45.91.149.57 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Turkey

Internet Service Provider: Pars Telekom

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SASL Brute Force	2019-11-11 04:54:19

Comments on same subnet:

IP	Type	Details	Datetime
45.91.149.72	attackspambots	2020-02-26 07:34:04 H=jackie.heatsurpass.com (0352c429.dietlowsugar.icu) [45.91.149.72]:44116 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) 2020-02-26 07:34:04 H=jackie.heatsurpass.com (02a0a3c3.dietlowsugar.icu) [45.91.149.72]:43299 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) 2020-02-26 07:34:06 H=jackie.heatsurpass.com (03ce63eb.dietlowsugar.icu) [45.91.149.72]:42498 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) 2020-02-26 07:34:06 H=jackie.heatsurpass.com (028ba273.dietlowsugar.icu) [45.91.149.72]:34014 I=[192.147.25.65]:25 F= ...	2020-02-27 04:27:11
45.91.149.54	attackbots	Nov 11 00:15:25 our-server-hostname postfix/smtpd[1407]: connect from unknown[45.91.149.54] Nov 11 00:15:28 our-server-hostname postfix/smtpd[1161]: connect from unknown[45.91.149.54] Nov x@x Nov x@x Nov 11 00:15:30 our-server-hostname postfix/smtpd[1161]: 44B74A40041: client=unknown[45.91.149.54] Nov x@x Nov x@x Nov 11 00:15:30 our-server-hostname postfix/smtpd[1407]: 4770CA40095: client=unknown[45.91.149.54] Nov 11 00:15:30 our-server-hostname postfix/smtpd[31863]: B5911A40096: client=unknown[127.0.0.1], orig_client=unknown[45.91.149.54] Nov 11 00:15:30 our-server-hostname amavis[28801]: (28801-11) Passed CLEAN, [45.91.149.54] [45.91.149.54] , mail_id: l19rXm01NxAG, Hhostnames: -, size: 6184, queued_as: B5911A40096, 112 ms Nov x@x Nov x@x Nov 11 00:15:31 our-server-hostname postfix/smtpd[1161]: 04FECA40041: client=unknown[45.91.149.54] Nov 11 00:15:31 our-server-hostname postfix/smtpd[31863]: 1CC0CA40096: client=unknown[127.0.0.1], orig_client=unknown[45.91.149.5........ -------------------------------	2019-11-10 23:40:53
45.91.149.9	attackspambots	SASL Brute Force	2019-11-10 02:57:10

Type

Details

Datetime

45.91.149.72

attackspambots

2020-02-26 07:34:04 H=jackie.heatsurpass.com (0352c429.dietlowsugar.icu) [45.91.149.72]:44116 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2020-02-26 07:34:04 H=jackie.heatsurpass.com (02a0a3c3.dietlowsugar.icu) [45.91.149.72]:43299 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2020-02-26 07:34:06 H=jackie.heatsurpass.com (03ce63eb.dietlowsugar.icu) [45.91.149.72]:42498 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS)
2020-02-26 07:34:06 H=jackie.heatsurpass.com (028ba273.dietlowsugar.icu) [45.91.149.72]:34014 I=[192.147.25.65]:25 F=
...

2020-02-27 04:27:11

45.91.149.54

attackbots

Nov 11 00:15:25 our-server-hostname postfix/smtpd[1407]: connect from unknown[45.91.149.54]
Nov 11 00:15:28 our-server-hostname postfix/smtpd[1161]: connect from unknown[45.91.149.54]
Nov x@x
Nov x@x
Nov 11 00:15:30 our-server-hostname postfix/smtpd[1161]: 44B74A40041: client=unknown[45.91.149.54]
Nov x@x
Nov x@x
Nov 11 00:15:30 our-server-hostname postfix/smtpd[1407]: 4770CA40095: client=unknown[45.91.149.54]
Nov 11 00:15:30 our-server-hostname postfix/smtpd[31863]: B5911A40096: client=unknown[127.0.0.1], orig_client=unknown[45.91.149.54]
Nov 11 00:15:30 our-server-hostname amavis[28801]: (28801-11) Passed CLEAN, [45.91.149.54] [45.91.149.54] , mail_id: l19rXm01NxAG, Hhostnames: -, size: 6184, queued_as: B5911A40096, 112 ms
Nov x@x
Nov x@x
Nov 11 00:15:31 our-server-hostname postfix/smtpd[1161]: 04FECA40041: client=unknown[45.91.149.54]
Nov 11 00:15:31 our-server-hostname postfix/smtpd[31863]: 1CC0CA40096: client=unknown[127.0.0.1], orig_client=unknown[45.91.149.5........
-------------------------------

