54.39.245.162 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Canada

Internet Service Provider: Okidoo Interactif

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	B: Abusive content scan (301)	2019-11-28 20:47:55
attackspam	many attempts to access. scanning for vulnerable plug-ins, and more, including this: /wp-admin/setup-config.php	2019-11-27 20:19:11

Comments on same subnet:

IP	Type	Details	Datetime
54.39.245.130	attackspam	Unauthorised access (Jan 9) SRC=54.39.245.130 LEN=40 TTL=49 ID=44248 TCP DPT=8080 WINDOW=19948 SYN Unauthorised access (Jan 9) SRC=54.39.245.130 LEN=40 TTL=49 ID=26886 TCP DPT=8080 WINDOW=19948 SYN Unauthorised access (Jan 9) SRC=54.39.245.130 LEN=40 TTL=49 ID=44061 TCP DPT=8080 WINDOW=19948 SYN Unauthorised access (Jan 8) SRC=54.39.245.130 LEN=40 TTL=48 ID=41648 TCP DPT=8080 WINDOW=5886 SYN Unauthorised access (Jan 6) SRC=54.39.245.130 LEN=40 TTL=48 ID=32862 TCP DPT=8080 WINDOW=5886 SYN Unauthorised access (Jan 6) SRC=54.39.245.130 LEN=40 TTL=48 ID=3960 TCP DPT=8080 WINDOW=5886 SYN Unauthorised access (Jan 5) SRC=54.39.245.130 LEN=40 TTL=49 ID=61072 TCP DPT=8080 WINDOW=19948 SYN Unauthorised access (Jan 5) SRC=54.39.245.130 LEN=40 TTL=48 ID=61346 TCP DPT=8080 WINDOW=5886 SYN	2020-01-09 19:36:59

Type

Details

Datetime

54.39.245.130

attackspam

Unauthorised access (Jan  9) SRC=54.39.245.130 LEN=40 TTL=49 ID=44248 TCP DPT=8080 WINDOW=19948 SYN 
Unauthorised access (Jan  9) SRC=54.39.245.130 LEN=40 TTL=49 ID=26886 TCP DPT=8080 WINDOW=19948 SYN 
Unauthorised access (Jan  9) SRC=54.39.245.130 LEN=40 TTL=49 ID=44061 TCP DPT=8080 WINDOW=19948 SYN 
Unauthorised access (Jan  8) SRC=54.39.245.130 LEN=40 TTL=48 ID=41648 TCP DPT=8080 WINDOW=5886 SYN 
Unauthorised access (Jan  6) SRC=54.39.245.130 LEN=40 TTL=48 ID=32862 TCP DPT=8080 WINDOW=5886 SYN 
Unauthorised access (Jan  6) SRC=54.39.245.130 LEN=40 TTL=48 ID=3960 TCP DPT=8080 WINDOW=5886 SYN 
Unauthorised access (Jan  5) SRC=54.39.245.130 LEN=40 TTL=49 ID=61072 TCP DPT=8080 WINDOW=19948 SYN 
Unauthorised access (Jan  5) SRC=54.39.245.130 LEN=40 TTL=48 ID=61346 TCP DPT=8080 WINDOW=5886 SYN

2020-01-09 19:36:59

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.39.245.162
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17488
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.39.245.162.			IN	A

;; AUTHORITY SECTION:
.			446	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112700 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 27 20:19:08 CST 2019
;; MSG SIZE  rcvd: 117

