45.165.48.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Hope Internet - Ltda

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Invalid user apache from 45.165.48.2 Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2 Aug 29 22:05:15 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Failed password for invalid user apache from 45.165.48.2 port 55160 ssh2 Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: Invalid user apagar from 45.165.48.2 Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2	2019-08-30 09:11:46

Type

Details

Datetime

attack

Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Invalid user apache from 45.165.48.2
Aug 29 22:05:13 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2
Aug 29 22:05:15 Ubuntu-1404-trusty-64-minimal sshd\[13689\]: Failed password for invalid user apache from 45.165.48.2 port 55160 ssh2
Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: Invalid user apagar from 45.165.48.2
Aug 29 22:23:53 Ubuntu-1404-trusty-64-minimal sshd\[28759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.165.48.2

2019-08-30 09:11:46

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.165.48.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 239
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.165.48.2.			IN	A

;; AUTHORITY SECTION:
.			2319	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082901 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 30 09:11:37 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 2.48.165.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 2.48.165.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
82.231.172.71	attackbots	Honeypot attack, port: 23, PTR: mfl93-1-82-231-172-71.fbx.proxad.net.	2019-08-24 23:27:41
161.10.225.4	attackbots	Honeypot attack, port: 445, PTR: PTR record not found	2019-08-24 23:32:13
49.88.112.80	attackbots	Aug 24 10:25:38 aat-srv002 sshd[18756]: Failed password for root from 49.88.112.80 port 26827 ssh2 Aug 24 10:25:41 aat-srv002 sshd[18756]: Failed password for root from 49.88.112.80 port 26827 ssh2 Aug 24 10:25:44 aat-srv002 sshd[18756]: Failed password for root from 49.88.112.80 port 26827 ssh2 Aug 24 10:25:48 aat-srv002 sshd[18770]: Failed password for root from 49.88.112.80 port 16002 ssh2 ...	2019-08-24 23:56:28
80.188.204.250	attackbots	Chat Spam	2019-08-24 23:34:15
114.108.175.184	attackbotsspam	Aug 24 04:36:57 friendsofhawaii sshd\[19828\]: Invalid user gordon from 114.108.175.184 Aug 24 04:36:57 friendsofhawaii sshd\[19828\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.108.175.184 Aug 24 04:36:59 friendsofhawaii sshd\[19828\]: Failed password for invalid user gordon from 114.108.175.184 port 60524 ssh2 Aug 24 04:41:44 friendsofhawaii sshd\[20423\]: Invalid user jason from 114.108.175.184 Aug 24 04:41:44 friendsofhawaii sshd\[20423\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.108.175.184	2019-08-24 22:55:43
79.166.112.213	attackbots	Honeypot attack, port: 23, PTR: ppp079166112213.access.hol.gr.	2019-08-24 22:58:00
216.108.227.58	attack	Aug x@x Aug x@x Aug x@x Aug x@x Aug x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=216.108.227.58	2019-08-24 22:31:16
188.255.65.199	attackbots	Invalid user admin from 188.255.65.199 port 40106	2019-08-24 23:44:43
150.242.99.190	attackspambots	Aug 24 17:04:55 icinga sshd[15822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.242.99.190 Aug 24 17:04:56 icinga sshd[15822]: Failed password for invalid user user4 from 150.242.99.190 port 56674 ssh2 ...	2019-08-24 23:47:03
208.73.204.202	attackspam	Aug 24 12:56:38 mxgate1 sshd[25028]: Invalid user test from 208.73.204.202 port 51172 Aug 24 12:56:38 mxgate1 sshd[25028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.73.204.202 Aug 24 12:56:39 mxgate1 sshd[25028]: Failed password for invalid user test from 208.73.204.202 port 51172 ssh2 Aug 24 12:56:40 mxgate1 sshd[25028]: Received disconnect from 208.73.204.202 port 51172:11: Bye Bye [preauth] Aug 24 12:56:40 mxgate1 sshd[25028]: Disconnected from 208.73.204.202 port 51172 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=208.73.204.202	2019-08-24 23:52:00
89.248.168.202	attackspambots	08/24/2019-10:46:11.042486 89.248.168.202 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputation IP group 100	2019-08-24 23:29:02
51.77.140.36	attack	Aug 24 17:09:40 SilenceServices sshd[25939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.36 Aug 24 17:09:43 SilenceServices sshd[25939]: Failed password for invalid user taurai from 51.77.140.36 port 47550 ssh2 Aug 24 17:13:34 SilenceServices sshd[28972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.36	2019-08-24 23:16:06
180.250.140.74	attackbotsspam	Aug 24 17:05:54 legacy sshd[1112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.140.74 Aug 24 17:05:56 legacy sshd[1112]: Failed password for invalid user hyperic from 180.250.140.74 port 35432 ssh2 Aug 24 17:11:17 legacy sshd[1236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.140.74 ...	2019-08-24 23:26:59
195.154.33.152	attack	\[2019-08-24 10:27:23\] NOTICE\[1829\] chan_sip.c: Registration from '\' failed for '195.154.33.152:2216' - Wrong password \[2019-08-24 10:27:23\] SECURITY\[1837\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-24T10:27:23.905-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2393",SessionID="0x7f7b302cefa8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.33.152/64517",Challenge="7202ce7f",ReceivedChallenge="7202ce7f",ReceivedHash="ff7e85fc45feeafad3386ab1ded7dffc" \[2019-08-24 10:31:41\] NOTICE\[1829\] chan_sip.c: Registration from '\' failed for '195.154.33.152:2232' - Wrong password \[2019-08-24 10:31:41\] SECURITY\[1837\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-24T10:31:41.852-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2394",SessionID="0x7f7b3054a0b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.	2019-08-24 22:46:17
222.59.9.17	attack	Telnet Server BruteForce Attack	2019-08-24 23:15:08

Recently Reported IPs

224.188.121.229	153.160.16.133	66.84.147.3	75.149.191.85
182.71.108.154	65.48.129.185	222.45.16.245	66.155.94.179
142.103.107.243	89.39.107.191	120.237.231.110	177.21.202.251
191.53.56.59	119.51.108.200	85.214.122.154	181.29.12.19
79.249.252.236	42.54.164.164	78.141.107.74	45.247.129.60