106.54.140.71 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2020-04-17T17:07:06.442089struts4.enskede.local sshd\[22678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71 user=root 2020-04-17T17:07:09.558757struts4.enskede.local sshd\[22678\]: Failed password for root from 106.54.140.71 port 50976 ssh2 2020-04-17T17:10:15.654889struts4.enskede.local sshd\[22741\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71 user=root 2020-04-17T17:10:18.689032struts4.enskede.local sshd\[22741\]: Failed password for root from 106.54.140.71 port 54492 ssh2 2020-04-17T17:13:13.367970struts4.enskede.local sshd\[22821\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71 user=root ...	2020-04-18 01:08:58
attackbots	Apr 13 19:53:33 mout sshd[4261]: Invalid user vt100 from 106.54.140.71 port 58202	2020-04-14 02:07:28
attack	Apr 10 12:51:00 Invalid user oracle from 106.54.140.71 port 41574	2020-04-10 19:42:11

Type

Details

Datetime

attack

2020-04-17T17:07:06.442089struts4.enskede.local sshd\[22678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71  user=root
2020-04-17T17:07:09.558757struts4.enskede.local sshd\[22678\]: Failed password for root from 106.54.140.71 port 50976 ssh2
2020-04-17T17:10:15.654889struts4.enskede.local sshd\[22741\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71  user=root
2020-04-17T17:10:18.689032struts4.enskede.local sshd\[22741\]: Failed password for root from 106.54.140.71 port 54492 ssh2
2020-04-17T17:13:13.367970struts4.enskede.local sshd\[22821\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.71  user=root
...

2020-04-18 01:08:58

attackbots

Apr 13 19:53:33 mout sshd[4261]: Invalid user vt100 from 106.54.140.71 port 58202

2020-04-14 02:07:28

attack

Apr 10 12:51:00 Invalid user oracle from 106.54.140.71 port 41574

2020-04-10 19:42:11

Comments on same subnet:

IP	Type	Details	Datetime
106.54.140.165	attackbotsspam	Time: Sat Sep 26 18:20:56 2020 +0000 IP: 106.54.140.165 (CN/China/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 26 17:46:33 activeserver sshd[25946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.165 user=root Sep 26 17:46:36 activeserver sshd[25946]: Failed password for root from 106.54.140.165 port 55044 ssh2 Sep 26 18:13:28 activeserver sshd[24313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.165 user=root Sep 26 18:13:29 activeserver sshd[24313]: Failed password for root from 106.54.140.165 port 49828 ssh2 Sep 26 18:20:52 activeserver sshd[9656]: Invalid user data from 106.54.140.165 port 46528	2020-09-29 02:09:17
106.54.140.165	attackbots	Connection to SSH Honeypot - Detected by HoneypotDB	2020-09-28 18:15:51
106.54.140.165	attackbots	Sep 26 18:20:30 site3 sshd\[18302\]: Invalid user gitblit from 106.54.140.165 Sep 26 18:20:30 site3 sshd\[18302\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.165 Sep 26 18:20:32 site3 sshd\[18302\]: Failed password for invalid user gitblit from 106.54.140.165 port 47232 ssh2 Sep 26 18:25:30 site3 sshd\[18324\]: Invalid user train1 from 106.54.140.165 Sep 26 18:25:30 site3 sshd\[18324\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.165 ...	2020-09-26 23:37:14
106.54.140.165	attackbotsspam	21 attempts against mh-ssh on pole	2020-09-26 15:27:55
106.54.140.250	attack	Sep 16 17:40:46 eventyay sshd[20645]: Failed password for root from 106.54.140.250 port 48644 ssh2 Sep 16 17:44:24 eventyay sshd[20746]: Failed password for root from 106.54.140.250 port 57652 ssh2 Sep 16 17:47:57 eventyay sshd[20830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.250 ...	2020-09-16 23:48:36
106.54.140.250	attackbots	Sep 16 05:41:58 host sshd[13191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.250 user=root Sep 16 05:42:00 host sshd[13191]: Failed password for root from 106.54.140.250 port 51426 ssh2 ...	2020-09-16 16:04:39
106.54.140.250	attackspambots	SSH / Telnet Brute Force Attempts on Honeypot	2020-09-16 08:04:57
106.54.140.250	attack	Invalid user admin from 106.54.140.250 port 56498	2020-09-06 02:03:37
106.54.140.250	attack	Invalid user admin from 106.54.140.250 port 56498	2020-09-05 17:36:35
106.54.140.250	attack	Aug 25 18:55:08 ajax sshd[21481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.250 Aug 25 18:55:10 ajax sshd[21481]: Failed password for invalid user tester from 106.54.140.250 port 60432 ssh2	2020-08-26 02:16:52
106.54.140.250	attackspambots	Invalid user popuser from 106.54.140.250 port 42242	2020-08-25 14:31:59
106.54.140.250	attack	Aug 16 14:20:15 vpn01 sshd[11086]: Failed password for root from 106.54.140.250 port 56274 ssh2 Aug 16 14:24:48 vpn01 sshd[11129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.140.250 ...	2020-08-16 22:23:27
106.54.140.250	attack	SSH BruteForce Attack	2020-08-04 04:35:46
106.54.140.250	attackspam	Jul 31 14:34:07 Host-KLAX-C sshd[2246]: User root from 106.54.140.250 not allowed because not listed in AllowUsers ...	2020-08-01 04:53:27
106.54.140.250	attackspam	$f2bV_matches	2020-07-30 19:03:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.54.140.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36972
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.54.140.71.			IN	A

