129.145.2.45 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Oracle Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	SSH bruteforce (Triggered fail2ban)	2019-08-15 05:19:20
attack	Aug 6 16:28:10 icinga sshd[23051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.145.2.45 Aug 6 16:28:12 icinga sshd[23051]: Failed password for invalid user jetaero from 129.145.2.45 port 42067 ssh2 ...	2019-08-07 01:12:01
attackbotsspam	Aug 6 04:48:05 microserver sshd[28886]: Invalid user www from 129.145.2.45 port 27728 Aug 6 04:48:05 microserver sshd[28886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.145.2.45 Aug 6 04:48:08 microserver sshd[28886]: Failed password for invalid user www from 129.145.2.45 port 27728 ssh2 Aug 6 04:57:17 microserver sshd[30664]: Invalid user hector from 129.145.2.45 port 22339 Aug 6 04:57:17 microserver sshd[30664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.145.2.45 Aug 6 05:11:52 microserver sshd[33405]: Invalid user save from 129.145.2.45 port 42474 Aug 6 05:11:52 microserver sshd[33405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.145.2.45 Aug 6 05:11:54 microserver sshd[33405]: Failed password for invalid user save from 129.145.2.45 port 42474 ssh2 Aug 6 05:16:26 microserver sshd[34308]: Invalid user mathilda from 129.145.2.45 port 11509 Aug 6 05:16:26	2019-08-06 11:58:59
attackspambots	Aug 2 16:10:46 vps691689 sshd[21842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.145.2.45 Aug 2 16:10:48 vps691689 sshd[21842]: Failed password for invalid user vanderlei from 129.145.2.45 port 41409 ssh2 ...	2019-08-02 23:18:36
attack	Jul 28 23:55:17 dedicated sshd[16985]: Invalid user sad012 from 129.145.2.45 port 13507	2019-07-29 09:15:44

Comments on same subnet:

IP	Type	Details	Datetime
129.145.2.238	attackspam	srvr2: (mod_security) mod_security (id:920350) triggered by 129.145.2.238 (US/-/oc-129-145-2-238.compute.oraclecloud.com): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/09 09:11:08 [error] 862802#0: 405716 [client 129.145.2.238] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "15996354686.524278"] [ref "o0,17v21,17"], client: 129.145.2.238, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-10 02:21:06
129.145.2.238	attack	srvr3: (mod_security) mod_security (id:920350) triggered by 129.145.2.238 (US/United States/oc-129-145-2-238.compute.oraclecloud.com): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/16 09:19:38 [error] 68179#0: 15814 [client 129.145.2.238] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159756237818.407985"] [ref "o0,18v21,18"], client: 129.145.2.238, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-16 19:43:35
129.145.21.172	attackbots	From bounce@info.sgs.com Tue Jun 02 09:02:02 2020 Received: from mail01.info.sgs.com ([129.145.21.172]:28331)	2020-06-03 02:17:47
129.145.2.238	attack	port scan and connect, tcp 22 (ssh)	2020-04-21 01:44:08

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 129.145.2.45
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48805
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;129.145.2.45.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072801 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jul 29 09:15:39 CST 2019
;; MSG SIZE  rcvd: 116

