City: Ashburn
Region: Virginia
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
# start
NetRange: 54.144.0.0 - 54.221.255.255
CIDR: 54.220.0.0/15, 54.160.0.0/11, 54.144.0.0/12, 54.192.0.0/12, 54.216.0.0/14, 54.208.0.0/13
NetName: AMAZON
NetHandle: NET-54-144-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2014-10-23
Updated: 2021-02-10
Ref: https://rdap.arin.net/registry/ip/54.144.0.0
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2024-01-24
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/AT-88-Z
OrgRoutingHandle: ARMP-ARIN
OrgRoutingName: AWS RPKI Management POC
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
# end
# start
NetRange: 54.144.0.0 - 54.147.255.255
CIDR: 54.144.0.0/14
NetName: AMAZON-IAD
NetHandle: NET-54-144-0-0-2
Parent: AMAZON (NET-54-144-0-0-1)
NetType: Reallocated
OriginAS:
Organization: Amazon Data Services Northern Virginia (ADSN-1)
RegDate: 2018-07-20
Updated: 2018-07-20
Ref: https://rdap.arin.net/registry/ip/54.144.0.0
OrgName: Amazon Data Services Northern Virginia
OrgId: ADSN-1
Address: 13200 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
RegDate: 2018-04-25
Updated: 2025-08-14
Ref: https://rdap.arin.net/registry/entity/ADSN-1
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
# end
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.144.131.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19022
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;54.144.131.7. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025092100 1800 900 604800 86400
;; Query time: 33 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 21 19:47:49 CST 2025
;; MSG SIZE rcvd: 1057.131.144.54.in-addr.arpa domain name pointer ec2-54-144-131-7.compute-1.amazonaws.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
7.131.144.54.in-addr.arpa name = ec2-54-144-131-7.compute-1.amazonaws.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 139.59.100.255 | attackbotsspam | 139.59.100.255 - - \[11/Nov/2019:08:13:16 +0100\] "POST /wp-login.php HTTP/1.0" 200 5224 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 139.59.100.255 - - \[11/Nov/2019:08:13:20 +0100\] "POST /wp-login.php HTTP/1.0" 200 5039 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 139.59.100.255 - - \[11/Nov/2019:08:13:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 5036 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" |
2019-11-11 19:05:50 |
| 167.99.159.35 | attack | Nov 11 11:01:06 lnxded63 sshd[23180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.159.35 |
2019-11-11 18:57:42 |
| 112.29.140.223 | attackbots | B: f2b 404 5x |
2019-11-11 18:45:21 |
| 60.2.10.86 | attackbotsspam | Nov 11 00:37:07 sachi sshd\[23071\]: Invalid user handzel from 60.2.10.86 Nov 11 00:37:07 sachi sshd\[23071\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.2.10.86 Nov 11 00:37:09 sachi sshd\[23071\]: Failed password for invalid user handzel from 60.2.10.86 port 16777 ssh2 Nov 11 00:41:55 sachi sshd\[23533\]: Invalid user rizal from 60.2.10.86 Nov 11 00:41:55 sachi sshd\[23533\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.2.10.86 |
2019-11-11 19:00:34 |
| 218.92.0.138 | attackspambots | Nov 11 07:24:10 dedicated sshd[19871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138 user=root Nov 11 07:24:12 dedicated sshd[19871]: Failed password for root from 218.92.0.138 port 39413 ssh2 |
2019-11-11 18:53:40 |
| 120.92.35.127 | attackbotsspam | Nov 11 11:26:11 srv1 sshd[20323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.35.127 Nov 11 11:26:14 srv1 sshd[20323]: Failed password for invalid user cosentino from 120.92.35.127 port 33486 ssh2 ... |
2019-11-11 18:49:39 |
| 106.13.45.212 | attackbots | Lines containing failures of 106.13.45.212 Nov 11 11:19:08 mx-in-02 sshd[27557]: Invalid user wwwrun from 106.13.45.212 port 54728 Nov 11 11:19:09 mx-in-02 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.45.212 Nov 11 11:19:10 mx-in-02 sshd[27557]: Failed password for invalid user wwwrun from 106.13.45.212 port 54728 ssh2 Nov 11 11:19:11 mx-in-02 sshd[27557]: Received disconnect from 106.13.45.212 port 54728:11: Bye Bye [preauth] Nov 11 11:19:11 mx-in-02 sshd[27557]: Disconnected from invalid user wwwrun 106.13.45.212 port 54728 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=106.13.45.212 |
