217.219.245.148

Basic Info

City: unknown

Region: unknown

Country: Iran

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
217.219.245.17	attack	2020-08-31T03:57:00.665980abusebot-8.cloudsearch.cf sshd[16494]: Invalid user ljq from 217.219.245.17 port 41284 2020-08-31T03:57:00.674268abusebot-8.cloudsearch.cf sshd[16494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.219.245.17 2020-08-31T03:57:00.665980abusebot-8.cloudsearch.cf sshd[16494]: Invalid user ljq from 217.219.245.17 port 41284 2020-08-31T03:57:02.100112abusebot-8.cloudsearch.cf sshd[16494]: Failed password for invalid user ljq from 217.219.245.17 port 41284 ssh2 2020-08-31T03:58:24.317611abusebot-8.cloudsearch.cf sshd[16562]: Invalid user sysadmin from 217.219.245.17 port 60312 2020-08-31T03:58:24.321817abusebot-8.cloudsearch.cf sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.219.245.17 2020-08-31T03:58:24.317611abusebot-8.cloudsearch.cf sshd[16562]: Invalid user sysadmin from 217.219.245.17 port 60312 2020-08-31T03:58:25.948033abusebot-8.cloudsearch.cf sshd[16562]: ...	2020-08-31 12:57:56
217.219.245.17	attackbots	bruteforce detected	2020-08-05 06:33:20
217.219.245.17	attackspam	B: Abusive ssh attack	2020-08-03 06:50:21

Type

Details

Datetime

217.219.245.17

attack

2020-08-31T03:57:00.665980abusebot-8.cloudsearch.cf sshd[16494]: Invalid user ljq from 217.219.245.17 port 41284
2020-08-31T03:57:00.674268abusebot-8.cloudsearch.cf sshd[16494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.219.245.17
2020-08-31T03:57:00.665980abusebot-8.cloudsearch.cf sshd[16494]: Invalid user ljq from 217.219.245.17 port 41284
2020-08-31T03:57:02.100112abusebot-8.cloudsearch.cf sshd[16494]: Failed password for invalid user ljq from 217.219.245.17 port 41284 ssh2
2020-08-31T03:58:24.317611abusebot-8.cloudsearch.cf sshd[16562]: Invalid user sysadmin from 217.219.245.17 port 60312
2020-08-31T03:58:24.321817abusebot-8.cloudsearch.cf sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.219.245.17
2020-08-31T03:58:24.317611abusebot-8.cloudsearch.cf sshd[16562]: Invalid user sysadmin from 217.219.245.17 port 60312
2020-08-31T03:58:25.948033abusebot-8.cloudsearch.cf sshd[16562]:
...

2020-08-31 12:57:56

217.219.245.17

attackbots

bruteforce detected

2020-08-05 06:33:20

217.219.245.17

attackspam

B: Abusive ssh attack

2020-08-03 06:50:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 217.219.245.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7902
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;217.219.245.148.		IN	A

;; AUTHORITY SECTION:
.			480	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2023040801 1800 900 604800 86400

;; Query time: 85 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 09 07:12:23 CST 2023
;; MSG SIZE  rcvd: 108

Host info

b'Host 148.245.219.217.in-addr.arpa not found: 2(SERVFAIL)
'

Nslookup info:

