172.245.52.44 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Ireland

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
172.245.52.219	attack	2020-07-26T16:16:09.290625vps773228.ovh.net sshd[3790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.52.219 2020-07-26T16:16:09.273667vps773228.ovh.net sshd[3790]: Invalid user admin from 172.245.52.219 port 47286 2020-07-26T16:16:11.880985vps773228.ovh.net sshd[3790]: Failed password for invalid user admin from 172.245.52.219 port 47286 ssh2 2020-07-26T16:16:12.537415vps773228.ovh.net sshd[3792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.52.219 user=root 2020-07-26T16:16:13.873169vps773228.ovh.net sshd[3792]: Failed password for root from 172.245.52.219 port 34935 ssh2 ...	2020-07-27 00:33:36
172.245.52.219	attack	Jul 26 01:08:35 debian-2gb-nbg1-2 kernel: \[17977028.271790\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=172.245.52.219 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59768 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0	2020-07-26 08:01:53
172.245.52.131	attackspambots	318. On Jun 10 2020 experienced a Brute Force SSH login attempt -> 7 unique times by 172.245.52.131.	2020-06-11 07:25:44
172.245.52.37	attack	Jun 8 14:08:51 node002 sshd[22669]: Did not receive identification string from 172.245.52.37 port 40974 Jun 8 14:09:02 node002 sshd[22951]: Received disconnect from 172.245.52.37 port 47900:11: Normal Shutdown, Thank you for playing [preauth] Jun 8 14:09:02 node002 sshd[22951]: Disconnected from 172.245.52.37 port 47900 [preauth] Jun 8 14:09:19 node002 sshd[23341]: Received disconnect from 172.245.52.37 port 42074:11: Normal Shutdown, Thank you for playing [preauth] Jun 8 14:09:19 node002 sshd[23341]: Disconnected from 172.245.52.37 port 42074 [preauth] Jun 8 14:09:45 node002 sshd[23488]: Received disconnect from 172.245.52.37 port 59986:11: Normal Shutdown, Thank you for playing [preauth] Jun 8 14:09:45 node002 sshd[23488]: Disconnected from 172.245.52.37 port 59986 [preauth] Jun 8 14:09:59 node002 sshd[23553]: Received disconnect from 172.245.52.37 port 57338:11: Normal Shutdown, Thank you for playing [preauth] Jun 8 14:09:59 node002 sshd[23553]: Disconnected from 172.245.52	2020-06-08 20:29:33
172.245.52.30	attackspambots	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-06-04 01:55:47
172.245.52.37	attackspam	May 26 10:32:23 nextcloud sshd\[2211\]: Invalid user ubuntu from 172.245.52.37 May 26 10:32:23 nextcloud sshd\[2211\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.52.37 May 26 10:32:25 nextcloud sshd\[2211\]: Failed password for invalid user ubuntu from 172.245.52.37 port 43385 ssh2	2020-05-26 22:53:44
172.245.52.37	attack	May 26 05:10:41 nextcloud sshd\[13672\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.52.37 user=root May 26 05:10:42 nextcloud sshd\[13672\]: Failed password for root from 172.245.52.37 port 59338 ssh2 May 26 05:14:09 nextcloud sshd\[16895\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.52.37 user=root	2020-05-26 11:15:32
172.245.52.196	attack	nft/Honeypot/22/73e86	2020-05-06 18:52:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 172.245.52.44
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50870
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;172.245.52.44.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025022200 1800 900 604800 86400

;; Query time: 57 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 23 00:10:20 CST 2025
;; MSG SIZE  rcvd: 106

