Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: ComTrade LLC

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:
Type Details Datetime
attackspambots
MultiHost/MultiPort Probe, Scan, Hack -
2019-11-01 02:15:26
attackspam
Oct 25 13:01:32 mc1 kernel: \[3287632.951781\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.207 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21979 PROTO=TCP SPT=51124 DPT=9053 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 25 13:06:01 mc1 kernel: \[3287901.360932\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.207 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23677 PROTO=TCP SPT=51124 DPT=8050 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 25 13:08:23 mc1 kernel: \[3288043.299608\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.207 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31175 PROTO=TCP SPT=51124 DPT=8065 WINDOW=1024 RES=0x00 SYN URGP=0 
...
2019-10-25 19:23:51
attackbots
Oct 12 11:38:15 h2177944 kernel: \[3749122.845379\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.207 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57897 PROTO=TCP SPT=43777 DPT=3362 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 12 11:42:58 h2177944 kernel: \[3749406.164028\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.207 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26684 PROTO=TCP SPT=43777 DPT=3327 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 12 11:46:28 h2177944 kernel: \[3749615.765224\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.207 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26122 PROTO=TCP SPT=43777 DPT=3392 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 12 11:55:46 h2177944 kernel: \[3750174.247894\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.207 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29351 PROTO=TCP SPT=43777 DPT=3376 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct 12 12:09:10 h2177944 kernel: \[3750977.325503\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.207 DST=85.214.
2019-10-12 18:45:36
Comments on same subnet:
IP Type Details Datetime
45.136.109.219 attackspambots
ET CINS Active Threat Intelligence Poor Reputation IP group 26 - port: 6000 proto: tcp cat: Misc Attackbytes: 60
2020-08-19 23:39:13
45.136.109.219 attackspam
slow and persistent scanner
2020-08-17 20:34:11
45.136.109.251 attackbotsspam
Port scanning [3 denied]
2020-08-14 14:18:15
45.136.109.219 attackbots
 TCP (SYN) 45.136.109.219:50230 -> port 53, len 44
2020-08-07 08:11:38
45.136.109.219 attackbotsspam
[Tue Aug 04 17:47:28 2020] - DDoS Attack From IP: 45.136.109.219 Port: 41096
2020-08-06 18:31:50
45.136.109.219 attack
 TCP (SYN) 45.136.109.219:43869 -> port 53, len 44
2020-08-05 23:34:34
45.136.109.158 attack
Unauthorized connection attempt detected from IP address 45.136.109.158 to port 3389
2020-07-22 15:39:59
45.136.109.87 attack
BruteForce RDP attempts from 45.136.109.175
2020-07-17 14:21:12
45.136.109.158 attack
SmallBizIT.US 2 packets to tcp(3389,3391)
2020-07-07 12:28:14
45.136.109.158 attackbots
Unauthorized connection attempt detected from IP address 45.136.109.158 to port 4489 [T]
2020-07-05 22:47:55
45.136.109.175 attackspambots
Icarus honeypot on github
2020-07-02 08:25:18
45.136.109.251 attackbots
Multiport scan : 15 ports scanned 2888 3381 3382 3402 3420 3501 3502 4003 4018 5909 7926 8093 9000 9261 9833
2020-06-21 07:47:48
45.136.109.219 attackbots
ET CINS Active Threat Intelligence Poor Reputation IP group 27 - port: 6389 proto: TCP cat: Misc Attack
2020-06-06 08:47:05
45.136.109.222 attackspam
Mar 22 03:57:09 src: 45.136.109.222 signature match: "BACKDOOR NetSphere Connection attempt" (sid: 100044) tcp port: 30100
2020-03-22 12:01:46
45.136.109.222 attackbotsspam
Mar 18 22:14:16 src: 45.136.109.222 signature match: "BACKDOOR Subseven connection attempt" (sid: 100207) tcp port: 27374
2020-03-19 06:22:33
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.109.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26556
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.109.207.			IN	A

