49.145.207.160

Basic Info

City: unknown

Region: unknown

Country: Philippines

Internet Service Provider: Philippine Long Distance Telephone Company

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Feb 17 14:35:21 jane sshd[5345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.145.207.160 Feb 17 14:35:23 jane sshd[5345]: Failed password for invalid user admin from 49.145.207.160 port 20451 ssh2 ...	2020-02-18 02:42:53

Type

Details

Datetime

attack

Feb 17 14:35:21 jane sshd[5345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.145.207.160 
Feb 17 14:35:23 jane sshd[5345]: Failed password for invalid user admin from 49.145.207.160 port 20451 ssh2
...

2020-02-18 02:42:53

Comments on same subnet:

IP	Type	Details	Datetime
49.145.207.150	attack	1599410879 - 09/06/2020 18:47:59 Host: 49.145.207.150/49.145.207.150 Port: 445 TCP Blocked	2020-09-08 02:24:12
49.145.207.150	attackbotsspam	1599410879 - 09/06/2020 18:47:59 Host: 49.145.207.150/49.145.207.150 Port: 445 TCP Blocked	2020-09-07 17:50:56

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.145.207.160
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37973
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.145.207.160.			IN	A

;; AUTHORITY SECTION:
.			457	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020021701 1800 900 604800 86400

;; Query time: 516 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 18 02:42:49 CST 2020
;; MSG SIZE  rcvd: 118

