103.70.145.123

Basic Info

City: unknown

Region: unknown

Country: India

Internet Service Provider: Guruji Technology

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	2019-08-01 18:20:47 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123) 2019-08-01 18:20:48 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123) 2019-08-01 18:20:48 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123) ...	2019-08-02 11:21:29

Type

Details

Datetime

attackspam

2019-08-01 18:20:47 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123)
2019-08-01 18:20:48 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123)
2019-08-01 18:20:48 H=(liveus.it) [103.70.145.123]:41980 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/103.70.145.123)
...

2019-08-02 11:21:29

Comments on same subnet:

IP	Type	Details	Datetime
103.70.145.215	attack	May 7 13:55:53 mail.srvfarm.net postfix/smtpd[882593]: NOQUEUE: reject: RCPT from unknown[103.70.145.215]: 554 5.7.1 Service unavailable; Client host [103.70.145.215] blocked using bl.spamcop.net; Blocked - see https://www.spamcop.net/bl.shtml?103.70.145.215; from= to= proto=ESMTP helo= May 7 13:55:54 mail.srvfarm.net postfix/smtpd[882593]: NOQUEUE: reject: RCPT from unknown[103.70.145.215]: 554 5.7.1 Service unavailable; Client host [103.70.145.215] blocked using bl.spamcop.net; Blocked - see https://www.spamcop.net/bl.shtml?103.70.145.215; from= to= proto=ESMTP helo= May 7 13:55:55 mail.srvfarm.net postfix/smtpd[882593]: NOQUEUE: reject: RCPT from unknown[103.70.145.215]: 554 5.7.1 Service unavailable; Client host [103.70.145.215] blocked using bl.spamcop.net; Blocked - see https://www.spamcop.net/bl.shtml?103.70.145.215; from= to=	2020-05-08 00:20:55
103.70.145.215	attackbots	email spam	2020-04-15 16:10:12
103.70.145.230	attackbotsspam	Unauthorized connection attempt detected from IP address 103.70.145.230 to port 23 [J]	2020-01-29 01:23:31
103.70.145.215	attack	email spam	2019-12-19 21:05:32
103.70.145.41	attackbotsspam	Fail2Ban Ban Triggered	2019-12-17 14:09:39
103.70.145.215	attackspam	Brute force attack stopped by firewall	2019-12-12 09:08:30
103.70.145.207	attack	proto=tcp . spt=37963 . dpt=25 . (listed on Blocklist de Jul 26) (280)	2019-07-27 14:10:06
103.70.145.124	attack	SPF Fail sender not permitted to send mail for @21cncorp.com / Mail sent to address harvested from public web site	2019-07-18 18:06:42

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.70.145.123
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19506
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.70.145.123.			IN	A

;; AUTHORITY SECTION:
.			639	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080101 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 02 11:21:16 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 123.145.70.103.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 123.145.70.103.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.109.46.40	attackspam	Attempted Brute Force (dovecot)	2020-10-13 23:55:34
119.45.114.87	attack	2020-10-13T10:46:04.696235xentho-1 sshd[1481406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.114.87 2020-10-13T10:46:04.687819xentho-1 sshd[1481406]: Invalid user georg from 119.45.114.87 port 51062 2020-10-13T10:46:06.045153xentho-1 sshd[1481406]: Failed password for invalid user georg from 119.45.114.87 port 51062 ssh2 2020-10-13T10:47:44.986333xentho-1 sshd[1481433]: Invalid user ota from 119.45.114.87 port 41776 2020-10-13T10:47:44.994084xentho-1 sshd[1481433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.114.87 2020-10-13T10:47:44.986333xentho-1 sshd[1481433]: Invalid user ota from 119.45.114.87 port 41776 2020-10-13T10:47:47.070465xentho-1 sshd[1481433]: Failed password for invalid user ota from 119.45.114.87 port 41776 ssh2 2020-10-13T10:49:35.982682xentho-1 sshd[1481454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.114.87 user ...	2020-10-13 23:29:19
85.96.187.204	attackspam	Oct 12 22:13:32 zimbra sshd[2424]: Invalid user admin from 85.96.187.204 Oct 12 22:13:32 zimbra sshd[2424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.96.187.204 Oct 12 22:13:34 zimbra sshd[2424]: Failed password for invalid user admin from 85.96.187.204 port 53592 ssh2 Oct 12 22:13:34 zimbra sshd[2424]: Connection closed by 85.96.187.204 port 53592 [preauth] Oct 12 22:13:35 zimbra sshd[2426]: Invalid user admin from 85.96.187.204 Oct 12 22:13:35 zimbra sshd[2426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.96.187.204 Oct 12 22:13:37 zimbra sshd[2426]: Failed password for invalid user admin from 85.96.187.204 port 53604 ssh2 Oct 12 22:13:37 zimbra sshd[2426]: Connection closed by 85.96.187.204 port 53604 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=85.96.187.204	2020-10-13 23:29:45
183.237.191.186	attackspam	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-10-13T15:08:48Z and 2020-10-13T15:15:56Z	2020-10-13 23:35:14
51.83.97.44	attackspambots	Invalid user andrew from 51.83.97.44 port 34622	2020-10-14 00:00:37
165.22.77.163	attack	Brute-force attempt banned	2020-10-13 23:37:49
122.51.70.17	attack	SSH login attempts.	2020-10-14 00:01:06
76.75.94.10	attackspambots	Oct 13 15:47:24 prox sshd[31820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.75.94.10 Oct 13 15:47:26 prox sshd[31820]: Failed password for invalid user kwx from 76.75.94.10 port 49826 ssh2	2020-10-14 00:01:38
117.50.20.76	attackbotsspam	repeated SSH login attempts	2020-10-13 23:45:18
175.24.36.114	attackbotsspam	Bruteforce detected by fail2ban	2020-10-13 23:58:54
159.65.84.183	attackspambots	Oct 13 17:55:32 vps208890 sshd[31411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.84.183	2020-10-14 00:03:25
167.172.227.82	attackspam	167.172.227.82 - - [13/Oct/2020:13:58:45 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.172.227.82 - - [13/Oct/2020:13:58:47 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.172.227.82 - - [13/Oct/2020:13:58:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-13 23:24:54
152.136.196.155	attack	sshd: Failed password for invalid user .... from 152.136.196.155 port 50634 ssh2	2020-10-13 23:32:42
161.35.162.20	attackspambots	20 attempts against mh-ssh on mist	2020-10-13 23:33:53
156.96.58.239	attackspam	12-10-2020 22:21:18 Unauthorized connection attempt (Brute-Force). 12-10-2020 22:21:18 Connection from IP address: 156.96.58.239 on port: 110 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=156.96.58.239	2020-10-14 00:02:11

Recently Reported IPs

146.144.179.100	92.208.132.96	42.180.161.222	252.33.136.61
191.48.2.11	116.2.192.57	245.58.72.243	140.185.217.142
115.231.0.156	39.242.50.44	11.86.198.216	10.227.11.124
102.165.53.173	250.127.116.39	238.196.87.209	36.198.112.111
39.13.200.137	86.205.202.232	201.171.84.78	185.24.68.215