118.145.22.254

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Beijing Teletron Telecom Engineering Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Feb 20 14:20:41 debian-2gb-nbg1-2 kernel: \[4464051.665747\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=118.145.22.254 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36741 PROTO=TCP SPT=49644 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-21 05:01:02
attackbotsspam	Unauthorized connection attempt detected from IP address 118.145.22.254 to port 1433	2019-12-31 08:53:02

Type

Details

Datetime

attack

Feb 20 14:20:41 debian-2gb-nbg1-2 kernel: \[4464051.665747\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=118.145.22.254 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36741 PROTO=TCP SPT=49644 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0

2020-02-21 05:01:02

attackbotsspam

Unauthorized connection attempt detected from IP address 118.145.22.254 to port 1433

2019-12-31 08:53:02

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 118.145.22.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28473
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;118.145.22.254.			IN	A

;; AUTHORITY SECTION:
.			161	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019123001 1800 900 604800 86400

;; Query time: 100 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 31 08:52:59 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 254.22.145.118.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 254.22.145.118.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
58.71.15.10	attackspambots	Invalid user rd from 58.71.15.10 port 36494	2020-10-03 13:56:52
46.217.139.137	attackbotsspam	srvr3: (mod_security) mod_security (id:920350) triggered by 46.217.139.137 (MK/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/02 22:39:57 [error] 70998#0: 410 [client 46.217.139.137] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160167119767.124272"] [ref "o0,14v21,14"], client: 46.217.139.137, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-10-03 13:57:33
47.99.35.235	attackspambots	SSH login attempts.	2020-10-03 14:34:13
111.230.181.82	attackspambots	Oct 3 02:44:54 jane sshd[19522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.181.82 Oct 3 02:44:55 jane sshd[19522]: Failed password for invalid user michael from 111.230.181.82 port 42108 ssh2 ...	2020-10-03 14:18:00
196.52.43.103	attackspam	TCP (SYN) 196.52.43.103:54083 -> port 389, len 44	2020-10-03 14:24:39
42.178.89.71	attackbotsspam	Port probing on unauthorized port 23	2020-10-03 14:27:08
59.45.27.187	attackbotsspam	firewall-block, port(s): 1433/tcp	2020-10-03 13:56:35
49.234.213.237	attack	Oct 3 07:58:30 OPSO sshd\[15005\]: Invalid user sinusbot from 49.234.213.237 port 49956 Oct 3 07:58:30 OPSO sshd\[15005\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.213.237 Oct 3 07:58:32 OPSO sshd\[15005\]: Failed password for invalid user sinusbot from 49.234.213.237 port 49956 ssh2 Oct 3 08:01:18 OPSO sshd\[15733\]: Invalid user git from 49.234.213.237 port 56820 Oct 3 08:01:18 OPSO sshd\[15733\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.213.237	2020-10-03 14:11:14
192.35.169.17	attack	" "	2020-10-03 14:15:37
212.70.149.20	attackbots	Oct 3 08:26:32 srv01 postfix/smtpd\[9270\]: warning: unknown\[212.70.149.20\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 3 08:26:34 srv01 postfix/smtpd\[967\]: warning: unknown\[212.70.149.20\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 3 08:26:38 srv01 postfix/smtpd\[9299\]: warning: unknown\[212.70.149.20\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 3 08:26:40 srv01 postfix/smtpd\[9171\]: warning: unknown\[212.70.149.20\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 3 08:26:57 srv01 postfix/smtpd\[9297\]: warning: unknown\[212.70.149.20\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-10-03 14:29:17
114.35.44.253	attackspambots	$f2bV_matches	2020-10-03 14:08:29
192.35.169.16	attackspam	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-03 14:12:58
183.110.223.149	attackspam	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-03 13:58:53
88.214.26.90	attackbotsspam	SSH Bruteforce Attempt on Honeypot	2020-10-03 14:00:36
192.35.169.27	attackspambots	TCP (SYN) 192.35.169.27:17738 -> port 587, len 44	2020-10-03 14:20:38

Recently Reported IPs

111.224.235.82	111.224.235.43	111.224.220.249	116.105.223.76
106.14.180.49	138.25.166.211	224.65.52.136	182.245.141.36
51.205.50.179	194.233.129.127	95.83.154.242	112.25.101.65
65.27.232.223	47.0.27.88	164.77.106.74	165.241.193.213
132.85.236.124	155.101.187.94	58.249.100.71	81.39.194.193