Host info

160.207.145.49.in-addr.arpa domain name pointer dsl.49.145.207.160.pldt.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
160.207.145.49.in-addr.arpa	name = dsl.49.145.207.160.pldt.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
104.192.6.17	attackbotsspam	May 4 20:21:11 saturn sshd[280100]: Failed password for invalid user redis from 104.192.6.17 port 41528 ssh2 May 4 20:25:31 saturn sshd[280299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.192.6.17 user=root May 4 20:25:33 saturn sshd[280299]: Failed password for root from 104.192.6.17 port 59032 ssh2 ...	2020-05-05 06:18:36
129.28.154.149	attackbots	May 4 22:22:06 home sshd[23888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.154.149 May 4 22:22:07 home sshd[23888]: Failed password for invalid user pieter from 129.28.154.149 port 39102 ssh2 May 4 22:25:51 home sshd[24522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.154.149 ...	2020-05-05 06:02:40
83.97.20.31	attack	Fail2Ban Ban Triggered	2020-05-05 06:06:48
181.196.151.82	attackspambots	Automatic report - Banned IP Access	2020-05-05 06:05:38
104.211.10.188	attackbotsspam	104.211.10.188 - - \[04/May/2020:23:11:22 +0200\] "POST //wp-login.php HTTP/1.0" 200 6848 "https://die-netzialisten.de//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36" 104.211.10.188 - - \[04/May/2020:23:11:23 +0200\] "POST //wp-login.php HTTP/1.0" 200 6848 "https://die-netzialisten.de//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36" 104.211.10.188 - - \[04/May/2020:23:11:23 +0200\] "POST //wp-login.php HTTP/1.0" 200 6848 "https://die-netzialisten.de//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36"	2020-05-05 05:42:14
118.89.116.13	attackbots	May 4 23:32:27 sso sshd[3219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.116.13 May 4 23:32:29 sso sshd[3219]: Failed password for invalid user samba from 118.89.116.13 port 50570 ssh2 ...	2020-05-05 05:45:16
113.141.70.204	attack	[2020-05-04 17:49:25] NOTICE[1157] chan_sip.c: Registration from '"7070" ' failed for '113.141.70.204:5156' - Wrong password [2020-05-04 17:49:25] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-04T17:49:25.510-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7070",SessionID="0x7f5f1001be58",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/113.141.70.204/5156",Challenge="35b66614",ReceivedChallenge="35b66614",ReceivedHash="b096b5e7d89aee28e2baadb4f3cec925" [2020-05-04 17:49:25] NOTICE[1157] chan_sip.c: Registration from '"7070" ' failed for '113.141.70.204:5156' - Wrong password [2020-05-04 17:49:25] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-04T17:49:25.770-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7070",SessionID="0x7f5f1009cfe8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP ...	2020-05-05 05:57:44
139.199.30.155	attackspam	May 4 23:40:57 ns381471 sshd[21290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.30.155 May 4 23:40:59 ns381471 sshd[21290]: Failed password for invalid user lrq from 139.199.30.155 port 40232 ssh2	2020-05-05 05:43:11
122.165.119.171	attackbotsspam	May 4 23:27:48 vpn01 sshd[9852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.165.119.171 May 4 23:27:50 vpn01 sshd[9852]: Failed password for invalid user zrs from 122.165.119.171 port 58088 ssh2 ...	2020-05-05 05:58:26
167.114.3.105	attackbotsspam	May 4 22:14:16 dev0-dcde-rnet sshd[8853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.3.105 May 4 22:14:18 dev0-dcde-rnet sshd[8853]: Failed password for invalid user kobe from 167.114.3.105 port 55160 ssh2 May 4 22:26:08 dev0-dcde-rnet sshd[9010]: Failed password for root from 167.114.3.105 port 55372 ssh2	2020-05-05 05:49:07
151.80.34.219	attackbotsspam	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "arkserver" at 2020-05-04T21:53:45Z	2020-05-05 06:13:08
116.118.2.3	attackbots	SSH/22 MH Probe, BF, Hack -	2020-05-05 06:03:53
213.202.168.102	attackbots	2020-05-04T15:51:58.677613linuxbox-skyline sshd[171610]: Invalid user umesh from 213.202.168.102 port 41348 ...	2020-05-05 05:52:56
151.80.234.255	attack	2020-05-04T20:22:14.642258dmca.cloudsearch.cf sshd[1053]: Invalid user san from 151.80.234.255 port 37974 2020-05-04T20:22:14.648982dmca.cloudsearch.cf sshd[1053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=255.ip-151-80-234.eu 2020-05-04T20:22:14.642258dmca.cloudsearch.cf sshd[1053]: Invalid user san from 151.80.234.255 port 37974 2020-05-04T20:22:16.461460dmca.cloudsearch.cf sshd[1053]: Failed password for invalid user san from 151.80.234.255 port 37974 ssh2 2020-05-04T20:25:39.612957dmca.cloudsearch.cf sshd[1326]: Invalid user ts3bot from 151.80.234.255 port 49782 2020-05-04T20:25:39.618384dmca.cloudsearch.cf sshd[1326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=255.ip-151-80-234.eu 2020-05-04T20:25:39.612957dmca.cloudsearch.cf sshd[1326]: Invalid user ts3bot from 151.80.234.255 port 49782 2020-05-04T20:25:41.572303dmca.cloudsearch.cf sshd[1326]: Failed password for invalid user ts3bot from 15 ...	2020-05-05 06:11:26
120.224.113.23	attack	May 4 16:25:29 Tower sshd[42427]: Connection from 120.224.113.23 port 2491 on 192.168.10.220 port 22 rdomain "" May 4 16:25:31 Tower sshd[42427]: Invalid user haydon from 120.224.113.23 port 2491 May 4 16:25:31 Tower sshd[42427]: error: Could not get shadow information for NOUSER May 4 16:25:31 Tower sshd[42427]: Failed password for invalid user haydon from 120.224.113.23 port 2491 ssh2 May 4 16:25:31 Tower sshd[42427]: Received disconnect from 120.224.113.23 port 2491:11: Bye Bye [preauth] May 4 16:25:31 Tower sshd[42427]: Disconnected from invalid user haydon 120.224.113.23 port 2491 [preauth]	2020-05-05 06:08:41

Recently Reported IPs

79.9.2.111	213.254.138.251	122.116.75.124	56.189.32.198
232.180.197.18	80.160.25.159	57.174.97.109	193.63.253.209
153.194.23.83	88.153.78.21	71.243.48.100	139.130.46.128
227.96.211.34	120.145.65.47	7.211.137.83	101.1.17.11
116.16.176.29	94.196.198.198	8.4.151.73	162.9.73.19