157.245.5.100 - IPInfo

Basic Info

City: New York

Region: New York

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2020-05-04T05:24:12.921396shield sshd\[27547\]: Invalid user sws from 157.245.5.100 port 48140 2020-05-04T05:24:12.925413shield sshd\[27547\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.5.100 2020-05-04T05:24:14.342828shield sshd\[27547\]: Failed password for invalid user sws from 157.245.5.100 port 48140 ssh2 2020-05-04T05:24:51.116998shield sshd\[27645\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.5.100 user=sync 2020-05-04T05:24:53.219465shield sshd\[27645\]: Failed password for sync from 157.245.5.100 port 59676 ssh2	2020-05-04 13:27:48

Type

Details

Datetime

attack

2020-05-04T05:24:12.921396shield sshd\[27547\]: Invalid user sws from 157.245.5.100 port 48140
2020-05-04T05:24:12.925413shield sshd\[27547\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.5.100
2020-05-04T05:24:14.342828shield sshd\[27547\]: Failed password for invalid user sws from 157.245.5.100 port 48140 ssh2
2020-05-04T05:24:51.116998shield sshd\[27645\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.5.100  user=sync
2020-05-04T05:24:53.219465shield sshd\[27645\]: Failed password for sync from 157.245.5.100 port 59676 ssh2

2020-05-04 13:27:48

Comments on same subnet:

IP	Type	Details	Datetime
157.245.56.192	attack	Oct 12 10:08:36 ws26vmsma01 sshd[54230]: Failed password for root from 157.245.56.192 port 52788 ssh2 Oct 12 10:17:25 ws26vmsma01 sshd[88905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.56.192 ...	2020-10-12 22:49:39
157.245.56.192	attackbotsspam	frenzy	2020-10-12 14:16:38
157.245.5.133	attackspam	157.245.5.133 - - [28/Sep/2020:20:02:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2828 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:20:02:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2844 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:20:02:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2844 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 04:53:08
157.245.5.133	attack	157.245.5.133 - - [28/Sep/2020:09:26:28 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:09:26:30 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:09:26:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-28 21:11:08
157.245.5.133	attackspam	157.245.5.133 - - [28/Sep/2020:03:13:32 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:03:13:34 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.5.133 - - [28/Sep/2020:03:13:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-28 13:16:51
157.245.54.15	attackspam	Brute-force attempt banned	2020-09-23 23:45:56
157.245.54.15	attackbotsspam	Auto Fail2Ban report, multiple SSH login attempts.	2020-09-23 15:57:06
157.245.54.15	attackbots	2020-09-22T17:34:29.683889mail.thespaminator.com sshd[5868]: Invalid user guest from 157.245.54.15 port 42656 2020-09-22T17:34:31.976898mail.thespaminator.com sshd[5868]: Failed password for invalid user guest from 157.245.54.15 port 42656 ssh2 ...	2020-09-23 07:52:21
157.245.54.200	attackbots	Sep 15 04:25:51 vps46666688 sshd[3410]: Failed password for root from 157.245.54.200 port 52448 ssh2 Sep 15 04:33:46 vps46666688 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.54.200 ...	2020-09-15 16:01:07
157.245.54.200	attack	Sep 14 19:15:01 mout sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.54.200 user=root Sep 14 19:15:03 mout sshd[16839]: Failed password for root from 157.245.54.200 port 60602 ssh2	2020-09-15 08:06:32
157.245.54.200	attackspam	Invalid user music from 157.245.54.200 port 44726	2020-09-13 01:15:15
157.245.54.200	attack	<6 unauthorized SSH connections	2020-09-12 17:13:46
157.245.54.200	attackspambots	Sep 10 10:25:30 root sshd[15315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.54.200 ...	2020-09-10 21:07:38
157.245.54.200	attackspambots	"fail2ban match"	2020-09-10 12:52:43
157.245.54.200	attack	157.245.54.200 (SG/Singapore/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 9 12:49:21 jbs1 sshd[17354]: Failed password for root from 157.245.54.200 port 46116 ssh2 Sep 9 12:57:44 jbs1 sshd[20671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.99.197 user=root Sep 9 12:52:29 jbs1 sshd[18281]: Failed password for root from 49.235.215.147 port 36210 ssh2 Sep 9 12:49:19 jbs1 sshd[17354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.54.200 user=root Sep 9 12:52:27 jbs1 sshd[18269]: Failed password for root from 95.163.195.60 port 40440 ssh2 Sep 9 12:52:27 jbs1 sshd[18281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.215.147 user=root IP Addresses Blocked:	2020-09-10 03:39:23

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 157.245.5.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45241
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;157.245.5.100.			IN	A

;; AUTHORITY SECTION:
.			440	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050201 1800 900 604800 86400