2019-11-10 23:40:53

45.91.149.9

attackspambots

SASL Brute Force

2019-11-10 02:57:10

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.91.149.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60344
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.91.149.57.			IN	A

;; AUTHORITY SECTION:
.			345	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111001 1800 900 604800 86400

;; Query time: 98 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Nov 11 04:54:16 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 57.149.91.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.149.91.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
176.121.12.44	attackspam	SMB Server BruteForce Attack	2020-07-26 22:25:51
50.66.157.156	attackbots	Lines containing failures of 50.66.157.156 Jul 23 03:43:03 penfold sshd[9718]: Invalid user uym from 50.66.157.156 port 60362 Jul 23 03:43:03 penfold sshd[9718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.66.157.156 Jul 23 03:43:05 penfold sshd[9718]: Failed password for invalid user uym from 50.66.157.156 port 60362 ssh2 Jul 23 03:43:06 penfold sshd[9718]: Received disconnect from 50.66.157.156 port 60362:11: Bye Bye [preauth] Jul 23 03:43:06 penfold sshd[9718]: Disconnected from invalid user uym 50.66.157.156 port 60362 [preauth] Jul 23 03:50:25 penfold sshd[10104]: Invalid user llb from 50.66.157.156 port 52890 Jul 23 03:50:25 penfold sshd[10104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.66.157.156 Jul 23 03:50:27 penfold sshd[10104]: Failed password for invalid user llb from 50.66.157.156 port 52890 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=50.6	2020-07-26 22:37:21
77.45.84.153	attackspambots	Jul 26 13:57:41 mail.srvfarm.net postfix/smtps/smtpd[1211364]: warning: 77-45-84-153.sta.asta-net.com.pl[77.45.84.153]: SASL PLAIN authentication failed: Jul 26 13:57:41 mail.srvfarm.net postfix/smtps/smtpd[1211364]: lost connection after AUTH from 77-45-84-153.sta.asta-net.com.pl[77.45.84.153] Jul 26 14:03:05 mail.srvfarm.net postfix/smtpd[1208988]: warning: 77-45-84-153.sta.asta-net.com.pl[77.45.84.153]: SASL PLAIN authentication failed: Jul 26 14:03:05 mail.srvfarm.net postfix/smtpd[1208988]: lost connection after AUTH from 77-45-84-153.sta.asta-net.com.pl[77.45.84.153] Jul 26 14:03:56 mail.srvfarm.net postfix/smtpd[1213434]: warning: 77-45-84-153.sta.asta-net.com.pl[77.45.84.153]: SASL PLAIN authentication failed:	2020-07-26 22:49:23
213.0.69.74	attack	Jul 26 10:44:36 ny01 sshd[23520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.0.69.74 Jul 26 10:44:38 ny01 sshd[23520]: Failed password for invalid user rosa from 213.0.69.74 port 50214 ssh2 Jul 26 10:48:51 ny01 sshd[24132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.0.69.74	2020-07-26 22:52:59
172.82.239.22	attackspambots	Jul 26 16:03:22 mail.srvfarm.net postfix/smtpd[1249801]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Jul 26 16:04:28 mail.srvfarm.net postfix/smtpd[1254590]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Jul 26 16:05:35 mail.srvfarm.net postfix/smtpd[1250823]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Jul 26 16:07:40 mail.srvfarm.net postfix/smtpd[1267548]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Jul 26 16:09:45 mail.srvfarm.net postfix/smtpd[1267550]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22]	2020-07-26 22:47:06
