45.136.109.50 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: ComTrade LLC

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 19 17:49:51 mc1 kernel: \[194653.709007\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=37591 PROTO=TCP SPT=48372 DPT=9696 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 19 17:56:00 mc1 kernel: \[195022.090116\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34475 PROTO=TCP SPT=48372 DPT=9536 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 19 17:56:02 mc1 kernel: \[195024.079515\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46547 PROTO=TCP SPT=48372 DPT=9158 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-09-20 01:02:03
attackbots	Port scan	2019-09-14 05:34:23
attackspambots	Sep 13 10:14:36 TCP Attack: SRC=45.136.109.50 DST=[Masked] LEN=40 TOS=0x08 PREC=0x20 TTL=241 PROTO=TCP SPT=48510 DPT=9608 WINDOW=1024 RES=0x00 SYN URGP=0	2019-09-13 18:17:38
attackspambots	Sep 11 11:19:34 mc1 kernel: \[744140.926030\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21626 PROTO=TCP SPT=42250 DPT=9453 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 11 11:25:07 mc1 kernel: \[744473.369660\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3614 PROTO=TCP SPT=42250 DPT=9644 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 11 11:27:00 mc1 kernel: \[744586.411692\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.50 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=587 PROTO=TCP SPT=42250 DPT=9440 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-09-11 19:35:15

Comments on same subnet:

IP	Type	Details	Datetime
45.136.109.219	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 26 - port: 6000 proto: tcp cat: Misc Attackbytes: 60	2020-08-19 23:39:13
45.136.109.219	attackspam	slow and persistent scanner	2020-08-17 20:34:11
45.136.109.251	attackbotsspam	Port scanning [3 denied]	2020-08-14 14:18:15
45.136.109.219	attackbots	TCP (SYN) 45.136.109.219:50230 -> port 53, len 44	2020-08-07 08:11:38
45.136.109.219	attackbotsspam	[Tue Aug 04 17:47:28 2020] - DDoS Attack From IP: 45.136.109.219 Port: 41096	2020-08-06 18:31:50
45.136.109.219	attack	TCP (SYN) 45.136.109.219:43869 -> port 53, len 44	2020-08-05 23:34:34
45.136.109.158	attack	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 3389	2020-07-22 15:39:59
45.136.109.87	attack	BruteForce RDP attempts from 45.136.109.175	2020-07-17 14:21:12
45.136.109.158	attack	SmallBizIT.US 2 packets to tcp(3389,3391)	2020-07-07 12:28:14
45.136.109.158	attackbots	Unauthorized connection attempt detected from IP address 45.136.109.158 to port 4489 [T]	2020-07-05 22:47:55
45.136.109.175	attackspambots	Icarus honeypot on github	2020-07-02 08:25:18
45.136.109.251	attackbots	Multiport scan : 15 ports scanned 2888 3381 3382 3402 3420 3501 3502 4003 4018 5909 7926 8093 9000 9261 9833	2020-06-21 07:47:48
45.136.109.219	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 27 - port: 6389 proto: TCP cat: Misc Attack	2020-06-06 08:47:05
45.136.109.222	attackspam	Mar 22 03:57:09 src: 45.136.109.222 signature match: "BACKDOOR NetSphere Connection attempt" (sid: 100044) tcp port: 30100	2020-03-22 12:01:46
45.136.109.222	attackbotsspam	Mar 18 22:14:16 src: 45.136.109.222 signature match: "BACKDOOR Subseven connection attempt" (sid: 100207) tcp port: 27374	2020-03-19 06:22:33

