54.38.52.137 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Poland

Internet Service Provider: OVH SAS

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2020-03-18T04:01:10.398689homeassistant sshd[23894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.52.137 user=root 2020-03-18T04:01:12.763040homeassistant sshd[23894]: Failed password for root from 54.38.52.137 port 49616 ssh2 ...	2020-03-18 17:08:15

Type

Details

Datetime

attack

2020-03-18T04:01:10.398689homeassistant sshd[23894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.52.137  user=root
2020-03-18T04:01:12.763040homeassistant sshd[23894]: Failed password for root from 54.38.52.137 port 49616 ssh2
...

2020-03-18 17:08:15

Comments on same subnet:

IP	Type	Details	Datetime
54.38.52.78	attackspam	Multiple SSH login attempts.	2020-08-22 05:31:00
54.38.52.70	attack	Port probing on unauthorized port 12408	2020-06-09 14:32:18
54.38.52.78	attack	$f2bV_matches	2020-05-15 16:11:32
54.38.52.78	attack	May 14 23:59:37 vps639187 sshd\[23659\]: Invalid user vboxuser from 54.38.52.78 port 44172 May 14 23:59:37 vps639187 sshd\[23659\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.52.78 May 14 23:59:39 vps639187 sshd\[23659\]: Failed password for invalid user vboxuser from 54.38.52.78 port 44172 ssh2 ...	2020-05-15 06:02:06
54.38.52.78	attackbots	May 12 23:14:47 [host] sshd[9311]: Invalid user de May 12 23:14:47 [host] sshd[9311]: pam_unix(sshd:a May 12 23:14:49 [host] sshd[9311]: Failed password	2020-05-13 05:23:21
54.38.52.78	attackspam	May 10 14:33:05 server1 sshd\[6181\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.52.78 May 10 14:33:07 server1 sshd\[6181\]: Failed password for invalid user hoster from 54.38.52.78 port 42990 ssh2 May 10 14:36:41 server1 sshd\[7728\]: Invalid user fctr from 54.38.52.78 May 10 14:36:41 server1 sshd\[7728\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.52.78 May 10 14:36:44 server1 sshd\[7728\]: Failed password for invalid user fctr from 54.38.52.78 port 50694 ssh2 ...	2020-05-11 04:52:04
54.38.52.78	attackbots	May 6 23:22:54 vpn01 sshd[5480]: Failed password for root from 54.38.52.78 port 33244 ssh2 ...	2020-05-07 06:01:34
54.38.52.78	attackbotsspam	May 4 12:31:51 vps333114 sshd[12366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.ip-54-38-52.eu user=root May 4 12:31:52 vps333114 sshd[12366]: Failed password for root from 54.38.52.78 port 48490 ssh2 ...	2020-05-04 19:54:20
54.38.52.78	attack	Invalid user admin from 54.38.52.78 port 59714	2020-05-02 15:45:11
54.38.52.78	attackspambots	Invalid user admin from 54.38.52.78 port 59714	2020-05-01 17:23:26

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.38.52.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54913
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.38.52.137.			IN	A

;; AUTHORITY SECTION:
.			460	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031800 1800 900 604800 86400

;; Query time: 100 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 18 17:08:11 CST 2020
;; MSG SIZE  rcvd: 116

