80.211.43.48 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Italy

Internet Service Provider: Aruba S.p.A. - Cloud Services DC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2019-12-28T06:55:45.951572shield sshd\[7522\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.48 user=root 2019-12-28T06:55:48.249475shield sshd\[7522\]: Failed password for root from 80.211.43.48 port 35490 ssh2 2019-12-28T06:55:49.223507shield sshd\[7558\]: Invalid user admin from 80.211.43.48 port 38752 2019-12-28T06:55:49.227433shield sshd\[7558\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.48 2019-12-28T06:55:50.738079shield sshd\[7558\]: Failed password for invalid user admin from 80.211.43.48 port 38752 ssh2	2019-12-28 19:17:08
attack	Dec 27 09:20:36 debian-2gb-nbg1-2 kernel: \[1087561.194273\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=80.211.43.48 DST=195.201.40.59 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38213 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0	2019-12-27 16:36:37

Type

Details

Datetime

attack

2019-12-28T06:55:45.951572shield sshd\[7522\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.48  user=root
2019-12-28T06:55:48.249475shield sshd\[7522\]: Failed password for root from 80.211.43.48 port 35490 ssh2
2019-12-28T06:55:49.223507shield sshd\[7558\]: Invalid user admin from 80.211.43.48 port 38752
2019-12-28T06:55:49.227433shield sshd\[7558\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.48
2019-12-28T06:55:50.738079shield sshd\[7558\]: Failed password for invalid user admin from 80.211.43.48 port 38752 ssh2

2019-12-28 19:17:08

attack

Dec 27 09:20:36 debian-2gb-nbg1-2 kernel: \[1087561.194273\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=80.211.43.48 DST=195.201.40.59 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38213 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

2019-12-27 16:36:37

Comments on same subnet:

IP	Type	Details	Datetime
80.211.43.37	attackspambots	Repeated RDP login failures. Last user: administrator	2020-06-11 23:45:08
80.211.43.205	attackbots	Unauthorized connection attempt detected from IP address 80.211.43.205 to port 2220 [J]	2020-01-08 01:13:06
80.211.43.205	attack	Dec 24 05:50:30 minden010 sshd[23479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 Dec 24 05:50:32 minden010 sshd[23479]: Failed password for invalid user kelly from 80.211.43.205 port 52388 ssh2 Dec 24 05:53:32 minden010 sshd[24443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 ...	2019-12-24 14:01:22
80.211.43.205	attack	Dec 23 08:27:16 vtv3 sshd[22813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 Dec 23 08:27:18 vtv3 sshd[22813]: Failed password for invalid user rpm from 80.211.43.205 port 39116 ssh2 Dec 23 08:32:14 vtv3 sshd[25132]: Failed password for root from 80.211.43.205 port 43288 ssh2 Dec 23 08:46:57 vtv3 sshd[32500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 Dec 23 08:46:59 vtv3 sshd[32500]: Failed password for invalid user eleo from 80.211.43.205 port 55806 ssh2 Dec 23 08:52:03 vtv3 sshd[2500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205	2019-12-23 14:07:10
80.211.43.205	attack	Dec 16 19:18:20 Ubuntu-1404-trusty-64-minimal sshd\[16985\]: Invalid user db2fenc1 from 80.211.43.205 Dec 16 19:18:20 Ubuntu-1404-trusty-64-minimal sshd\[16985\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 Dec 16 19:18:22 Ubuntu-1404-trusty-64-minimal sshd\[16985\]: Failed password for invalid user db2fenc1 from 80.211.43.205 port 57380 ssh2 Dec 16 19:28:55 Ubuntu-1404-trusty-64-minimal sshd\[22261\]: Invalid user virendar from 80.211.43.205 Dec 16 19:28:55 Ubuntu-1404-trusty-64-minimal sshd\[22261\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205	2019-12-17 03:47:55
80.211.43.205	attack	$f2bV_matches	2019-12-07 06:27:58
80.211.43.205	attack	Dec 3 11:51:20 auw2 sshd\[10944\]: Invalid user greetham from 80.211.43.205 Dec 3 11:51:20 auw2 sshd\[10944\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 Dec 3 11:51:22 auw2 sshd\[10944\]: Failed password for invalid user greetham from 80.211.43.205 port 58010 ssh2 Dec 3 11:57:09 auw2 sshd\[11567\]: Invalid user marco from 80.211.43.205 Dec 3 11:57:09 auw2 sshd\[11567\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205	2019-12-04 06:03:43
80.211.43.205	attackbots	Dec 2 08:13:03 vpn01 sshd[23828]: Failed password for root from 80.211.43.205 port 53748 ssh2 ...	2019-12-02 15:31:58
80.211.43.205	attack	Nov 25 16:15:09 firewall sshd[15013]: Invalid user weimer from 80.211.43.205 Nov 25 16:15:11 firewall sshd[15013]: Failed password for invalid user weimer from 80.211.43.205 port 54280 ssh2 Nov 25 16:21:32 firewall sshd[15194]: Invalid user wilbanks from 80.211.43.205 ...	2019-11-26 05:33:59
80.211.43.205	attackbots	" "	2019-11-24 00:46:47
80.211.43.205	attackbotsspam	2019-11-21T01:23:22.153433ns547587 sshd\[30906\]: Invalid user com from 80.211.43.205 port 53020 2019-11-21T01:23:22.160399ns547587 sshd\[30906\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.43.205 2019-11-21T01:23:24.087977ns547587 sshd\[30906\]: Failed password for invalid user com from 80.211.43.205 port 53020 ssh2 2019-11-21T01:26:58.124528ns547587 sshd\[31156\]: Invalid user octavious from 80.211.43.205 port 33184 ...	2019-11-21 17:14:33
80.211.43.205	attackbots	SSH invalid-user multiple login attempts	2019-11-21 04:55:58
80.211.43.205	attackspambots	$f2bV_matches	2019-11-16 17:02:21
80.211.43.205	attackspambots	$f2bV_matches	2019-11-14 04:14:21
80.211.43.205	attack	Automatic report - Banned IP Access	2019-11-07 21:44:47