172.82.239.21	attack	Jul 26 16:03:21 mail.srvfarm.net postfix/smtpd[1254587]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Jul 26 16:04:28 mail.srvfarm.net postfix/smtpd[1250857]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Jul 26 16:05:35 mail.srvfarm.net postfix/smtpd[1250857]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Jul 26 16:07:43 mail.srvfarm.net postfix/smtpd[1267415]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Jul 26 16:09:45 mail.srvfarm.net postfix/smtpd[1267551]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21]	2020-07-26 22:47:24
169.57.146.174	attackspambots	$f2bV_matches	2020-07-26 23:02:44
37.139.16.229	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 16 - port: 20025 proto: tcp cat: Misc Attackbytes: 60	2020-07-26 22:21:05
68.183.77.157	attackspam	SSH Bruteforce	2020-07-26 22:37:02
212.70.149.82	attackbots	2020-07-26 17:40:01 auth_plain authenticator failed for (User) [212.70.149.82]: 535 Incorrect authentication data (set_id=tricci@lavrinenko.info) 2020-07-26 17:40:30 auth_plain authenticator failed for (User) [212.70.149.82]: 535 Incorrect authentication data (set_id=tricia@lavrinenko.info) ...	2020-07-26 22:41:32
136.37.186.133	attackbots	Port 22 Scan, PTR: None	2020-07-26 22:26:12
168.181.213.181	attackspam	Automatic report - Port Scan Attack	2020-07-26 22:39:26
164.90.223.8	attack	2020-07-26T14:05:53.861504galaxy.wi.uni-potsdam.de sshd[29779]: Failed password for invalid user admin from 164.90.223.8 port 53348 ssh2 2020-07-26T14:05:54.141850galaxy.wi.uni-potsdam.de sshd[29784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.223.8 user=root 2020-07-26T14:05:56.536979galaxy.wi.uni-potsdam.de sshd[29784]: Failed password for root from 164.90.223.8 port 56370 ssh2 2020-07-26T14:05:56.763771galaxy.wi.uni-potsdam.de sshd[29788]: Invalid user 1234 from 164.90.223.8 port 59914 2020-07-26T14:05:56.768801galaxy.wi.uni-potsdam.de sshd[29788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.223.8 2020-07-26T14:05:56.763771galaxy.wi.uni-potsdam.de sshd[29788]: Invalid user 1234 from 164.90.223.8 port 59914 2020-07-26T14:05:59.103155galaxy.wi.uni-potsdam.de sshd[29788]: Failed password for invalid user 1234 from 164.90.223.8 port 59914 ssh2 2020-07-26T14:05:59.329708galaxy.wi.uni-p ...	2020-07-26 22:22:33
222.186.30.35	attack	2020-07-26T16:22:19.388433sd-86998 sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.35 user=root 2020-07-26T16:22:21.441487sd-86998 sshd[4622]: Failed password for root from 222.186.30.35 port 36160 ssh2 2020-07-26T16:22:24.039932sd-86998 sshd[4622]: Failed password for root from 222.186.30.35 port 36160 ssh2 2020-07-26T16:22:19.388433sd-86998 sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.35 user=root 2020-07-26T16:22:21.441487sd-86998 sshd[4622]: Failed password for root from 222.186.30.35 port 36160 ssh2 2020-07-26T16:22:24.039932sd-86998 sshd[4622]: Failed password for root from 222.186.30.35 port 36160 ssh2 2020-07-26T16:22:19.388433sd-86998 sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.35 user=root 2020-07-26T16:22:21.441487sd-86998 sshd[4622]: Failed password for root from 222.186.30.35 p ...	2020-07-26 22:23:34
27.72.170.42	attack	Unauthorized connection attempt from IP address 27.72.170.42 on Port 445(SMB)	2020-07-26 22:38:36

Recently Reported IPs

37.190.43.193	111.161.74.100	139.59.136.64	45.118.145.167
5.236.129.72	36.99.141.210	162.241.192.138	46.56.73.43
114.40.77.56	89.187.173.241	14.139.171.173	96.44.133.106
167.71.211.142	115.79.212.106	81.88.49.32	46.39.53.45
47.74.129.4	108.30.75.26	142.169.78.200	125.105.83.104