45.136.109.185

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: ComTrade LLC

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Telnet Server BruteForce Attack	2019-10-13 13:58:47
attack	Automatic report - Port Scan	2019-10-11 14:32:10
attackbotsspam	Multiport scan : 36 ports scanned 10 30 40 103 104 264 400 752 1761 2233 2259 2944 3034 5050 5093 6257 6379 6884 6900 8888 9043 10027 11444 13380 20300 33388 33912 33916 38000 39999 42024 49494 50005 50800 58585 63380	2019-10-11 01:37:38
attack	Telnet Server BruteForce Attack	2019-10-03 00:07:24
attack	firewall-block, port(s): 148/tcp, 48484/tcp	2019-10-01 12:31:53
attackbotsspam	firewall-block, port(s): 6050/tcp, 8888/tcp	2019-10-01 04:40:10

Comments on same subnet:

IP	Type	Details	Datetime
45.136.109.219	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 26 - port: 6000 proto: tcp cat: Misc Attackbytes: 60	2020-08-19 23:39:13
45.136.109.219	attackspam	slow and persistent scanner	2020-08-17 20:34:11
45.136.109.251	attackbotsspam	Port scanning [3 denied]	2020-08-14 14:18:15
45.136.109.219	attackbots	TCP (SYN) 45.136.109.219:50230 -> port 53, len 44	2020-08-07 08:11:38
45.136.109.219	attackbotsspam	[Tue Aug 04 17:47:28 2020] - DDoS Attack From IP: 45.136.109.219 Port: 41096	2020-08-06 18:31:50
45.136.109.219	attack	TCP (SYN) 45.136.109.219:43869 -> port 53, len 44	2020-08-05 23:34:34
45.136.109.158	attack	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 3389	2020-07-22 15:39:59
45.136.109.87	attack	BruteForce RDP attempts from 45.136.109.175	2020-07-17 14:21:12
45.136.109.158	attack	SmallBizIT.US 2 packets to tcp(3389,3391)	2020-07-07 12:28:14
45.136.109.158	attackbots	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 4489 [T]	2020-07-05 22:47:55
45.136.109.175	attackspambots	Icarus honeypot on github	2020-07-02 08:25:18
45.136.109.251	attackbots	Multiport scan : 15 ports scanned 2888 3381 3382 3402 3420 3501 3502 4003 4018 5909 7926 8093 9000 9261 9833	2020-06-21 07:47:48
45.136.109.219	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 27 - port: 6389 proto: TCP cat: Misc Attack	2020-06-06 08:47:05
45.136.109.222	attackspam	Mar 22 03:57:09 src: 45.136.109.222 signature match: "BACKDOOR NetSphere Connection attempt" (sid: 100044) tcp port: 30100	2020-03-22 12:01:46
45.136.109.222	attackbotsspam	Mar 18 22:14:16 src: 45.136.109.222 signature match: "BACKDOOR Subseven connection attempt" (sid: 100207) tcp port: 27374	2020-03-19 06:22:33

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.109.185
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13127
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.109.185.			IN	A

;; AUTHORITY SECTION:
.			343	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019093002 1800 900 604800 86400

