54.252.133.18 - IPInfo

Basic Info

City: Sydney

Region: New South Wales

Country: Australia

Internet Service Provider: Amazon.com Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	May 24 08:06:19 ny01 sshd[10055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18 May 24 08:06:21 ny01 sshd[10055]: Failed password for invalid user xln from 54.252.133.18 port 49180 ssh2 May 24 08:10:59 ny01 sshd[10669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18	2020-05-25 00:44:14
attack	May 23 23:29:23 lnxded64 sshd[12564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18	2020-05-24 06:56:26

Type

Details

Datetime

attackbotsspam

May 24 08:06:19 ny01 sshd[10055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18
May 24 08:06:21 ny01 sshd[10055]: Failed password for invalid user xln from 54.252.133.18 port 49180 ssh2
May 24 08:10:59 ny01 sshd[10669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18

2020-05-25 00:44:14

attack

May 23 23:29:23 lnxded64 sshd[12564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.252.133.18

2020-05-24 06:56:26

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.252.133.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 388
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.252.133.18.			IN	A

;; AUTHORITY SECTION:
.			548	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020052302 1800 900 604800 86400

;; Query time: 496 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 24 06:56:22 CST 2020
;; MSG SIZE  rcvd: 117

Host info

18.133.252.54.in-addr.arpa domain name pointer ec2-54-252-133-18.ap-southeast-2.compute.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
18.133.252.54.in-addr.arpa	name = ec2-54-252-133-18.ap-southeast-2.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.54.48.29	attack	Aug 22 09:25:58 Invalid user kiki from 106.54.48.29 port 44272	2020-08-22 18:04:09
132.232.108.149	attack	Aug 22 05:58:36 mail sshd\[60130\]: Invalid user testuser from 132.232.108.149 Aug 22 05:58:36 mail sshd\[60130\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.108.149 ...	2020-08-22 18:08:06
143.255.242.130	attackspambots	Automatic report - Port Scan Attack	2020-08-22 17:55:51
183.89.11.63	attack	Attempted connection to port 445.	2020-08-22 18:16:06
222.252.106.155	attackbotsspam	notenschluessel-fulda.de 222.252.106.155 [22/Aug/2020:05:47:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" notenschluessel-fulda.de 222.252.106.155 [22/Aug/2020:05:47:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"	2020-08-22 18:32:05
104.248.132.216	attackspambots	104.248.132.216 - - [22/Aug/2020:05:47:34 +0200] "GET /wp-login.php HTTP/1.1" 200 8537 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.132.216 - - [22/Aug/2020:05:47:36 +0200] "POST /wp-login.php HTTP/1.1" 200 8788 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.132.216 - - [22/Aug/2020:05:47:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-22 18:31:25
144.34.192.10	attack	Invalid user admin from 144.34.192.10 port 42918	2020-08-22 18:34:43
95.0.32.17	attackspambots	Attempted Brute Force (dovecot)	2020-08-22 17:56:10
61.9.103.242	attackbots	1598068070 - 08/22/2020 05:47:50 Host: 61.9.103.242/61.9.103.242 Port: 445 TCP Blocked	2020-08-22 18:18:03
122.51.241.109	attack	Aug 22 10:25:58 icinga sshd[41716]: Failed password for root from 122.51.241.109 port 34932 ssh2 Aug 22 10:32:55 icinga sshd[51592]: Failed password for root from 122.51.241.109 port 50792 ssh2 ...	2020-08-22 18:32:43
157.245.245.159	attackbots	157.245.245.159 - - \[22/Aug/2020:10:35:52 +0200\] "POST /wp-login.php HTTP/1.0" 200 8727 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 157.245.245.159 - - \[22/Aug/2020:10:35:54 +0200\] "POST /wp-login.php HTTP/1.0" 200 8729 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 157.245.245.159 - - \[22/Aug/2020:10:36:00 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 935 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-08-22 17:54:15
150.242.87.230	attack	Attempted theft of identity via account hacking	2020-08-22 18:28:17
129.204.173.194	attackspambots	2020-08-22T11:32:10.476487galaxy.wi.uni-potsdam.de sshd[3643]: Invalid user oracle from 129.204.173.194 port 37876 2020-08-22T11:32:10.481456galaxy.wi.uni-potsdam.de sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.173.194 2020-08-22T11:32:10.476487galaxy.wi.uni-potsdam.de sshd[3643]: Invalid user oracle from 129.204.173.194 port 37876 2020-08-22T11:32:12.726693galaxy.wi.uni-potsdam.de sshd[3643]: Failed password for invalid user oracle from 129.204.173.194 port 37876 ssh2 2020-08-22T11:34:50.489441galaxy.wi.uni-potsdam.de sshd[3952]: Invalid user postgres from 129.204.173.194 port 40584 2020-08-22T11:34:50.495251galaxy.wi.uni-potsdam.de sshd[3952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.173.194 2020-08-22T11:34:50.489441galaxy.wi.uni-potsdam.de sshd[3952]: Invalid user postgres from 129.204.173.194 port 40584 2020-08-22T11:34:52.368402galaxy.wi.uni-potsdam.de sshd[3952]: ...	2020-08-22 17:55:23
51.68.44.154	attackbots	$f2bV_matches	2020-08-22 18:07:54
112.85.42.173	attackspam	Aug 22 03:25:21 dignus sshd[30497]: Failed password for root from 112.85.42.173 port 5874 ssh2 Aug 22 03:25:24 dignus sshd[30497]: Failed password for root from 112.85.42.173 port 5874 ssh2 Aug 22 03:25:27 dignus sshd[30497]: Failed password for root from 112.85.42.173 port 5874 ssh2 Aug 22 03:25:31 dignus sshd[30497]: Failed password for root from 112.85.42.173 port 5874 ssh2 Aug 22 03:25:34 dignus sshd[30497]: Failed password for root from 112.85.42.173 port 5874 ssh2 ...	2020-08-22 18:25:39

Recently Reported IPs

105.132.246.116	100.132.15.75	112.153.117.136	129.68.153.223
202.208.134.245	158.48.139.255	76.111.118.105	72.188.209.29
71.233.23.170	34.215.115.160	74.134.82.116	79.87.52.213
98.210.30.6	184.8.249.49	108.34.185.116	32.118.137.225
93.133.118.154	14.21.65.50	71.169.6.205	85.225.170.218