2019-11-11 18:50:01 |
| 122.51.76.234 | attackbots | Nov 11 02:19:44 rb06 sshd[23461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.76.234 user=backup Nov 11 02:19:47 rb06 sshd[23461]: Failed password for backup from 122.51.76.234 port 39992 ssh2 Nov 11 02:19:47 rb06 sshd[23461]: Received disconnect from 122.51.76.234: 11: Bye Bye [preauth] Nov 11 02:42:37 rb06 sshd[4962]: Failed password for invalid user ballo from 122.51.76.234 port 55288 ssh2 Nov 11 02:42:37 rb06 sshd[4962]: Received disconnect from 122.51.76.234: 11: Bye Bye [preauth] Nov 11 02:47:03 rb06 sshd[6221]: Failed password for invalid user bauwens from 122.51.76.234 port 35212 ssh2 Nov 11 02:47:03 rb06 sshd[6221]: Received disconnect from 122.51.76.234: 11: Bye Bye [preauth] Nov 11 02:51:28 rb06 sshd[7646]: Failed password for invalid user nhostnamezsche from 122.51.76.234 port 43366 ssh2 Nov 11 02:51:29 rb06 sshd[7646]: Received disconnect from 122.51.76.234: 11: Bye Bye [preauth] ........ ----------------------------------------------- https:/ |
2019-11-11 18:52:38 |
| 66.110.216.198 | attackbots | 2019/11/11 06:23:28 \[error\] 22622\#0: \*5859 An error occurred in mail zmauth: user not found:hwnenxumvhqz@*fathog.com while SSL handshaking to lookup handler, client: 66.110.216.198:37378, server: 45.79.145.195:993, login: "hwnenxumvhqz@*fathog.com" |
2019-11-11 19:12:02 |
| 46.101.151.51 | attackbots | Nov 11 11:54:29 meumeu sshd[16429]: Failed password for root from 46.101.151.51 port 60832 ssh2 Nov 11 11:58:08 meumeu sshd[16828]: Failed password for lp from 46.101.151.51 port 40170 ssh2 ... |
2019-11-11 19:12:53 |
| 119.29.129.237 | attackbots | Nov 11 12:23:58 server sshd\[25848\]: Invalid user eris from 119.29.129.237 Nov 11 12:23:58 server sshd\[25848\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.129.237 Nov 11 12:24:00 server sshd\[25848\]: Failed password for invalid user eris from 119.29.129.237 port 54792 ssh2 Nov 11 12:41:32 server sshd\[30575\]: Invalid user ry from 119.29.129.237 Nov 11 12:41:32 server sshd\[30575\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.129.237 ... |
2019-11-11 19:13:45 |
| 203.129.226.99 | attackbotsspam | Nov 11 11:05:45 tux-35-217 sshd\[4432\]: Invalid user named from 203.129.226.99 port 62269 Nov 11 11:05:45 tux-35-217 sshd\[4432\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.129.226.99 Nov 11 11:05:46 tux-35-217 sshd\[4432\]: Failed password for invalid user named from 203.129.226.99 port 62269 ssh2 Nov 11 11:09:50 tux-35-217 sshd\[4447\]: Invalid user gp from 203.129.226.99 port 25807 Nov 11 11:09:50 tux-35-217 sshd\[4447\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.129.226.99 ... |
2019-11-11 18:39:19 |
| 45.95.32.243 | attackspambots | Lines containing failures of 45.95.32.243 Nov 11 07:12:26 shared04 postfix/smtpd[11024]: connect from sleeper.protutoriais.com[45.95.32.243] Nov 11 07:12:26 shared04 policyd-spf[11027]: prepend Received-SPF: Pass (mailfrom) identhostnamey=mailfrom; client-ip=45.95.32.243; helo=sleeper.byfridaem.co; envelope-from=x@x Nov x@x Nov 11 07:12:26 shared04 postfix/smtpd[11024]: disconnect from sleeper.protutoriais.com[45.95.32.243] ehlo=1 mail=1 rcpt=0/1 data=0/1 quhostname=1 commands=3/5 Nov 11 07:13:04 shared04 postfix/smtpd[9039]: connect from sleeper.protutoriais.com[45.95.32.243] Nov 11 07:13:04 shared04 policyd-spf[13345]: prepend Received-SPF: Pass (mailfrom) identhostnamey=mailfrom; client-ip=45.95.32.243; helo=sleeper.byfridaem.co; envelope-from=x@x Nov x@x Nov 11 07:13:04 shared04 postfix/smtpd[9039]: disconnect from sleeper.protutoriais.com[45.95.32.243] ehlo=1 mail=1 rcpt=0/1 data=0/1 quhostname=1 commands=3/5 Nov 11 07:14:06 shared04 postfix/smtpd[9913]: connect fro........ ------------------------------ |
2019-11-11 18:37:30 |
| 124.228.150.88 | attackspam | [portscan] Port scan |
2019-11-11 19:10:40 |
| 159.203.201.31 | attackbots | 11/11/2019-01:24:23.864041 159.203.201.31 Protocol: 6 ET DROP Dshield Block Listed Source group 1 |
2019-11-11 18:49:22 |