54.160.220.245

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Amazon Technologies Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	May 4 16:17:57 nextcloud sshd\[6331\]: Invalid user aneta from 54.160.220.245 May 4 16:17:57 nextcloud sshd\[6331\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.160.220.245 May 4 16:18:00 nextcloud sshd\[6331\]: Failed password for invalid user aneta from 54.160.220.245 port 36854 ssh2	2020-05-05 02:21:56

Type

Details

Datetime

attack

May  4 16:17:57 nextcloud sshd\[6331\]: Invalid user aneta from 54.160.220.245
May  4 16:17:57 nextcloud sshd\[6331\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.160.220.245
May  4 16:18:00 nextcloud sshd\[6331\]: Failed password for invalid user aneta from 54.160.220.245 port 36854 ssh2

2020-05-05 02:21:56

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.160.220.245
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13442
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.160.220.245.			IN	A

;; AUTHORITY SECTION:
.			335	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050300 1800 900 604800 86400

;; Query time: 108 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 03 18:25:02 CST 2020
;; MSG SIZE  rcvd: 118

Host info

245.220.160.54.in-addr.arpa domain name pointer ec2-54-160-220-245.compute-1.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
245.220.160.54.in-addr.arpa	name = ec2-54-160-220-245.compute-1.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.15.2.67	attackspam	Dec 7 15:25:42 eddieflores sshd\[14257\]: Invalid user metrailer from 51.15.2.67 Dec 7 15:25:42 eddieflores sshd\[14257\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.2.67 Dec 7 15:25:44 eddieflores sshd\[14257\]: Failed password for invalid user metrailer from 51.15.2.67 port 40569 ssh2 Dec 7 15:31:29 eddieflores sshd\[14801\]: Invalid user skojima from 51.15.2.67 Dec 7 15:31:29 eddieflores sshd\[14801\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.2.67	2019-12-08 09:36:31
80.24.111.17	attack	Dec 7 13:24:11 sachi sshd\[12083\]: Invalid user Losenord3@1 from 80.24.111.17 Dec 7 13:24:11 sachi sshd\[12083\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=17.red-80-24-111.staticip.rima-tde.net Dec 7 13:24:14 sachi sshd\[12083\]: Failed password for invalid user Losenord3@1 from 80.24.111.17 port 55950 ssh2 Dec 7 13:29:37 sachi sshd\[12685\]: Invalid user p@33w0rd12345 from 80.24.111.17 Dec 7 13:29:37 sachi sshd\[12685\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=17.red-80-24-111.staticip.rima-tde.net	2019-12-08 09:35:21
139.59.226.82	attack	Dec 7 18:50:58 web1 sshd\[8141\]: Invalid user zenoss from 139.59.226.82 Dec 7 18:50:58 web1 sshd\[8141\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.82 Dec 7 18:50:59 web1 sshd\[8141\]: Failed password for invalid user zenoss from 139.59.226.82 port 57752 ssh2 Dec 7 18:57:26 web1 sshd\[8787\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.82 user=root Dec 7 18:57:28 web1 sshd\[8787\]: Failed password for root from 139.59.226.82 port 38040 ssh2	2019-12-08 13:07:55
158.69.22.218	attack	Dec 8 02:17:49 microserver sshd[34975]: Invalid user manbajood from 158.69.22.218 port 58994 Dec 8 02:17:49 microserver sshd[34975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.22.218 Dec 8 02:17:50 microserver sshd[34975]: Failed password for invalid user manbajood from 158.69.22.218 port 58994 ssh2 Dec 8 02:23:39 microserver sshd[35788]: Invalid user wwwrun from 158.69.22.218 port 41986 Dec 8 02:23:39 microserver sshd[35788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.22.218 Dec 8 02:47:01 microserver sshd[39476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.22.218 user=root Dec 8 02:47:04 microserver sshd[39476]: Failed password for root from 158.69.22.218 port 58502 ssh2 Dec 8 02:52:53 microserver sshd[40326]: Invalid user smith from 158.69.22.218 port 41488 Dec 8 02:52:53 microserver sshd[40326]: pam_unix(sshd:auth): authentication failure; log	2019-12-08 09:34:44
