95.245.4.149 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Italy

Internet Service Provider: Telecom Italia S.p.A.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Aug 2 09:12:48 xxxxxxx8 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149 user=r.r Aug 2 09:12:50 xxxxxxx8 sshd[25730]: Failed password for r.r from 95.245.4.149 port 41880 ssh2 Aug 2 09:28:08 xxxxxxx8 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149 user=r.r Aug 2 09:28:10 xxxxxxx8 sshd[26764]: Failed password for r.r from 95.245.4.149 port 32928 ssh2 Aug 2 09:37:52 xxxxxxx8 sshd[27417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149 user=r.r Aug 2 09:37:54 xxxxxxx8 sshd[27417]: Failed password for r.r from 95.245.4.149 port 38866 ssh2 Aug 2 09:41:17 xxxxxxx8 sshd[27921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149 user=r.r Aug 2 09:41:20 xxxxxxx8 sshd[27921]: Failed password for r.r from 95.245.4.149 port 40836 ssh2 Aug ........ ------------------------------	2020-08-04 19:42:12

Type

Details

Datetime

attackspambots

Aug  2 09:12:48 xxxxxxx8 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149  user=r.r
Aug  2 09:12:50 xxxxxxx8 sshd[25730]: Failed password for r.r from 95.245.4.149 port 41880 ssh2
Aug  2 09:28:08 xxxxxxx8 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149  user=r.r
Aug  2 09:28:10 xxxxxxx8 sshd[26764]: Failed password for r.r from 95.245.4.149 port 32928 ssh2
Aug  2 09:37:52 xxxxxxx8 sshd[27417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149  user=r.r
Aug  2 09:37:54 xxxxxxx8 sshd[27417]: Failed password for r.r from 95.245.4.149 port 38866 ssh2
Aug  2 09:41:17 xxxxxxx8 sshd[27921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.245.4.149  user=r.r
Aug  2 09:41:20 xxxxxxx8 sshd[27921]: Failed password for r.r from 95.245.4.149 port 40836 ssh2
Aug  ........
------------------------------

2020-08-04 19:42:12

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 95.245.4.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53092
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;95.245.4.149.			IN	A

;; AUTHORITY SECTION:
.			520	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080400 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Aug 04 19:42:04 CST 2020
;; MSG SIZE  rcvd: 116