Host info

45.2.145.129.in-addr.arpa domain name pointer oc-129-145-2-45.compute.oraclecloud.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
45.2.145.129.in-addr.arpa	name = oc-129-145-2-45.compute.oraclecloud.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
47.40.20.138	attackspambots	2019-12-21T16:00:13.3516141240 sshd\[12852\]: Invalid user ubuntu from 47.40.20.138 port 59000 2019-12-21T16:00:13.3541671240 sshd\[12852\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.40.20.138 2019-12-21T16:00:15.3416241240 sshd\[12852\]: Failed password for invalid user ubuntu from 47.40.20.138 port 59000 ssh2 ...	2019-12-22 02:54:47
71.189.47.10	attackbots	Dec 21 17:58:47 server sshd\[2896\]: Invalid user bacem from 71.189.47.10 Dec 21 17:58:47 server sshd\[2896\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.ehmsllc.com Dec 21 17:58:49 server sshd\[2896\]: Failed password for invalid user bacem from 71.189.47.10 port 64015 ssh2 Dec 21 18:04:28 server sshd\[4327\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.ehmsllc.com user=root Dec 21 18:04:29 server sshd\[4327\]: Failed password for root from 71.189.47.10 port 33417 ssh2 ...	2019-12-22 03:13:55
202.184.35.206	attackspambots	Automatic report - Port Scan Attack	2019-12-22 02:47:24
51.38.33.178	attack	Dec 1 04:56:55 microserver sshd[24071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.33.178 user=root Dec 1 04:56:57 microserver sshd[24071]: Failed password for root from 51.38.33.178 port 42167 ssh2 Dec 1 04:59:41 microserver sshd[24227]: Invalid user napoleoni from 51.38.33.178 port 59534 Dec 1 04:59:41 microserver sshd[24227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.33.178 Dec 1 04:59:43 microserver sshd[24227]: Failed password for invalid user napoleoni from 51.38.33.178 port 59534 ssh2 Dec 1 05:10:44 microserver sshd[26114]: Invalid user schoettle from 51.38.33.178 port 44305 Dec 1 05:10:44 microserver sshd[26114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.33.178 Dec 1 05:10:46 microserver sshd[26114]: Failed password for invalid user schoettle from 51.38.33.178 port 44305 ssh2 Dec 1 05:13:36 microserver sshd[26301]: Invalid user jouanny fro	2019-12-22 02:52:03
106.12.16.107	attackspambots	Dec 21 19:41:58 vserver sshd\[24895\]: Invalid user build from 106.12.16.107Dec 21 19:42:00 vserver sshd\[24895\]: Failed password for invalid user build from 106.12.16.107 port 42814 ssh2Dec 21 19:50:57 vserver sshd\[24948\]: Invalid user stawski from 106.12.16.107Dec 21 19:51:00 vserver sshd\[24948\]: Failed password for invalid user stawski from 106.12.16.107 port 40574 ssh2 ...	2019-12-22 02:56:00
58.144.150.135	attackbotsspam	58.144.150.135 - - \[21/Dec/2019:15:52:02 +0100\] "GET /goip/cron.htm HTTP/1.1" 403 459 "-" "Mozilla/4.0 $compatible\; MSIE 7.0\; Windows NT 6.1\; WOW64\; Trident/5.0\; SLCC2\; .NET CLR 2.0.50727\; .NET CLR 3.5.30729\; .NET CLR 3.0.30729\; Media Center PC 6.0\; .NET4.0C\; .NET4.0E\; InfoPath.3\; KB974488$" 58.144.150.135 - - \[21/Dec/2019:15:52:02 +0100\] "GET / HTTP/1.1" 403 446 "-" "Mozilla/4.0 $compatible\; MSIE 7.0\; Windows NT 6.1\; WOW64\; Trident/5.0\; SLCC2\; .NET CLR 2.0.50727\; .NET CLR 3.5.30729\; .NET CLR 3.0.30729\; Media Center PC 6.0\; .NET4.0C\; .NET4.0E\; InfoPath.3\; KB974488$" 58.144.150.135 - - \[21/Dec/2019:15:52:03 +0100\] "GET /index.html\?findcli=-1 HTTP/1.1" 403 456 "-" "Mozilla/4.0 $compatible\; MSIE 7.0\; Windows NT 6.1\; WOW64\; Trident/5.0\; SLCC2\; .NET CLR 2.0.50727\; .NET CLR 3.5.30729\; .NET CLR 3.0.30729\; Media Center PC 6.0\; .NET4.0C\; .NET4.0E\; InfoPath.3\; KB974488$" ...	2019-12-22 03:00:40
119.29.65.240	attackspambots	$f2bV_matches	2019-12-22 03:00:16
51.68.230.54	attackbotsspam	Dec 21 19:16:54 nextcloud sshd\[22247\]: Invalid user user3 from 51.68.230.54 Dec 21 19:16:54 nextcloud sshd\[22247\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.230.54 Dec 21 19:16:56 nextcloud sshd\[22247\]: Failed password for invalid user user3 from 51.68.230.54 port 50238 ssh2 ...	2019-12-22 02:49:28
