52.80.52.242 - IPInfo

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: Beijing Guanghuan Xinwang Digital Technology Co.Ltd

Hostname: unknown

Organization: Beijing Guanghuan Xinwang Digital

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 25 12:08:35 lcdev sshd\[5777\]: Invalid user cali from 52.80.52.242 Aug 25 12:08:35 lcdev sshd\[5777\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-52-80-52-242.cn-north-1.compute.amazonaws.com.cn Aug 25 12:08:37 lcdev sshd\[5777\]: Failed password for invalid user cali from 52.80.52.242 port 34998 ssh2 Aug 25 12:13:16 lcdev sshd\[6321\]: Invalid user testuser from 52.80.52.242 Aug 25 12:13:16 lcdev sshd\[6321\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-52-80-52-242.cn-north-1.compute.amazonaws.com.cn	2019-08-26 08:02:50
attackspam	ssh failed login	2019-08-11 14:06:17
attackbots	Aug 8 05:44:59 server sshd\[5519\]: Invalid user word from 52.80.52.242 port 48504 Aug 8 05:44:59 server sshd\[5519\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.80.52.242 Aug 8 05:45:02 server sshd\[5519\]: Failed password for invalid user word from 52.80.52.242 port 48504 ssh2 Aug 8 05:47:57 server sshd\[10998\]: Invalid user enc from 52.80.52.242 port 45066 Aug 8 05:47:57 server sshd\[10998\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.80.52.242	2019-08-08 10:50:10
attack	2019-07-30T19:01:12.294775abusebot-2.cloudsearch.cf sshd\[8262\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-52-80-52-242.cn-north-1.compute.amazonaws.com.cn user=root	2019-07-31 03:13:17

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 52.80.52.242
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16387
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;52.80.52.242.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019073002 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 31 03:13:09 CST 2019
;; MSG SIZE  rcvd: 116

