54.252.2.20 - IPInfo

Basic Info

City: Sydney

Region: New South Wales

Country: Australia

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
54.252.231.86	attack	Unauthorized connection attempt detected from IP address 54.252.231.86 to port 80 [T]	2020-02-01 21:06:28
54.252.213.237	attackspam	Unauthorized connection attempt detected from IP address 54.252.213.237 to port 80 [T]	2020-01-30 01:23:14
54.252.213.148	attack	RDP Bruteforce	2019-11-03 14:07:01

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.252.2.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54244
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;54.252.2.20.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025041003 1800 900 604800 86400

;; Query time: 36 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Apr 11 10:27:51 CST 2025
;; MSG SIZE  rcvd: 104

Host info

20.2.252.54.in-addr.arpa domain name pointer ec2-54-252-2-20.ap-southeast-2.compute.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
20.2.252.54.in-addr.arpa	name = ec2-54-252-2-20.ap-southeast-2.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
218.92.0.207	attackbots	2019-09-07T06:51:08.951547abusebot-4.cloudsearch.cf sshd\[26088\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207 user=root	2019-09-07 14:59:50
49.88.112.78	attack	Sep 6 20:50:16 hiderm sshd\[18445\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.78 user=root Sep 6 20:50:18 hiderm sshd\[18445\]: Failed password for root from 49.88.112.78 port 33685 ssh2 Sep 6 20:50:23 hiderm sshd\[18456\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.78 user=root Sep 6 20:50:25 hiderm sshd\[18456\]: Failed password for root from 49.88.112.78 port 27184 ssh2 Sep 6 20:50:33 hiderm sshd\[18458\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.78 user=root	2019-09-07 14:55:12
49.234.35.195	attack	2019-09-07T00:31:44.323092Z 757a3d29c439 New connection: 49.234.35.195:55434 (172.17.0.6:2222) [session: 757a3d29c439] 2019-09-07T00:37:50.253268Z 9d26b73e1a41 New connection: 49.234.35.195:59854 (172.17.0.6:2222) [session: 9d26b73e1a41]	2019-09-07 15:04:44
78.84.12.76	attack	[Sat Sep 07 03:39:21.089807 2019] [:error] [pid 206218] [client 78.84.12.76:45393] [client 78.84.12.76] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "XXNQmXD1zuld8o4xRLE-IQAAAAM"] ...	2019-09-07 14:47:24
51.254.220.20	attackbots	Sep 7 06:52:34 www5 sshd\[3375\]: Invalid user jenkins from 51.254.220.20 Sep 7 06:52:34 www5 sshd\[3375\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.220.20 Sep 7 06:52:36 www5 sshd\[3375\]: Failed password for invalid user jenkins from 51.254.220.20 port 55996 ssh2 ...	2019-09-07 14:55:42
118.25.177.241	attackbots	Sep 7 06:53:25 hcbbdb sshd\[32226\]: Invalid user admin from 118.25.177.241 Sep 7 06:53:25 hcbbdb sshd\[32226\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.177.241 Sep 7 06:53:27 hcbbdb sshd\[32226\]: Failed password for invalid user admin from 118.25.177.241 port 59671 ssh2 Sep 7 06:58:52 hcbbdb sshd\[362\]: Invalid user tom from 118.25.177.241 Sep 7 06:58:52 hcbbdb sshd\[362\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.177.241	2019-09-07 15:02:34
51.255.171.51	attackbots	Sep 6 21:00:32 sachi sshd\[16369\]: Invalid user test from 51.255.171.51 Sep 6 21:00:32 sachi sshd\[16369\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.ip-51-255-171.eu Sep 6 21:00:34 sachi sshd\[16369\]: Failed password for invalid user test from 51.255.171.51 port 40703 ssh2 Sep 6 21:05:09 sachi sshd\[16794\]: Invalid user sysadmin from 51.255.171.51 Sep 6 21:05:09 sachi sshd\[16794\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.ip-51-255-171.eu	2019-09-07 15:08:18
134.175.29.208	attack	Sep 7 00:04:20 ny01 sshd[24807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.29.208 Sep 7 00:04:21 ny01 sshd[24807]: Failed password for invalid user 29 from 134.175.29.208 port 38212 ssh2 Sep 7 00:08:52 ny01 sshd[25814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.29.208	2019-09-07 15:11:39
217.112.128.201	attackbotsspam	Spam mails sent to address hacked/leaked from Nexus Mods in July 2013	2019-09-07 15:27:31
192.227.252.25	attack	Sep 7 09:58:12 site3 sshd\[142375\]: Invalid user ubuntu from 192.227.252.25 Sep 7 09:58:12 site3 sshd\[142375\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.252.25 Sep 7 09:58:14 site3 sshd\[142375\]: Failed password for invalid user ubuntu from 192.227.252.25 port 58536 ssh2 Sep 7 10:03:47 site3 sshd\[142443\]: Invalid user gituser from 192.227.252.25 Sep 7 10:03:47 site3 sshd\[142443\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.252.25 ...	2019-09-07 15:18:57
198.200.124.197	attackbotsspam	Sep 6 18:54:28 hcbb sshd\[11408\]: Invalid user test from 198.200.124.197 Sep 6 18:54:28 hcbb sshd\[11408\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198-200-124-197.cpe.distributel.net Sep 6 18:54:30 hcbb sshd\[11408\]: Failed password for invalid user test from 198.200.124.197 port 47862 ssh2 Sep 6 18:58:38 hcbb sshd\[11728\]: Invalid user git from 198.200.124.197 Sep 6 18:58:38 hcbb sshd\[11728\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198-200-124-197.cpe.distributel.net	2019-09-07 15:13:36
54.36.148.149	attackbots	Automatic report - Banned IP Access	2019-09-07 15:15:54
106.12.206.253	attackspambots	Sep 6 18:34:49 eddieflores sshd\[29960\]: Invalid user oracle from 106.12.206.253 Sep 6 18:34:49 eddieflores sshd\[29960\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.206.253 Sep 6 18:34:51 eddieflores sshd\[29960\]: Failed password for invalid user oracle from 106.12.206.253 port 37670 ssh2 Sep 6 18:40:42 eddieflores sshd\[30551\]: Invalid user hadoop from 106.12.206.253 Sep 6 18:40:42 eddieflores sshd\[30551\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.206.253	2019-09-07 14:52:37
106.52.89.128	attackspam	$f2bV_matches	2019-09-07 14:52:15
95.91.9.75	attack	Honeypot attack, port: 23, PTR: ip5f5b094b.dynamic.kabel-deutschland.de.	2019-09-07 14:51:18

Recently Reported IPs

220.171.115.16	220.171.115.158	220.171.115.221	3.25.161.170
52.62.142.107	194.187.176.227	35.203.211.186	195.184.76.15
195.184.76.117	24.239.132.198	4.153.66.27	17.241.227.157
60.96.192.65	17.241.75.7	210.145.93.97	17.241.227.30
203.209.247.95	125.122.15.53	125.122.33.122	113.141.84.254