106.54.6.132 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	$f2bV_matches	2020-03-20 20:44:34
attackspam	Mar 11 08:38:40 new sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:38:43 new sshd[8623]: Failed password for r.r from 106.54.6.132 port 33774 ssh2 Mar 11 08:38:43 new sshd[8623]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] Mar 11 08:53:27 new sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:53:28 new sshd[12952]: Failed password for r.r from 106.54.6.132 port 40292 ssh2 Mar 11 08:53:29 new sshd[12952]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] Mar 11 08:57:55 new sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132 user=r.r Mar 11 08:57:57 new sshd[14397]: Failed password for r.r from 106.54.6.132 port 42112 ssh2 Mar 11 08:57:57 new sshd[14397]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth] ........ -------------------------------	2020-03-12 19:36:49

Type

Details

Datetime

attack

$f2bV_matches

2020-03-20 20:44:34

attackspam

Mar 11 08:38:40 new sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:38:43 new sshd[8623]: Failed password for r.r from 106.54.6.132 port 33774 ssh2
Mar 11 08:38:43 new sshd[8623]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
Mar 11 08:53:27 new sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:53:28 new sshd[12952]: Failed password for r.r from 106.54.6.132 port 40292 ssh2
Mar 11 08:53:29 new sshd[12952]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
Mar 11 08:57:55 new sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.6.132  user=r.r
Mar 11 08:57:57 new sshd[14397]: Failed password for r.r from 106.54.6.132 port 42112 ssh2
Mar 11 08:57:57 new sshd[14397]: Received disconnect from 106.54.6.132: 11: Bye Bye [preauth]
........
-------------------------------

2020-03-12 19:36:49

Comments on same subnet:

IP	Type	Details	Datetime
106.54.65.144	attackspam	SSH_scan	2020-10-14 01:29:08
106.54.65.144	attackbots	Oct 13 09:30:35 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: Invalid user sanchez from 106.54.65.144 Oct 13 09:30:35 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 13 09:30:38 Ubuntu-1404-trusty-64-minimal sshd\[32374\]: Failed password for invalid user sanchez from 106.54.65.144 port 43390 ssh2 Oct 13 09:37:24 Ubuntu-1404-trusty-64-minimal sshd\[7164\]: Invalid user hirabaya from 106.54.65.144 Oct 13 09:37:24 Ubuntu-1404-trusty-64-minimal sshd\[7164\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144	2020-10-13 16:38:52
106.54.65.144	attack	DATE:2020-10-12 00:11:17, IP:106.54.65.144, PORT:ssh SSH brute force auth (docker-dc)	2020-10-12 06:52:48
106.54.65.144	attackbotsspam	(sshd) Failed SSH login from 106.54.65.144 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 02:44:39 optimus sshd[21999]: Invalid user magnos from 106.54.65.144 Oct 11 02:44:39 optimus sshd[21999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 11 02:44:42 optimus sshd[21999]: Failed password for invalid user magnos from 106.54.65.144 port 51394 ssh2 Oct 11 02:54:06 optimus sshd[25430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 11 02:54:07 optimus sshd[25430]: Failed password for root from 106.54.65.144 port 44400 ssh2	2020-10-11 15:00:32
106.54.65.144	attackbotsspam	Oct 11 05:39:50 itv-usvr-02 sshd[1510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 11 05:39:52 itv-usvr-02 sshd[1510]: Failed password for root from 106.54.65.144 port 35370 ssh2 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: Invalid user nexus from 106.54.65.144 port 34468 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 Oct 11 05:44:55 itv-usvr-02 sshd[1682]: Invalid user nexus from 106.54.65.144 port 34468 Oct 11 05:44:57 itv-usvr-02 sshd[1682]: Failed password for invalid user nexus from 106.54.65.144 port 34468 ssh2	2020-10-11 08:21:44
106.54.65.144	attackbots	Oct 10 00:15:47 ns382633 sshd\[23818\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 10 00:15:50 ns382633 sshd\[23818\]: Failed password for root from 106.54.65.144 port 39588 ssh2 Oct 10 00:17:14 ns382633 sshd\[23969\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 10 00:17:16 ns382633 sshd\[23969\]: Failed password for root from 106.54.65.144 port 55150 ssh2 Oct 10 00:18:34 ns382633 sshd\[24125\]: Invalid user test from 106.54.65.144 port 41826 Oct 10 00:18:34 ns382633 sshd\[24125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144	2020-10-10 07:45:58
106.54.64.77	attack	ET SCAN NMAP -sS window 1024	2020-10-10 05:53:37
106.54.65.144	attack	Oct 9 12:59:15 cp sshd[13335]: Failed password for root from 106.54.65.144 port 55072 ssh2 Oct 9 12:59:15 cp sshd[13335]: Failed password for root from 106.54.65.144 port 55072 ssh2	2020-10-10 00:08:05
106.54.64.77	attack	Oct 9 04:15:01 vps639187 sshd\[29593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 user=root Oct 9 04:15:03 vps639187 sshd\[29593\]: Failed password for root from 106.54.64.77 port 47912 ssh2 Oct 9 04:17:59 vps639187 sshd\[29659\]: Invalid user sysadmin from 106.54.64.77 port 46576 Oct 9 04:17:59 vps639187 sshd\[29659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 ...	2020-10-09 22:00:40
106.54.65.144	attackspam	Oct 9 08:22:19 inter-technics sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 9 08:22:21 inter-technics sshd[25151]: Failed password for root from 106.54.65.144 port 44032 ssh2 Oct 9 08:24:47 inter-technics sshd[25232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.65.144 user=root Oct 9 08:24:49 inter-technics sshd[25232]: Failed password for root from 106.54.65.144 port 43610 ssh2 Oct 9 08:27:16 inter-technics sshd[25381]: Invalid user test001 from 106.54.65.144 port 43194 ...	2020-10-09 15:53:43
106.54.64.77	attack	Oct 9 04:15:01 vps639187 sshd\[29593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 user=root Oct 9 04:15:03 vps639187 sshd\[29593\]: Failed password for root from 106.54.64.77 port 47912 ssh2 Oct 9 04:17:59 vps639187 sshd\[29659\]: Invalid user sysadmin from 106.54.64.77 port 46576 Oct 9 04:17:59 vps639187 sshd\[29659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.64.77 ...	2020-10-09 13:50:46
106.54.64.77	attackbots	prod11 ...	2020-10-08 06:02:14
106.54.64.77	attackbotsspam	TCP (SYN) 106.54.64.77:47816 -> port 703, len 44	2020-10-07 01:30:09
106.54.64.77	attack	TCP (SYN) 106.54.64.77:49652 -> port 17753, len 44	2020-10-06 17:23:54
106.54.65.144	attackspam	web-1 [ssh_2] SSH Attack	2020-09-30 03:46:49

