City: unknown
Region: unknown
Country: Germany
Internet Service Provider: ComTrade LLC
Hostname: unknown
Organization: unknown
Usage Type: Commercial
| Type | Details | Datetime |
|---|---|---|
| attackspambots | Nov 15 23:04:19 mc1 kernel: \[5141726.470634\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63095 PROTO=TCP SPT=56799 DPT=9744 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 23:05:31 mc1 kernel: \[5141798.383413\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23950 PROTO=TCP SPT=56799 DPT=8272 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 23:05:56 mc1 kernel: \[5141824.201369\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45023 PROTO=TCP SPT=56799 DPT=9309 WINDOW=1024 RES=0x00 SYN URGP=0 ... |
2019-11-16 06:15:41 |
| attackspam | Nov 15 01:45:45 mc1 kernel: \[5065015.406622\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=58357 PROTO=TCP SPT=56799 DPT=8433 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 01:45:57 mc1 kernel: \[5065027.372515\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64683 PROTO=TCP SPT=56799 DPT=9817 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 01:49:02 mc1 kernel: \[5065212.685291\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57948 PROTO=TCP SPT=56799 DPT=8804 WINDOW=1024 RES=0x00 SYN URGP=0 ... |
2019-11-15 08:59:45 |
| attack | Nov 12 18:03:37 h2177944 kernel: \[6453755.573830\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.82 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=35207 PROTO=TCP SPT=56799 DPT=8944 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 18:04:07 h2177944 kernel: \[6453785.086582\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.82 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23504 PROTO=TCP SPT=56799 DPT=8371 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 18:05:05 h2177944 kernel: \[6453843.259422\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.82 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24781 PROTO=TCP SPT=56799 DPT=9832 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 18:05:15 h2177944 kernel: \[6453853.116786\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.82 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=33534 PROTO=TCP SPT=56799 DPT=8186 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 18:06:08 h2177944 kernel: \[6453906.529866\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.109.82 DST=85.214.117.9 |
2019-11-13 01:07:15 |
| attackspam | Nov 12 10:56:24 mc1 kernel: \[4838863.439063\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48002 PROTO=TCP SPT=56799 DPT=8328 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 10:58:17 mc1 kernel: \[4838976.493959\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48872 PROTO=TCP SPT=56799 DPT=9681 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 12 11:02:58 mc1 kernel: \[4839257.245188\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=45.136.109.82 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2133 PROTO=TCP SPT=56799 DPT=9199 WINDOW=1024 RES=0x00 SYN URGP=0 ... |
2019-11-12 18:27:33 |
| attackspam | 45.136.109.82 was recorded 159 times by 25 hosts attempting to connect to the following ports: 9851,9825,9810,9903,9935,9863,9896,9924,9849,9888,9823,9821,9925,9829,9812,9916,9854,9881,9861,9813,9904,9931,9960,9921,9907,9847,9815,9818,9824,9877,9848,9809,9912,9961,9827,9959,9884,9869,9862,9997,9819,9850,9996,9910,9801,9936,9918,9817,9954,9993,9859,9800,9820,9930,9807,9843,9822,9860,9909,9830,9920,9802,9927,9858,9914,9856,9852,9974,9906,9890,9908,9875,9894,9806,9844,10000,9814,9840,9947,9971,9964,9967,9895,9842,9901,9835,9957,9887,9811,9889,9929,9834,9871,9808,9972,9885,9816,9982,9932. Incident counter (4h, 24h, all-time): 159, 892, 3513 |
2019-11-11 02:57:27 |
| attackbots | 11/07/2019-17:04:32.266975 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-11-08 06:25:40 |
| attackbotsspam | 10/30/2019-13:15:24.999845 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-31 01:25:33 |
| attackbots | 10/27/2019-19:35:56.593990 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-28 08:05:42 |
| attackbots | 10/26/2019-19:15:13.223519 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-27 07:55:56 |