;; AUTHORITY SECTION:
.			568	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101200 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Oct 12 18:45:33 CST 2019
;; MSG SIZE  rcvd: 118
Host info
Host 207.109.136.45.in-addr.arpa. not found: 3(NXDOMAIN)
Nslookup info:
Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 207.109.136.45.in-addr.arpa: NXDOMAIN
Related IP info:
Related comments:
IP Type Details Datetime
81.70.7.32 attack
Aug  9 22:07:27 ns382633 sshd\[2541\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.7.32  user=root
Aug  9 22:07:29 ns382633 sshd\[2541\]: Failed password for root from 81.70.7.32 port 43804 ssh2
Aug  9 22:20:22 ns382633 sshd\[5014\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.7.32  user=root
Aug  9 22:20:25 ns382633 sshd\[5014\]: Failed password for root from 81.70.7.32 port 38790 ssh2
Aug  9 22:26:40 ns382633 sshd\[6094\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.7.32  user=root
2020-08-10 04:27:03
77.83.175.161 attackspambots
WebFormToEmail Comment SPAM
2020-08-10 04:08:34
118.126.116.101 attackspam
Aug  9 21:09:05 vm0 sshd[30605]: Failed password for root from 118.126.116.101 port 56200 ssh2
...
2020-08-10 03:50:22
107.170.104.125 attack
2020-08-09T21:56:27.997487centos sshd[20212]: Failed password for root from 107.170.104.125 port 43798 ssh2
2020-08-09T22:00:06.046799centos sshd[20432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.104.125  user=root
2020-08-09T22:00:08.083477centos sshd[20432]: Failed password for root from 107.170.104.125 port 55696 ssh2
...
2020-08-10 04:26:13
46.17.104.176 attack
Aug  9 15:57:02 vps46666688 sshd[17458]: Failed password for root from 46.17.104.176 port 38819 ssh2
...
2020-08-10 04:05:33
211.80.102.185 attackbots
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.80.102.185
Invalid user TUIDC from 211.80.102.185 port 58344
Failed password for invalid user TUIDC from 211.80.102.185 port 58344 ssh2
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.80.102.185  user=root
Failed password for root from 211.80.102.185 port 24881 ssh2
2020-08-10 04:24:31
218.92.0.191 attackspambots
Aug  9 21:58:50 dcd-gentoo sshd[9054]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups
Aug  9 21:58:52 dcd-gentoo sshd[9054]: error: PAM: Authentication failure for illegal user root from 218.92.0.191
Aug  9 21:58:52 dcd-gentoo sshd[9054]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.191 port 39764 ssh2
...
2020-08-10 04:11:31
190.21.44.87 attackspambots
Aug  9 21:41:43 sip sshd[1250307]: Failed password for root from 190.21.44.87 port 60816 ssh2
Aug  9 21:46:09 sip sshd[1250366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.21.44.87  user=root
Aug  9 21:46:11 sip sshd[1250366]: Failed password for root from 190.21.44.87 port 37200 ssh2
...
2020-08-10 04:12:40
213.21.57.39 attackspam
rdp
2020-08-10 04:25:36
61.12.92.146 attackbots
WordPress wp-login brute force :: 61.12.92.146 0.084 - [09/Aug/2020:18:45:31  0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1837 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"
2020-08-10 04:20:23
139.213.31.214 attackspam
Telnet Server BruteForce Attack
2020-08-10 03:57:09
54.38.240.23 attack
2020-08-09T19:34:51.682137n23.at sshd[4176531]: Failed password for root from 54.38.240.23 port 35366 ssh2
2020-08-09T19:35:15.124665n23.at sshd[4177423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.240.23  user=root
2020-08-09T19:35:16.706998n23.at sshd[4177423]: Failed password for root from 54.38.240.23 port 38912 ssh2
...
2020-08-10 04:01:24
5.188.84.115 attackspambots
0,30-01/02 [bc01/m14] PostRequest-Spammer scoring: zurich
2020-08-10 04:00:06
213.178.226.248 attack
Aug  9 18:19:15 our-server-hostname postfix/smtpd[26584]: connect from unknown[213.178.226.248]
Aug x@x
Aug  9 18:19:18 our-server-hostname postfix/smtpd[26584]: disconnect from unknown[213.178.226.248]
Aug  9 18:31:14 our-server-hostname postfix/smtpd[30764]: connect from unknown[213.178.226.248]
Aug x@x
Aug  9 18:31:16 our-server-hostname postfix/smtpd[30764]: disconnect from unknown[213.178.226.248]
Aug  9 18:38:40 our-server-hostname postfix/smtpd[1109]: connect from unknown[213.178.226.248]
Aug x@x
Aug  9 18:38:42 our-server-hostname postfix/smtpd[1109]: disconnect from unknown[213.178.226.248]
Aug  9 18:39:02 our-server-hostname postfix/smtpd[1109]: connect from unknown[213.178.226.248]
Aug x@x
Aug  9 18:39:03 our-server-hostname postfix/smtpd[1109]: disconnect from unknown[213.178.226.248]
Aug  9 18:40:24 our-server-hostname postfix/smtpd[1109]: connect from unknown[213.178.226.248]
Aug x@x
Aug  9 18:40:25 our-server-hostname postfix/smtpd[1109]: disconnect from ........
-------------------------------
2020-08-10 04:19:24
14.51.232.216 attackbots
detected by Fail2Ban
2020-08-10 03:56:00

Recently Reported IPs

92.225.91.169 223.178.167.17 245.183.26.44 80.255.5.219
91.132.139.119 220.144.45.42 89.107.250.14 139.101.147.124
104.248.93.179 176.109.184.155 60.50.121.122 146.169.254.12
114.225.221.100 235.223.9.105 54.36.148.200 93.174.89.190
183.145.60.212 37.212.235.149 68.11.26.186 104.238.120.38