45.165.48.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Hope Internet - Ltda

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Invalid user apache from 45.165.48.2 Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2 Aug 29 22:05:15 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Failed password for invalid user apache from 45.165.48.2 port 55160 ssh2 Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: Invalid user apagar from 45.165.48.2 Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2	2019-08-30 09:11:46

Type

Details

Datetime

attack

Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Invalid user apache from 45.165.48.2
Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2
Aug 29 22:05:15 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Failed password for invalid user apache from 45.165.48.2 port 55160 ssh2
Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: Invalid user apagar from 45.165.48.2
Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2

2019-08-30 09:11:46

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.165.48.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 239
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.165.48.2.			IN	A

;; AUTHORITY SECTION:
.			2319	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082901 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 30 09:11:37 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 2.48.165.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 2.48.165.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
120.151.222.78	attackbots	May 13 12:41:27 lanister sshd[21434]: Invalid user valentina from 120.151.222.78 May 13 12:41:27 lanister sshd[21434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.151.222.78 May 13 12:41:27 lanister sshd[21434]: Invalid user valentina from 120.151.222.78 May 13 12:41:29 lanister sshd[21434]: Failed password for invalid user valentina from 120.151.222.78 port 45930 ssh2	2020-05-14 03:23:32
69.167.40.150	attack	Fraud Attack running bots	2020-05-14 03:29:43
2002:b9ea:db69::b9ea:db69	attackspam	May 13 17:53:44 web01.agentur-b-2.de postfix/smtpd[247624]: warning: unknown[2002:b9ea:db69::b9ea:db69]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 17:53:44 web01.agentur-b-2.de postfix/smtpd[247624]: lost connection after AUTH from unknown[2002:b9ea:db69::b9ea:db69] May 13 17:56:32 web01.agentur-b-2.de postfix/smtpd[247624]: warning: unknown[2002:b9ea:db69::b9ea:db69]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 17:56:32 web01.agentur-b-2.de postfix/smtpd[247624]: lost connection after AUTH from unknown[2002:b9ea:db69::b9ea:db69] May 13 17:56:39 web01.agentur-b-2.de postfix/smtpd[256113]: warning: unknown[2002:b9ea:db69::b9ea:db69]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-05-14 03:00:00
200.66.82.250	attackbots	web-1 [ssh] SSH Attack	2020-05-14 03:12:19
221.130.130.238	attackbots	CMS (WordPress or Joomla) login attempt.	2020-05-14 03:24:18
78.189.190.149	attackbotsspam	Unauthorized connection attempt from IP address 78.189.190.149 on Port 445(SMB)	2020-05-14 03:16:49
54.36.150.46	attackbotsspam	[Wed May 13 19:32:46.298684 2020] [:error] [pid 23852:tid 140604151064320] [client 54.36.150.46:52804] [client 54.36.150.46] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "AhrefsBot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "183"] [id "913102"] [msg "Found User-Agent associated with web crawler/bot"] [data "Matched Data: AhrefsBot found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; ahrefsbot/6.1; +http://ahrefs.com/robot/)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-crawler"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/CRAWLER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/component/tags/tag/1955-kalender-tanam-katam-terpadu-kota-mojokerto-tahun-2016-2017"] [u ...	2020-05-14 03:20:52
81.28.100.4	attack	May 13 14:09:05 mail.srvfarm.net postfix/smtpd[541148]: NOQUEUE: reject: RCPT from unknown[81.28.100.4]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= May 13 14:10:14 mail.srvfarm.net postfix/smtpd[552887]: NOQUEUE: reject: RCPT from unknown[81.28.100.4]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= May 13 14:10:14 mail.srvfarm.net postfix/smtpd[540848]: NOQUEUE: reject: RCPT from unknown[81.28.100.4]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= May 13 14:10:17 mail.srvfarm.net postfix/smtpd[540971]: NOQUEUE: reject: RCPT from unknown[81.28.100.4]: 450 4.1.8	2020-05-14 02:53:23
106.13.207.113	attackspam	2020-05-13 19:48:57,104 fail2ban.actions: WARNING [ssh] Ban 106.13.207.113	2020-05-14 03:01:32
142.93.73.45	attackspam	" "	2020-05-14 03:00:31
158.101.29.207	attackbots	SSH brute-force: detected 10 distinct usernames within a 24-hour window.	2020-05-14 03:15:48
203.130.255.2	attackbots	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-05-14 03:01:19
85.24.194.43	attackspam	Invalid user musikbot from 85.24.194.43 port 45854	2020-05-14 03:28:37
222.128.29.230	attackspambots	Icarus honeypot on github	2020-05-14 03:23:05
87.246.7.105	attackspambots	May 13 14:13:07 mail.srvfarm.net postfix/smtpd[541160]: warning: unknown[87.246.7.105]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 14:13:07 mail.srvfarm.net postfix/smtpd[541160]: lost connection after AUTH from unknown[87.246.7.105] May 13 14:13:22 mail.srvfarm.net postfix/smtpd[541152]: warning: unknown[87.246.7.105]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 13 14:13:22 mail.srvfarm.net postfix/smtpd[541152]: lost connection after AUTH from unknown[87.246.7.105] May 13 14:13:40 mail.srvfarm.net postfix/smtpd[552887]: warning: unknown[87.246.7.105]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-05-14 02:53:04

Recently Reported IPs

224.188.121.229	153.160.16.133	66.84.147.3	75.149.191.85
182.71.108.154	65.48.129.185	222.45.16.245	66.155.94.179
142.103.107.243	89.39.107.191	120.237.231.110	177.21.202.251
191.53.56.59	119.51.108.200	85.214.122.154	181.29.12.19
79.249.252.236	42.54.164.164	78.141.107.74	45.247.129.60