45.252.249.191

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): AZDIGI Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	45.252.249.191 - - \[24/Jun/2019:06:57:24 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.249.191 - - \[24/Jun/2019:06:57:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.249.191 - - \[24/Jun/2019:06:57:26 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.249.191 - - \[24/Jun/2019:06:57:27 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.249.191 - - \[24/Jun/2019:06:57:27 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.249.191 - - \[24/Jun/2019:06:57:28 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:6	2019-06-24 14:56:58

类型

评论内容

时间

attack

45.252.249.191 - - \[24/Jun/2019:06:57:24 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
45.252.249.191 - - \[24/Jun/2019:06:57:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
45.252.249.191 - - \[24/Jun/2019:06:57:26 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
45.252.249.191 - - \[24/Jun/2019:06:57:27 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
45.252.249.191 - - \[24/Jun/2019:06:57:27 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
45.252.249.191 - - \[24/Jun/2019:06:57:28 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:6

2019-06-24 14:56:58

相同子网IP讨论:

IP	类型	评论内容	时间
45.252.249.73	attack	(sshd) Failed SSH login from 45.252.249.73 (VN/Vietnam/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 9 16:28:49 server5 sshd[22221]: Invalid user user3 from 45.252.249.73 Oct 9 16:28:49 server5 sshd[22221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Oct 9 16:28:52 server5 sshd[22221]: Failed password for invalid user user3 from 45.252.249.73 port 45454 ssh2 Oct 9 16:40:13 server5 sshd[27427]: Invalid user monitoring from 45.252.249.73 Oct 9 16:40:13 server5 sshd[27427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73	2020-10-10 07:07:39
45.252.249.73	attackbots	Oct 9 12:21:27 124388 sshd[4745]: Failed password for root from 45.252.249.73 port 41160 ssh2 Oct 9 12:25:53 124388 sshd[4930]: Invalid user amavis from 45.252.249.73 port 48808 Oct 9 12:25:53 124388 sshd[4930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Oct 9 12:25:53 124388 sshd[4930]: Invalid user amavis from 45.252.249.73 port 48808 Oct 9 12:25:54 124388 sshd[4930]: Failed password for invalid user amavis from 45.252.249.73 port 48808 ssh2	2020-10-09 23:25:09
45.252.249.73	attackbotsspam	Unauthorized SSH login attempts	2020-08-30 00:09:38
45.252.249.73	attackbotsspam	Aug 23 15:08:19 game-panel sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Aug 23 15:08:20 game-panel sshd[20568]: Failed password for invalid user nss from 45.252.249.73 port 49652 ssh2 Aug 23 15:12:54 game-panel sshd[20859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73	2020-08-23 23:15:43
45.252.249.73	attackspambots	Aug 20 14:03:39 h2646465 sshd[905]: Invalid user user from 45.252.249.73 Aug 20 14:03:39 h2646465 sshd[905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Aug 20 14:03:39 h2646465 sshd[905]: Invalid user user from 45.252.249.73 Aug 20 14:03:41 h2646465 sshd[905]: Failed password for invalid user user from 45.252.249.73 port 48374 ssh2 Aug 20 14:15:30 h2646465 sshd[2859]: Invalid user wh from 45.252.249.73 Aug 20 14:15:30 h2646465 sshd[2859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Aug 20 14:15:30 h2646465 sshd[2859]: Invalid user wh from 45.252.249.73 Aug 20 14:15:32 h2646465 sshd[2859]: Failed password for invalid user wh from 45.252.249.73 port 41464 ssh2 Aug 20 14:19:38 h2646465 sshd[3016]: Invalid user laury from 45.252.249.73 ...	2020-08-21 00:10:47
