45.136.108.161

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: ComTrade LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 31 - port: 54321 proto: TCP cat: Misc Attack	2019-12-22 20:56:30
attackspam	firewall-block, port(s): 400/tcp, 808/tcp, 3030/tcp, 8899/tcp, 33397/tcp	2019-12-21 15:12:41
attack	Dec 19 18:28:50 debian-2gb-nbg1-2 kernel: \[429296.873250\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.136.108.161 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35744 PROTO=TCP SPT=50402 DPT=808 WINDOW=1024 RES=0x00 SYN URGP=0	2019-12-20 01:40:52

Type

Details

Datetime

attackspam

ET CINS Active Threat Intelligence Poor Reputation IP group 31 - port: 54321 proto: TCP cat: Misc Attack

2019-12-22 20:56:30

attackspam

firewall-block, port(s): 400/tcp, 808/tcp, 3030/tcp, 8899/tcp, 33397/tcp

2019-12-21 15:12:41

attack

Dec 19 18:28:50 debian-2gb-nbg1-2 kernel: \[429296.873250\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.136.108.161 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35744 PROTO=TCP SPT=50402 DPT=808 WINDOW=1024 RES=0x00 SYN URGP=0

2019-12-20 01:40:52

Comments on same subnet:

IP	Type	Details	Datetime
45.136.108.22	attackspambots	45.136.108.22 - - [31/Aug/2020:07:28:26 -0500] "- / HTTP/1.0" 400 219 000 0 0 0 15 282 0 0 0 NONE FIN FIN ERR_INVALID_REQ	2020-09-01 04:38:43
45.136.108.22	attack	Unauthorized connection attempt from IP address 45.136.108.22 on port 993	2020-08-29 02:06:36
45.136.108.24	attackspambots	SSH login attempts.	2020-08-22 23:35:58
45.136.108.22	attackspambots	Fail2Ban Ban Triggered	2020-08-19 09:11:16
45.136.108.65	attack	[14/Aug/2020:05:14:56 -0400] "\x03" Blank UA	2020-08-16 04:36:35
45.136.108.67	attack	Unauthorized connection attempt detected from IP address 45.136.108.67 to port 2261 [T]	2020-08-16 04:36:18
45.136.108.24	attackspam	Unauthorized connection attempt detected from IP address 45.136.108.24 to port 4453 [T]	2020-08-14 02:36:09
45.136.108.65	attackbotsspam	Unauthorized connection attempt detected from IP address 45.136.108.65 to port 968 [T]	2020-08-14 02:12:50
45.136.108.66	attackbotsspam	Unauthorized connection attempt detected from IP address 45.136.108.66 to port 1723 [T]	2020-08-14 02:12:33
45.136.108.68	attack	Unauthorized connection attempt detected from IP address 45.136.108.68 to port 3424 [T]	2020-08-14 02:12:09
45.136.108.22	attackbotsspam	Port scan detected	2020-08-14 01:49:56
45.136.108.67	attackspambots	Unauthorized connection attempt detected from IP address 45.136.108.67 to port 2925 [T]	2020-08-14 01:49:28
45.136.108.62	attack	Unauthorized connection attempt detected from IP address 45.136.108.62 to port 9055 [T]	2020-08-14 01:07:35
45.136.108.80	attackspambots	2020-08-12T12:42:42Z - RDP login failed multiple times. (45.136.108.80)	2020-08-12 22:09:08
45.136.108.18	attack	RDP brute forcing (r)	2020-08-04 21:39:59

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.108.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49113
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.108.161.			IN	A

;; AUTHORITY SECTION:
.			500	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121900 1800 900 604800 86400

