106.54.204.138

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	May 1 15:04:12 server sshd[30895]: Failed password for invalid user admin from 106.54.204.138 port 35766 ssh2 May 1 15:25:14 server sshd[3201]: Failed password for root from 106.54.204.138 port 37756 ssh2 May 1 15:32:04 server sshd[4788]: Failed password for invalid user user1 from 106.54.204.138 port 47832 ssh2	2020-05-02 02:36:37

Type

Details

Datetime

attack

May  1 15:04:12 server sshd[30895]: Failed password for invalid user admin from 106.54.204.138 port 35766 ssh2
May  1 15:25:14 server sshd[3201]: Failed password for root from 106.54.204.138 port 37756 ssh2
May  1 15:32:04 server sshd[4788]: Failed password for invalid user user1 from 106.54.204.138 port 47832 ssh2

2020-05-02 02:36:37

Comments on same subnet:

IP	Type	Details	Datetime
106.54.204.251	attack	$f2bV_matches	2019-12-04 22:40:54
106.54.204.251	attackbotsspam	Lines containing failures of 106.54.204.251 Dec 1 19:43:41 metroid sshd[23524]: Invalid user spam from 106.54.204.251 port 33308 Dec 1 19:43:41 metroid sshd[23524]: Received disconnect from 106.54.204.251 port 33308:11: Bye Bye [preauth] Dec 1 19:43:41 metroid sshd[23524]: Disconnected from invalid user spam 106.54.204.251 port 33308 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=106.54.204.251	2019-12-03 16:11:23
106.54.204.213	attackbots	Oct 6 19:58:17 root sshd[23192]: Failed password for root from 106.54.204.213 port 59352 ssh2 Oct 6 20:01:36 root sshd[23219]: Failed password for root from 106.54.204.213 port 60542 ssh2 ...	2019-10-07 02:35:42
106.54.204.213	attackspambots	Oct 5 06:09:10 game-panel sshd[21885]: Failed password for root from 106.54.204.213 port 56194 ssh2 Oct 5 06:14:12 game-panel sshd[22018]: Failed password for root from 106.54.204.213 port 38130 ssh2	2019-10-05 14:19:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.54.204.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27343
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.54.204.138.			IN	A

;; AUTHORITY SECTION:
.			333	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050102 1800 900 604800 86400

;; Query time: 124 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 02 02:36:33 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 138.204.54.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 138.204.54.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.126.120.104	attackbotsspam	Dec 21 02:59:42 plusreed sshd[2048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.126.120.104 user=uucp Dec 21 02:59:44 plusreed sshd[2048]: Failed password for uucp from 187.126.120.104 port 35874 ssh2 ...	2019-12-21 16:17:05
222.186.175.148	attackbots	Dec 20 22:02:00 web9 sshd\[30346\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.148 user=root Dec 20 22:02:02 web9 sshd\[30346\]: Failed password for root from 222.186.175.148 port 58696 ssh2 Dec 20 22:02:20 web9 sshd\[30385\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.148 user=root Dec 20 22:02:21 web9 sshd\[30385\]: Failed password for root from 222.186.175.148 port 64858 ssh2 Dec 20 22:02:25 web9 sshd\[30385\]: Failed password for root from 222.186.175.148 port 64858 ssh2	2019-12-21 16:05:47
222.127.86.135	attackspambots	Dec 21 06:49:11 localhost sshd\[103478\]: Invalid user collignon from 222.127.86.135 port 57038 Dec 21 06:49:11 localhost sshd\[103478\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.127.86.135 Dec 21 06:49:14 localhost sshd\[103478\]: Failed password for invalid user collignon from 222.127.86.135 port 57038 ssh2 Dec 21 06:55:49 localhost sshd\[103630\]: Invalid user gerardd from 222.127.86.135 port 59938 Dec 21 06:55:49 localhost sshd\[103630\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.127.86.135 ...	2019-12-21 16:14:25
81.28.100.99	attackspam	2019-12-21T07:29:27.998834stark.klein-stark.info postfix/smtpd\[14921\]: NOQUEUE: reject: RCPT from foreclose.shrewdmhealth.com\[81.28.100.99\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\ ...	2019-12-21 15:49:56
157.44.89.109	attack	Unauthorized connection attempt detected from IP address 157.44.89.109 to port 445	2019-12-21 15:56:13
134.73.51.44	attackbotsspam	Postfix DNSBL listed. Trying to send SPAM.	2019-12-21 16:20:11
85.132.81.133	attackspam	SMB Server BruteForce Attack	2019-12-21 15:45:09
211.141.35.72	attackbots	Invalid user anjalika from 211.141.35.72 port 54140	2019-12-21 16:19:43
107.170.18.163	attackspam	Dec 21 07:29:13 localhost sshd\[2071\]: Invalid user ident from 107.170.18.163 port 36860 Dec 21 07:29:13 localhost sshd\[2071\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.18.163 Dec 21 07:29:15 localhost sshd\[2071\]: Failed password for invalid user ident from 107.170.18.163 port 36860 ssh2	2019-12-21 16:03:12
177.139.167.7	attack	Dec 20 22:07:23 kapalua sshd\[32168\]: Invalid user john from 177.139.167.7 Dec 20 22:07:23 kapalua sshd\[32168\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.139.167.7 Dec 20 22:07:24 kapalua sshd\[32168\]: Failed password for invalid user john from 177.139.167.7 port 41342 ssh2 Dec 20 22:14:49 kapalua sshd\[507\]: Invalid user test from 177.139.167.7 Dec 20 22:14:49 kapalua sshd\[507\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.139.167.7	2019-12-21 16:25:43
118.97.249.74	attack	detected by Fail2Ban	2019-12-21 16:21:22
51.91.122.140	attackspam	Dec 21 04:34:09 ws12vmsma01 sshd[47633]: Invalid user admin from 51.91.122.140 Dec 21 04:34:12 ws12vmsma01 sshd[47633]: Failed password for invalid user admin from 51.91.122.140 port 42672 ssh2 Dec 21 04:42:25 ws12vmsma01 sshd[48850]: Invalid user user from 51.91.122.140 ...	2019-12-21 15:55:19
80.84.57.97	attackspam	B: Abusive content scan (301)	2019-12-21 15:56:39
37.187.113.144	attackspambots	Dec 20 21:59:36 hanapaa sshd\[5974\]: Invalid user 123abc from 37.187.113.144 Dec 20 21:59:36 hanapaa sshd\[5974\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=dedi-max.ovh Dec 20 21:59:38 hanapaa sshd\[5974\]: Failed password for invalid user 123abc from 37.187.113.144 port 48606 ssh2 Dec 20 22:06:15 hanapaa sshd\[6687\]: Invalid user 123456 from 37.187.113.144 Dec 20 22:06:15 hanapaa sshd\[6687\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=dedi-max.ovh	2019-12-21 16:16:47
189.110.190.56	attack	Unauthorised access (Dec 21) SRC=189.110.190.56 LEN=40 TTL=242 ID=61557 DF TCP DPT=23 WINDOW=14600 SYN	2019-12-21 16:15:51

Recently Reported IPs

85.100.2.127	44.22.136.155	36.34.162.185	140.50.128.176
185.104.245.111	82.232.159.219	120.73.34.93	222.199.90.47
114.90.159.19	129.132.13.245	47.178.204.83	84.104.218.9
52.248.88.208	65.214.42.112	61.235.225.114	177.52.100.145
73.76.40.148	36.77.94.85	42.171.172.97	208.254.45.89