server can't find 217.219.245.148.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
74.75.169.109	attackspambots	Dec 18 00:21:26 hni-server sshd[20692]: Invalid user admin from 74.75.169.109 Dec 18 00:21:26 hni-server sshd[20692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.75.169.109 Dec 18 00:21:28 hni-server sshd[20692]: Failed password for invalid user admin from 74.75.169.109 port 33188 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=74.75.169.109	2019-12-18 09:17:35
139.59.43.104	attack	Dec 17 23:24:30 srv206 sshd[27897]: Invalid user sanctus from 139.59.43.104 Dec 17 23:24:30 srv206 sshd[27897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=primesurvey.org Dec 17 23:24:30 srv206 sshd[27897]: Invalid user sanctus from 139.59.43.104 Dec 17 23:24:37 srv206 sshd[27897]: Failed password for invalid user sanctus from 139.59.43.104 port 50119 ssh2 ...	2019-12-18 09:36:01
49.88.112.67	attackbotsspam	Dec 18 03:00:45 sauna sshd[6372]: Failed password for root from 49.88.112.67 port 61899 ssh2 ...	2019-12-18 09:09:20
1.212.62.171	attackspam	SSH Brute-Forcing (server1)	2019-12-18 09:18:50
115.239.239.98	attack	Dec 17 18:27:13 Tower sshd[21102]: Connection from 115.239.239.98 port 33217 on 192.168.10.220 port 22 Dec 17 18:27:15 Tower sshd[21102]: Failed password for root from 115.239.239.98 port 33217 ssh2 Dec 17 18:27:15 Tower sshd[21102]: Received disconnect from 115.239.239.98 port 33217:11: Bye Bye [preauth] Dec 17 18:27:15 Tower sshd[21102]: Disconnected from authenticating user root 115.239.239.98 port 33217 [preauth]	2019-12-18 09:17:04
49.232.13.12	attackspam	Dec 17 17:24:46 Tower sshd[32219]: Connection from 49.232.13.12 port 59938 on 192.168.10.220 port 22 Dec 17 17:24:47 Tower sshd[32219]: Invalid user mano from 49.232.13.12 port 59938 Dec 17 17:24:47 Tower sshd[32219]: error: Could not get shadow information for NOUSER Dec 17 17:24:47 Tower sshd[32219]: Failed password for invalid user mano from 49.232.13.12 port 59938 ssh2 Dec 17 17:24:48 Tower sshd[32219]: Received disconnect from 49.232.13.12 port 59938:11: Bye Bye [preauth] Dec 17 17:24:48 Tower sshd[32219]: Disconnected from invalid user mano 49.232.13.12 port 59938 [preauth]	2019-12-18 09:18:14
68.116.41.6	attack	Dec 18 01:30:17 game-panel sshd[2329]: Failed password for root from 68.116.41.6 port 37730 ssh2 Dec 18 01:36:44 game-panel sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.116.41.6 Dec 18 01:36:46 game-panel sshd[2603]: Failed password for invalid user dpardo from 68.116.41.6 port 45236 ssh2	2019-12-18 09:39:53
163.22.7.31	attack	Dec 17 00:26:53 zimbra sshd[19035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.22.7.31 user=r.r Dec 17 00:26:55 zimbra sshd[19035]: Failed password for r.r from 163.22.7.31 port 45712 ssh2 Dec 17 00:26:55 zimbra sshd[19035]: Received disconnect from 163.22.7.31 port 45712:11: Bye Bye [preauth] Dec 17 00:26:55 zimbra sshd[19035]: Disconnected from 163.22.7.31 port 45712 [preauth] Dec 17 00:39:12 zimbra sshd[30176]: Invalid user quevy from 163.22.7.31 Dec 17 00:39:12 zimbra sshd[30176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.22.7.31 Dec 17 00:39:14 zimbra sshd[30176]: Failed password for invalid user quevy from 163.22.7.31 port 37668 ssh2 Dec 17 00:39:15 zimbra sshd[30176]: Received disconnect from 163.22.7.31 port 37668:11: Bye Bye [preauth] Dec 17 00:39:15 zimbra sshd[30176]: Disconnected from 163.22.7.31 port 37668 [preauth] Dec 17 00:45:33 zimbra sshd[3676]: pam_unix........ -------------------------------	2019-12-18 09:28:47
5.160.14.210	attackbots	Unauthorized connection attempt detected from IP address 5.160.14.210 to port 445	2019-12-18 09:06:57
80.82.79.235	attackspam	Dec 17 23:24:13 mail postfix/smtpd[6390]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6386]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6442]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6388]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6384]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6389]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6422]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6387]: warning: unknown[80.82.79.235]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 17 23:24:13 mail postfix/smtpd[6391]: warning: unkn	2019-12-18 09:23:48
103.107.101.39	attackbotsspam	103.107.101.39 - - [17/Dec/2019:17:24:22 -0500] "GET /?page=products&manufacturerID=36&collectionID=268136999999.1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1 HTTP/1.1" 200 88761 "-" "-" ...	2019-12-18 09:29:49
40.92.11.34	attack	Dec 18 01:24:46 debian-2gb-vpn-nbg1-1 kernel: [999852.269564] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=40.92.11.34 DST=78.46.192.101 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=24916 DF PROTO=TCP SPT=23361 DPT=25 WINDOW=0 RES=0x00 ACK RST URGP=0	2019-12-18 09:24:18
107.170.244.110	attackbots	Dec 18 01:14:21 server sshd\[7434\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.244.110 user=root Dec 18 01:14:22 server sshd\[7434\]: Failed password for root from 107.170.244.110 port 52362 ssh2 Dec 18 01:24:48 server sshd\[10619\]: Invalid user pcap from 107.170.244.110 Dec 18 01:24:48 server sshd\[10619\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.244.110 Dec 18 01:24:50 server sshd\[10619\]: Failed password for invalid user pcap from 107.170.244.110 port 45846 ssh2 ...	2019-12-18 09:16:19
78.158.191.218	attack	Automatic report - Port Scan Attack	2019-12-18 09:26:53
45.128.157.182	attack	Dec 18 09:59:01 gw1 sshd[714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.128.157.182 Dec 18 09:59:03 gw1 sshd[714]: Failed password for invalid user schoala from 45.128.157.182 port 57814 ssh2 ...	2019-12-18 13:01:03

Recently Reported IPs

172.65.207.233	209.28.234.243	92.225.230.199	215.91.234.230
30.57.33.156	113.117.107.103	67.181.253.12	117.118.98.114
147.176.180.34	86.210.63.3	107.147.176.188	255.194.217.240
90.250.177.144	183.218.244.101	13.253.86.180	174.135.80.195
34.97.215.175	146.219.11.199	161.213.214.39	22.86.211.37