;; AUTHORITY SECTION:
.			435	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041000 1800 900 604800 86400

;; Query time: 122 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Apr 10 19:42:07 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 71.140.54.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 71.140.54.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
104.183.217.130	attackbots	Invalid user ubuntu from 104.183.217.130 port 54634	2020-08-28 01:13:12
120.150.114.223	attack	Aug 27 12:09:40 XXXXXX sshd[38348]: Invalid user admin from 120.150.114.223 port 53953	2020-08-28 01:37:33
51.83.97.44	attackbotsspam	Aug 28 01:06:41 localhost sshd[3751200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.97.44 user=root Aug 28 01:06:43 localhost sshd[3751200]: Failed password for root from 51.83.97.44 port 51146 ssh2 ...	2020-08-28 01:35:24
190.237.123.92	attack	Aug 27 13:59:49 host imapd-ssl: LOGIN FAILED, user=jrcm[at][munged], ip=[::ffff:190.237.123.92] Aug 27 13:59:55 host imapd-ssl: LOGIN FAILED, user=jrcm[at][munged], ip=[::ffff:190.237.123.92] Aug 27 14:00:00 host imapd-ssl: LOGIN FAILED, user=jrcm[at][munged], ip=[::ffff:190.237.123.92] Aug 27 14:00:06 host imapd-ssl: LOGIN FAILED, user=jrcm[at][munged], ip=[::ffff:190.237.123.92] Aug 27 14:00:12 host imapd-ssl: LOGIN FAILED, user=jrcm[at][munged], ip=[::ffff:190.237.123.92] ...	2020-08-28 00:57:06
68.132.136.198	attack	Unwanted checking 80 or 443 port ...	2020-08-28 01:08:51
202.22.145.59	attackbotsspam	Email login attempts - missing mail login name (IMAP)	2020-08-28 01:19:52
103.76.208.233	attackbotsspam	Port Scan ...	2020-08-28 01:13:37
94.28.101.166	attackbotsspam	SSH invalid-user multiple login try	2020-08-28 01:22:23
190.186.115.172	attackspam	trying to access non-authorized port	2020-08-28 01:10:57
113.31.125.177	attackspam	Aug 27 12:50:51 XXX sshd[65383]: Invalid user tp from 113.31.125.177 port 40684	2020-08-28 01:24:26
128.199.141.33	attack	Brute-force attempt banned	2020-08-28 01:36:47
167.172.98.198	attack	Aug 27 19:00:41 electroncash sshd[16047]: Failed password for invalid user ahg from 167.172.98.198 port 34614 ssh2 Aug 27 19:04:05 electroncash sshd[17932]: Invalid user cn from 167.172.98.198 port 41726 Aug 27 19:04:05 electroncash sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.98.198 Aug 27 19:04:05 electroncash sshd[17932]: Invalid user cn from 167.172.98.198 port 41726 Aug 27 19:04:06 electroncash sshd[17932]: Failed password for invalid user cn from 167.172.98.198 port 41726 ssh2 ...	2020-08-28 01:20:16
222.186.42.137	attackbots	Aug 27 16:59:22 scw-tender-jepsen sshd[26870]: Failed password for root from 222.186.42.137 port 12688 ssh2 Aug 27 16:59:24 scw-tender-jepsen sshd[26870]: Failed password for root from 222.186.42.137 port 12688 ssh2	2020-08-28 00:59:59
118.32.131.214	attackspam	Aug 27 10:34:55 NPSTNNYC01T sshd[32687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.131.214 Aug 27 10:34:57 NPSTNNYC01T sshd[32687]: Failed password for invalid user iris from 118.32.131.214 port 40972 ssh2 Aug 27 10:39:12 NPSTNNYC01T sshd[630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.131.214 ...	2020-08-28 01:34:05
188.92.209.161	attackspam	"SMTP brute force auth login attempt."	2020-08-28 01:31:09

Recently Reported IPs

103.125.190.228	103.9.79.105	80.211.114.30	51.75.252.130
211.159.177.227	95.174.67.204	152.99.88.13	113.110.229.170
91.193.103.61	103.112.4.102	89.169.112.52	68.183.146.58
185.51.228.239	193.112.93.2	41.193.215.133	188.138.109.84
118.25.220.142	118.132.30.116	61.93.14.122	211.159.165.89