54.67.6.85 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
54.67.61.43	attackspam	Sep 16 15:47:29 sshd\[12139\]: User root from ec2-54-67-61-43.us-west-1.compute.amazonaws.com not allowed because not listed in AllowUsersSep 16 15:47:31 sshd\[12139\]: Failed password for invalid user root from 54.67.61.43 port 38678 ssh2 ...	2020-09-17 00:37:12
54.67.61.43	attack	Sep 16 05:08:56 mellenthin sshd[5467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.67.61.43 user=root Sep 16 05:08:58 mellenthin sshd[5467]: Failed password for invalid user root from 54.67.61.43 port 41355 ssh2	2020-09-16 16:51:56
54.67.64.242	attack	Unauthorized connection attempt detected from IP address 54.67.64.242 to port 8080	2020-01-11 14:00:29

Type

Details

Datetime

54.67.61.43

attackspam

Sep 16 15:47:29  sshd\[12139\]: User root from ec2-54-67-61-43.us-west-1.compute.amazonaws.com not allowed because not listed in AllowUsersSep 16 15:47:31  sshd\[12139\]: Failed password for invalid user root from 54.67.61.43 port 38678 ssh2
...

2020-09-17 00:37:12

54.67.61.43

attack

Sep 16 05:08:56 mellenthin sshd[5467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.67.61.43  user=root
Sep 16 05:08:58 mellenthin sshd[5467]: Failed password for invalid user root from 54.67.61.43 port 41355 ssh2

2020-09-16 16:51:56

54.67.64.242

attack

Unauthorized connection attempt detected from IP address 54.67.64.242 to port 8080

2020-01-11 14:00:29

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.67.6.85
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34052
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;54.67.6.85.			IN	A

;; AUTHORITY SECTION:
.			595	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022100700 1800 900 604800 86400

;; Query time: 25 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Oct 07 13:54:07 CST 2022
;; MSG SIZE  rcvd: 103

Host info

85.6.67.54.in-addr.arpa domain name pointer ec2-54-67-6-85.us-west-1.compute.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
85.6.67.54.in-addr.arpa	name = ec2-54-67-6-85.us-west-1.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.83.73.109	attack	<6 unauthorized SSH connections	2020-07-30 15:23:37
124.89.2.42	attack	Jul 30 08:57:13 fhem-rasp sshd[26503]: Invalid user hsp from 124.89.2.42 port 61792 ...	2020-07-30 15:14:05
34.71.26.47	attackbots	localhost 34.71.26.47 - - [30/Jul/2020:11:53:20 +0800] "GET /home/ HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" VLOG=- localhost 34.71.26.47 - - [30/Jul/2020:11:53:21 +0800] "GET /tmp/ HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" VLOG=- localhost 34.71.26.47 - - [30/Jul/2020:11:53:22 +0800] "GET /cms/ HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" VLOG=- localhost 34.71.26.47 - - [30/Jul/2020:11:53:22 +0800] "GET /dev/ HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" VLOG=- localhost 34.71.26.47 - - [30/Jul/2020:11:53:23 +0800] "GET /old-wp/ HTTP/1.1" 404 284 "-" "Mozilla/5.0 (Linux; ...	2020-07-30 14:48:33
13.250.111.243	attack	[ThuJul3005:18:18.1234832020][:error][pid25479:tid139903432091392][client13.250.111.243:57544][client13.250.111.243]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"wp-config\\\\\\\\.php"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"3561"][id"381206"][rev"3"][msg"Atomicorp.comWAFRules-VirtualJustInTimePatch:AccesstoWordPressconfigurationfileblocked"][data"wp-config.php"][severity"CRITICAL"][hostname"cercaspazio.ch"][uri"/wp-config.php"][unique_id"XyI7@oDlJ5gmfbtx31dSeAAAAMk"][ThuJul3005:53:26.8442062020][:error][pid25280:tid139903390131968][client13.250.111.243:41568][client13.250.111.243]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"wp-config\\\\\\\\.php"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"3561"][id"381206"][rev"3"][msg"Atomicorp.comWAFRules-VirtualJustInTimePatch:AccesstoWordPressconfigurationfileblocked"][data"wp-config.php"][severity"CRITICAL"][hostna	2020-07-30 14:50:21
121.69.44.6	attackspam	Invalid user cactiuser from 121.69.44.6 port 59726	2020-07-30 15:21:03
187.204.3.250	attackspam	Jul 30 07:10:04 localhost sshd\[4735\]: Invalid user zhangbo from 187.204.3.250 port 56792 Jul 30 07:10:04 localhost sshd\[4735\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.204.3.250 Jul 30 07:10:06 localhost sshd\[4735\]: Failed password for invalid user zhangbo from 187.204.3.250 port 56792 ssh2 ...	2020-07-30 15:20:46
122.14.195.58	attackspam	Invalid user data from 122.14.195.58 port 43864	2020-07-30 15:19:45
175.24.23.31	attack	2020-07-30T00:22:29.040012linuxbox-skyline sshd[97136]: Invalid user dingshizhe from 175.24.23.31 port 43820 ...	2020-07-30 15:08:42
179.108.245.135	attackspam	(smtpauth) Failed SMTP AUTH login from 179.108.245.135 (BR/Brazil/179-108-245-135.seiccom.com.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-30 08:23:29 plain authenticator failed for ([179.108.245.135]) [179.108.245.135]: 535 Incorrect authentication data (set_id=info@negintabas.ir)	2020-07-30 14:45:38
50.87.216.37	attackbots	50.87.216.37 - - \[30/Jul/2020:11:53:18 +0800\] "GET /old/wp-admin/ HTTP/2.0" 404 30737 "http://blog.hamibook.com.tw/" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/78.0.3904.97 Safari/537.36"	2020-07-30 14:56:10
58.215.186.183	attack	malicious Brute-Force reported by https://www.patrick-binder.de ...	2020-07-30 15:13:03
219.76.200.27	attackbotsspam	Jul 29 20:53:07 mockhub sshd[13098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.76.200.27 Jul 29 20:53:09 mockhub sshd[13098]: Failed password for invalid user sunhaibo from 219.76.200.27 port 53234 ssh2 ...	2020-07-30 15:04:53
2409:4064:2285:3a61:b85e:7b0b:da80:66d1	attack	Sniffing for wp-login	2020-07-30 15:16:00
49.88.112.115	attack	Jul 30 02:05:20 ny01 sshd[29950]: Failed password for root from 49.88.112.115 port 54341 ssh2 Jul 30 02:09:43 ny01 sshd[30408]: Failed password for root from 49.88.112.115 port 39728 ssh2	2020-07-30 14:49:58
36.65.65.243	attackspam	20/7/29@23:53:23: FAIL: Alarm-Network address from=36.65.65.243 ...	2020-07-30 14:52:41

Recently Reported IPs

138.128.78.93	116.111.103.114	149.57.15.66	178.90.252.148
54.165.133.69	45.67.214.166	177.130.170.32	103.124.138.197
165.140.242.57	144.168.253.101	154.202.125.138	193.233.141.241
154.202.127.42	23.230.21.18	38.15.154.236	119.129.231.189
3.67.7.243	2.83.50.44	138.199.18.82	223.9.127.195