City: San Jose
Region: California
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
# start
NetRange: 54.144.0.0 - 54.221.255.255
CIDR: 54.216.0.0/14, 54.208.0.0/13, 54.192.0.0/12, 54.220.0.0/15, 54.160.0.0/11, 54.144.0.0/12
NetName: AMAZON
NetHandle: NET-54-144-0-0-1
Parent: NET54 (NET-54-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2014-10-23
Updated: 2021-02-10
Ref: https://rdap.arin.net/registry/ip/54.144.0.0
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2024-01-24
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/AT-88-Z
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
OrgRoutingHandle: ARMP-ARIN
OrgRoutingName: AWS RPKI Management POC
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
# end
# start
NetRange: 54.219.0.0 - 54.219.255.255
CIDR: 54.219.0.0/16
NetName: AMAZO-ZSFO3
NetHandle: NET-54-219-0-0-1
Parent: AMAZON (NET-54-144-0-0-1)
NetType: Reallocated
OriginAS:
Organization: Amazon.com, Inc. (AMAZO-48)
RegDate: 2013-05-30
Updated: 2021-02-10
Ref: https://rdap.arin.net/registry/ip/54.219.0.0
OrgName: Amazon.com, Inc.
OrgId: AMAZO-48
Address: 1200 12th Ave South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
RegDate: 2011-08-11
Updated: 2021-07-22
Comment: The activity you have detected originates from a dynamic hosting environment.
Comment: For fastest response, please submit abuse reports at http://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse
Comment: For more information regarding EC2 see:
Comment: http://ec2.amazonaws.com/
Comment: All reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/AMAZO-48
OrgRoutingHandle: ARMP-ARIN
OrgRoutingName: AWS RPKI Management POC
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
# end
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.219.56.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65017
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;54.219.56.105. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025092700 1800 900 604800 86400
;; Query time: 38 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Sep 27 14:30:46 CST 2025
;; MSG SIZE rcvd: 106105.56.219.54.in-addr.arpa domain name pointer ec2-54-219-56-105.us-west-1.compute.amazonaws.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
105.56.219.54.in-addr.arpa name = ec2-54-219-56-105.us-west-1.compute.amazonaws.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 191.252.92.203 | attackbotsspam | C1,WP GET /darkdiamondswp/wp-login.php |
2019-06-26 00:53:20 |
| 5.188.62.5 | attackbots | IP: 5.188.62.5 ASN: AS44050 Petersburg Internet Network ltd. Port: World Wide Web HTTP 80 Found in one or more Blacklists Date: 25/06/2019 9:38:44 AM UTC |
2019-06-25 23:55:28 |
| 137.116.138.221 | attackbots | Jun 25 04:43:12 durga sshd[552620]: Invalid user nao from 137.116.138.221 Jun 25 04:43:12 durga sshd[552620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.116.138.221 Jun 25 04:43:14 durga sshd[552620]: Failed password for invalid user nao from 137.116.138.221 port 63993 ssh2 Jun 25 04:43:14 durga sshd[552620]: Received disconnect from 137.116.138.221: 11: Bye Bye [preauth] Jun 25 04:46:36 durga sshd[553547]: Invalid user suraj from 137.116.138.221 Jun 25 04:46:36 durga sshd[553547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.116.138.221 Jun 25 04:46:38 durga sshd[553547]: Failed password for invalid user suraj from 137.116.138.221 port 45008 ssh2 Jun 25 04:46:38 durga sshd[553547]: Received disconnect from 137.116.138.221: 11: Bye Bye [preauth] Jun 25 04:48:20 durga sshd[553787]: Invalid user admin from 137.116.138.221 Jun 25 04:48:20 durga sshd[553787]: pam_unix(sshd:auth........ ------------------------------- |
2019-06-26 00:04:20 |
| 5.39.79.48 | attackspambots | Jun 25 06:48:23 localhost sshd\[19720\]: Invalid user gk from 5.39.79.48 port 40457 Jun 25 06:48:23 localhost sshd\[19720\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.39.79.48 Jun 25 06:48:25 localhost sshd\[19720\]: Failed password for invalid user gk from 5.39.79.48 port 40457 ssh2 ... |
2019-06-26 00:03:42 |
| 177.23.61.213 | attack | SMTP-sasl brute force ... |
2019-06-26 00:48:47 |
| 95.85.12.206 | attackspam | Jun 25 08:47:52 mail sshd[8273]: Invalid user hh from 95.85.12.206 ... |
2019-06-26 00:31:58 |
| 45.76.186.108 | attack | Jun 24 21:48:28 srv1 sshd[708]: Address 45.76.186.108 maps to 45.76.186.108.vultr.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jun 24 21:48:28 srv1 sshd[708]: Invalid user chaps from 45.76.186.108 Jun 24 21:48:28 srv1 sshd[708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.76.186.108 Jun 24 21:48:30 srv1 sshd[709]: Received disconnect from 45.76.186.108: 11: Bye Bye Jun 24 21:48:30 srv1 sshd[708]: Failed password for invalid user chaps from 45.76.186.108 port 45106 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=45.76.186.108 |
2019-06-26 00:45:52 |
| 106.12.33.174 | attackbots | /var/log/messages:Jun 24 19:46:57 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1561405617.187:23987): pid=25620 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=25621 suid=74 rport=40044 laddr=104.167.106.93 lport=23 exe="/usr/sbin/sshd" hostname=? addr=106.12.33.174 terminal=? res=success' /var/log/messages:Jun 24 19:46:57 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1561405617.190:23988): pid=25620 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=25621 suid=74 rport=40044 laddr=104.167.106.93 lport=23 exe="/usr/sbin/sshd" hostname=? addr=106.12.33.174 terminal=? res=success' /var/log/messages:Jun 24 19:46:58 sanyalnet-cloud-vps fail2ban.filter[5313]: INFO [sshd] Found........ ------------------------------- |
2019-06-26 00:14:22 |
| 125.23.144.138 | attackbots | Unauthorised access (Jun 25) SRC=125.23.144.138 LEN=52 TTL=120 ID=21585 DF TCP DPT=445 WINDOW=8192 SYN |
2019-06-25 23:56:46 |
| 103.35.197.83 | attack | Unauthorized connection attempt from IP address 103.35.197.83 on Port 445(SMB) |
2019-06-26 00:37:17 |
| 42.118.115.156 | attack | Unauthorized connection attempt from IP address 42.118.115.156 on Port 445(SMB) |
2019-06-26 00:28:39 |
| 119.29.9.228 | attack | Jun 25 08:47:54 ncomp sshd[24178]: Invalid user check from 119.29.9.228 Jun 25 08:47:54 ncomp sshd[24178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.9.228 Jun 25 08:47:54 ncomp sshd[24178]: Invalid user check from 119.29.9.228 Jun 25 08:47:57 ncomp sshd[24178]: Failed password for invalid user check from 119.29.9.228 port 42056 ssh2 |
2019-06-26 00:29:52 |
| 112.238.43.17 | attack | Unauthorised access (Jun 25) SRC=112.238.43.17 LEN=40 TTL=49 ID=41710 TCP DPT=23 WINDOW=41091 SYN |
2019-06-26 00:13:36 |
| 192.69.133.50 | attackbots | $f2bV_matches |
2019-06-26 00:35:53 |
| 111.224.137.220 | attackbotsspam | 2019-06-25T06:47:56.056251abusebot-2.cloudsearch.cf sshd\[7591\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.224.137.220 user=root |
2019-06-26 00:30:30 |