194.145.137.135

Basic Info

City: unknown

Region: unknown

Country: Turkey

Internet Service Provider: Lodos Yazilim ve Bilgisayar Hizmetleri Sanayi Ticaret Ltd Sti

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Mailbox Transport; Mon, 12 Aug 2019 22:47:31 -0500 Received: from MBX07D-ORD1.mex08.mlsrvr.com (172.29.9.30) by MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 12 Aug 2019 22:47:30 -0500 Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by MBX07D-ORD1.mex08.mlsrvr.com (172.29.9.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 12 Aug 2019 22:47:24 -0500 Return-Path: X-Spam-Threshold: 95 X-Spam-Score: 100 Precedence: junk X-Spam-Flag: YES X-Virus-Scanned: OK X-Orig-To: X-Originating-Ip: [194.145.137.135] Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="194.145.137.135"; spf=pass smtp.mailfrom="speech@disktie.icu" smtp.helo="disktie.icu"; dkim=pass header.d=disktie.icu; dmarc=pass (p=quaran	2019-08-14 08:15:42

Type

Details

Datetime

attackbotsspam

Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
 MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
 id 15.0.1473.3 via Mailbox Transport; Mon, 12 Aug 2019 22:47:31 -0500
Received: from MBX07D-ORD1.mex08.mlsrvr.com (172.29.9.30) by
 MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
 id 15.0.1473.3; Mon, 12 Aug 2019 22:47:30 -0500
Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
 MBX07D-ORD1.mex08.mlsrvr.com (172.29.9.30) with Microsoft SMTP Server (TLS)
 id 15.0.1473.3 via Frontend Transport; Mon, 12 Aug 2019 22:47:24 -0500
Return-Path: 
X-Spam-Threshold: 95
X-Spam-Score: 100
Precedence: junk
X-Spam-Flag: YES
X-Virus-Scanned: OK
X-Orig-To:
X-Originating-Ip: [194.145.137.135]
Authentication-Results: smtp27.gate.ord1d.rsapps.net; iprev=pass policy.iprev="194.145.137.135"; spf=pass smtp.mailfrom="speech@disktie.icu" smtp.helo="disktie.icu"; dkim=pass header.d=disktie.icu; dmarc=pass (p=quaran

2019-08-14 08:15:42

Comments on same subnet:

IP	Type	Details	Datetime
194.145.137.170	attack	Aug 16 14:47:29 our-server-hostname postfix/smtpd[785]: connect from unknown[194.145.137.170] Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug 16 14:47:36 our-server-hostname postfix/smtpd[785]: too many errors after DATA from unknown[194.145.137.170] Aug 16 14:47:36 our-server-hostname postfix/smtpd[785]: disconnect from unknown[194.145.137.170] Aug 16 14:47:37 our-server-hostname postfix/smtpd[22746]: connect from unknown[194.145.137.170] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=194.145.137.170	2019-08-16 19:33:36
194.145.137.138	attackspam	Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Mailbox Transport; Tue, 13 Aug 2019 00:42:36 -0500 Received: from MBX11D-ORD1.mex08.mlsrvr.com (172.29.8.36) by MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 13 Aug 2019 00:42:35 -0500 Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by MBX11D-ORD1.mex08.mlsrvr.com (172.29.8.36) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 13 Aug 2019 00:42:35 -0500 Return-Path: X-Spam-Threshold: 95 X-Spam-Score: 100 Precedence: junk X-Spam-Flag: YES X-Virus-Scanned: OK X-Orig-To: X-Originating-Ip: [194.145.137.138] Authentication-Results: smtp1.gate.ord1d.rsapps.net; iprev=pass policy.iprev="194.145.137.138"; spf=pass smtp.mailfrom="debut@colonrest.icu" smtp.helo="colonrest.icu"; dkim=pass header.d=colonrest.icu; dmarc=pass (p=q	2019-08-14 09:27:08
194.145.137.132	attackbotsspam	Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Mailbox Transport; Mon, 12 Aug 2019 20:36:01 -0500 Received: from MBX04C-ORD1.mex08.mlsrvr.com (172.29.9.20) by MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 12 Aug 2019 20:36:01 -0500 Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by MBX04C-ORD1.mex08.mlsrvr.com (172.29.9.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 12 Aug 2019 20:36:01 -0500 Return-Path: X-Spam-Threshold: 95 X-Spam-Score: 100 Precedence: junk X-Spam-Flag: YES X-Virus-Scanned: OK X-Orig-To: X-Originating-Ip: [194.145.137.132] Authentication-Results: smtp12.gate.ord1c.rsapps.net; iprev=pass policy.iprev="194.145.137.132"; spf=pass smtp.mailfrom="belief@accidentturn.icu" smtp.helo="accidentturn.icu"; dkim=pass header.d=accidentturn.ic	2019-08-14 07:16:31
194.145.137.141	attackbots	Aug 13 17:01:38 our-server-hostname postfix/smtpd[2784]: connect from unknown[194.145.137.141] Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x Aug 13 17:01:46 our-server-hostname postfix/smtpd[2784]: too many errors after DATA from unknown[194.145.137.141] Aug 13 17:01:46 our-server-hostname postfix/smtpd[2784]: disconnect from unknown[194.145.137.141] Aug 13 17:01:47 our-server-hostname postfix/smtpd[2437]: connect from unknown[194.145.137.141] Aug x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=194.145.137.141	2019-08-13 18:33:57