45.252.249.73	attack	Invalid user mcts from 45.252.249.73 port 50866	2020-07-30 03:46:32
45.252.249.73	attackspam	Jul 24 05:51:23 electroncash sshd[35143]: Invalid user mailman from 45.252.249.73 port 49340 Jul 24 05:51:23 electroncash sshd[35143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Jul 24 05:51:23 electroncash sshd[35143]: Invalid user mailman from 45.252.249.73 port 49340 Jul 24 05:51:25 electroncash sshd[35143]: Failed password for invalid user mailman from 45.252.249.73 port 49340 ssh2 Jul 24 05:55:43 electroncash sshd[36228]: Invalid user jrb from 45.252.249.73 port 57662 ...	2020-07-24 12:04:19
45.252.249.73	attackbots	2020-07-14T00:58:54.262669server.mjenks.net sshd[1676725]: Invalid user practice from 45.252.249.73 port 49888 2020-07-14T00:58:54.268162server.mjenks.net sshd[1676725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 2020-07-14T00:58:54.262669server.mjenks.net sshd[1676725]: Invalid user practice from 45.252.249.73 port 49888 2020-07-14T00:58:56.451827server.mjenks.net sshd[1676725]: Failed password for invalid user practice from 45.252.249.73 port 49888 ssh2 2020-07-14T01:01:42.617572server.mjenks.net sshd[1677093]: Invalid user theo from 45.252.249.73 port 33234 ...	2020-07-14 14:08:06
45.252.249.73	attackspam	Jul 12 17:10:08 george sshd[20499]: Failed password for invalid user admin from 45.252.249.73 port 52896 ssh2 Jul 12 17:12:30 george sshd[20521]: Invalid user oks from 45.252.249.73 port 32882 Jul 12 17:12:30 george sshd[20521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 Jul 12 17:12:32 george sshd[20521]: Failed password for invalid user oks from 45.252.249.73 port 32882 ssh2 Jul 12 17:14:56 george sshd[20539]: Invalid user jv from 45.252.249.73 port 40982 ...	2020-07-13 05:26:19
45.252.249.73	attackbots	Invalid user xieshenru from 45.252.249.73 port 59626	2020-07-13 01:43:07
45.252.249.73	attack	2020-07-09T23:15:40.702356abusebot-4.cloudsearch.cf sshd[17515]: Invalid user git from 45.252.249.73 port 52966 2020-07-09T23:15:40.707555abusebot-4.cloudsearch.cf sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 2020-07-09T23:15:40.702356abusebot-4.cloudsearch.cf sshd[17515]: Invalid user git from 45.252.249.73 port 52966 2020-07-09T23:15:42.615453abusebot-4.cloudsearch.cf sshd[17515]: Failed password for invalid user git from 45.252.249.73 port 52966 ssh2 2020-07-09T23:19:12.488374abusebot-4.cloudsearch.cf sshd[17560]: Invalid user sendil from 45.252.249.73 port 51948 2020-07-09T23:19:12.497152abusebot-4.cloudsearch.cf sshd[17560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 2020-07-09T23:19:12.488374abusebot-4.cloudsearch.cf sshd[17560]: Invalid user sendil from 45.252.249.73 port 51948 2020-07-09T23:19:14.841965abusebot-4.cloudsearch.cf sshd[17560]: Failed pas ...	2020-07-10 07:55:21
45.252.249.73	attack	2020-07-07T12:21:56.150967+02:00 sshd[17394]: Failed password for invalid user xzq from 45.252.249.73 port 57998 ssh2	2020-07-07 19:05:24
45.252.249.73	attackspambots	Invalid user ttt from 45.252.249.73 port 37714	2020-06-17 15:26:31
45.252.249.73	attack	...	2020-06-15 08:26:00
45.252.249.73	attack	May 27 23:00:08 server1 sshd\[692\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 user=root May 27 23:00:10 server1 sshd\[692\]: Failed password for root from 45.252.249.73 port 50444 ssh2 May 27 23:04:24 server1 sshd\[1882\]: Invalid user wakita from 45.252.249.73 May 27 23:04:24 server1 sshd\[1882\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.249.73 May 27 23:04:27 server1 sshd\[1882\]: Failed password for invalid user wakita from 45.252.249.73 port 57198 ssh2 ...	2020-05-28 13:19:30

