212.12.4.45 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Russian Federation

运营商(isp): Dialup Network for NAS

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorized connection attempt from IP address 212.12.4.45 on Port 445(SMB)	2019-09-13 19:48:40

相同子网IP讨论:

IP	类型	评论内容	时间
212.12.4.42	attackbotsspam	Unauthorized connection attempt from IP address 212.12.4.42 on Port 445(SMB)	2019-12-13 17:35:35
212.12.4.6	attackspam	Unauthorized connection attempt from IP address 212.12.4.6 on Port 445(SMB)	2019-10-30 03:00:56

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.12.4.45
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6319
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.12.4.45.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091300 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Sep 13 19:48:35 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

45.4.12.212.in-addr.arpa domain name pointer rev-45-4-12-212.tula.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
45.4.12.212.in-addr.arpa	name = rev-45-4-12-212.tula.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
220.189.235.126	attackspam	Brute force attack to crack SMTP password (port 25 / 587)	2019-06-27 10:09:05
185.222.209.47	attackbotsspam	Jun 27 03:08:34 mail postfix/smtpd\[29922\]: warning: unknown\[185.222.209.47\]: SASL PLAIN authentication failed: \ Jun 27 03:08:42 mail postfix/smtpd\[29923\]: warning: unknown\[185.222.209.47\]: SASL PLAIN authentication failed: \ Jun 27 03:10:03 mail postfix/smtpd\[29923\]: warning: unknown\[185.222.209.47\]: SASL PLAIN authentication failed: \ Jun 27 03:50:33 mail postfix/smtpd\[31418\]: warning: unknown\[185.222.209.47\]: SASL PLAIN authentication failed: \	2019-06-27 10:33:46
70.64.21.83	attack	60001/tcp [2019-06-27]1pkt	2019-06-27 10:41:32
222.91.248.106	attack	Brute force attack stopped by firewall	2019-06-27 09:55:53
193.17.6.29	attackbots	Jun 27 00:53:52 h2421860 postfix/postscreen[5252]: CONNECT from [193.17.6.29]:53776 to [85.214.119.52]:25 Jun 27 00:53:52 h2421860 postfix/dnsblog[5255]: addr 193.17.6.29 listed by domain b.barracudacentral.org as 127.0.0.2 Jun 27 00:53:52 h2421860 postfix/dnsblog[5257]: addr 193.17.6.29 listed by domain Unknown.trblspam.com as 185.53.179.7 Jun 27 00:53:58 h2421860 postfix/postscreen[5252]: DNSBL rank 3 for [193.17.6.29]:53776 Jun x@x Jun 27 00:53:59 h2421860 postfix/postscreen[5252]: DISCONNECT [193.17.6.29]:53776 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=193.17.6.29	2019-06-27 10:23:47
60.173.79.120	attackspam	Brute force attack stopped by firewall	2019-06-27 09:55:04
14.147.107.153	attackspambots	Jun 26 17:38:00 eola sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.147.107.153 user=r.r Jun 26 17:38:02 eola sshd[18004]: Failed password for r.r from 14.147.107.153 port 48675 ssh2 Jun 26 17:38:02 eola sshd[18004]: Received disconnect from 14.147.107.153 port 48675:11: Bye Bye [preauth] Jun 26 17:38:02 eola sshd[18004]: Disconnected from 14.147.107.153 port 48675 [preauth] Jun 26 17:52:50 eola sshd[18866]: Invalid user leech from 14.147.107.153 port 45034 Jun 26 17:52:50 eola sshd[18866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.147.107.153 Jun 26 17:52:52 eola sshd[18866]: Failed password for invalid user leech from 14.147.107.153 port 45034 ssh2 Jun 26 17:52:52 eola sshd[18866]: Received disconnect from 14.147.107.153 port 45034:11: Bye Bye [preauth] Jun 26 17:52:52 eola sshd[18866]: Disconnected from 14.147.107.153 port 45034 [preauth] Jun 26 17:54:08 eola s........ -------------------------------	2019-06-27 10:17:32
5.9.66.153	attack	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	2019-06-27 10:14:59
164.132.230.244	attack	Jun 27 10:29:15 localhost sshd[28776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.230.244 user=mysql Jun 27 10:29:16 localhost sshd[28776]: Failed password for mysql from 164.132.230.244 port 60694 ssh2 ...	2019-06-27 10:43:25
120.209.233.191	attackspam	Brute force attack stopped by firewall	2019-06-27 10:01:07
45.227.253.211	attackspam	Jun 27 04:23:01 mail postfix/smtpd\[28097\]: warning: unknown\[45.227.253.211\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 27 04:23:12 mail postfix/smtpd\[28097\]: warning: unknown\[45.227.253.211\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 27 04:23:37 mail postfix/smtpd\[28380\]: warning: unknown\[45.227.253.211\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-06-27 10:34:39
170.81.148.7	attack	SSH Bruteforce Attack	2019-06-27 10:19:43
103.48.193.7	attackbots	Jun 25 00:05:47 xm3 sshd[12188]: Failed password for invalid user chef from 103.48.193.7 port 52760 ssh2 Jun 25 00:05:47 xm3 sshd[12188]: Received disconnect from 103.48.193.7: 11: Bye Bye [preauth] Jun 25 00:08:18 xm3 sshd[17394]: Failed password for invalid user ubuntu from 103.48.193.7 port 46554 ssh2 Jun 25 00:08:18 xm3 sshd[17394]: Received disconnect from 103.48.193.7: 11: Bye Bye [preauth] Jun 25 00:10:18 xm3 sshd[23872]: Failed password for invalid user stage from 103.48.193.7 port 35456 ssh2 Jun 25 00:10:18 xm3 sshd[23872]: Received disconnect from 103.48.193.7: 11: Bye Bye [preauth] Jun 25 00:12:12 xm3 sshd[26835]: Failed password for invalid user pul from 103.48.193.7 port 52604 ssh2 Jun 25 00:12:12 xm3 sshd[26835]: Received disconnect from 103.48.193.7: 11: Bye Bye [preauth] Jun 25 00:14:04 xm3 sshd[27985]: Failed password for invalid user store from 103.48.193.7 port 41504 ssh2 Jun 25 00:14:04 xm3 sshd[27985]: Received disconnect from 103.48.193.7: 11: Bye ........ -------------------------------	2019-06-27 10:22:19
75.97.83.80	attack	k+ssh-bruteforce	2019-06-27 10:28:28
171.221.255.5	attack	Brute force attack stopped by firewall	2019-06-27 09:55:38

最近上报的IP列表

160.187.202.116	89.252.146.61	221.227.72.113	113.116.65.136
89.117.114.101	222.188.29.168	50.176.194.174	173.229.25.178
192.236.199.135	123.21.110.207	49.67.143.97	104.131.115.50
209.210.24.131	94.8.144.28	197.71.15.209	77.42.121.25
141.156.51.155	74.80.21.44	121.35.96.176	113.238.2.74