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 194.145.137.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6999
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;194.145.137.135.		IN	A

;; AUTHORITY SECTION:
.			3421	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081301 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Aug 14 08:15:37 CST 2019
;; MSG SIZE  rcvd: 119

Host info

135.137.145.194.in-addr.arpa domain name pointer ptp135.createsite.pw.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
135.137.145.194.in-addr.arpa	name = ptp135.createsite.pw.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
211.159.218.251	attack	SSH invalid-user multiple login attempts	2020-07-15 07:22:24
24.125.237.85	attackspambots	Unauthorized connection attempt detected from IP address 24.125.237.85 to port 23	2020-07-15 06:56:23
123.207.19.105	attackbotsspam	2020-07-15T01:22:32.263970hostname sshd[15095]: Failed password for invalid user bear from 123.207.19.105 port 43406 ssh2 2020-07-15T01:25:32.539023hostname sshd[16505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.19.105 user=nobody 2020-07-15T01:25:35.383009hostname sshd[16505]: Failed password for nobody from 123.207.19.105 port 52022 ssh2 ...	2020-07-15 07:00:51
180.247.160.117	attackbots	Automatic report - Port Scan Attack	2020-07-15 07:07:44
50.67.40.214	attackbots	Honeypot attack, port: 5555, PTR: S0106889e68264e49.vs.shawcable.net.	2020-07-15 07:10:37
194.26.29.168	attackspambots	Multiport scan : 449 ports scanned 15023 15075 15087 15119 15145 15172 15184 15218 15233 15242 15248 15254 15262 15266 15278 15284 15287 15290 15292 15294 15302 15306 15308 15320 15357 15359 15373 15385 15391 15397 15403 15409 15415 15418 15433 15436 15439 15445 15457 15461 15463 15469 15472 15481 15493 15496 15503 15522 15552 15564 15570 15582 15588 15600 15603 15606 15609 15628 15630 15633 15634 15639 15646 15648 15654 15657 15658 .....	2020-07-15 06:59:49
104.168.28.195	attackspam	Jul 14 22:07:08 pkdns2 sshd\[45676\]: Invalid user cpd from 104.168.28.195Jul 14 22:07:10 pkdns2 sshd\[45676\]: Failed password for invalid user cpd from 104.168.28.195 port 36329 ssh2Jul 14 22:11:23 pkdns2 sshd\[45863\]: Invalid user versa from 104.168.28.195Jul 14 22:11:25 pkdns2 sshd\[45863\]: Failed password for invalid user versa from 104.168.28.195 port 35317 ssh2Jul 14 22:15:34 pkdns2 sshd\[46038\]: Invalid user wxm from 104.168.28.195Jul 14 22:15:36 pkdns2 sshd\[46038\]: Failed password for invalid user wxm from 104.168.28.195 port 34305 ssh2 ...	2020-07-15 06:55:15
212.154.17.10	attackspambots	Honeypot attack, port: 445, PTR: 10.17.154.212.static.turk.net.	2020-07-15 06:59:07
52.237.198.200	attack	Invalid user marias from 52.237.198.200 port 51052	2020-07-15 07:18:21
198.20.70.114	attackbots	Automatic report - Banned IP Access	2020-07-15 06:59:31
49.233.173.136	attack	Invalid user admin from 49.233.173.136 port 51336	2020-07-15 07:24:52
62.121.84.109	attackspam	Automatic report - XMLRPC Attack	2020-07-15 07:15:22
77.68.27.212	attack	2020/07/14 23:07:03 [error] 20617#20617: 8241354 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 77.68.27.212, server: _, request: "GET /wp-login.php HTTP/1.1", host: "freifunk-wermelskirchen.de" 2020/07/14 23:07:03 [error] 20617#20617: 8241356 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 77.68.27.212, server: _, request: "POST /wp-login.php HTTP/1.1", host: "freifunk-wermelskirchen.de"	2020-07-15 06:52:30
89.248.168.217	attackspambots	07/14/2020-19:03:46.101893 89.248.168.217 Protocol: 17 ET DROP Dshield Block Listed Source group 1	2020-07-15 07:09:51
5.182.39.88	attackbotsspam	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-07-14T21:59:53Z and 2020-07-14T21:59:55Z	2020-07-15 07:26:04

Recently Reported IPs

123.206.87.154	89.64.37.126	66.240.158.118	168.62.176.25
92.32.68.230	153.121.61.127	43.226.38.178	86.127.110.79
178.18.28.85	46.71.254.74	121.232.233.117	82.213.223.51
66.102.8.36	216.10.217.244	41.217.216.39	66.249.64.155
191.195.233.177	182.61.34.35	45.179.50.112	52.64.26.94