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 80.211.43.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20737
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;80.211.43.48.			IN	A

;; AUTHORITY SECTION:
.			564	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122700 1800 900 604800 86400

;; Query time: 98 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Dec 27 16:36:34 CST 2019
;; MSG SIZE  rcvd: 116

Host info

48.43.211.80.in-addr.arpa domain name pointer host48-43-211-80.serverdedicati.aruba.it.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
48.43.211.80.in-addr.arpa	name = host48-43-211-80.serverdedicati.aruba.it.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
41.79.16.132	attack	Sep 13 18:07:55 mail.srvfarm.net postfix/smtpd[1217748]: warning: unknown[41.79.16.132]: SASL PLAIN authentication failed: Sep 13 18:07:55 mail.srvfarm.net postfix/smtpd[1217748]: lost connection after AUTH from unknown[41.79.16.132] Sep 13 18:12:07 mail.srvfarm.net postfix/smtps/smtpd[1216115]: warning: unknown[41.79.16.132]: SASL PLAIN authentication failed: Sep 13 18:12:07 mail.srvfarm.net postfix/smtps/smtpd[1216115]: lost connection after AUTH from unknown[41.79.16.132] Sep 13 18:14:02 mail.srvfarm.net postfix/smtps/smtpd[1216379]: warning: unknown[41.79.16.132]: SASL PLAIN authentication failed:	2020-09-15 03:54:25
47.56.255.87	attackspam	47.56.255.87 - [13/Sep/2020:19:50:06 +0300] "POST /xmlrpc.php HTTP/1.1" 200 228 "https://www.nsfb.se/xmlrpc.php" "python-requests/2.22.0" "1.90" 47.56.255.87 - [13/Sep/2020:19:50:08 +0300] "POST /xmlrpc.php HTTP/1.1" 200 228 "https://www.nsfb.se/xmlrpc.php" "python-requests/2.22.0" "1.90" ...	2020-09-15 03:36:21
94.102.54.199	attack	2020-09-14T21:31:17.188225lavrinenko.info dovecot[15589]: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.54.199, lip=95.216.137.45 2020-09-14T22:05:27.064967lavrinenko.info dovecot[15589]: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.54.199, lip=95.216.137.45 ...	2020-09-15 03:52:29
91.235.0.45	attackbots	Sep 13 18:34:32 mail.srvfarm.net postfix/smtpd[1232022]: warning: unknown[91.235.0.45]: SASL PLAIN authentication failed: Sep 13 18:34:32 mail.srvfarm.net postfix/smtpd[1232022]: lost connection after AUTH from unknown[91.235.0.45] Sep 13 18:34:53 mail.srvfarm.net postfix/smtpd[1231651]: warning: unknown[91.235.0.45]: SASL PLAIN authentication failed: Sep 13 18:34:53 mail.srvfarm.net postfix/smtpd[1231651]: lost connection after AUTH from unknown[91.235.0.45] Sep 13 18:35:39 mail.srvfarm.net postfix/smtpd[1231651]: warning: unknown[91.235.0.45]: SASL PLAIN authentication failed:	2020-09-15 03:40:14
49.88.112.76	attackbotsspam	2020-09-14 10:21:48.849299-0500 localhost sshd[91635]: Failed password for root from 49.88.112.76 port 44027 ssh2	2020-09-15 03:57:02
116.125.141.56	attackspambots	Sep 14 20:25:30 localhost sshd\[8712\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.125.141.56 user=root Sep 14 20:25:32 localhost sshd\[8712\]: Failed password for root from 116.125.141.56 port 44054 ssh2 Sep 14 20:29:33 localhost sshd\[8887\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.125.141.56 user=proxy Sep 14 20:29:35 localhost sshd\[8887\]: Failed password for proxy from 116.125.141.56 port 46152 ssh2 Sep 14 20:33:34 localhost sshd\[9112\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.125.141.56 user=root ...	2020-09-15 03:31:31
