41.45.16.212 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Egypt

Internet Service Provider: TE Data

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP	2020-09-12 21:42:24
attackspambots	Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP	2020-09-12 13:43:55
attackspambots	Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP	2020-09-12 05:32:08

Type

Details

Datetime

attack

Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP

2020-09-12 21:42:24

attackspambots

Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP

2020-09-12 13:43:55

attackspambots

Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 41.45.16.212:35637, to: 192.168.4.99:80, protocol: TCP

2020-09-12 05:32:08

Comments on same subnet:

IP	Type	Details	Datetime
41.45.16.155	attackspambots	Telnet Server BruteForce Attack	2020-09-07 22:02:32
41.45.16.155	attack	Telnet Server BruteForce Attack	2020-09-07 13:47:33
41.45.16.155	attackbots	Telnet Server BruteForce Attack	2020-09-07 06:21:54
41.45.160.180	attack	Automatic report - SSH Brute-Force Attack	2019-07-05 09:06:26

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 41.45.16.212
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2456
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;41.45.16.212.			IN	A

;; AUTHORITY SECTION:
.			420	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091101 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Sep 12 05:32:05 CST 2020
;; MSG SIZE  rcvd: 116

Host info

212.16.45.41.in-addr.arpa domain name pointer host-41.45.16.212.tedata.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
212.16.45.41.in-addr.arpa	name = host-41.45.16.212.tedata.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
177.44.16.156	attack	Attempted Brute Force (dovecot)	2020-10-08 00:43:56
78.141.35.10	attack	Oct 7 16:53:55 h2865660 sshd[27523]: Invalid user pi from 78.141.35.10 port 48378 Oct 7 16:53:55 h2865660 sshd[27525]: Invalid user pi from 78.141.35.10 port 48382 Oct 7 16:53:55 h2865660 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.141.35.10 Oct 7 16:53:55 h2865660 sshd[27523]: Invalid user pi from 78.141.35.10 port 48378 Oct 7 16:53:58 h2865660 sshd[27523]: Failed password for invalid user pi from 78.141.35.10 port 48378 ssh2 ...	2020-10-08 00:29:43
106.53.249.98	attackspam	Oct 7 14:32:22 amit sshd\[32179\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.249.98 user=root Oct 7 14:32:24 amit sshd\[32179\]: Failed password for root from 106.53.249.98 port 53972 ssh2 Oct 7 14:38:14 amit sshd\[21138\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.249.98 user=root ...	2020-10-08 00:37:40
51.75.202.218	attack	Oct 7 18:13:02 vps647732 sshd[22656]: Failed password for root from 51.75.202.218 port 34060 ssh2 ...	2020-10-08 00:34:06
81.4.110.153	attack	Oct 7 09:29:04 shivevps sshd[29750]: Failed password for root from 81.4.110.153 port 33380 ssh2 Oct 7 09:32:38 shivevps sshd[29912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.4.110.153 user=root Oct 7 09:32:41 shivevps sshd[29912]: Failed password for root from 81.4.110.153 port 42348 ssh2 ...	2020-10-08 00:21:54
111.230.148.82	attack	SSH login attempts.	2020-10-08 00:31:58
170.246.204.110	attackbots	2020-10-06 22:31:32 plain_virtual_exim authenticator failed for ([170.246.204.110]) [170.246.204.110]: 535 Incorrect authentication data ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=170.246.204.110	2020-10-08 00:29:17
139.186.67.94	attack	$f2bV_matches	2020-10-08 00:14:28
119.45.34.13	attackspam	DATE:2020-10-07 01:06:55, IP:119.45.34.13, PORT:6379 REDIS brute force auth on honeypot server (epe-honey1-hq)	2020-10-08 00:49:11
103.225.207.51	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-08 00:10:23
2.229.94.237	attackbotsspam	(smtpauth) Failed SMTP AUTH login from 2.229.94.237 (IT/Italy/2-229-94-237.ip196.fastwebnet.it): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-10-07 00:10:33 login authenticator failed for 2-229-94-237.ip196.fastwebnet.it ([127.0.0.1]) [2.229.94.237]: 535 Incorrect authentication data (set_id=a.m.bekhradi@srooyesh.com)	2020-10-08 00:45:55
193.112.56.170	attackbots	2020-10-07T09:26:16.782605ionos.janbro.de sshd[225181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.56.170 user=root 2020-10-07T09:26:18.661892ionos.janbro.de sshd[225181]: Failed password for root from 193.112.56.170 port 42646 ssh2 2020-10-07T09:36:05.138450ionos.janbro.de sshd[225215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.56.170 user=root 2020-10-07T09:36:07.208614ionos.janbro.de sshd[225215]: Failed password for root from 193.112.56.170 port 34436 ssh2 2020-10-07T09:39:17.422809ionos.janbro.de sshd[225224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.56.170 user=root 2020-10-07T09:39:19.518002ionos.janbro.de sshd[225224]: Failed password for root from 193.112.56.170 port 50514 ssh2 2020-10-07T09:42:48.181635ionos.janbro.de sshd[225249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= r ...	2020-10-08 00:18:28
41.249.61.15	attackspambots	Oct 6 22:26:27 h2022099 sshd[16180]: Invalid user admin from 41.249.61.15 Oct 6 22:26:27 h2022099 sshd[16180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.249.61.15 Oct 6 22:26:29 h2022099 sshd[16180]: Failed password for invalid user admin from 41.249.61.15 port 53951 ssh2 Oct 6 22:26:30 h2022099 sshd[16180]: Connection closed by 41.249.61.15 [preauth] Oct 6 22:26:31 h2022099 sshd[16188]: Invalid user admin from 41.249.61.15 Oct 6 22:26:32 h2022099 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.249.61.15 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=41.249.61.15	2020-10-08 00:16:52
14.186.10.130	attackbots	(smtpauth) Failed SMTP AUTH login from 14.186.10.130 (VN/Vietnam/static.vnpt.vn): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-10-07 00:11:01 login authenticator failed for ([127.0.0.1]) [14.186.10.130]: 535 Incorrect authentication data (set_id=a.m.bekhradi)	2020-10-08 00:22:10
109.201.130.17	attack	Port scan on 1 port(s): 587	2020-10-08 00:34:33

Recently Reported IPs

5.62.49.108	122.51.239.90	39.116.62.120	42.159.36.153
116.73.95.94	23.98.142.109	125.220.215.200	62.189.96.69
27.54.54.130	40.7.65.88	191.241.242.21	45.141.84.123
114.39.199.34	91.203.194.70	46.48.158.155	91.210.225.11
107.172.188.107	192.43.49.13	49.50.77.206	202.49.68.70