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.109.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29861
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.109.50.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 11 19:35:09 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 50.109.136.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 50.109.136.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
179.191.88.58	attack	IP blocked	2020-08-03 22:30:00
144.172.84.41	attack	Volume spam messages from a changing domain (word numbers change periodically) ... mail-a.webstudioonehundredone.com[144.172.84.41]	2020-08-03 23:00:18
182.176.32.20	attackbotsspam	Aug 3 16:34:32 hidden sshd[22936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.32.20 Aug 3 16:34:34 hidden sshd[22936]: Failed password for invalid user 123@qwe~~ from 182.176.32.20 port 59169 ssh2 Aug 3 16:38:51 hidden sshd[27194]: Invalid user a123456a from 182.176.32.20 port 60286	2020-08-03 22:49:11
181.47.210.210	attackbotsspam	Aug 3 16:51:11 mail sshd[593409]: Failed password for root from 181.47.210.210 port 38023 ssh2 Aug 3 16:55:44 mail sshd[593558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.47.210.210 user=root Aug 3 16:55:46 mail sshd[593558]: Failed password for root from 181.47.210.210 port 59905 ssh2 ...	2020-08-03 23:01:23
106.13.136.8	attack	Aug 3 14:15:13 roki-contabo sshd\[1008\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.8 user=root Aug 3 14:15:14 roki-contabo sshd\[1008\]: Failed password for root from 106.13.136.8 port 60272 ssh2 Aug 3 14:22:19 roki-contabo sshd\[1253\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.8 user=root Aug 3 14:22:21 roki-contabo sshd\[1253\]: Failed password for root from 106.13.136.8 port 45562 ssh2 Aug 3 14:25:45 roki-contabo sshd\[1405\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.8 user=root ...	2020-08-03 22:59:22
150.136.116.126	attack	Aug 3 03:15:54 web1 sshd\[13325\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.116.126 user=root Aug 3 03:15:56 web1 sshd\[13325\]: Failed password for root from 150.136.116.126 port 39436 ssh2 Aug 3 03:19:44 web1 sshd\[13672\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.116.126 user=root Aug 3 03:19:47 web1 sshd\[13672\]: Failed password for root from 150.136.116.126 port 50336 ssh2 Aug 3 03:23:41 web1 sshd\[14017\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.116.126 user=root	2020-08-03 22:51:43
216.218.206.88	attackspambots	389/tcp 3389/tcp 1883/tcp... [2020-06-04/08-03]31pkt,14pt.(tcp),1pt.(udp)	2020-08-03 22:54:18
189.213.156.235	attackbots	[MK-Root1] Blocked by UFW	2020-08-03 22:45:42
109.236.91.85	attackbotsspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-08-03 22:48:45
106.12.207.197	attackbotsspam	Aug 3 14:22:17 abendstille sshd\[7781\]: Invalid user sa@123 from 106.12.207.197 Aug 3 14:22:17 abendstille sshd\[7781\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.197 Aug 3 14:22:19 abendstille sshd\[7781\]: Failed password for invalid user sa@123 from 106.12.207.197 port 36982 ssh2 Aug 3 14:25:56 abendstille sshd\[11168\]: Invalid user abc123abc from 106.12.207.197 Aug 3 14:25:56 abendstille sshd\[11168\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.197 ...	2020-08-03 22:49:43
189.192.100.139	attackbots	$f2bV_matches	2020-08-03 22:35:33
118.25.220.214	attackbotsspam	Lines containing failures of 118.25.220.214 (max 1000) Aug 2 22:13:26 UTC__SANYALnet-Labs__cac14 sshd[21652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.220.214 user=r.r Aug 3 00:56:57 UTC__SANYALnet-Labs__cac1 sshd[14818]: Connection from 118.25.220.214 port 53170 on 64.137.179.160 port 22 Aug 3 00:56:59 UTC__SANYALnet-Labs__cac1 sshd[14818]: User r.r from 118.25.220.214 not allowed because not listed in AllowUsers Aug 3 00:56:59 UTC__SANYALnet-Labs__cac1 sshd[14818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.220.214 user=r.r Aug 3 00:57:01 UTC__SANYALnet-Labs__cac1 sshd[14818]: Failed password for invalid user r.r from 118.25.220.214 port 53170 ssh2 Aug 3 00:57:01 UTC__SANYALnet-Labs__cac1 sshd[14818]: Received disconnect from 118.25.220.214 port 53170:11: Bye Bye [preauth] Aug 3 00:57:01 UTC__SANYALnet-Labs__cac1 sshd[14818]: Disconnected from 118.25.220.2........ ------------------------------	2020-08-03 22:54:55
133.200.170.32	attackbotsspam	Lines containing failures of 133.200.170.32 Aug 3 11:55:22 kmh-vmh-001-fsn07 sshd[19157]: Bad protocol version identification '' from 133.200.170.32 port 23417 Aug 3 11:55:27 kmh-vmh-001-fsn07 sshd[19179]: Invalid user plexuser from 133.200.170.32 port 27511 Aug 3 11:55:28 kmh-vmh-001-fsn07 sshd[19179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.200.170.32 Aug 3 11:55:30 kmh-vmh-001-fsn07 sshd[19179]: Failed password for invalid user plexuser from 133.200.170.32 port 27511 ssh2 Aug 3 11:55:31 kmh-vmh-001-fsn07 sshd[19179]: Connection closed by invalid user plexuser 133.200.170.32 port 27511 [preauth] Aug 3 11:55:39 kmh-vmh-001-fsn07 sshd[19263]: Invalid user admin from 133.200.170.32 port 15227 Aug 3 11:55:39 kmh-vmh-001-fsn07 sshd[19263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.200.170.32 Aug 3 11:55:41 kmh-vmh-001-fsn07 sshd[19263]: Failed password for invalid........ ------------------------------	2020-08-03 22:36:20
39.104.14.232	attack	Lines containing failures of 39.104.14.232 (max 1000) Aug 3 12:20:10 UTC__SANYALnet-Labs__cac12 sshd[12812]: Connection from 39.104.14.232 port 56584 on 64.137.176.96 port 22 Aug 3 12:20:12 UTC__SANYALnet-Labs__cac12 sshd[12812]: User r.r from 39.104.14.232 not allowed because not listed in AllowUsers Aug 3 12:20:12 UTC__SANYALnet-Labs__cac12 sshd[12812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.104.14.232 user=r.r Aug 3 12:20:14 UTC__SANYALnet-Labs__cac12 sshd[12812]: Failed password for invalid user r.r from 39.104.14.232 port 56584 ssh2 Aug 3 12:20:14 UTC__SANYALnet-Labs__cac12 sshd[12812]: Received disconnect from 39.104.14.232 port 56584:11: Bye Bye [preauth] Aug 3 12:20:14 UTC__SANYALnet-Labs__cac12 sshd[12812]: Disconnected from 39.104.14.232 port 56584 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=39.104.14.232	2020-08-03 22:51:22
5.178.187.140	attack	5.178.187.140 - - [03/Aug/2020:15:32:02 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 5.178.187.140 - - [03/Aug/2020:15:32:04 +0100] "POST /wp-login.php HTTP/1.1" 200 6137 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 5.178.187.140 - - [03/Aug/2020:15:33:03 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ...	2020-08-03 22:48:29

Recently Reported IPs

90.185.22.35	37.120.159.18	212.92.112.11	218.35.55.121
49.83.49.24	131.167.63.189	109.100.33.178	101.23.93.41
106.196.247.160	118.171.29.252	122.52.203.133	101.16.97.181
190.186.48.195	183.4.43.162	24.21.80.45	117.240.176.7
104.7.75.174	16.176.135.43	32.184.13.159	88.105.84.246