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.54.6.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24319
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.54.6.132.			IN	A

;; AUTHORITY SECTION:
.			497	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031200 1800 900 604800 86400

;; Query time: 77 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 12 19:36:45 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 132.6.54.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 132.6.54.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
69.12.92.22	attack	Dovecot Brute-Force	2019-10-04 04:36:09
186.147.237.51	attack	Invalid user jgdl from 186.147.237.51 port 39462	2019-10-04 05:03:37
181.174.167.254	attackspam	Oct 3 16:28:31 localhost kernel: [3872330.405811] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=181.174.167.254 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=78 ID=39772 DF PROTO=TCP SPT=64419 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 16:28:31 localhost kernel: [3872330.405817] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=181.174.167.254 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=78 ID=39772 DF PROTO=TCP SPT=64419 DPT=22 SEQ=10871780 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 16:53:49 localhost kernel: [3873848.084892] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=181.174.167.254 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=78 ID=58695 DF PROTO=TCP SPT=51623 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 16:53:49 localhost kernel: [3873848.084899] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=181.174.167.254 DST=[mungedIP2] LEN=40 TOS=	2019-10-04 05:07:29
181.174.167.178	attackspambots	" "	2019-10-04 05:10:09
187.120.145.220	attackspam	Brute force attempt	2019-10-04 05:00:16
117.34.25.177	attackbots	firewall-block, port(s): 445/tcp	2019-10-04 04:50:46
221.139.178.16	attackbotsspam	Automated reporting of SSH Vulnerability scanning	2019-10-04 04:48:01
73.229.232.218	attackspam	Oct 3 20:49:51 game-panel sshd[13103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.229.232.218 Oct 3 20:49:53 game-panel sshd[13103]: Failed password for invalid user idcez from 73.229.232.218 port 39240 ssh2 Oct 3 20:58:47 game-panel sshd[13451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.229.232.218	2019-10-04 05:02:29
150.95.52.71	attackbotsspam	Wordpress bruteforce	2019-10-04 04:56:44
120.76.46.33	attack	WordPress login Brute force / Web App Attack on client site.	2019-10-04 04:38:57
67.188.137.57	attackspam	Oct 4 03:49:04 webhost01 sshd[23040]: Failed password for root from 67.188.137.57 port 50106 ssh2 ...	2019-10-04 04:56:26
139.199.6.107	attack	Oct 3 10:49:02 auw2 sshd\[29588\]: Invalid user ilie from 139.199.6.107 Oct 3 10:49:02 auw2 sshd\[29588\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.6.107 Oct 3 10:49:04 auw2 sshd\[29588\]: Failed password for invalid user ilie from 139.199.6.107 port 50101 ssh2 Oct 3 10:53:59 auw2 sshd\[30021\]: Invalid user gozone from 139.199.6.107 Oct 3 10:53:59 auw2 sshd\[30021\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.6.107	2019-10-04 05:01:21
116.86.206.112	attackbotsspam	firewall-block, port(s): 8181/tcp, 60001/tcp	2019-10-04 04:52:21
187.49.83.194	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 03-10-2019 13:20:28.	2019-10-04 04:40:29
113.17.111.19	attackspam	Oct 3 22:25:04 microserver sshd[26175]: Invalid user sienna from 113.17.111.19 port 3234 Oct 3 22:25:04 microserver sshd[26175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.17.111.19 Oct 3 22:25:06 microserver sshd[26175]: Failed password for invalid user sienna from 113.17.111.19 port 3234 ssh2 Oct 3 22:29:42 microserver sshd[26799]: Invalid user marcel from 113.17.111.19 port 3235 Oct 3 22:29:42 microserver sshd[26799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.17.111.19 Oct 3 22:43:27 microserver sshd[28647]: Invalid user webmaster from 113.17.111.19 port 3238 Oct 3 22:43:27 microserver sshd[28647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.17.111.19 Oct 3 22:43:29 microserver sshd[28647]: Failed password for invalid user webmaster from 113.17.111.19 port 3238 ssh2 Oct 3 22:48:12 microserver sshd[29237]: Invalid user Raine from 113.17.111.19 port 3239	2019-10-04 05:11:32

Recently Reported IPs

180.241.119.216	118.24.21.83	129.211.46.112	89.169.110.190
60.251.205.1	114.5.192.3	125.166.184.152	138.121.213.162
14.189.33.144	177.244.75.165	177.206.226.160	46.161.60.207
213.185.224.44	101.108.164.43	89.216.99.102	173.211.104.40
69.115.251.55	182.53.68.127	175.20.162.21	123.26.251.170