Black Hat Directory

IP address: 45.125.65.105

Host rating:

2.0

out of 174 votes

Last update: 2021-02-25

Host details

Unknown
Hong Kong
Unknown
AS133398 Tele Asia Limited
See comments

Reported breaches

  • Port scan
  • Brute force attack
Report breach

Whois record

The publicly-available Whois record found at whois.apnic.net server.

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '45.125.65.0 - 45.125.65.255'

% Abuse contact for '45.125.65.0 - 45.125.65.255' is '[email protected]'

inetnum:        45.125.65.0 - 45.125.65.255
netname:        TELE-HK
descr:          Tele Asia
country:        HK
admin-c:        TAHH1-AP
tech-c:         TAHH1-AP
status:         ALLOCATED NON-PORTABLE
mnt-by:         MAINT-HK-TELEASIA
mnt-irt:        IRT-TELE-ASIA
last-modified:  2015-08-31T07:10:05Z
source:         APNIC

irt:            IRT-TELE-ASIA
address:        Tele Asia Limited
address:        Unit 211, 2/F, Poly Centre
address:        15 Yip Fung Street, On Lok Tseun
address:        Fanling, NT, Hong Kong
e-mail:         [email protected]
abuse-mailbox:  [email protected]
admin-c:        TAHH1-AP
tech-c:         TAHH1-AP
auth:           # Filtered
remarks:        [email protected] is invalid
mnt-by:         MAINT-TELE-HK
last-modified:  2019-12-18T13:35:24Z
source:         APNIC

role:           Tele Asia  Host Hong Kong administrator
address:        Tele Asia Limited, Unit 211, 2/F, Poly Centre, 15 Yip Fung Street, On Lok Tseun,, Fanling New Territ
country:        HK
phone:          +85281700749
fax-no:         +85281700749
e-mail:         [email protected]
admin-c:        TAHH1-AP
tech-c:         TAHH1-AP
nic-hdl:        TAHH1-AP
mnt-by:         MAINT-TELE-HK
last-modified:  2013-02-15T04:02:01Z
source:         APNIC

% Information related to '45.125.64.0/22AS133398'

route:          45.125.64.0/22
descr:          route object for 45.125.64.0/22
origin:         AS133398
mnt-by:         MAINT-HK-TELEASIA
last-modified:  2015-09-17T23:16:35Z
source:         APNIC

% This query was served by the APNIC Whois Service version 1.88.15-SNAPSHOT (WHOIS-US3)