Host info

44.52.245.172.in-addr.arpa domain name pointer 172-245-52-44-host.colocrossing.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
44.52.245.172.in-addr.arpa	name = 172-245-52-44-host.colocrossing.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
191.232.193.0	attack	SSH invalid-user multiple login attempts	2020-09-05 06:58:32
217.182.205.27	attackbotsspam	SSH	2020-09-05 07:33:06
162.247.72.199	attack	Sep 5 00:56:04 vmd26974 sshd[10145]: Failed password for root from 162.247.72.199 port 38324 ssh2 Sep 5 00:56:16 vmd26974 sshd[10145]: error: maximum authentication attempts exceeded for root from 162.247.72.199 port 38324 ssh2 [preauth] ...	2020-09-05 07:13:18
196.151.225.171	attackspam	Sep 4 18:50:18 mellenthin postfix/smtpd[30865]: NOQUEUE: reject: RCPT from unknown[196.151.225.171]: 554 5.7.1 Service unavailable; Client host [196.151.225.171] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/196.151.225.171; from= to= proto=ESMTP helo=<[196.157.161.154]>	2020-09-05 07:35:08
185.225.136.37	attackbots	(From eric@talkwithwebvisitor.com) Hey, my name’s Eric and for just a second, imagine this… - Someone does a search and winds up at drlesliechiro.com. - They hang out for a minute to check it out. “I’m interested… but… maybe…” - And then they hit the back button and check out the other search results instead. - Bottom line – you got an eyeball, but nothing else to show for it. - There they go. This isn’t really your fault – it happens a LOT – studies show 7 out of 10 visitors to any site disappear without leaving a trace. But you CAN fix that. Talk With Web Visitor is a software widget that’s works on your site, ready to capture any visitor’s Name, Email address and Phone Number. It lets you know right then and there – enabling you to call that lead while they’re literally looking over your site. CLICK HERE http://www.talkwithwebvisitors.com to try out a Live Demo with Talk With Web Visitor now to see exactly how it works. Time is money when it comes to connecting with leads –	2020-09-05 07:09:31
51.68.198.113	attack	SSH Bruteforce attack	2020-09-05 07:01:30
191.234.178.249	attackbotsspam	Brute Force	2020-09-05 07:28:03
104.168.99.225	attackspambots	Brute-force attempt banned	2020-09-05 07:02:18
185.39.11.32	attack	Fail2Ban Ban Triggered	2020-09-05 07:35:33
106.13.237.235	attackbots	SSH Invalid Login	2020-09-05 07:12:21
129.28.165.213	attackbots	Sep 4 17:21:50 plex-server sshd[827548]: Invalid user xpq from 129.28.165.213 port 55784 Sep 4 17:21:50 plex-server sshd[827548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.165.213 Sep 4 17:21:50 plex-server sshd[827548]: Invalid user xpq from 129.28.165.213 port 55784 Sep 4 17:21:52 plex-server sshd[827548]: Failed password for invalid user xpq from 129.28.165.213 port 55784 ssh2 Sep 4 17:24:29 plex-server sshd[829156]: Invalid user testlab from 129.28.165.213 port 54766 ...	2020-09-05 07:22:04
42.82.68.176	attackspam	Sep 4 18:50:20 mellenthin postfix/smtpd[30950]: NOQUEUE: reject: RCPT from unknown[42.82.68.176]: 554 5.7.1 Service unavailable; Client host [42.82.68.176] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/42.82.68.176 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[42.82.68.176]>	2020-09-05 07:32:29
205.185.127.217	attack	2020-09-05T01:22:22+0200 Failed SSH Authentication/Brute Force Attack. (Server 5)	2020-09-05 07:30:12
141.98.10.209	attack	2020-09-04T23:19:57.024437shield sshd\[22092\]: Invalid user 1234 from 141.98.10.209 port 49980 2020-09-04T23:19:57.037605shield sshd\[22092\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.10.209 2020-09-04T23:19:59.491901shield sshd\[22092\]: Failed password for invalid user 1234 from 141.98.10.209 port 49980 ssh2 2020-09-04T23:20:39.786556shield sshd\[22257\]: Invalid user user from 141.98.10.209 port 41124 2020-09-04T23:20:39.795474shield sshd\[22257\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.10.209	2020-09-05 07:24:40
42.106.200.255	attackbots	Sep 4 18:51:00 mellenthin postfix/smtpd[29582]: NOQUEUE: reject: RCPT from unknown[42.106.200.255]: 554 5.7.1 Service unavailable; Client host [42.106.200.255] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/42.106.200.255; from= to= proto=ESMTP helo=<[49.32.55.180]>	2020-09-05 06:58:19

Recently Reported IPs

148.235.154.157	96.36.242.186	185.220.27.68	108.76.169.129
15.88.28.233	100.86.145.133	244.173.198.179	52.66.213.153
33.80.210.226	4.190.4.233	109.169.23.83	169.90.141.168
179.32.135.251	232.199.209.176	31.151.192.248	82.194.1.99
76.45.71.13	210.110.199.136	137.237.224.131	206.54.54.84