Host info

149.4.245.95.in-addr.arpa domain name pointer host-95-245-4-149.retail.telecomitalia.it.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
149.4.245.95.in-addr.arpa	name = host-95-245-4-149.retail.telecomitalia.it.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.53.88.33	attack	\[2019-11-04 11:42:53\] NOTICE\[2601\] chan_sip.c: Registration from '"123" \' failed for '185.53.88.33:5101' - Wrong password \[2019-11-04 11:42:53\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-04T11:42:53.991-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="123",SessionID="0x7fdf2c5a9758",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.33/5101",Challenge="1f956af7",ReceivedChallenge="1f956af7",ReceivedHash="d9b14953e3b771b1fb769f5ecd3278a3" \[2019-11-04 11:42:54\] NOTICE\[2601\] chan_sip.c: Registration from '"123" \' failed for '185.53.88.33:5101' - Wrong password \[2019-11-04 11:42:54\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-04T11:42:54.101-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="123",SessionID="0x7fdf2cae1298",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.	2019-11-05 00:49:19
174.80.102.192	attackspambots	RDP Bruteforce	2019-11-05 01:01:47
103.12.246.100	attackbotsspam	Unauthorized connection attempt from IP address 103.12.246.100 on Port 445(SMB)	2019-11-05 01:19:21
106.12.84.112	attackbots	Invalid user euncn1234 from 106.12.84.112 port 48740 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.84.112 Failed password for invalid user euncn1234 from 106.12.84.112 port 48740 ssh2 Invalid user edu1 from 106.12.84.112 port 56056 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.84.112	2019-11-05 01:00:14
178.76.228.83	attackspam	Autoban 178.76.228.83 AUTH/CONNECT	2019-11-05 00:57:25
192.40.57.228	attack	[MonNov0417:39:30.0963722019][:error][pid13089:tid47795207677696][client192.40.57.228:55100][client192.40.57.228]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\<\?script\\|\<\?\(\?:i\?frame\?src\\|a\?href$\?=\?$\?:ogg\\|tls\\|ssl\\|gopher\\|zlib\\|\(ht\\|f$tps\?\)\\\\\\\\:/\\|document\\\\\\\\.write\?\\\\\\\\$\\|\(\?:\<\\|\<\?/$\?$\?:\(\?:java\\|vb$script\\|applet\\|activex\\|chrome\\|qx\?ss\\|embed\)\\|\<\?/\?i\?frame\\\\\\\\b\)"atARGS:your-message.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"1139"][id"340148"][rev"152"][msg"Atomicorp.comWAFRules:PotentialCrossSiteScriptingAttack"][data"\	2019-11-05 01:14:31
41.38.59.113	attack	Unauthorized connection attempt from IP address 41.38.59.113 on Port 445(SMB)	2019-11-05 01:18:54
188.213.174.36	attackspam	Nov 3 23:10:52 eola sshd[3688]: Invalid user ec from 188.213.174.36 port 60212 Nov 3 23:10:52 eola sshd[3688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.213.174.36 Nov 3 23:10:55 eola sshd[3688]: Failed password for invalid user ec from 188.213.174.36 port 60212 ssh2 Nov 3 23:10:55 eola sshd[3688]: Received disconnect from 188.213.174.36 port 60212:11: Bye Bye [preauth] Nov 3 23:10:55 eola sshd[3688]: Disconnected from 188.213.174.36 port 60212 [preauth] Nov 3 23:22:08 eola sshd[4160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.213.174.36 user=r.r Nov 3 23:22:10 eola sshd[4160]: Failed password for r.r from 188.213.174.36 port 44292 ssh2 Nov 3 23:22:10 eola sshd[4160]: Received disconnect from 188.213.174.36 port 44292:11: Bye Bye [preauth] Nov 3 23:22:10 eola sshd[4160]: Disconnected from 188.213.174.36 port 44292 [preauth] Nov 3 23:25:27 eola sshd[4282]: pam_........ -------------------------------	2019-11-05 00:50:31
222.124.15.210	attack	Unauthorized connection attempt from IP address 222.124.15.210 on Port 445(SMB)	2019-11-05 01:02:33
194.61.24.7	attackbots	Connection by 194.61.24.7 on port: 3495 got caught by honeypot at 11/4/2019 4:06:43 PM	2019-11-05 01:22:37
103.103.120.250	attackspam	[ER hit] Tried to deliver spam. Already well known.	2019-11-05 00:55:32
196.192.110.64	attackbots	$f2bV_matches	2019-11-05 00:51:14
106.13.223.64	attackbots	2019-11-04T16:45:53.424424abusebot-3.cloudsearch.cf sshd\[24492\]: Invalid user monitor from 106.13.223.64 port 57928	2019-11-05 01:05:24
45.82.153.76	attackbots	2019-11-04T18:11:45.376681mail01 postfix/smtpd[18229]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-04T18:12:01.427962mail01 postfix/smtpd[18228]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-04T18:12:34.419099mail01 postfix/smtpd[14627]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-05 01:14:03
172.94.24.71	attackbotsspam	Abuse	2019-11-05 01:17:28

Recently Reported IPs

39.109.123.214	5.41.33.68	79.216.161.123	113.212.108.90
200.73.132.57	175.24.93.7	149.202.40.210	115.126.4.227
55.152.166.21	54.201.27.206	223.11.146.100	198.247.186.191
141.5.0.43	28.76.24.46	82.215.225.214	36.68.99.100
45.112.149.150	210.178.56.45	2001:41d0:8:737c::	200.24.221.226