45.145.66.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: Intercom LLC

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[H1.VM7] Blocked by UFW	2020-07-23 12:48:45
attackspambots	Jul 23 01:41:18 debian-2gb-nbg1-2 kernel: \[17719806.402056\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.145.66.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=13582 PROTO=TCP SPT=57028 DPT=53517 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-23 07:51:42
attackspam	Jul 22 17:42:34 debian-2gb-nbg1-2 kernel: \[17691084.170479\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.145.66.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57934 PROTO=TCP SPT=62000 DPT=14920 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-23 00:21:41

Type

Details

Datetime

attack

[H1.VM7] Blocked by UFW

2020-07-23 12:48:45

attackspambots

Jul 23 01:41:18 debian-2gb-nbg1-2 kernel: \[17719806.402056\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.145.66.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=13582 PROTO=TCP SPT=57028 DPT=53517 WINDOW=1024 RES=0x00 SYN URGP=0

2020-07-23 07:51:42

attackspam

Jul 22 17:42:34 debian-2gb-nbg1-2 kernel: \[17691084.170479\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.145.66.55 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57934 PROTO=TCP SPT=62000 DPT=14920 WINDOW=1024 RES=0x00 SYN URGP=0

2020-07-23 00:21:41

Comments on same subnet:

IP	Type	Details	Datetime
45.145.66.104	attackbots	Excessive Port-Scanning	2020-10-04 02:34:03
45.145.66.104	attackbotsspam	[HOST2] Port Scan detected	2020-10-03 18:21:49
45.145.66.159	attackbotsspam	RDPBruteGam24	2020-09-29 02:25:57
45.145.66.159	attack	RDPBruteGam24	2020-09-28 18:33:33
45.145.66.67	attack	scans once in preceeding hours on the ports (in chronological order) 20425 resulting in total of 13 scans from 45.145.66.0/23 block.	2020-09-13 22:45:10
45.145.66.67	attackspambots	Fail2Ban Ban Triggered	2020-09-13 14:40:51
45.145.66.67	attackbots	Fail2Ban Ban Triggered	2020-09-13 06:23:54
45.145.66.104	attackbots	Unauthorized connection attempt from IP address 45.145.66.104 on Port 3389(RDP)	2020-09-09 17:11:10
45.145.66.96	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 23 - port: 13947 proto: tcp cat: Misc Attackbytes: 60	2020-09-08 04:18:28
45.145.66.96	attackbots	SmallBizIT.US 20 packets to tcp(13911,13959,13990,14001,14015,14016,14022,14028,14036,14052,14068,14069,14075,14076,14120,14132,14146,14170,14186,14194)	2020-09-07 19:54:56
45.145.66.96	attackspambots	Port scan: Attack repeated for 24 hours	2020-09-06 04:08:16
45.145.66.96	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 23 - port: 14029 proto: tcp cat: Misc Attackbytes: 60	2020-09-05 19:53:35
45.145.66.90	attackbots	9922/tcp 4899/tcp 1022/tcp... [2020-06-27/08-27]230pkt,86pt.(tcp)	2020-08-29 15:27:53
45.145.66.120	attackbots	[H1.VM8] Blocked by UFW	2020-08-27 07:37:28
45.145.66.21	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 23 - port: 29939 proto: tcp cat: Misc Attackbytes: 60	2020-08-27 02:41:52

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.145.66.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65514
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.145.66.55.			IN	A