193.35.51.21	attackbotsspam	Sep 14 20:31:03 l03 postfix/smtps/smtpd[26098]: warning: unknown[193.35.51.21]: SASL LOGIN authentication failed: authentication failure Sep 14 20:31:07 l03 postfix/smtps/smtpd[26098]: warning: unknown[193.35.51.21]: SASL LOGIN authentication failed: authentication failure Sep 14 20:35:04 l03 postfix/smtps/smtpd[26963]: warning: unknown[193.35.51.21]: SASL LOGIN authentication failed: authentication failure Sep 14 20:35:08 l03 postfix/smtps/smtpd[26963]: warning: unknown[193.35.51.21]: SASL LOGIN authentication failed: authentication failure ...	2020-09-15 03:37:47
189.91.5.42	attackbotsspam	Sep 13 18:29:11 mail.srvfarm.net postfix/smtpd[1231911]: warning: unknown[189.91.5.42]: SASL PLAIN authentication failed: Sep 13 18:29:11 mail.srvfarm.net postfix/smtpd[1231911]: lost connection after AUTH from unknown[189.91.5.42] Sep 13 18:30:22 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[189.91.5.42]: SASL PLAIN authentication failed: Sep 13 18:30:23 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[189.91.5.42] Sep 13 18:30:41 mail.srvfarm.net postfix/smtpd[1232278]: warning: unknown[189.91.5.42]: SASL PLAIN authentication failed:	2020-09-15 03:46:17
91.83.161.153	attackspam	Sep 13 18:33:46 mail.srvfarm.net postfix/smtpd[1233116]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed: Sep 13 18:33:46 mail.srvfarm.net postfix/smtpd[1233116]: lost connection after AUTH from unknown[91.83.161.153] Sep 13 18:38:17 mail.srvfarm.net postfix/smtpd[1232281]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed: Sep 13 18:38:17 mail.srvfarm.net postfix/smtpd[1232281]: lost connection after AUTH from unknown[91.83.161.153] Sep 13 18:41:52 mail.srvfarm.net postfix/smtpd[1234121]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed:	2020-09-15 03:40:46
89.248.162.179	attackbots	Yet another port scanner as most of the visits from Incrediserve LTD (incrediserve.net)	2020-09-15 03:59:12
184.176.166.16	attack	Disconnected $auth failed, 1 attempts in 6 secs$:	2020-09-15 03:57:45
175.30.205.146	attack	Sep 14 07:59:20 ws12vmsma01 sshd[40971]: Failed password for invalid user christine from 175.30.205.146 port 50885 ssh2 Sep 14 08:04:53 ws12vmsma01 sshd[41782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.30.205.146 user=root Sep 14 08:04:55 ws12vmsma01 sshd[41782]: Failed password for root from 175.30.205.146 port 57031 ssh2 ...	2020-09-15 04:00:08
162.142.125.23	attack	Unauthorised connection attempts on TCP3390	2020-09-15 03:33:36
183.57.46.131	attack	Port scan: Attack repeated for 24 hours	2020-09-15 03:30:02
13.75.92.25	attackbots	(smtpauth) Failed SMTP AUTH login from 13.75.92.25 (HK/Hong Kong/-): 5 in the last 3600 secs	2020-09-15 03:54:38

Recently Reported IPs

195.35.201.14	36.71.234.115	62.60.135.116	5.165.120.61
182.68.236.189	139.196.223.235	171.38.217.89	165.227.89.212
37.210.57.0	218.200.126.241	119.185.74.158	201.46.21.245
113.188.246.8	246.135.26.63	5.9.229.26	13.52.246.249
115.230.124.126	200.236.120.68	231.109.254.194	156.63.99.200