| attack | 10/25/2019-18:37:21.948245 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-26 07:37:14 |
| attack | ET CINS Active Threat Intelligence Poor Reputation IP group 30 - port: 9160 proto: TCP cat: Misc Attack |
2019-10-25 07:01:34 |
| attackbotsspam | 10/22/2019-14:16:53.779324 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-23 03:51:00 |
| attackbotsspam | ET CINS Active Threat Intelligence Poor Reputation IP group 32 - port: 9228 proto: TCP cat: Misc Attack |
2019-10-21 16:40:07 |
| attackspambots | 10/18/2019-15:52:00.538764 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-19 05:20:37 |
| attack | 10/18/2019-08:57:54.567495 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-18 21:48:20 |
| attackbotsspam | 10/17/2019-07:28:17.096915 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-17 19:34:26 |
| attackspam | Portscan or hack attempt detected by psad/fwsnort |
2019-10-16 09:54:31 |
| attackspambots | 10/15/2019-07:48:34.735424 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-15 21:11:56 |
| attackspam | 10/15/2019-06:08:47.072263 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-15 18:28:26 |
| attack | 10/14/2019-17:21:32.120732 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-15 05:38:01 |
| attackspambots | Port-scan: detected 180 distinct ports within a 24-hour window. |
2019-10-15 03:05:17 |
| attack | 10/09/2019-08:34:27.687031 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-09 21:32:57 |
| attackspam | 10/09/2019-00:22:03.156132 45.136.109.82 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-10-09 14:14:50 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 45.136.109.219 | attackspambots | ET CINS Active Threat Intelligence Poor Reputation IP group 26 - port: 6000 proto: tcp cat: Misc Attackbytes: 60 |
2020-08-19 23:39:13 |
| 45.136.109.219 | attackspam | slow and persistent scanner |
2020-08-17 20:34:11 |
| 45.136.109.251 | attackbotsspam | Port scanning [3 denied] |
2020-08-14 14:18:15 |
| 45.136.109.219 | attackbots |
|
2020-08-07 08:11:38 |
| 45.136.109.219 | attackbotsspam | [Tue Aug 04 17:47:28 2020] - DDoS Attack From IP: 45.136.109.219 Port: 41096 |
2020-08-06 18:31:50 |
| 45.136.109.219 | attack |
|
2020-08-05 23:34:34 |
| 45.136.109.158 | attack | Unauthorized connection attempt detected from IP address 45.136.109.158 to port 3389 |
2020-07-22 15:39:59 |
| 45.136.109.87 | attack | BruteForce RDP attempts from 45.136.109.175 |
2020-07-17 14:21:12 |
| 45.136.109.158 | attack | SmallBizIT.US 2 packets to tcp(3389,3391) |
2020-07-07 12:28:14 |
| 45.136.109.158 | attackbots | Unauthorized connection attempt detected from IP address 45.136.109.158 to port 4489 [T] |
2020-07-05 22:47:55 |
| 45.136.109.175 | attackspambots | Icarus honeypot on github |
2020-07-02 08:25:18 |
| 45.136.109.251 | attackbots | Multiport scan : 15 ports scanned 2888 3381 3382 3402 3420 3501 3502 4003 4018 5909 7926 8093 9000 9261 9833 |
2020-06-21 07:47:48 |
| 45.136.109.219 | attackbots | ET CINS Active Threat Intelligence Poor Reputation IP group 27 - port: 6389 proto: TCP cat: Misc Attack |
2020-06-06 08:47:05 |
| 45.136.109.222 | attackspam | Mar 22 03:57:09 src: 45.136.109.222 signature match: "BACKDOOR NetSphere Connection attempt" (sid: 100044) tcp port: 30100 |
2020-03-22 12:01:46 |
| 45.136.109.222 | attackbotsspam | Mar 18 22:14:16 src: 45.136.109.222 signature match: "BACKDOOR Subseven connection attempt" (sid: 100207) tcp port: 27374 |
2020-03-19 06:22:33 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.136.109.82
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47564
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.136.109.82. IN A
;; AUTHORITY SECTION:
. 479 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019100900 1800 900 604800 86400
;; Query time: 113 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 09 14:15:46 CST 2019
;; MSG SIZE rcvd: 117
Host 82.109.136.45.in-addr.arpa. not found: 3(NXDOMAIN)
Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 82.109.136.45.in-addr.arpa: NXDOMAIN
| IP | Type | Details | Datetime |
|---|---|---|---|