;; AUTHORITY SECTION:
.			549	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 13 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jul 23 00:21:35 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 55.66.145.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 55.66.145.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
43.247.156.168	attackbotsspam	Sep 24 09:57:43 ny01 sshd[17676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.247.156.168 Sep 24 09:57:44 ny01 sshd[17676]: Failed password for invalid user security from 43.247.156.168 port 41575 ssh2 Sep 24 10:02:39 ny01 sshd[18645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.247.156.168	2019-09-24 22:03:37
201.41.148.228	attack	Sep 24 03:39:45 friendsofhawaii sshd\[10708\]: Invalid user max from 201.41.148.228 Sep 24 03:39:45 friendsofhawaii sshd\[10708\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.41.148.228 Sep 24 03:39:48 friendsofhawaii sshd\[10708\]: Failed password for invalid user max from 201.41.148.228 port 50908 ssh2 Sep 24 03:46:33 friendsofhawaii sshd\[11279\]: Invalid user NpC from 201.41.148.228 Sep 24 03:46:33 friendsofhawaii sshd\[11279\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.41.148.228	2019-09-24 21:59:25
185.143.221.103	attackbots	09/24/2019-16:02:16.300704 185.143.221.103 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-09-24 22:08:51
92.222.15.70	attackspam	Sep 24 15:44:06 SilenceServices sshd[22174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.15.70 Sep 24 15:44:09 SilenceServices sshd[22174]: Failed password for invalid user keya from 92.222.15.70 port 56734 ssh2 Sep 24 15:48:33 SilenceServices sshd[23438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.15.70	2019-09-24 22:25:02
114.141.104.45	attackbots	Sep 24 13:36:12 hcbbdb sshd\[30005\]: Invalid user itadmin from 114.141.104.45 Sep 24 13:36:12 hcbbdb sshd\[30005\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45-104-141-114.static-dsl.realworld.net.au Sep 24 13:36:15 hcbbdb sshd\[30005\]: Failed password for invalid user itadmin from 114.141.104.45 port 48993 ssh2 Sep 24 13:42:26 hcbbdb sshd\[30731\]: Invalid user design from 114.141.104.45 Sep 24 13:42:26 hcbbdb sshd\[30731\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45-104-141-114.static-dsl.realworld.net.au	2019-09-24 21:52:51
62.234.154.64	attackbots	Sep 24 09:40:22 ws12vmsma01 sshd[19849]: Invalid user upload from 62.234.154.64 Sep 24 09:40:24 ws12vmsma01 sshd[19849]: Failed password for invalid user upload from 62.234.154.64 port 35254 ssh2 Sep 24 09:45:45 ws12vmsma01 sshd[20623]: Invalid user teamspeak from 62.234.154.64 ...	2019-09-24 21:40:06
118.24.246.208	attackspambots	Sep 24 03:38:21 php1 sshd\[6213\]: Invalid user antsa from 118.24.246.208 Sep 24 03:38:21 php1 sshd\[6213\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.246.208 Sep 24 03:38:22 php1 sshd\[6213\]: Failed password for invalid user antsa from 118.24.246.208 port 41212 ssh2 Sep 24 03:43:25 php1 sshd\[7216\]: Invalid user vitaly from 118.24.246.208 Sep 24 03:43:25 php1 sshd\[7216\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.246.208	2019-09-24 21:48:59
67.184.64.224	attackbots	Sep 24 03:46:03 aiointranet sshd\[15078\]: Invalid user jordi from 67.184.64.224 Sep 24 03:46:03 aiointranet sshd\[15078\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-67-184-64-224.hsd1.il.comcast.net Sep 24 03:46:05 aiointranet sshd\[15078\]: Failed password for invalid user jordi from 67.184.64.224 port 14158 ssh2 Sep 24 03:50:11 aiointranet sshd\[15406\]: Invalid user lex from 67.184.64.224 Sep 24 03:50:11 aiointranet sshd\[15406\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-67-184-64-224.hsd1.il.comcast.net	2019-09-24 21:55:17
54.39.191.188	attack	Sep 24 15:48:11 bouncer sshd\[29502\]: Invalid user postgres from 54.39.191.188 port 48500 Sep 24 15:48:11 bouncer sshd\[29502\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.191.188 Sep 24 15:48:13 bouncer sshd\[29502\]: Failed password for invalid user postgres from 54.39.191.188 port 48500 ssh2 ...	2019-09-24 21:55:32
195.228.22.54	attackspambots	Sep 23 10:31:18 xb0 sshd[20365]: Failed password for invalid user apache from 195.228.22.54 port 25729 ssh2 Sep 23 10:31:18 xb0 sshd[20365]: Received disconnect from 195.228.22.54: 11: Bye Bye [preauth] Sep 23 10:48:37 xb0 sshd[30472]: Failed password for invalid user ghost from 195.228.22.54 port 7521 ssh2 Sep 23 10:48:37 xb0 sshd[30472]: Received disconnect from 195.228.22.54: 11: Bye Bye [preauth] Sep 23 10:52:44 xb0 sshd[29065]: Failed password for invalid user teamspeak from 195.228.22.54 port 13985 ssh2 Sep 23 10:52:44 xb0 sshd[29065]: Received disconnect from 195.228.22.54: 11: Bye Bye [preauth] Sep 23 10:57:06 xb0 sshd[27381]: Failed password for invalid user juliana from 195.228.22.54 port 24450 ssh2 Sep 23 10:57:06 xb0 sshd[27381]: Received disconnect from 195.228.22.54: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=195.228.22.54	2019-09-24 22:17:13
115.159.198.130	attack	Sep 24 13:53:09 postfix/smtpd: warning: unknown[115.159.198.130]: SASL LOGIN authentication failed	2019-09-24 22:19:33
103.129.99.21	attackspambots	fail2ban honeypot	2019-09-24 22:01:40
188.254.0.113	attackspam	2019-09-24T16:51:15.725514tmaserv sshd\[27771\]: Invalid user skfur from 188.254.0.113 port 42602 2019-09-24T16:51:15.732762tmaserv sshd\[27771\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.254.0.113 2019-09-24T16:51:17.372916tmaserv sshd\[27771\]: Failed password for invalid user skfur from 188.254.0.113 port 42602 ssh2 2019-09-24T16:55:58.672847tmaserv sshd\[27908\]: Invalid user augusto from 188.254.0.113 port 53470 2019-09-24T16:55:58.683990tmaserv sshd\[27908\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.254.0.113 2019-09-24T16:56:00.510136tmaserv sshd\[27908\]: Failed password for invalid user augusto from 188.254.0.113 port 53470 ssh2 ...	2019-09-24 21:57:49
131.100.134.244	attack	[Tue Sep 24 19:45:15.082086 2019] [:error] [pid 557:tid 139859343623936] [client 131.100.134.244:54632] [client 131.100.134.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.1.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XYoP2xQw9A2OMwDcDThOAwAAAJM"] ...	2019-09-24 22:09:05
178.33.216.209	attackbotsspam	Sep 24 12:44:52 thevastnessof sshd[19908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.216.209 ...	2019-09-24 22:26:36

Recently Reported IPs

82.191.188.65	58.194.104.117	63.215.26.218	92.64.23.128
14.25.120.186	24.58.229.4	190.207.234.182	36.55.210.142
69.192.236.75	103.174.107.46	121.214.147.64	48.59.24.125
32.208.192.241	109.245.143.166	124.114.177.107	18.157.236.136
198.8.80.103	152.136.212.92	227.207.240.73	113.189.15.100