157.52.168.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Root Networks

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	2020-10-12 UTC: (42x) - Menyhart,abram,ammelie,bret,christoph,deploy,dir1,donato,fina,ftptest,ftpuser,gergely,ikawa,isao,iuliu,kajipar,kala,lorenzo,miyuki,romero,root(20x),tujikai,yoshichika	2020-10-14 00:35:07
attack	SSH/22 MH Probe, BF, Hack -	2020-10-13 15:45:36
attack	Oct 12 23:36:32 rancher-0 sshd[198866]: Invalid user mai from 157.52.168.4 port 37582 ...	2020-10-13 08:21:43

Type

Details

Datetime

attackspam

2020-10-12 UTC: (42x) - Menyhart,abram,ammelie,bret,christoph,deploy,dir1,donato,fina,ftptest,ftpuser,gergely,ikawa,isao,iuliu,kajipar,kala,lorenzo,miyuki,romero,root(20x),tujikai,yoshichika

2020-10-14 00:35:07

attack

SSH/22 MH Probe, BF, Hack -

2020-10-13 15:45:36

attack

Oct 12 23:36:32 rancher-0 sshd[198866]: Invalid user mai from 157.52.168.4 port 37582
...

2020-10-13 08:21:43

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 157.52.168.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41085
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;157.52.168.4.			IN	A

;; AUTHORITY SECTION:
.			262	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020101202 1800 900 604800 86400

;; Query time: 88 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 13 08:21:39 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 4.168.52.157.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 4.168.52.157.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
162.241.193.116	attackspam	Sep 11 04:01:43 hiderm sshd\[1689\]: Invalid user q1w2e3r4t5y6 from 162.241.193.116 Sep 11 04:01:43 hiderm sshd\[1689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.193.116 Sep 11 04:01:46 hiderm sshd\[1689\]: Failed password for invalid user q1w2e3r4t5y6 from 162.241.193.116 port 38566 ssh2 Sep 11 04:09:12 hiderm sshd\[2425\]: Invalid user 12345 from 162.241.193.116 Sep 11 04:09:12 hiderm sshd\[2425\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.193.116	2019-09-11 22:16:52
145.239.91.88	attackbotsspam	Sep 11 11:44:59 SilenceServices sshd[26665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.91.88 Sep 11 11:45:01 SilenceServices sshd[26665]: Failed password for invalid user odoo from 145.239.91.88 port 57798 ssh2 Sep 11 11:51:04 SilenceServices sshd[28920]: Failed password for root from 145.239.91.88 port 39994 ssh2	2019-09-11 22:39:30
180.126.50.53	attackspam	11.09.2019 07:55:15 SSH access blocked by firewall	2019-09-11 22:07:09
23.130.144.2	attackspambots	proto=tcp . spt=60326 . dpt=25 . (listed on Blocklist de Sep 10) (335)	2019-09-11 22:08:05
179.185.30.83	attackbotsspam	Sep 11 15:50:15 vps01 sshd[30785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.185.30.83 Sep 11 15:50:17 vps01 sshd[30785]: Failed password for invalid user node from 179.185.30.83 port 37491 ssh2	2019-09-11 22:01:04
159.65.179.72	attack	159.65.179.72 - - \[11/Sep/2019:09:51:07 +0200\] "POST /wp-login.php HTTP/1.1" 200 2111 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 159.65.179.72 - - \[11/Sep/2019:09:51:22 +0200\] "POST /wp-login.php HTTP/1.1" 200 2092 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-09-11 21:55:09
178.128.194.116	attack	Sep 11 15:44:22 cp sshd[17134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.194.116	2019-09-11 22:30:04
37.9.41.196	attack	B: Magento admin pass test (wrong country)	2019-09-11 21:59:18
182.61.42.234	attackbots	/var/log/secure-20190825:Aug 18 10:52:16 XXX sshd[31773]: Invalid user liwei from 182.61.42.234 port 50026	2019-09-11 22:10:34
111.125.66.234	attack	Sep 11 09:12:28 aat-srv002 sshd[17594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.125.66.234 Sep 11 09:12:30 aat-srv002 sshd[17594]: Failed password for invalid user 12345 from 111.125.66.234 port 43650 ssh2 Sep 11 09:19:11 aat-srv002 sshd[17867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.125.66.234 Sep 11 09:19:13 aat-srv002 sshd[17867]: Failed password for invalid user 1 from 111.125.66.234 port 47690 ssh2 ...	2019-09-11 22:41:12
49.88.112.80	attack	Sep 11 15:31:57 MainVPS sshd[29889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.80 user=root Sep 11 15:32:00 MainVPS sshd[29889]: Failed password for root from 49.88.112.80 port 53301 ssh2 Sep 11 15:32:08 MainVPS sshd[29905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.80 user=root Sep 11 15:32:10 MainVPS sshd[29905]: Failed password for root from 49.88.112.80 port 43776 ssh2 Sep 11 15:32:19 MainVPS sshd[29921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.80 user=root Sep 11 15:32:21 MainVPS sshd[29921]: Failed password for root from 49.88.112.80 port 44189 ssh2 ...	2019-09-11 21:42:04
177.103.187.233	attack	Sep 11 13:35:25 web8 sshd\[387\]: Invalid user cloud from 177.103.187.233 Sep 11 13:35:25 web8 sshd\[387\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.103.187.233 Sep 11 13:35:27 web8 sshd\[387\]: Failed password for invalid user cloud from 177.103.187.233 port 47232 ssh2 Sep 11 13:42:38 web8 sshd\[4593\]: Invalid user ubuntu from 177.103.187.233 Sep 11 13:42:38 web8 sshd\[4593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.103.187.233	2019-09-11 21:57:07
45.7.108.95	attack	SMTP/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-09-11 22:16:29
190.123.16.38	attackbots	2019-09-11T21:14:59.125369enmeeting.mahidol.ac.th sshd\[2840\]: Invalid user student1 from 190.123.16.38 port 46614 2019-09-11T21:14:59.144085enmeeting.mahidol.ac.th sshd\[2840\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=sscs-sxm-fw01.cust.davosys.net 2019-09-11T21:15:01.083313enmeeting.mahidol.ac.th sshd\[2840\]: Failed password for invalid user student1 from 190.123.16.38 port 46614 ssh2 ...	2019-09-11 22:19:33
165.22.16.90	attackbots	Sep 11 13:52:08 plex sshd[24632]: Invalid user dev from 165.22.16.90 port 37544	2019-09-11 22:35:24

Recently Reported IPs

106.13.176.235	165.231.148.231	186.212.218.206	182.116.83.188
192.241.217.83	180.92.132.242	125.86.191.19	188.168.142.101
188.168.142.91	83.48.102.232	208.86.163.79	199.249.230.143
151.80.212.71	37.221.182.71	211.109.11.227	43.243.75.16
103.131.89.2	182.119.249.17	155.94.133.125	123.100.226.245