Host info

242.52.80.52.in-addr.arpa domain name pointer ec2-52-80-52-242.cn-north-1.compute.amazonaws.com.cn.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
242.52.80.52.in-addr.arpa	name = ec2-52-80-52-242.cn-north-1.compute.amazonaws.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
194.182.88.185	attack	fire	2019-09-06 05:17:24
104.140.188.46	attackbots	" "	2019-09-06 05:18:56
51.254.57.17	attackspam	Sep 5 22:26:08 cp sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.57.17	2019-09-06 05:00:21
43.227.67.10	attackspambots	Sep 5 22:41:34 mail sshd\[28997\]: Invalid user gituser from 43.227.67.10 port 59988 Sep 5 22:41:34 mail sshd\[28997\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.227.67.10 Sep 5 22:41:36 mail sshd\[28997\]: Failed password for invalid user gituser from 43.227.67.10 port 59988 ssh2 Sep 5 22:45:39 mail sshd\[29446\]: Invalid user cloud from 43.227.67.10 port 40298 Sep 5 22:45:39 mail sshd\[29446\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.227.67.10	2019-09-06 04:53:01
52.32.216.173	attackbotsspam	Lines containing failures of 52.32.216.173 Sep 5 20:47:55 shared09 sshd[13586]: Invalid user musikbot from 52.32.216.173 port 54254 Sep 5 20:47:55 shared09 sshd[13586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.32.216.173 Sep 5 20:47:57 shared09 sshd[13586]: Failed password for invalid user musikbot from 52.32.216.173 port 54254 ssh2 Sep 5 20:47:57 shared09 sshd[13586]: Received disconnect from 52.32.216.173 port 54254:11: Bye Bye [preauth] Sep 5 20:47:57 shared09 sshd[13586]: Disconnected from invalid user musikbot 52.32.216.173 port 54254 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=52.32.216.173	2019-09-06 05:03:52
188.92.77.235	attackspambots	fire	2019-09-06 05:23:28
218.98.40.139	attackspambots	2019-09-05T13:10:35.213394Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 218.98.40.139:37543 \(107.175.91.48:22\) \[session: a9905acc2d17\] 2019-09-05T20:40:32.132043Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 218.98.40.139:27427 \(107.175.91.48:22\) \[session: 325cc642677f\] ...	2019-09-06 05:10:25
49.69.171.38	attackspam	Sep 5 22:09:49 intra sshd\[26654\]: Invalid user admin from 49.69.171.38Sep 5 22:09:51 intra sshd\[26654\]: Failed password for invalid user admin from 49.69.171.38 port 53449 ssh2Sep 5 22:09:53 intra sshd\[26654\]: Failed password for invalid user admin from 49.69.171.38 port 53449 ssh2Sep 5 22:09:55 intra sshd\[26654\]: Failed password for invalid user admin from 49.69.171.38 port 53449 ssh2Sep 5 22:09:57 intra sshd\[26654\]: Failed password for invalid user admin from 49.69.171.38 port 53449 ssh2Sep 5 22:10:00 intra sshd\[26654\]: Failed password for invalid user admin from 49.69.171.38 port 53449 ssh2 ...	2019-09-06 04:48:00
198.143.155.138	attackbotsspam	Scanning random ports - tries to find possible vulnerable services	2019-09-06 05:15:29
58.249.123.38	attack	Sep 5 22:36:16 mail sshd\[28378\]: Invalid user vnc from 58.249.123.38 port 54820 Sep 5 22:36:16 mail sshd\[28378\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.249.123.38 Sep 5 22:36:18 mail sshd\[28378\]: Failed password for invalid user vnc from 58.249.123.38 port 54820 ssh2 Sep 5 22:40:32 mail sshd\[28907\]: Invalid user ubuntu from 58.249.123.38 port 38682 Sep 5 22:40:32 mail sshd\[28907\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.249.123.38	2019-09-06 04:52:16
206.189.38.181	attack	fire	2019-09-06 04:46:04
191.53.236.123	attackbots	Sep 5 20:47:46 tamoto postfix/smtpd[12123]: warning: hostname 191-53-236-123.ptu-wr.mastercabo.com.br does not resolve to address 191.53.236.123: Name or service not known Sep 5 20:47:46 tamoto postfix/smtpd[12123]: connect from unknown[191.53.236.123] Sep 5 20:47:50 tamoto postfix/smtpd[12123]: warning: unknown[191.53.236.123]: SASL CRAM-MD5 authentication failed: authentication failure Sep 5 20:47:51 tamoto postfix/smtpd[12123]: warning: unknown[191.53.236.123]: SASL PLAIN authentication failed: authentication failure Sep 5 20:47:52 tamoto postfix/smtpd[12123]: warning: unknown[191.53.236.123]: SASL LOGIN authentication failed: authentication failure ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=191.53.236.123	2019-09-06 05:01:17
129.204.158.83	attack	Sep 5 23:42:40 intra sshd\[27767\]: Invalid user test from 129.204.158.83Sep 5 23:42:42 intra sshd\[27767\]: Failed password for invalid user test from 129.204.158.83 port 33050 ssh2Sep 5 23:46:58 intra sshd\[27801\]: Invalid user ubuntu from 129.204.158.83Sep 5 23:47:01 intra sshd\[27801\]: Failed password for invalid user ubuntu from 129.204.158.83 port 48262 ssh2Sep 5 23:51:27 intra sshd\[27868\]: Invalid user temp from 129.204.158.83Sep 5 23:51:28 intra sshd\[27868\]: Failed password for invalid user temp from 129.204.158.83 port 35254 ssh2 ...	2019-09-06 05:04:24
37.187.5.137	attackspambots	Sep 5 23:01:16 SilenceServices sshd[898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.5.137 Sep 5 23:01:18 SilenceServices sshd[898]: Failed password for invalid user deploy12345 from 37.187.5.137 port 44156 ssh2 Sep 5 23:05:43 SilenceServices sshd[2559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.5.137	2019-09-06 05:21:24
174.138.40.132	attackspam	Sep 5 22:37:52 core sshd[12010]: Invalid user 1q2w3e from 174.138.40.132 port 41374 Sep 5 22:37:54 core sshd[12010]: Failed password for invalid user 1q2w3e from 174.138.40.132 port 41374 ssh2 ...	2019-09-06 04:58:39

Recently Reported IPs

210.42.181.123	119.182.190.21	80.195.216.36	58.12.26.63
106.133.158.62	80.44.251.181	205.229.168.247	8.156.99.67
215.2.116.64	71.139.113.171	85.133.69.122	8.161.235.162
64.17.6.5	189.214.106.199	183.163.97.16	62.27.105.39
110.54.231.11	209.147.226.13	24.160.137.28	99.138.145.48