1.20.145.245 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: TOT Public Company Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	DATE:2020-05-11 05:49:19, IP:1.20.145.245, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-05-11 18:34:26

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.20.145.245
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59666
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.20.145.245.			IN	A

;; AUTHORITY SECTION:
.			571	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051100 1800 900 604800 86400

;; Query time: 91 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon May 11 18:34:22 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 245.145.20.1.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 245.145.20.1.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.187.3.53	attackspam	SSH brute-force attempt	2020-09-07 03:57:38
213.149.103.132	attackspambots	213.149.103.132 - - [06/Sep/2020:16:32:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 213.149.103.132 - - [06/Sep/2020:16:32:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2282 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 213.149.103.132 - - [06/Sep/2020:16:32:05 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-07 04:01:32
124.239.218.188	attackbots	Sep 6 17:02:38 jane sshd[13964]: Failed password for root from 124.239.218.188 port 18860 ssh2 ...	2020-09-07 03:56:00
103.205.180.57	attackspambots	TCP (SYN) 103.205.180.57:45205 -> port 1433, len 44	2020-09-07 04:18:28
91.229.112.12	attackspam	[MK-VM4] Blocked by UFW	2020-09-07 04:19:00
85.56.100.46	attackbotsspam	85.56.100.46 - - \[05/Sep/2020:20:09:53 +0300\] "POST /xmlrpc.php HTTP/1.1" 503 18215 "-" "Mozilla/4.0 \(compatible\; MSIE 6.0\; Windows NT 5.0\)" "-" 85.56.100.46 - - \[05/Sep/2020:20:14:00 +0300\] "POST /xmlrpc.php HTTP/1.1" 503 18033 "-" "Mozilla/4.0 \(compatible\; MSIE 6.0\; Windows NT 5.0\)" "-" ...	2020-09-07 04:06:09
157.245.78.30	attackbotsspam	Tried our host z.	2020-09-07 04:04:58
155.94.254.7	attackspambots	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: scanner06.project25499.com.	2020-09-07 04:20:53
157.39.61.172	attackbotsspam	Icarus honeypot on github	2020-09-07 04:26:21
54.38.188.105	attackspambots	Time: Sun Sep 6 19:57:51 2020 +0200 IP: 54.38.188.105 (FR/France/105.ip-54-38-188.eu) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 6 19:40:10 ca-3-ams1 sshd[39316]: Invalid user admin from 54.38.188.105 port 57620 Sep 6 19:40:12 ca-3-ams1 sshd[39316]: Failed password for invalid user admin from 54.38.188.105 port 57620 ssh2 Sep 6 19:54:29 ca-3-ams1 sshd[39865]: Invalid user admin from 54.38.188.105 port 36360 Sep 6 19:54:31 ca-3-ams1 sshd[39865]: Failed password for invalid user admin from 54.38.188.105 port 36360 ssh2 Sep 6 19:57:48 ca-3-ams1 sshd[39982]: Failed password for root from 54.38.188.105 port 41242 ssh2	2020-09-07 03:53:43
124.251.110.147	attack	Sep 6 15:26:06 MainVPS sshd[9174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.251.110.147 user=root Sep 6 15:26:08 MainVPS sshd[9174]: Failed password for root from 124.251.110.147 port 53350 ssh2 Sep 6 15:29:51 MainVPS sshd[10913]: Invalid user content from 124.251.110.147 port 52986 Sep 6 15:29:51 MainVPS sshd[10913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.251.110.147 Sep 6 15:29:51 MainVPS sshd[10913]: Invalid user content from 124.251.110.147 port 52986 Sep 6 15:29:53 MainVPS sshd[10913]: Failed password for invalid user content from 124.251.110.147 port 52986 ssh2 ...	2020-09-07 04:28:22
103.83.7.173	attack	Sep 5 07:54:27 tux postfix/smtpd[30611]: connect from mail.antara.co.id[103.83.7.173] Sep 5 07:54:28 tux postfix/smtpd[30611]: Anonymous TLS connection established from mail.antara.co.id[103.83.7.173]: TLSv1.2 whostnameh cipher AECDH-AES256-SHA (256/256 bhostnames) Sep x@x Sep 5 07:54:29 tux postfix/smtpd[30611]: disconnect from mail.antara.co.id[103.83.7.173] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=103.83.7.173	2020-09-07 04:15:19
212.83.163.170	attack	[2020-09-06 15:54:42] NOTICE[1194] chan_sip.c: Registration from '"928"' failed for '212.83.163.170:8064' - Wrong password [2020-09-06 15:54:42] SECURITY[1233] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-06T15:54:42.769-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="928",SessionID="0x7f2ddc1b7848",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/212.83.163.170/8064",Challenge="2ca13249",ReceivedChallenge="2ca13249",ReceivedHash="2941ec31ad8934ed170d3d40944aa1c4" [2020-09-06 15:55:01] NOTICE[1194] chan_sip.c: Registration from '"935"' failed for '212.83.163.170:8421' - Wrong password [2020-09-06 15:55:01] SECURITY[1233] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-06T15:55:01.862-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="935",SessionID="0x7f2ddc00cc78",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/212.83. ...	2020-09-07 04:07:03
112.104.18.27	attackbots	Honeypot attack, port: 445, PTR: 112-104-18-27.adsl.dynamic.seed.net.tw.	2020-09-07 03:53:29
98.157.45.0	attackbotsspam	SSH brute-force attempt	2020-09-07 04:18:44

Recently Reported IPs

103.141.142.106	14.24.37.89	191.53.52.126	146.185.161.40
118.171.151.168	42.21.1.31	77.83.73.17	216.235.80.14
183.250.60.56	124.239.149.193	42.2.180.164	14.161.221.67
143.255.0.22	159.89.88.193	49.235.212.7	200.38.233.253
167.172.235.94	139.155.70.179	113.177.95.204	69.251.128.138