165.22.78.222	attackspam	Dec 21 04:58:35 web1 sshd\[9397\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.78.222 user=root Dec 21 04:58:37 web1 sshd\[9397\]: Failed password for root from 165.22.78.222 port 43618 ssh2 Dec 21 05:03:50 web1 sshd\[9979\]: Invalid user named from 165.22.78.222 Dec 21 05:03:50 web1 sshd\[9979\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.78.222 Dec 21 05:03:52 web1 sshd\[9979\]: Failed password for invalid user named from 165.22.78.222 port 47874 ssh2	2019-12-22 02:57:23
117.50.13.29	attackbotsspam	Dec 21 20:07:03 server sshd\[6087\]: Invalid user user from 117.50.13.29 Dec 21 20:07:03 server sshd\[6087\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.13.29 Dec 21 20:07:05 server sshd\[6087\]: Failed password for invalid user user from 117.50.13.29 port 59346 ssh2 Dec 21 20:33:29 server sshd\[13063\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.13.29 user=root Dec 21 20:33:31 server sshd\[13063\]: Failed password for root from 117.50.13.29 port 55616 ssh2 ...	2019-12-22 03:19:23
68.183.48.172	attackbotsspam	2019-12-21T19:33:52.066237 sshd[20249]: Invalid user 123456 from 68.183.48.172 port 44458 2019-12-21T19:33:52.080537 sshd[20249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.48.172 2019-12-21T19:33:52.066237 sshd[20249]: Invalid user 123456 from 68.183.48.172 port 44458 2019-12-21T19:33:54.558633 sshd[20249]: Failed password for invalid user 123456 from 68.183.48.172 port 44458 ssh2 2019-12-21T19:39:32.133759 sshd[20332]: Invalid user v9p57z56 from 68.183.48.172 port 46711 ...	2019-12-22 02:59:46
51.255.168.202	attackbotsspam	Dec 21 07:08:07 tdfoods sshd\[2108\]: Invalid user jjjjjjjj from 51.255.168.202 Dec 21 07:08:07 tdfoods sshd\[2108\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.ip-51-255-168.eu Dec 21 07:08:09 tdfoods sshd\[2108\]: Failed password for invalid user jjjjjjjj from 51.255.168.202 port 39398 ssh2 Dec 21 07:13:11 tdfoods sshd\[2700\]: Invalid user brucker from 51.255.168.202 Dec 21 07:13:11 tdfoods sshd\[2700\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.ip-51-255-168.eu	2019-12-22 02:54:19
185.127.24.213	attack	Dec 21 17:15:54 lnxweb61 sshd[24439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.127.24.213	2019-12-22 02:55:38
113.164.8.154	attackbots	Unauthorized connection attempt detected from IP address 113.164.8.154 to port 445	2019-12-22 02:49:06
68.183.190.34	attackspam	Dec 21 15:35:58 wh01 sshd[9404]: Invalid user test from 68.183.190.34 port 53162 Dec 21 15:35:58 wh01 sshd[9404]: Failed password for invalid user test from 68.183.190.34 port 53162 ssh2 Dec 21 15:35:58 wh01 sshd[9404]: Received disconnect from 68.183.190.34 port 53162:11: Bye Bye [preauth] Dec 21 15:35:58 wh01 sshd[9404]: Disconnected from 68.183.190.34 port 53162 [preauth] Dec 21 15:47:45 wh01 sshd[10477]: Invalid user sara from 68.183.190.34 port 57318 Dec 21 15:47:45 wh01 sshd[10477]: Failed password for invalid user sara from 68.183.190.34 port 57318 ssh2 Dec 21 15:47:46 wh01 sshd[10477]: Received disconnect from 68.183.190.34 port 57318:11: Bye Bye [preauth] Dec 21 15:47:46 wh01 sshd[10477]: Disconnected from 68.183.190.34 port 57318 [preauth] Dec 21 16:13:23 wh01 sshd[12922]: Invalid user klevesahl from 68.183.190.34 port 54104 Dec 21 16:13:23 wh01 sshd[12922]: Failed password for invalid user klevesahl from 68.183.190.34 port 54104 ssh2 Dec 21 16:39:38 wh01 sshd[15016]: Failed	2019-12-22 02:48:21

Recently Reported IPs

109.194.149.133	115.178.24.72	202.148.4.100	128.199.154.85
14.248.75.136	138.97.224.220	62.109.11.25	177.54.195.82
2a01:4f8:202:4381::2	51.82.234.78	177.21.131.117	183.6.159.236
45.4.254.86	185.123.220.178	203.196.52.45	51.75.70.30
45.76.238.132	58.210.169.162	207.37.92.140	59.88.68.222