Host info

162.245.39.54.in-addr.arpa domain name pointer ip162.ip-54-39-245.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
162.245.39.54.in-addr.arpa	name = ip162.ip-54-39-245.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
189.90.114.37	attack	SSH login attempts.	2020-10-08 19:04:57
68.187.174.201	attack	Oct 7 22:36:37 v11 sshd[15808]: Did not receive identification string from 68.187.174.201 port 59791 Oct 7 22:36:37 v11 sshd[15810]: Did not receive identification string from 68.187.174.201 port 59803 Oct 7 22:36:37 v11 sshd[15809]: Did not receive identification string from 68.187.174.201 port 59804 Oct 7 22:36:39 v11 sshd[15811]: Invalid user 666666 from 68.187.174.201 port 60063 Oct 7 22:36:39 v11 sshd[15813]: Invalid user 666666 from 68.187.174.201 port 60072 Oct 7 22:36:39 v11 sshd[15814]: Invalid user 666666 from 68.187.174.201 port 60071 Oct 7 22:36:39 v11 sshd[15811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.187.174.201 Oct 7 22:36:39 v11 sshd[15813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.187.174.201 Oct 7 22:36:39 v11 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.187.174.201 ........ -----------------------------------------------	2020-10-08 19:12:57
51.83.131.110	attack	Oct 8 12:16:20 nextcloud sshd\[5218\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.131.110 user=root Oct 8 12:16:22 nextcloud sshd\[5218\]: Failed password for root from 51.83.131.110 port 50462 ssh2 Oct 8 12:20:14 nextcloud sshd\[11056\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.131.110 user=root	2020-10-08 19:01:52
109.123.117.252	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-08 19:10:32
42.236.10.83	attackspam	Automatic report - Banned IP Access	2020-10-08 19:15:27
179.225.202.75	attackspam	1602103275 - 10/07/2020 22:41:15 Host: 179.225.202.75/179.225.202.75 Port: 445 TCP Blocked ...	2020-10-08 18:52:04
206.189.121.234	attackbotsspam	(sshd) Failed SSH login from 206.189.121.234 (GB/United Kingdom/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 8 00:00:20 optimus sshd[8351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.121.234 user=root Oct 8 00:00:22 optimus sshd[8351]: Failed password for root from 206.189.121.234 port 58718 ssh2 Oct 8 00:03:57 optimus sshd[9275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.121.234 user=root Oct 8 00:03:59 optimus sshd[9275]: Failed password for root from 206.189.121.234 port 36460 ssh2 Oct 8 00:07:22 optimus sshd[10126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.121.234 user=root	2020-10-08 19:16:39
42.236.10.108	attackbotsspam	Automatic report - Banned IP Access	2020-10-08 18:38:23
36.103.222.105	attack	bruteforce, ssh, scan port	2020-10-08 18:44:27
74.112.143.154	attack	Lines containing failures of 74.112.143.154 Oct 7 22:31:29 node83 sshd[7285]: Invalid user admin from 74.112.143.154 port 51176 Oct 7 22:31:29 node83 sshd[7285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.112.143.154 Oct 7 22:31:32 node83 sshd[7285]: Failed password for invalid user admin from 74.112.143.154 port 51176 ssh2 Oct 7 22:31:32 node83 sshd[7285]: Connection closed by invalid user admin 74.112.143.154 port 51176 [preauth] Oct 7 22:31:35 node83 sshd[7292]: Invalid user admin from 74.112.143.154 port 51195 Oct 7 22:31:36 node83 sshd[7292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.112.143.154 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=74.112.143.154	2020-10-08 18:53:15
212.220.202.33	attackspambots	445/tcp 445/tcp [2020-09-26/10-07]2pkt	2020-10-08 18:47:18
112.216.3.211	attack	Automatic report - Banned IP Access	2020-10-08 18:44:10
180.163.220.101	attackspambots	520/tcp 2378/tcp [2020-09-25/10-07]2pkt	2020-10-08 19:01:18
27.68.168.87	attack	IP 27.68.168.87 attacked honeypot on port: 23 at 10/8/2020 2:52:01 AM	2020-10-08 19:13:20
167.71.196.176	attack	failed root login	2020-10-08 18:55:59

Recently Reported IPs

226.196.56.164	161.3.66.174	52.141.42.89	170.58.219.213
119.115.255.18	130.103.139.182	180.196.171.187	132.206.175.6
211.28.225.90	60.66.91.101	22.242.118.15	26.106.18.222
240.167.131.28	25.124.99.88	201.186.124.177	90.145.195.86
31.217.206.252	92.21.94.217	100.188.243.26	214.103.118.58