45.152.6.50 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): WDV Egmond Holding BV

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) - port: 5060 proto: UDP cat: Attempted Information Leak	2020-03-07 09:56:41

相同子网IP讨论:

IP	类型	评论内容	时间
45.152.66.10	attackspambots	Port Scan detected from 45.152.66.10 (GB/United Kingdom/England/London/-). 4 hits in the last 241 seconds	2020-07-29 13:39:57
45.152.6.58	attack	firewall-block, port(s): 8000/tcp	2020-03-08 23:15:55
45.152.6.58	attack	scan z	2020-03-08 04:09:51
45.152.6.58	attackbotsspam	Mar 1 07:04:30 debian-2gb-nbg1-2 kernel: \[5301857.798769\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.152.6.58 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=26812 PROTO=TCP SPT=45749 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-01 14:15:26
45.152.6.58	attackbots	Feb 25 14:23:01 debian-2gb-nbg1-2 kernel: \[4896179.956090\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.152.6.58 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=35961 PROTO=TCP SPT=57248 DPT=8087 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-25 21:31:54
45.152.6.58	attackspam	firewall-block, port(s): 8081/tcp	2020-02-18 15:01:22
45.152.6.58	attack	IP: 45.152.6.58 Ports affected World Wide Web HTTP (80) Abuse Confidence rating 100% Found in DNSBL('s) ASN Details AS35913 DEDIPATH-LLC United States (US) CIDR 45.152.4.0/22 Log Date: 17/02/2020 4:58:18 PM UTC	2020-02-18 05:00:25
45.152.6.58	attack	Unauthorised access (Feb 16) SRC=45.152.6.58 LEN=40 TTL=237 ID=59100 TCP DPT=8080 WINDOW=1024 SYN	2020-02-16 22:40:01
45.152.6.58	attack	unauthorized connection attempt	2020-02-15 14:55:28

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.152.6.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44717
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.152.6.50.			IN	A

;; AUTHORITY SECTION:
.			475	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030601 1800 900 604800 86400

;; Query time: 183 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Mar 07 09:56:38 CST 2020
;; MSG SIZE  rcvd: 115

HOST信息:

Host 50.6.152.45.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 50.6.152.45.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
129.45.76.52	attackspambots	2020-09-05 11:35:48.851568-0500 localhost smtpd[41784]: NOQUEUE: reject: RCPT from unknown[129.45.76.52]: 554 5.7.1 Service unavailable; Client host [129.45.76.52] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/129.45.76.52; from= to= proto=ESMTP helo=<[129.45.76.52]>	2020-09-07 00:18:52
94.102.51.95	attack	TCP (SYN) 94.102.51.95:54697 -> port 46909, len 44	2020-09-07 00:06:48
78.154.217.251	attackspambots	Aug 31 07:15:38 uapps sshd[25225]: Invalid user admin from 78.154.217.251 port 48203 Aug 31 07:15:40 uapps sshd[25225]: Failed password for invalid user admin from 78.154.217.251 port 48203 ssh2 Aug 31 07:15:41 uapps sshd[25225]: Received disconnect from 78.154.217.251 port 48203:11: Bye Bye [preauth] Aug 31 07:15:41 uapps sshd[25225]: Disconnected from invalid user admin 78.154.217.251 port 48203 [preauth] Aug 31 07:15:42 uapps sshd[25227]: Invalid user admin from 78.154.217.251 port 48273 Aug 31 07:15:44 uapps sshd[25227]: Failed password for invalid user admin from 78.154.217.251 port 48273 ssh2 Aug 31 07:15:46 uapps sshd[25227]: Received disconnect from 78.154.217.251 port 48273:11: Bye Bye [preauth] Aug 31 07:15:46 uapps sshd[25227]: Disconnected from invalid user admin 78.154.217.251 port 48273 [preauth] Aug 31 07:15:47 uapps sshd[25229]: Invalid user admin from 78.154.217.251 port 48435 Aug 31 07:15:49 uapps sshd[25229]: Failed password for invalid user admin fro........ -------------------------------	2020-09-07 00:12:56
80.82.64.210	attackbots	[H1.VM8] Blocked by UFW	2020-09-06 23:47:52
176.62.108.211	attackspam	SMB Server BruteForce Attack	2020-09-07 00:21:01
92.63.197.71	attack	scans once in preceeding hours on the ports (in chronological order) 3389 resulting in total of 30 scans from 92.63.192.0/20 block.	2020-09-06 23:40:01
110.86.183.70	attackbotsspam	Multiple SSH authentication failures from 110.86.183.70	2020-09-07 00:01:50
144.217.72.135	attackbots	Sep617:36:12server2kernel:Firewall:\PortFlood\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=144.217.72.135DST=136.243.224.50LEN=52TOS=0x02PREC=0x00TTL=114ID=31299DFPROTO=TCPSPT=13413DPT=80WINDOW=64240RES=0x00CWRECESYNURGP=0Sep617:36:12server2kernel:Firewall:\PortFlood\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=144.217.72.135DST=136.243.224.50LEN=52TOS=0x02PREC=0x00TTL=114ID=31302DFPROTO=TCPSPT=13439DPT=80WINDOW=64240RES=0x00CWRECESYNURGP=0Sep617:36:12server2kernel:Firewall:\PortFlood\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=144.217.72.135DST=136.243.224.50LEN=52TOS=0x02PREC=0x00TTL=114ID=31306DFPROTO=TCPSPT=13454DPT=80WINDOW=64240RES=0x00CWRECESYNURGP=0Sep617:36:12server2kernel:Firewall:\PortFlood\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=144.217.72.135DST=136.243.224.50LEN=52TOS=0x00PREC=0x00TTL=114ID=31326DFPROTO=TCPSPT=13245DPT=80WINDOW=64240RES=0x00SYNURGP=0Sep617:36:12server2kernel:Firewall:\PortFlood\IN=eth0OUT=MAC=00:16:3e:3f	2020-09-06 23:39:28
14.161.50.104	attack	...	2020-09-06 23:46:40
223.235.185.241	attack	2020-09-05 11:36:29.170007-0500 localhost smtpd[41784]: NOQUEUE: reject: RCPT from unknown[223.235.185.241]: 554 5.7.1 Service unavailable; Client host [223.235.185.241] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/223.235.185.241; from= to= proto=ESMTP helo=<[223.235.185.241]>	2020-09-07 00:15:52
140.143.95.201	attackbotsspam	$f2bV_matches	2020-09-06 23:59:57
130.185.155.34	attackspambots	2020-09-06T14:56:29.847422shield sshd\[19978\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.185.155.34 user=root 2020-09-06T14:56:32.368890shield sshd\[19978\]: Failed password for root from 130.185.155.34 port 59072 ssh2 2020-09-06T15:00:26.898234shield sshd\[20470\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.185.155.34 user=root 2020-09-06T15:00:29.289252shield sshd\[20470\]: Failed password for root from 130.185.155.34 port 35168 ssh2 2020-09-06T15:04:13.787456shield sshd\[20827\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.185.155.34 user=root	2020-09-06 23:48:05
221.225.229.60	attackbotsspam	Aug 31 07:09:03 georgia postfix/smtpd[35470]: connect from unknown[221.225.229.60] Aug 31 07:09:08 georgia postfix/smtpd[35470]: warning: unknown[221.225.229.60]: SASL LOGIN authentication failed: authentication failure Aug 31 07:09:09 georgia postfix/smtpd[35470]: lost connection after AUTH from unknown[221.225.229.60] Aug 31 07:09:09 georgia postfix/smtpd[35470]: disconnect from unknown[221.225.229.60] ehlo=1 auth=0/1 commands=1/2 Aug 31 07:09:10 georgia postfix/smtpd[35470]: connect from unknown[221.225.229.60] Aug 31 07:09:16 georgia postfix/smtpd[35470]: warning: unknown[221.225.229.60]: SASL LOGIN authentication failed: authentication failure Aug 31 07:09:17 georgia postfix/smtpd[35470]: lost connection after AUTH from unknown[221.225.229.60] Aug 31 07:09:17 georgia postfix/smtpd[35470]: disconnect from unknown[221.225.229.60] ehlo=1 auth=0/1 commands=1/2 Aug 31 07:09:17 georgia postfix/smtpd[35470]: connect from unknown[221.225.229.60] Aug 31 07:09:21 georgia pos........ -------------------------------	2020-09-06 23:40:25
123.201.12.190	attackspam	Aug 31 07:14:39 uapps sshd[25202]: Invalid user admin from 123.201.12.190 port 55309 Aug 31 07:14:41 uapps sshd[25202]: Failed password for invalid user admin from 123.201.12.190 port 55309 ssh2 Aug 31 07:14:42 uapps sshd[25202]: Received disconnect from 123.201.12.190 port 55309:11: Bye Bye [preauth] Aug 31 07:14:42 uapps sshd[25202]: Disconnected from invalid user admin 123.201.12.190 port 55309 [preauth] Aug 31 07:14:43 uapps sshd[25204]: Invalid user admin from 123.201.12.190 port 55440 Aug 31 07:14:46 uapps sshd[25204]: Failed password for invalid user admin from 123.201.12.190 port 55440 ssh2 Aug 31 07:14:47 uapps sshd[25204]: Received disconnect from 123.201.12.190 port 55440:11: Bye Bye [preauth] Aug 31 07:14:47 uapps sshd[25204]: Disconnected from invalid user admin 123.201.12.190 port 55440 [preauth] Aug 31 07:14:48 uapps sshd[25206]: Invalid user admin from 123.201.12.190 port 55541 Aug 31 07:14:50 uapps sshd[25206]: Failed password for invalid user admin fro........ -------------------------------	2020-09-07 00:02:55
95.173.161.167	attackspambots	95.173.161.167 - - [06/Sep/2020:15:40:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2604 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 95.173.161.167 - - [06/Sep/2020:15:40:54 +0100] "POST /wp-login.php HTTP/1.1" 200 2575 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 95.173.161.167 - - [06/Sep/2020:15:40:55 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-07 00:04:02

最近上报的IP列表

121.252.107.110	18.218.63.213	187.188.107.235	196.119.195.198
46.139.165.19	201.162.168.237	85.54.172.250	133.60.51.166
111.92.150.204	123.206.9.241	41.228.163.114	114.204.19.246
44.14.21.141	140.143.211.94	178.69.101.53	201.184.89.93
5.103.30.134	223.204.17.215	113.185.46.121	106.54.224.217