;; Query time: 54 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Dec 20 01:40:48 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 161.108.136.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 161.108.136.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
218.92.0.192	attackbots	Aug 30 23:48:30 dcd-gentoo sshd[574]: User root from 218.92.0.192 not allowed because none of user's groups are listed in AllowGroups Aug 30 23:48:32 dcd-gentoo sshd[574]: error: PAM: Authentication failure for illegal user root from 218.92.0.192 Aug 30 23:48:30 dcd-gentoo sshd[574]: User root from 218.92.0.192 not allowed because none of user's groups are listed in AllowGroups Aug 30 23:48:32 dcd-gentoo sshd[574]: error: PAM: Authentication failure for illegal user root from 218.92.0.192 Aug 30 23:48:30 dcd-gentoo sshd[574]: User root from 218.92.0.192 not allowed because none of user's groups are listed in AllowGroups Aug 30 23:48:32 dcd-gentoo sshd[574]: error: PAM: Authentication failure for illegal user root from 218.92.0.192 Aug 30 23:48:32 dcd-gentoo sshd[574]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.192 port 60387 ssh2 ...	2019-08-31 05:57:51
159.224.177.236	attackspambots	SSH bruteforce (Triggered fail2ban)	2019-08-31 05:47:01
51.77.230.125	attackbotsspam	Aug 30 23:47:15 ArkNodeAT sshd\[10949\]: Invalid user post1 from 51.77.230.125 Aug 30 23:47:15 ArkNodeAT sshd\[10949\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.230.125 Aug 30 23:47:17 ArkNodeAT sshd\[10949\]: Failed password for invalid user post1 from 51.77.230.125 port 36090 ssh2	2019-08-31 05:53:01
165.22.248.215	attackspam	Aug 30 11:59:29 lcprod sshd\[11608\]: Invalid user vncuser from 165.22.248.215 Aug 30 11:59:29 lcprod sshd\[11608\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.248.215 Aug 30 11:59:32 lcprod sshd\[11608\]: Failed password for invalid user vncuser from 165.22.248.215 port 42032 ssh2 Aug 30 12:04:15 lcprod sshd\[12083\]: Invalid user arthur from 165.22.248.215 Aug 30 12:04:15 lcprod sshd\[12083\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.248.215	2019-08-31 06:21:56
180.250.115.98	attack	Aug 30 19:43:17 lnxded64 sshd[24429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.115.98	2019-08-31 06:15:58
114.32.232.211	attackbotsspam	Aug 30 18:47:56 ws19vmsma01 sshd[125148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.232.211 Aug 30 18:47:58 ws19vmsma01 sshd[125148]: Failed password for invalid user debian from 114.32.232.211 port 47455 ssh2 ...	2019-08-31 05:56:51
115.42.127.133	attackbots	Aug 30 22:54:14 v22019058497090703 sshd[31717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.42.127.133 Aug 30 22:54:16 v22019058497090703 sshd[31717]: Failed password for invalid user hillary from 115.42.127.133 port 34067 ssh2 Aug 30 22:59:37 v22019058497090703 sshd[32151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.42.127.133 ...	2019-08-31 05:48:39
124.41.211.93	attackspam	Scanning random ports - tries to find possible vulnerable services	2019-08-31 05:53:34
51.38.98.228	attack	Aug 30 18:17:10 SilenceServices sshd[17262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.98.228 Aug 30 18:17:12 SilenceServices sshd[17262]: Failed password for invalid user dp from 51.38.98.228 port 58172 ssh2 Aug 30 18:23:12 SilenceServices sshd[21743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.98.228	2019-08-31 05:51:03
176.31.191.173	attackspambots	Aug 30 23:22:48 SilenceServices sshd[22732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.191.173 Aug 30 23:22:50 SilenceServices sshd[22732]: Failed password for invalid user sample from 176.31.191.173 port 51800 ssh2 Aug 30 23:27:04 SilenceServices sshd[25938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.191.173	2019-08-31 06:16:15
37.187.248.39	attack	Aug 30 21:43:13 lnxmail61 sshd[10422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.248.39	2019-08-31 06:04:30
192.228.100.247	attackbots	Aug 30 21:40:15 **** sshd[30947]: User root from 192.228.100.247 not allowed because not listed in AllowUsers	2019-08-31 06:13:33
51.91.193.116	attackbots	$f2bV_matches_ltvn	2019-08-31 06:19:52
217.19.42.93	attack	RDP Brute-Force (Grieskirchen RZ2)	2019-08-31 05:43:39
125.64.94.212	attack	125 pkts, ports: TCP:3306, UDP:69, TCP:1471, TCP:21, TCP:43, TCP:9050, TCP:1723, TCP:3002, TCP:10005, TCP:50095, UDP:32803, TCP:1830, TCP:1040, UDP:32808, TCP:83, TCP:4786, UDP:32758, TCP:993, TCP:34599, TCP:1521, UDP:1434, TCP:4440, TCP:3389, TCP:22, TCP:5555, TCP:6667, UDP:32807, TCP:82, TCP:27017, TCP:8081, TCP:8080, TCP:55553, TCP:515, TCP:6443, TCP:4660, TCP:18264, TCP:10443, TCP:7001, TCP:5986, TCP:8667, UDP:32810, TCP:1503, TCP:10331, TCP:888, TCP:8554, TCP:6103, TCP:1344, UDP:32797, TCP:64347, TCP:2480, TCP:1666, TCP:8004, TCP:33890, TCP:540, TCP:3523, TCP:26, UDP:1604, TCP:1022, TCP:1026, TCP:9864, TCP:7077, TCP:5443, TCP:523, TCP:16010, TCP:1314, TCP:5432, TCP:9002, UDP:623, TCP:13013, TCP:8118, TCP:50070, TCP:32773, TCP:873, TCP:25010, TCP:789, UDP:10000, TCP:7199, TCP:16923, TCP:510, TCP:443, TCP:1, UDP:32759, TCP:8112, TCP:6779, TCP:3310, TCP:30444, TCP:2083, UDP:32781, TCP:52869, TCP:8083, TCP:7778, TCP:1010, TCP:900, UDP:32799, UDP:1419, TCP:4369, TCP:9000, TCP:989, TCP:4711, TCP:3260, TCP:6782	2019-08-31 06:22:21

Recently Reported IPs

186.111.212.116	78.168.118.147	45.142.20.152	218.163.194.99
255.177.143.215	107.79.184.216	192.66.207.65	206.184.185.106
180.234.51.24	75.143.38.155	187.126.119.162	166.251.251.16
61.140.40.251	73.146.240.48	255.205.217.33	209.29.103.249
117.171.29.240	27.37.238.187	91.184.207.1	185.95.251.210