200.116.105.213	attackbots	2019-12-08T01:36:14.805244abusebot-3.cloudsearch.cf sshd\[16433\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=conm200-116-105-213.epm.net.co user=root	2019-12-08 09:39:23
46.45.178.5	attackspambots	46.45.178.5 - - \[08/Dec/2019:05:57:30 +0100\] "POST /wp-login.php HTTP/1.0" 200 7656 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 46.45.178.5 - - \[08/Dec/2019:05:57:31 +0100\] "POST /wp-login.php HTTP/1.0" 200 7486 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 46.45.178.5 - - \[08/Dec/2019:05:57:32 +0100\] "POST /wp-login.php HTTP/1.0" 200 7480 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-08 13:05:14
185.220.101.13	attack	12/08/2019-00:29:33.532195 185.220.101.13 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 30	2019-12-08 09:43:39
83.221.222.209	attackbots	[SunDec0805:56:59.3265432019][:error][pid28661:tid47486370584320][client83.221.222.209:24008][client83.221.222.209]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\\|\?=\?f\(\?:open\\|write\)\?\\\\\\\\\(\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress\)\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:widgetConfig[code].[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:widgetConfig[code]"][severity"CRITICAL"][hostname"136.243.224.51"][uri"/index.php"][unique_id"XeyCm-5fd3JoGllOPYOQpgAAAMk"][SunDec0805:56:59.4194762019][:error][pid28661:tid47486370584320][client83.221.222.209:24008][client83.221.222.209]ModSecurity:Accessdeniedwit	2019-12-08 13:08:23
92.222.91.31	attackspambots	Dec 7 18:51:53 php1 sshd\[31886\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.ip-92-222-91.eu user=root Dec 7 18:51:54 php1 sshd\[31886\]: Failed password for root from 92.222.91.31 port 50550 ssh2 Dec 7 18:57:27 php1 sshd\[32659\]: Invalid user hodari from 92.222.91.31 Dec 7 18:57:27 php1 sshd\[32659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.ip-92-222-91.eu Dec 7 18:57:29 php1 sshd\[32659\]: Failed password for invalid user hodari from 92.222.91.31 port 56306 ssh2	2019-12-08 13:07:13
104.218.164.67	attackspambots	Dec 7 15:36:03 hanapaa sshd\[8095\]: Invalid user norimichi from 104.218.164.67 Dec 7 15:36:03 hanapaa sshd\[8095\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.218.164.67 Dec 7 15:36:05 hanapaa sshd\[8095\]: Failed password for invalid user norimichi from 104.218.164.67 port 54728 ssh2 Dec 7 15:42:25 hanapaa sshd\[8791\]: Invalid user horhann from 104.218.164.67 Dec 7 15:42:25 hanapaa sshd\[8791\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.218.164.67	2019-12-08 09:45:43
218.98.40.135	attack	fail2ban	2019-12-08 13:12:45
124.41.211.78	attackspambots	Exploited host used to relais spam through hacked email accounts	2019-12-08 09:49:55
211.254.213.18	attackspam	Dec 8 01:47:22 localhost sshd\[28932\]: Invalid user yjm1731 from 211.254.213.18 port 41926 Dec 8 01:47:22 localhost sshd\[28932\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.254.213.18 Dec 8 01:47:24 localhost sshd\[28932\]: Failed password for invalid user yjm1731 from 211.254.213.18 port 41926 ssh2	2019-12-08 09:45:05
164.132.57.16	attackbotsspam	Dec 8 01:16:49 zeus sshd[21128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.57.16 Dec 8 01:16:51 zeus sshd[21128]: Failed password for invalid user bulman from 164.132.57.16 port 59101 ssh2 Dec 8 01:22:13 zeus sshd[21330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.57.16 Dec 8 01:22:15 zeus sshd[21330]: Failed password for invalid user stremming from 164.132.57.16 port 35666 ssh2	2019-12-08 09:33:51
222.186.173.142	attackspambots	Dec 8 06:04:38 MK-Soft-Root1 sshd[1793]: Failed password for root from 222.186.173.142 port 47264 ssh2 Dec 8 06:04:41 MK-Soft-Root1 sshd[1793]: Failed password for root from 222.186.173.142 port 47264 ssh2 ...	2019-12-08 13:14:44

Recently Reported IPs

14.142.27.3	160.124.15.108	199.255.26.235	86.169.159.156
113.141.230.228	37.255.96.1	116.110.110.15	142.164.230.163
52.170.57.134	114.99.4.176	23.2.17.244	58.176.119.216
116.232.64.187	94.168.86.178	106.75.234.10	93.182.131.14
190.229.77.4	45.236.253.130	92.170.193.66	216.194.93.100