;; Query time: 94 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 03 05:57:26 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 100.5.245.157.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 100.5.245.157.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.143.221.48	attack	Port 5094 scan denied	2020-03-07 17:11:00
64.227.28.132	attack	smtp	2020-03-07 16:49:40
45.134.179.57	attack	Mar 7 09:31:01 debian-2gb-nbg1-2 kernel: \[5829023.299790\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.134.179.57 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=43337 PROTO=TCP SPT=55770 DPT=33865 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-07 16:40:42
49.88.112.68	attack	2020-03-07 03:50:23,848 fail2ban.actions [22360]: NOTICE [sshd] Ban 49.88.112.68 2020-03-07 04:21:51,507 fail2ban.actions [22360]: NOTICE [sshd] Ban 49.88.112.68 2020-03-07 04:53:05,645 fail2ban.actions [22360]: NOTICE [sshd] Ban 49.88.112.68 2020-03-07 05:23:58,009 fail2ban.actions [22360]: NOTICE [sshd] Ban 49.88.112.68 2020-03-07 05:54:28,141 fail2ban.actions [22360]: NOTICE [sshd] Ban 49.88.112.68 ...	2020-03-07 16:37:43
142.54.101.146	attackbots	fail2ban	2020-03-07 16:38:03
27.35.111.157	attack	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-03-07 16:48:56
14.248.225.12	attackbotsspam	2020-03-0708:55:411jAUJA-0007Q0-Ld\<=verena@rs-solution.chH=\(localhost\)[14.248.225.12]:57160P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:verena@rs-solution.chS=2233id=5C59EFBCB7634DFE22276ED622AAF4FA@rs-solution.chT="Justchosentogettoknowyou"forjeffmuzique@gmail.commr.bigmjwa19@gmail.com2020-03-0708:55:411jAUJA-0007Pg-M6\<=verena@rs-solution.chH=\(localhost\)[202.107.34.250]:16992P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:verena@rs-solution.chS=2253id=7570C6959E4A64D70B0E47FF0B9F30CF@rs-solution.chT="Onlyrequirejustabitofyourinterest"forcamelliaw78@gmail.comchivitaloca1980@gmail.com2020-03-0708:55:391jAUJ7-0007O0-3w\<=verena@rs-solution.chH=\(localhost\)[202.137.155.217]:38313P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:verena@rs-solution.chS=3024id=aceb97fdf6dd08fbd826d083885c65496a8083ddcf@rs-solution.chT="fromJosietomccoyneek"formccoyneek@gmail.compoggyboomy064@gmail.com2020-03-0708:55:571jAUJP-0007Qc-Ix\<=verena@rs-soluti	2020-03-07 16:53:21
192.241.172.175	attackspam	Mar 7 13:38:37 gw1 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.172.175 Mar 7 13:38:39 gw1 sshd[12920]: Failed password for invalid user user from 192.241.172.175 port 35145 ssh2 ...	2020-03-07 16:57:21
121.175.246.222	attackspam	Mar 7 07:23:12 ip-172-31-62-245 sshd\[17949\]: Invalid user slfbrighttools from 121.175.246.222\ Mar 7 07:23:14 ip-172-31-62-245 sshd\[17949\]: Failed password for invalid user slfbrighttools from 121.175.246.222 port 60972 ssh2\ Mar 7 07:27:11 ip-172-31-62-245 sshd\[17975\]: Invalid user slfbrighttools from 121.175.246.222\ Mar 7 07:27:13 ip-172-31-62-245 sshd\[17975\]: Failed password for invalid user slfbrighttools from 121.175.246.222 port 58732 ssh2\ Mar 7 07:31:00 ip-172-31-62-245 sshd\[18008\]: Invalid user slfbrighttools from 121.175.246.222\	2020-03-07 16:48:04
185.173.35.13	attackbotsspam	unauthorized connection attempt	2020-03-07 16:32:56
41.63.1.38	attackspambots	Mar 7 05:54:13 MK-Soft-Root1 sshd[29142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.1.38 Mar 7 05:54:14 MK-Soft-Root1 sshd[29142]: Failed password for invalid user james from 41.63.1.38 port 52272 ssh2 ...	2020-03-07 16:45:49
177.155.36.226	attackspambots	20/3/6@23:53:44: FAIL: Alarm-Telnet address from=177.155.36.226 ...	2020-03-07 17:13:10
210.63.216.193	attackbots	Honeypot attack, port: 445, PTR: ns1.cas-well.com.	2020-03-07 16:52:27
165.22.47.222	attackspam	Mar 7 07:55:40 vpn01 sshd[20245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.47.222 Mar 7 07:55:42 vpn01 sshd[20245]: Failed password for invalid user admin from 165.22.47.222 port 45678 ssh2 ...	2020-03-07 16:43:37
46.229.168.136	attack	Malicious Traffic/Form Submission	2020-03-07 17:05:22

Recently Reported IPs

85.76.187.30	154.128.60.115	50.73.196.171	57.104.213.109
162.243.141.184	17.138.24.240	247.136.0.44	19.240.153.44
162.243.138.123	6.155.226.160	11.231.59.250	218.169.1.238
172.24.117.246	195.136.111.211	162.243.138.34	74.225.37.44
12.117.172.38	162.243.137.176	1.47.39.105	192.171.180.13