54.193.66.148 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Amazon.com Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Bad Bot Bad Request: "GET /app HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic" Bad Bot Bad Request: "GET / HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic" Bad Bot Bad Request: "GET / HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic"	2019-06-22 05:33:08

Type

Details

Datetime

attackbots

Bad Bot Bad Request: "GET /app HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic" Bad Bot Bad Request: "GET / HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic" Bad Bot Bad Request: "GET / HTTP/1.1" Agent: "python-requests/2.6.0 CPython/2.7.6 Linux/3.13.0-74-generic"

2019-06-22 05:33:08

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.193.66.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33855
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.193.66.148.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062101 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 22 05:33:03 CST 2019
;; MSG SIZE  rcvd: 117

Host info

148.66.193.54.in-addr.arpa domain name pointer ec2-54-193-66-148.us-west-1.compute.amazonaws.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
148.66.193.54.in-addr.arpa	name = ec2-54-193-66-148.us-west-1.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.15.10	attackspam	Feb 1 00:20:48 areeb-Workstation sshd[16085]: Failed password for root from 222.186.15.10 port 30431 ssh2 Feb 1 00:20:52 areeb-Workstation sshd[16085]: Failed password for root from 222.186.15.10 port 30431 ssh2 ...	2020-02-01 02:53:21
5.123.207.108	attackbots	Unauthorized connection attempt from IP address 5.123.207.108 on Port 445(SMB)	2020-02-01 02:35:53
171.248.82.12	attackbots	Unauthorized connection attempt from IP address 171.248.82.12 on Port 445(SMB)	2020-02-01 02:29:19
24.111.88.74	attack	Unauthorized connection attempt from IP address 24.111.88.74 on Port 445(SMB)	2020-02-01 02:51:23
187.188.251.219	attackbots	Jan 31 19:24:03 pornomens sshd\[25265\]: Invalid user www from 187.188.251.219 port 50780 Jan 31 19:24:03 pornomens sshd\[25265\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.188.251.219 Jan 31 19:24:06 pornomens sshd\[25265\]: Failed password for invalid user www from 187.188.251.219 port 50780 ssh2 ...	2020-02-01 02:25:54
120.52.120.18	attack	Unauthorized connection attempt detected from IP address 120.52.120.18 to port 2220 [J]	2020-02-01 03:01:12
15.206.88.160	attackspambots	[FriJan3118:36:14.9243322020][:error][pid25773:tid47392790161152][client15.206.88.160:57468][client15.206.88.160]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"211"][id"390709"][rev"30"][msg"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely"][data"/.env"][severity"CRITICAL"][hostname"silversea.galardi.ch"][uri"/.env"][unique_id"XjRljoCIQRbQmPxsvhPzjQAAAQ8"][FriJan3118:37:07.7899022020][:error][pid25773:tid47392758642432][client15.206.88.160:40812][client15.206.88.160]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\	2020-02-01 02:48:50
82.117.190.170	attackbotsspam	Unauthorized connection attempt detected from IP address 82.117.190.170 to port 2220 [J]	2020-02-01 02:36:47
186.4.123.139	attackspam	$f2bV_matches	2020-02-01 02:32:30
159.203.142.91	attack	Unauthorized connection attempt detected from IP address 159.203.142.91 to port 2220 [J]	2020-02-01 02:58:15
104.168.163.35	attackspam	Jan 31 18:24:46 srv-ubuntu-dev3 sshd[57274]: Invalid user qwe123 from 104.168.163.35 Jan 31 18:24:46 srv-ubuntu-dev3 sshd[57274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.163.35 Jan 31 18:24:46 srv-ubuntu-dev3 sshd[57274]: Invalid user qwe123 from 104.168.163.35 Jan 31 18:24:48 srv-ubuntu-dev3 sshd[57274]: Failed password for invalid user qwe123 from 104.168.163.35 port 34040 ssh2 Jan 31 18:28:00 srv-ubuntu-dev3 sshd[57548]: Invalid user 654321 from 104.168.163.35 Jan 31 18:28:00 srv-ubuntu-dev3 sshd[57548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.163.35 Jan 31 18:28:00 srv-ubuntu-dev3 sshd[57548]: Invalid user 654321 from 104.168.163.35 Jan 31 18:28:02 srv-ubuntu-dev3 sshd[57548]: Failed password for invalid user 654321 from 104.168.163.35 port 35754 ssh2 Jan 31 18:31:03 srv-ubuntu-dev3 sshd[57829]: Invalid user tomas from 104.168.163.35 ...	2020-02-01 02:52:20
124.107.57.216	attackbots	20/1/31@12:30:50: FAIL: Alarm-Intrusion address from=124.107.57.216 ...	2020-02-01 03:05:03
106.54.196.9	attack	Jan 31 19:25:38 silence02 sshd[5295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.196.9 Jan 31 19:25:39 silence02 sshd[5295]: Failed password for invalid user test from 106.54.196.9 port 54884 ssh2 Jan 31 19:28:30 silence02 sshd[5460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.196.9	2020-02-01 02:55:53
222.186.30.57	attackbotsspam	Jan 31 19:27:05 v22018053744266470 sshd[11694]: Failed password for root from 222.186.30.57 port 16076 ssh2 Jan 31 19:30:02 v22018053744266470 sshd[11876]: Failed password for root from 222.186.30.57 port 50841 ssh2 Jan 31 19:30:04 v22018053744266470 sshd[11876]: Failed password for root from 222.186.30.57 port 50841 ssh2 ...	2020-02-01 02:31:45
138.185.242.194	attackbots	Unauthorized connection attempt from IP address 138.185.242.194 on Port 445(SMB)	2020-02-01 02:49:20

Recently Reported IPs

115.76.94.115	191.255.192.212	128.65.158.20	184.82.25.99
117.102.227.14	83.112.85.207	42.239.90.69	182.61.190.92
79.173.226.245	67.17.37.99	238.215.213.188	111.175.33.6
45.55.190.106	185.132.178.23	205.209.232.217	139.208.70.160
86.67.141.32	123.125.71.113	86.237.4.49	31.47.144.49