User comments

174 security incident(s) reported by users

BHD Honeypot
Port scan
2021-02-25 
In the last 24h, the attacker (45.125.65.105) attempted to scan 218 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 6001/tcp, 8088/tcp (Radan HTTP), 1000/tcp (cadlock2), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 1012/tcp, 8087/tcp (Simplify Media SPP Protocol), 2001/tcp (dc), 9001/tcp (ETL Service Manager), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 6000/tcp (-6063/udp   X Window System), 4001/tcp (NewOak), 8100/tcp (Xprint Server), 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8989/tcp (Sun Web Server SSL Admin Service), 8083/tcp (Utilistor (Server)), 8180/tcp, 10001/tcp (SCP Configuration), 8001/tcp (VCOM Tunnel), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 8009/tcp, 81/tcp, 8002/tcp (Teradata ORDBMS), 8084/tcp, 8010/tcp, 7777/tcp (cbt), 88/tcp (Kerberos), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 10000/tcp (Network Data Management Protocol), 85/tcp (MIT ML Device), 9999/tcp (distinct), 9191/tcp (Sun AppSvr JPDA), 8085/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-24 
In the last 24h, the attacker (45.125.65.105) attempted to scan 100 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 8088/tcp (Radan HTTP), 1000/tcp (cadlock2), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 1012/tcp, 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 6000/tcp (-6063/udp   X Window System), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 5001/tcp (commplex-link), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 81/tcp, 8002/tcp (Teradata ORDBMS), 7777/tcp (cbt), 88/tcp (Kerberos), 7000/tcp (file server itself), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 10000/tcp (Network Data Management Protocol), 85/tcp (MIT ML Device), 8085/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-23 
In the last 24h, the attacker (45.125.65.105) attempted to scan 221 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 6001/tcp, 8088/tcp (Radan HTTP), 1000/tcp (cadlock2), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 8093/tcp, 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 8013/tcp, 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8001/tcp (VCOM Tunnel), 5001/tcp (commplex-link), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 81/tcp, 8092/tcp, 9010/tcp (Secure Data Replicator Protocol), 8899/tcp (ospf-lite), 8084/tcp, 8010/tcp, 1111/tcp (LM Social Server), 7777/tcp (cbt), 88/tcp (Kerberos), 4444/tcp (NV Video default), 8091/tcp (Jam Link Framework), 7000/tcp (file server itself), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 10000/tcp (Network Data Management Protocol), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-22 
In the last 24h, the attacker (45.125.65.105) attempted to scan 39 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 9000/tcp (CSlistener), 8181/tcp, 9001/tcp (ETL Service Manager), 8093/tcp, 6000/tcp (-6063/udp   X Window System), 4001/tcp (NewOak), 9080/tcp (Groove GLRPC), 8089/tcp, 8083/tcp (Utilistor (Server)), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 8092/tcp, 8899/tcp (ospf-lite), 8084/tcp, 8010/tcp, 88/tcp (Kerberos), 8091/tcp (Jam Link Framework), 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 85/tcp (MIT ML Device), 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-21 
In the last 24h, the attacker (45.125.65.105) attempted to scan 188 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 6001/tcp, 8088/tcp (Radan HTTP), 1000/tcp (cadlock2), 9000/tcp (CSlistener), 8181/tcp, 1012/tcp, 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 83/tcp (MIT ML Device), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 6000/tcp (-6063/udp   X Window System), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 84/tcp (Common Trace Facility), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 8009/tcp, 81/tcp, 8899/tcp (ospf-lite), 8084/tcp, 87/tcp (any private terminal link), 8010/tcp, 7777/tcp (cbt), 88/tcp (Kerberos), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 10000/tcp (Network Data Management Protocol), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-20 
In the last 24h, the attacker (45.125.65.105) attempted to scan 60 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 6001/tcp, 9000/tcp (CSlistener), 9090/tcp (WebSM), 1012/tcp, 83/tcp (MIT ML Device), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 84/tcp (Common Trace Facility), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 81/tcp, 8899/tcp (ospf-lite), 7777/tcp (cbt), 88/tcp (Kerberos), 1011/tcp, 8000/tcp (iRDMI), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 2000/tcp (Cisco SCCP).
BHD Honeypot
Port scan
2021-02-20 
Port scan from IP: 45.125.65.105 detected by psad.
BHD Honeypot
Port scan
2021-02-19 
In the last 24h, the attacker (45.125.65.105) attempted to scan 178 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 1000/tcp (cadlock2), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 8093/tcp, 90/tcp (DNSIX Securit Attribute Token Map), 83/tcp (MIT ML Device), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 6000/tcp (-6063/udp   X Window System), 4001/tcp (NewOak), 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 1001/tcp, 81/tcp, 8092/tcp, 8084/tcp, 7777/tcp (cbt), 88/tcp (Kerberos), 8091/tcp (Jam Link Framework), 7000/tcp (file server itself), 1011/tcp, 7001/tcp (callbacks to cache managers), 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 10000/tcp (Network Data Management Protocol), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-18 