;; Query time: 223 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 01 04:40:05 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 185.109.136.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 185.109.136.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.156.73.45	attack	11/19/2019-02:03:43.130923 185.156.73.45 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-19 16:01:23
92.118.38.38	attackspambots	Nov 19 08:47:32 andromeda postfix/smtpd\[4677\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:47:51 andromeda postfix/smtpd\[4677\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:47:55 andromeda postfix/smtpd\[6577\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:48:07 andromeda postfix/smtpd\[4677\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:48:27 andromeda postfix/smtpd\[1121\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: authentication failure	2019-11-19 15:50:13
167.71.233.239	attack	2019-11-19T06:26:43Z - RDP login failed multiple times. (167.71.233.239)	2019-11-19 16:32:59
5.249.159.139	attack	Nov 18 22:06:51 web1 sshd\[24051\]: Invalid user hung from 5.249.159.139 Nov 18 22:06:51 web1 sshd\[24051\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.249.159.139 Nov 18 22:06:53 web1 sshd\[24051\]: Failed password for invalid user hung from 5.249.159.139 port 39288 ssh2 Nov 18 22:10:42 web1 sshd\[24434\]: Invalid user asahbi from 5.249.159.139 Nov 18 22:10:42 web1 sshd\[24434\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.249.159.139	2019-11-19 16:12:53
106.12.133.247	attackspam	Nov 19 04:56:06 firewall sshd[3423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.133.247 Nov 19 04:56:06 firewall sshd[3423]: Invalid user hendricks from 106.12.133.247 Nov 19 04:56:08 firewall sshd[3423]: Failed password for invalid user hendricks from 106.12.133.247 port 54982 ssh2 ...	2019-11-19 16:00:19
103.219.112.61	attackspambots	Nov 19 08:30:16 h2177944 sshd\[2804\]: Invalid user PCORP1000 from 103.219.112.61 port 59892 Nov 19 08:30:16 h2177944 sshd\[2804\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.219.112.61 Nov 19 08:30:18 h2177944 sshd\[2804\]: Failed password for invalid user PCORP1000 from 103.219.112.61 port 59892 ssh2 Nov 19 08:34:51 h2177944 sshd\[2956\]: Invalid user kouba from 103.219.112.61 port 54920 ...	2019-11-19 16:21:56
106.52.135.15	attackbotsspam	"GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 "GET /sadad24 HTTP/1.1" 404	2019-11-19 16:30:16
206.225.86.170	attackbotsspam	php WP PHPmyadamin ABUSE blocked for 12h	2019-11-19 16:20:01
151.54.28.52	attackbotsspam	Automatic report - Port Scan Attack	2019-11-19 16:09:27
78.47.91.98	attackbots	Wordpress XMLRPC attack	2019-11-19 15:55:01
127.0.0.1	attack	Test Connectivity	2019-11-19 16:15:30
203.195.178.83	attackspambots	Nov 18 21:43:24 kapalua sshd\[12106\]: Invalid user morgana from 203.195.178.83 Nov 18 21:43:24 kapalua sshd\[12106\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.178.83 Nov 18 21:43:27 kapalua sshd\[12106\]: Failed password for invalid user morgana from 203.195.178.83 port 42607 ssh2 Nov 18 21:48:04 kapalua sshd\[12510\]: Invalid user dorindascalu from 203.195.178.83 Nov 18 21:48:04 kapalua sshd\[12510\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.178.83	2019-11-19 16:02:44
87.140.6.227	attackspam	Nov 18 09:28:07 ACSRAD auth.info sshd[26786]: Failed password for r.r from 87.140.6.227 port 47443 ssh2 Nov 18 09:28:07 ACSRAD auth.notice sshguard[21064]: Attack from "87.140.6.227" on service 100 whostnameh danger 10. Nov 18 09:28:07 ACSRAD auth.info sshd[26786]: Received disconnect from 87.140.6.227 port 47443:11: Bye Bye [preauth] Nov 18 09:28:07 ACSRAD auth.info sshd[26786]: Disconnected from 87.140.6.227 port 47443 [preauth] Nov 18 09:28:08 ACSRAD auth.notice sshguard[21064]: Attack from "87.140.6.227" on service 100 whostnameh danger 10. Nov 18 09:32:20 ACSRAD auth.info sshd[29234]: Invalid user mysql from 87.140.6.227 port 39221 Nov 18 09:32:20 ACSRAD auth.info sshd[29234]: Failed password for invalid user mysql from 87.140.6.227 port 39221 ssh2 Nov 18 09:32:20 ACSRAD auth.info sshd[29234]: Received disconnect from 87.140.6.227 port 39221:11: Bye Bye [preauth] Nov 18 09:32:20 ACSRAD auth.info sshd[29234]: Disconnected from 87.140.6.227 port 39221 [preauth] Nov 18........ ------------------------------	2019-11-19 16:28:34
132.232.255.50	attackspam	2019-11-19T07:55:39.430520shield sshd\[11888\]: Invalid user cav from 132.232.255.50 port 36224 2019-11-19T07:55:39.434573shield sshd\[11888\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.255.50 2019-11-19T07:55:41.061939shield sshd\[11888\]: Failed password for invalid user cav from 132.232.255.50 port 36224 ssh2 2019-11-19T08:00:25.814353shield sshd\[12465\]: Invalid user friends from 132.232.255.50 port 44480 2019-11-19T08:00:25.818722shield sshd\[12465\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.255.50	2019-11-19 16:12:40
5.188.84.6	attackspambots	[Tue Nov 19 13:27:28.422433 2019] [:error] [pid 7782:tid 139689784702720] [client 5.188.84.6:60688] [client 5.188.84.6] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/component/tags/tag/415-layanan-informasi-gempa-bumi-melalui-email"] [unique_id "XdOLULVa3xvPhxxTaYH2YwAAAJY"], referer: http://karangploso.jatim.bmkg.go.id/index.php/component/tags/tag/415-layanan-informasi-gempa-bum ...	2019-11-19 16:08:31

Recently Reported IPs

216.140.245.80	87.164.142.69	39.10.217.163	93.15.170.15
197.55.214.124	36.160.60.163	68.125.158.217	41.3.213.137
255.87.13.196	137.84.233.119	174.169.113.155	197.68.91.140
60.184.185.224	86.98.136.45	171.105.201.85	106.173.58.203
182.184.108.95	43.226.218.79	188.211.33.12	125.231.122.158