45.136.109.247

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: ComTrade LLC

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	firewall-block, port(s): 1848/tcp, 1952/tcp, 1957/tcp, 2001/tcp, 2099/tcp, 2114/tcp, 2280/tcp, 2284/tcp, 2422/tcp, 2452/tcp, 2631/tcp, 2774/tcp, 2829/tcp, 2982/tcp, 2992/tcp, 3027/tcp, 3132/tcp, 3361/tcp	2019-10-17 16:49:35
attack	Oct 16 12:56:22 mc1 kernel: \[2509752.946701\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=25747 PROTO=TCP SPT=46362 DPT=1926 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 16 12:59:59 mc1 kernel: \[2509970.202228\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=10105 PROTO=TCP SPT=46362 DPT=2578 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 16 13:01:54 mc1 kernel: \[2510085.260405\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48093 PROTO=TCP SPT=46362 DPT=2857 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-10-16 19:15:54
attack	Oct 14 09:50:01 mc1 kernel: \[2325779.444480\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=19428 PROTO=TCP SPT=53467 DPT=3351 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 14 09:54:00 mc1 kernel: \[2326018.388337\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30602 PROTO=TCP SPT=53467 DPT=3341 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 14 09:57:39 mc1 kernel: \[2326237.212423\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.247 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40947 PROTO=TCP SPT=53467 DPT=2291 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-10-14 16:31:43
attack	firewall-block, port(s): 2134/tcp, 2538/tcp, 3024/tcp, 3044/tcp, 3049/tcp, 3303/tcp, 3317/tcp	2019-10-10 07:05:11
attackspambots	Port scan on 9 port(s): 2025 2419 2461 2582 2699 2771 2793 2808 2928	2019-10-09 01:05:17
attack	Port scan on 6 port(s): 1858 2235 2756 3075 3214 3278	2019-10-07 22:54:38

Comments on same subnet:

IP	Type	Details	Datetime
45.136.109.219	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 26 - port: 6000 proto: tcp cat: Misc Attackbytes: 60	2020-08-19 23:39:13
45.136.109.219	attackspam	slow and persistent scanner	2020-08-17 20:34:11
45.136.109.251	attackbotsspam	Port scanning [3 denied]	2020-08-14 14:18:15
45.136.109.219	attackbots	TCP (SYN) 45.136.109.219:50230 -> port 53, len 44	2020-08-07 08:11:38
45.136.109.219	attackbotsspam	[Tue Aug 04 17:47:28 2020] - DDoS Attack From IP: 45.136.109.219 Port: 41096	2020-08-06 18:31:50
45.136.109.219	attack	TCP (SYN) 45.136.109.219:43869 -> port 53, len 44	2020-08-05 23:34:34
45.136.109.158	attack	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 3389	2020-07-22 15:39:59
45.136.109.87	attack	BruteForce RDP attempts from 45.136.109.175	2020-07-17 14:21:12
45.136.109.158	attack	SmallBizIT.US 2 packets to tcp(3389,3391)	2020-07-07 12:28:14
45.136.109.158	attackbots	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 4489 [T]	2020-07-05 22:47:55
45.136.109.175	attackspambots	Icarus honeypot on github	2020-07-02 08:25:18
45.136.109.251	attackbots	Multiport scan : 15 ports scanned 2888 3381 3382 3402 3420 3501 3502 4003 4018 5909 7926 8093 9000 9261 9833	2020-06-21 07:47:48
45.136.109.219	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 27 - port: 6389 proto: TCP cat: Misc Attack	2020-06-06 08:47:05
45.136.109.222	attackspam	Mar 22 03:57:09 src: 45.136.109.222 signature match: "BACKDOOR NetSphere Connection attempt" (sid: 100044) tcp port: 30100	2020-03-22 12:01:46
45.136.109.222	attackbotsspam	Mar 18 22:14:16 src: 45.136.109.222 signature match: "BACKDOOR Subseven connection attempt" (sid: 100207) tcp port: 27374	2020-03-19 06:22:33

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.109.247
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40535
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.109.247.			IN	A