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.252.249.191
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59626
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.252.249.191.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061901 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 20 19:07:50 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 191.249.252.45.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 191.249.252.45.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
192.3.105.188	attackspam	Jul 24 15:48:27 master sshd[4032]: Failed password for invalid user Fake from 192.3.105.188 port 38222 ssh2 Jul 24 15:48:31 master sshd[4034]: Failed password for invalid user admin from 192.3.105.188 port 40880 ssh2 Jul 24 15:48:36 master sshd[4036]: Failed password for root from 192.3.105.188 port 43420 ssh2 Jul 24 15:48:40 master sshd[4038]: Failed password for invalid user admin from 192.3.105.188 port 46794 ssh2 Jul 24 15:48:44 master sshd[4040]: Failed password for invalid user support from 192.3.105.188 port 49055 ssh2	2020-07-24 22:48:14
62.14.242.34	attackbots	Jul 24 17:18:03 journals sshd\[46000\]: Invalid user jager from 62.14.242.34 Jul 24 17:18:03 journals sshd\[46000\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.14.242.34 Jul 24 17:18:06 journals sshd\[46000\]: Failed password for invalid user jager from 62.14.242.34 port 32905 ssh2 Jul 24 17:22:20 journals sshd\[46423\]: Invalid user test from 62.14.242.34 Jul 24 17:22:20 journals sshd\[46423\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.14.242.34 ...	2020-07-24 22:22:32
66.96.228.119	attack	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth):	2020-07-24 22:50:45
95.173.236.169	attack	Honeypot attack, port: 445, PTR: 95-173-236-169.milleni.com.tr.	2020-07-24 22:53:52
103.98.17.75	attackbots	Jul 24 15:47:57 rancher-0 sshd[553934]: Invalid user vod from 103.98.17.75 port 59672 ...	2020-07-24 22:56:14
118.184.88.66	attack	Jul 24 16:32:24 ns381471 sshd[1172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.184.88.66 Jul 24 16:32:25 ns381471 sshd[1172]: Failed password for invalid user zq from 118.184.88.66 port 57763 ssh2	2020-07-24 22:47:48
119.204.96.131	attackbots	2020-07-24T21:00:15.151701hostname sshd[13072]: Invalid user csgoserver from 119.204.96.131 port 58968 2020-07-24T21:00:17.035658hostname sshd[13072]: Failed password for invalid user csgoserver from 119.204.96.131 port 58968 ssh2 2020-07-24T21:06:39.573707hostname sshd[15499]: Invalid user sammy from 119.204.96.131 port 41742 ...	2020-07-24 22:45:57
85.209.0.103	attackspambots	Jul 24 17:22:53 server2 sshd\[27203\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers Jul 24 17:22:53 server2 sshd\[27204\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers Jul 24 17:22:53 server2 sshd\[27207\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers Jul 24 17:22:53 server2 sshd\[27216\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers Jul 24 17:22:54 server2 sshd\[27205\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers Jul 24 17:22:54 server2 sshd\[27206\]: User root from 85.209.0.103 not allowed because not listed in AllowUsers	2020-07-24 22:31:35
110.80.142.84	attackspambots	Jul 24 16:19:10 abendstille sshd\[7622\]: Invalid user admin from 110.80.142.84 Jul 24 16:19:10 abendstille sshd\[7622\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.80.142.84 Jul 24 16:19:12 abendstille sshd\[7622\]: Failed password for invalid user admin from 110.80.142.84 port 39966 ssh2 Jul 24 16:22:09 abendstille sshd\[10840\]: Invalid user vboxuser from 110.80.142.84 Jul 24 16:22:09 abendstille sshd\[10840\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.80.142.84 ...	2020-07-24 22:34:32
222.186.30.35	attackspambots	24.07.2020 14:45:45 SSH access blocked by firewall	2020-07-24 22:50:27
45.130.127.123	attackspam	(From whitlow.retha@gmail.com) This Google doc exposes how this scamdemic is part of a bigger plan to crush your business and keep it closed or semi-operational (with heavy rescritions) while big corporations remain open without consequences. This Covid lie has ruined many peoples lives and businesses and is all done on purpose to bring about the One World Order. It goes much deeper than this but the purpose of this doc is to expose the evil and wickedness that works in the background to ruin peoples lives. So feel free to share this message with friends and family. No need to reply to the email i provided above as its not registered. But this information will tell you everything you need to know. https://docs.google.com/document/d/14MuVe_anmrcDQl4sZhDqzhQy0Pbhrx9A/edit. In case the document is taken down, here is a backup source https://fakecovidscam.com	2020-07-24 22:51:16
51.178.52.56	attackbotsspam	Jul 24 16:28:52 vps639187 sshd\[32310\]: Invalid user choudhury from 51.178.52.56 port 44624 Jul 24 16:28:52 vps639187 sshd\[32310\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.52.56 Jul 24 16:28:54 vps639187 sshd\[32310\]: Failed password for invalid user choudhury from 51.178.52.56 port 44624 ssh2 ...	2020-07-24 22:29:25
188.92.214.109	attackspam	Attempted Brute Force (dovecot)	2020-07-24 22:25:06
168.61.190.195	attack	Word press attack, another Microsoft server joining the darkside	2020-07-24 22:57:38
122.51.31.60	attackspam	Jul 24 14:42:37 rocket sshd[30354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.31.60 Jul 24 14:42:39 rocket sshd[30354]: Failed password for invalid user cgl from 122.51.31.60 port 42692 ssh2 Jul 24 14:48:20 rocket sshd[31194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.31.60 ...	2020-07-24 22:27:12

最近上报的IP列表

99.248.184.180	2a01:4f8:140:4475::2	77.180.168.16	213.93.165.159
115.49.149.184	173.234.249.90	41.203.233.253	221.223.96.139
96.254.201.67	94.139.224.135	57.226.114.227	139.86.178.232
131.176.92.100	12.67.243.250	87.95.207.109	137.1.69.156
95.240.17.129	41.34.178.14	114.185.174.253	166.73.190.12