| 167.99.172.181 | attackbotsspam | 2020-08-25T06:04:24.468043shield sshd\[12947\]: Invalid user salman from 167.99.172.181 port 39620 2020-08-25T06:04:24.508364shield sshd\[12947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.172.181 2020-08-25T06:04:26.032017shield sshd\[12947\]: Failed password for invalid user salman from 167.99.172.181 port 39620 ssh2 2020-08-25T06:08:19.115950shield sshd\[13287\]: Invalid user zv from 167.99.172.181 port 46814 2020-08-25T06:08:19.127715shield sshd\[13287\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.172.181 |
2020-08-25 14:16:36 |
| 91.134.173.100 | attackspambots | Aug 24 16:16:53 sachi sshd\[15951\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.134.173.100 user=root Aug 24 16:16:55 sachi sshd\[15951\]: Failed password for root from 91.134.173.100 port 40586 ssh2 Aug 24 16:22:05 sachi sshd\[19123\]: Invalid user tryton from 91.134.173.100 Aug 24 16:22:05 sachi sshd\[19123\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.134.173.100 Aug 24 16:22:06 sachi sshd\[19123\]: Failed password for invalid user tryton from 91.134.173.100 port 55152 ssh2 |
2020-08-25 14:20:45 |
| 18.218.130.165 | attack | mue-Direct access to plugin not allowed |
2020-08-25 14:14:29 |
| 212.70.149.4 | attackbots | Aug 25 07:41:53 srv01 postfix/smtpd\[3042\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 25 07:42:13 srv01 postfix/smtpd\[3042\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 25 07:44:50 srv01 postfix/smtpd\[5092\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 25 07:45:08 srv01 postfix/smtpd\[31576\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 25 07:45:13 srv01 postfix/smtpd\[3042\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ... |
2020-08-25 13:46:47 |
| 94.237.73.136 | attackbotsspam | 94.237.73.136 - - [25/Aug/2020:04:57:23 +0100] "POST /wp-login.php HTTP/1.1" 200 2178 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.237.73.136 - - [25/Aug/2020:04:57:26 +0100] "POST /wp-login.php HTTP/1.1" 200 2111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 94.237.73.136 - - [25/Aug/2020:04:57:27 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2020-08-25 14:08:21 |
| 5.62.20.22 | attackbotsspam | (From linnie.noll@hotmail.com) Looking for fresh buyers? Get tons of people who are ready to buy sent directly to your website. Boost revenues super fast. Start seeing results in as little as 48 hours. To get info Visit: http://www.easy-web-traffic.xyz |
2020-08-25 14:08:58 |
| 141.98.80.61 | attackbotsspam | SMTP SASL LOGIN authentication failed |
2020-08-25 14:09:27 |
| 220.247.172.138 | attackbots | 20/8/24@23:57:05: FAIL: Alarm-Network address from=220.247.172.138 ... |
2020-08-25 14:18:02 |
| 185.150.189.165 | attack | Persistent port scanning [15 denied] |
2020-08-25 13:49:26 |
| 192.241.227.12 | attackbots | Port Scan detected! ... |
2020-08-25 13:56:42 |
| 179.191.123.46 | attackspam | Total attacks: 2 |
2020-08-25 14:07:23 |
| 187.162.51.63 | attack | 2020-08-25T06:13:48.493596shield sshd\[13802\]: Invalid user oracle from 187.162.51.63 port 36198 2020-08-25T06:13:48.511800shield sshd\[13802\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187-162-51-63.static.axtel.net 2020-08-25T06:13:50.473401shield sshd\[13802\]: Failed password for invalid user oracle from 187.162.51.63 port 36198 ssh2 2020-08-25T06:17:45.400344shield sshd\[14055\]: Invalid user nagios from 187.162.51.63 port 39213 2020-08-25T06:17:45.409764shield sshd\[14055\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187-162-51-63.static.axtel.net |
2020-08-25 14:23:25 |
| 180.76.246.38 | attackbotsspam | Time: Tue Aug 25 03:55:56 2020 +0000 IP: 180.76.246.38 (CN/China/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Aug 25 03:23:28 hosting sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.246.38 user=root Aug 25 03:23:30 hosting sshd[12362]: Failed password for root from 180.76.246.38 port 39166 ssh2 Aug 25 03:52:17 hosting sshd[14367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.246.38 user=root Aug 25 03:52:19 hosting sshd[14367]: Failed password for root from 180.76.246.38 port 55820 ssh2 Aug 25 03:55:55 hosting sshd[14615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.246.38 user=root |
2020-08-25 14:18:34 |
| 106.13.164.39 | attack | firewall-block, port(s): 25483/tcp |
2020-08-25 14:09:42 |
| 49.77.216.65 | attackbotsspam | IP 49.77.216.65 attacked honeypot on port: 1433 at 8/24/2020 8:57:27 PM |
2020-08-25 14:06:27 |