;; AUTHORITY SECTION:
.			567	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100701 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Oct 07 22:54:32 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 247.109.136.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 247.109.136.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
157.230.27.30	attack	157.230.27.30 - - \[24/Aug/2020:00:50:30 +0200\] "POST /wp-login.php HTTP/1.1" 200 12822 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 157.230.27.30 - - \[24/Aug/2020:00:50:31 +0200\] "POST /wp-login.php HTTP/1.1" 200 12657 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2020-08-24 07:23:49
119.29.216.238	attack	2020-08-24T05:14:10.955501hostname sshd[16543]: Invalid user ng from 119.29.216.238 port 39744 2020-08-24T05:14:13.326604hostname sshd[16543]: Failed password for invalid user ng from 119.29.216.238 port 39744 ssh2 2020-08-24T05:21:24.344313hostname sshd[19214]: Invalid user denise from 119.29.216.238 port 41258 ...	2020-08-24 08:01:37
95.130.181.11	attackspam	Time: Sun Aug 23 20:31:47 2020 +0000 IP: 95.130.181.11 (RU/Russia/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Aug 23 20:16:19 vps1 sshd[10551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.130.181.11 user=root Aug 23 20:16:21 vps1 sshd[10551]: Failed password for root from 95.130.181.11 port 36558 ssh2 Aug 23 20:28:12 vps1 sshd[10940]: Invalid user ftpuser from 95.130.181.11 port 48440 Aug 23 20:28:14 vps1 sshd[10940]: Failed password for invalid user ftpuser from 95.130.181.11 port 48440 ssh2 Aug 23 20:31:45 vps1 sshd[11084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.130.181.11 user=root	2020-08-24 07:23:08
116.241.112.182	attack	23/tcp [2020-08-23]1pkt	2020-08-24 07:25:25
49.88.112.114	attackspam	Aug 23 20:36:43 vps46666688 sshd[20453]: Failed password for root from 49.88.112.114 port 36972 ssh2 ...	2020-08-24 07:54:56
106.12.202.180	attack	Tried sshing with brute force.	2020-08-24 07:33:17
70.169.55.123	attack	23/tcp [2020-08-23]1pkt	2020-08-24 08:02:09
5.47.55.197	attack	2020-08-23 15:27:49.328831-0500 localhost smtpd[19970]: NOQUEUE: reject: RCPT from unknown[5.47.55.197]: 554 5.7.1 Service unavailable; Client host [5.47.55.197] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/5.47.55.197; from= to= proto=ESMTP helo=<[5.47.55.197]>	2020-08-24 07:21:41
200.120.211.128	attackbotsspam	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-24 07:23:22
51.15.118.15	attack	2020-08-23T20:25:51.079952abusebot-6.cloudsearch.cf sshd[11792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.118.15 user=root 2020-08-23T20:25:52.899324abusebot-6.cloudsearch.cf sshd[11792]: Failed password for root from 51.15.118.15 port 34880 ssh2 2020-08-23T20:29:11.006320abusebot-6.cloudsearch.cf sshd[11930]: Invalid user soma from 51.15.118.15 port 43702 2020-08-23T20:29:11.012767abusebot-6.cloudsearch.cf sshd[11930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.118.15 2020-08-23T20:29:11.006320abusebot-6.cloudsearch.cf sshd[11930]: Invalid user soma from 51.15.118.15 port 43702 2020-08-23T20:29:13.288507abusebot-6.cloudsearch.cf sshd[11930]: Failed password for invalid user soma from 51.15.118.15 port 43702 ssh2 2020-08-23T20:32:34.844146abusebot-6.cloudsearch.cf sshd[12028]: Invalid user mary from 51.15.118.15 port 52538 ...	2020-08-24 07:58:04
41.92.88.61	attack	2020-08-23 15:30:26.315641-0500 localhost smtpd[19970]: NOQUEUE: reject: RCPT from unknown[41.92.88.61]: 554 5.7.1 Service unavailable; Client host [41.92.88.61] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/41.92.88.61 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[41.92.24.60]>	2020-08-24 07:17:24
61.133.232.252	attackspam	"Unauthorized connection attempt on SSHD detected"	2020-08-24 07:44:33
109.197.72.73	attackspam	44574/tcp [2020-08-23]1pkt	2020-08-24 07:44:04
193.228.108.122	attackspambots	sshd jail - ssh hack attempt	2020-08-24 07:42:19
218.92.0.246	attackspambots	Aug 24 01:53:53 ns381471 sshd[1505]: Failed password for root from 218.92.0.246 port 49375 ssh2 Aug 24 01:53:57 ns381471 sshd[1505]: Failed password for root from 218.92.0.246 port 49375 ssh2	2020-08-24 07:57:06

Recently Reported IPs

94.154.89.117	91.186.231.116	80.210.250.168	190.254.195.91
149.250.55.7	22.9.173.223	119.4.209.13	112.238.172.252
138.17.137.86	41.72.17.100	178.46.215.65	177.8.255.9
117.40.167.198	197.46.174.193	188.158.7.49	37.120.217.12
222.136.116.108	95.181.218.195	45.164.37.252	110.72.61.77