Host info

137.52.38.54.in-addr.arpa domain name pointer 137.ip-54-38-52.eu.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
137.52.38.54.in-addr.arpa	name = 137.ip-54-38-52.eu.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
199.103.62.108	attack	Many RDP login attempts detected by IDS script	2019-07-15 13:08:10
200.196.240.60	attackspam	Jul 15 01:21:33 plusreed sshd[694]: Invalid user acct from 200.196.240.60 ...	2019-07-15 13:24:55
183.250.89.173	attackspambots	Jul 14 22:44:19 dubnium sshd[17904]: Invalid user vncuser from 183.250.89.173 Jul 14 22:44:21 dubnium sshd[17904]: Failed password for invalid user vncuser from 183.250.89.173 port 59820 ssh2 Jul 14 22:50:15 dubnium sshd[21633]: Invalid user admin from 183.250.89.173 Jul 14 22:50:17 dubnium sshd[21633]: Failed password for invalid user admin from 183.250.89.173 port 58892 ssh2 Jul 14 22:53:40 dubnium sshd[23899]: Failed password for r.r from 183.250.89.173 port 34782 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=183.250.89.173	2019-07-15 13:19:53
82.53.149.58	attackspambots	Jul 14 22:54:50 lively sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.53.149.58 user=r.r Jul 14 22:54:53 lively sshd[11155]: Failed password for r.r from 82.53.149.58 port 62340 ssh2 Jul 14 22:55:01 lively sshd[11155]: message repeated 4 times: [ Failed password for r.r from 82.53.149.58 port 62340 ssh2] Jul 14 22:55:04 lively sshd[11155]: Failed password for r.r from 82.53.149.58 port 62340 ssh2 Jul 14 22:55:04 lively sshd[11155]: error: maximum authentication attempts exceeded for r.r from 82.53.149.58 port 62340 ssh2 [preauth] Jul 14 22:55:04 lively sshd[11155]: Disconnecting authenticating user r.r 82.53.149.58 port 62340: Too many authentication failures [preauth] Jul 14 22:55:04 lively sshd[11155]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.53.149.58 user=r.r ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=82.53.149.58	2019-07-15 13:38:30
185.103.110.205	attack	0,81-01/01 concatform PostRequest-Spammer scoring: zurich	2019-07-15 13:25:52
79.249.248.107	attackspambots	2019-07-15T04:52:45.808766abusebot-4.cloudsearch.cf sshd\[19962\]: Invalid user website from 79.249.248.107 port 39026	2019-07-15 13:53:28
139.59.74.143	attack	" "	2019-07-15 13:08:36
218.92.0.174	attack	Jul 15 06:35:51 icinga sshd[20349]: Failed password for root from 218.92.0.174 port 50579 ssh2 ...	2019-07-15 13:30:01
221.214.147.160	attack	Automatic report - Port Scan Attack	2019-07-15 12:50:33
213.182.93.172	attackbots	Jul 15 07:36:53 OPSO sshd\[11990\]: Invalid user smbuser from 213.182.93.172 port 43778 Jul 15 07:36:53 OPSO sshd\[11990\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.182.93.172 Jul 15 07:36:56 OPSO sshd\[11990\]: Failed password for invalid user smbuser from 213.182.93.172 port 43778 ssh2 Jul 15 07:41:40 OPSO sshd\[12554\]: Invalid user testftp from 213.182.93.172 port 42569 Jul 15 07:41:40 OPSO sshd\[12554\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.182.93.172	2019-07-15 13:49:48
122.199.225.53	attackbots	Jul 15 06:44:22 debian sshd\[19484\]: Invalid user amandabackup from 122.199.225.53 port 37154 Jul 15 06:44:22 debian sshd\[19484\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.199.225.53 ...	2019-07-15 13:50:31
37.239.28.134	attack	Jul 14 22:53:48 rigel postfix/smtpd[10293]: connect from unknown[37.239.28.134] Jul 14 22:53:50 rigel postfix/smtpd[10293]: warning: unknown[37.239.28.134]: SASL CRAM-MD5 authentication failed: authentication failure Jul 14 22:53:50 rigel postfix/smtpd[10293]: warning: unknown[37.239.28.134]: SASL PLAIN authentication failed: authentication failure Jul 14 22:53:51 rigel postfix/smtpd[10293]: warning: unknown[37.239.28.134]: SASL LOGIN authentication failed: authentication failure Jul 14 22:53:51 rigel postfix/smtpd[10293]: disconnect from unknown[37.239.28.134] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=37.239.28.134	2019-07-15 13:23:34
176.114.4.80	attack	176.114.4.80 - - [14/Jul/2019:23:32:41 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 176.114.4.80 - - [14/Jul/2019:23:32:41 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 176.114.4.80 - - [14/Jul/2019:23:32:41 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 176.114.4.80 - - [14/Jul/2019:23:32:41 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 176.114.4.80 - - [14/Jul/2019:23:32:41 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 176.114.4.80 - - [14/Jul/2019:23:32:42 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-15 13:17:51
117.206.51.100	attackspambots	Caught in portsentry honeypot	2019-07-15 13:09:25
84.201.134.30	attackspambots	Wordpress Admin Login attack	2019-07-15 13:48:47

Recently Reported IPs

159.89.48.237	185.191.229.106	167.172.44.138	163.172.135.42
77.40.79.219	185.149.235.229	117.136.66.68	79.155.177.121
54.39.215.32	27.78.23.17	183.230.181.117	150.223.1.4
47.56.255.87	106.75.157.90	117.73.9.36	183.160.239.224
182.180.112.86	162.243.132.15	154.201.2.58	217.100.89.106