 07:59:43
183.165.10.46	attackbots	Unauthorized connection attempt detected from IP address 183.165.10.46 to port 6656 [T]	2020-01-26 08:28:44
132.232.10.4	attackspambots	Unauthorized connection attempt detected from IP address 132.232.10.4 to port 80 [T]	2020-01-26 08:30:10
118.24.81.234	attack	Jan 25 23:53:04 srv206 sshd[30466]: Invalid user armando from 118.24.81.234 ...	2020-01-26 07:55:08
180.178.129.226	attackspambots	DATE:2020-01-25 22:09:09, IP:180.178.129.226, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-01-26 08:13:57
123.156.178.104	attack	Unauthorized connection attempt detected from IP address 123.156.178.104 to port 6656 [T]	2020-01-26 08:31:37
123.151.34.34	attackspambots	Unauthorized connection attempt detected from IP address 123.151.34.34 to port 6380 [T]	2020-01-26 08:18:11

Recently Reported IPs

179.34.29.180	116.69.60.198	8.165.140.59	5.182.210.206
30.200.4.239	220.143.8.43	111.49.187.139	126.143.226.0
51.83.121.28	82.160.214.181	163.41.32.192	106.12.47.102
123.23.132.204	222.252.61.230	220.242.137.80	190.66.51.167
182.61.136.26	178.170.221.69	154.34.24.212	123.21.3.240