In the last 24h, the attacker (45.125.65.105) attempted to scan 59 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 9000/tcp (CSlistener), 1012/tcp, 9001/tcp (ETL Service Manager), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 8089/tcp, 4000/tcp (Terabase), 8001/tcp (VCOM Tunnel), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 81/tcp, 8899/tcp (ospf-lite), 7777/tcp (cbt), 88/tcp (Kerberos), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp.
BHD Honeypot
Port scan
2021-02-17 
In the last 24h, the attacker (45.125.65.105) attempted to scan 168 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 1012/tcp, 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 90/tcp (DNSIX Securit Attribute Token Map), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 9080/tcp (Groove GLRPC), 8089/tcp, 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 5001/tcp (commplex-link), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 7080/tcp (EmpowerID Communication), 8080/tcp (HTTP Alternate (see port 80)), 8040/tcp (Ampify Messaging Protocol), 81/tcp, 8092/tcp, 8084/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 8010/tcp, 88/tcp (Kerberos), 91/tcp (MIT Dover Spooler), 1011/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp.
BHD Honeypot
Port scan
2021-02-16 
In the last 24h, the attacker (45.125.65.105) attempted to scan 166 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 1012/tcp, 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 8093/tcp, 90/tcp (DNSIX Securit Attribute Token Map), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 9080/tcp (Groove GLRPC), 8089/tcp, 4000/tcp (Terabase), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 5001/tcp (commplex-link), 8081/tcp (Sun Proxy Admin Service), 7080/tcp (EmpowerID Communication), 8080/tcp (HTTP Alternate (see port 80)), 8040/tcp (Ampify Messaging Protocol), 81/tcp, 8092/tcp, 8899/tcp (ospf-lite), 8084/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 88/tcp (Kerberos), 91/tcp (MIT Dover Spooler), 8091/tcp (Jam Link Framework), 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-15 
In the last 24h, the attacker (45.125.65.105) attempted to scan 198 ports.
The following ports have been scanned: 8088/tcp (Radan HTTP), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 8087/tcp (Simplify Media SPP Protocol), 9001/tcp (ETL Service Manager), 8093/tcp, 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 8090/tcp, 7090/tcp, 9080/tcp (Groove GLRPC), 8089/tcp, 8183/tcp (ProRemote), 8083/tcp (Utilistor (Server)), 8001/tcp (VCOM Tunnel), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 7080/tcp (EmpowerID Communication), 8080/tcp (HTTP Alternate (see port 80)), 8040/tcp (Ampify Messaging Protocol), 81/tcp, 8092/tcp, 8899/tcp (ospf-lite), 8084/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 8010/tcp, 88/tcp (Kerberos), 8091/tcp (Jam Link Framework), 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8182/tcp (VMware Fault Domain Manager), 85/tcp (MIT ML Device), 9999/tcp (distinct), 8085/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port).
BHD Honeypot
Port scan
2021-02-14 
Port scan from IP: 45.125.65.105 detected by psad.
BHD Honeypot
Brute force attack
2021-01-19 
In the last 24h, the attacker attempted to log in to our smtp honeypot by trying 139 different combinations of usernames and passwords.
The most commonly used usernames: 'test8', 'test9', 'vpn', 'warehouse', 'web', 'webadmin', 'webadministrator', 'webalianza', 'webalizer', 'webapps'
The most commonly used passwords: '12ab', '123qweasd', '131313'
BHD Honeypot
Brute force attack
2021-01-18 
In the last 24h, the attacker attempted to log in to our smtp honeypot by trying 276 different combinations of usernames and passwords.
The most commonly used usernames: 'test8', 'test9', 'testadmin', 'testdemo', 'testdrive', 'teste', 'teste01', 'tested', 'tester', 'testex'
The most commonly used passwords: '123qwe', '123qweASD', '123qweasd', '123654789'
Anonymous
Brute force attack
2021-01-18 
Attempt to login from IP: 45.125.65.105 via SMTP by trying many passwords and usernames
BHD Honeypot
Brute force attack
2021-01-17 
In the last 24h, the attacker attempted to log in to our smtp honeypot by trying 280 different combinations of usernames and passwords.
The most commonly used usernames: 'testdrive', 'teste', 'teste01', 'tested', 'tester', 'testex', 'testimp', 'testing', 'testing123', 'testing2'
The most commonly used passwords: '1234qwer', '1234567890', '123654789'
Anonymous
Brute force attack
2021-01-17 
Attempt to login from IP: 45.125.65.105 via SMTP by trying many passwords and usernames
BHD Honeypot
Brute force attack
2021-01-16 
In the last 24h, the attacker attempted to log in to our smtp honeypot by trying 283 different combinations of usernames and passwords.
The most commonly used usernames: 'test8', 'test9', 'testadmin', 'testdemo', 'testing2', 'testmail', 'testtest', 'testuser', 'testuser01', 'testuser2'
The most commonly used passwords: '12345678', '123456789', '1234567', '1234567890'
Anonymous
Brute force attack
2021-01-16 
Attempt to login from IP: 45.125.65.105 via SMTP by trying many passwords and usernames

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Similar hosts

Hosts with the same ASN

Emerging threats

The most commonly reported IP addresses in the last 24 hours

Report breach!

Rate host 45.125.65.105