45.252.250.106

基本信息:

城市(city): Thuan An

省份(region): Tinh Quang Nam

国家(country): Vietnam

运营商(isp): AZDIGI Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	45.252.250.106 - - [07/Jun/2020:21:14:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.106 - - [07/Jun/2020:21:14:40 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.106 - - [07/Jun/2020:21:28:23 +0100] "POST /wp-login.php HTTP/1.1" 200 2040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-08 04:54:13
attackspam	CMS (WordPress or Joomla) login attempt.	2020-06-02 01:27:57
attack	404 NOT FOUND	2020-05-17 06:39:58
attackbotsspam	Automatic report - XMLRPC Attack	2020-02-08 21:42:28
attack	Automatic report - XMLRPC Attack	2019-11-26 02:51:08

相同子网IP讨论:

IP	类型	评论内容	时间
45.252.250.64	attackbots	firewall-block, port(s): 18148/tcp	2020-06-26 12:42:00
45.252.250.64	attackbots	Port scan denied	2020-06-24 13:51:20
45.252.250.64	attackbotsspam	(sshd) Failed SSH login from 45.252.250.64 (VN/Vietnam/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 14 00:08:30 ubnt-55d23 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.250.64 user=root Jun 14 00:08:32 ubnt-55d23 sshd[22726]: Failed password for root from 45.252.250.64 port 43144 ssh2	2020-06-14 06:12:03
45.252.250.13	attackbotsspam	Automatic report - XMLRPC Attack	2020-03-04 08:16:17
45.252.250.13	attack	Automatic report - XMLRPC Attack	2020-03-02 02:14:12
45.252.250.11	attackbotsspam	45.252.250.11 - - \[16/Jan/2020:22:50:40 +0100\] "POST /wp-login.php HTTP/1.0" 200 6597 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[16/Jan/2020:22:50:44 +0100\] "POST /wp-login.php HTTP/1.0" 200 6410 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[16/Jan/2020:22:50:45 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-01-17 06:01:14
45.252.250.11	attackspam	xmlrpc attack	2019-11-28 02:34:31
45.252.250.11	attack	xmlrpc attack	2019-11-15 08:57:42
45.252.250.11	attack	WordPress wp-login brute force :: 45.252.250.11 0.188 - [14/Nov/2019:06:25:17 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2043 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2019-11-14 18:36:03
45.252.250.11	attack	45.252.250.11 - - \[10/Nov/2019:15:46:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 2406 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[10/Nov/2019:15:46:20 +0100\] "POST /wp-login.php HTTP/1.0" 200 2364 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[10/Nov/2019:15:46:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 2374 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-10 23:40:08
45.252.250.110	attackbotsspam	xmlrpc attack	2019-09-02 06:29:53
45.252.250.110	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-08-04 02:34:05
45.252.250.201	attack	[FriJul0500:54:05.2852492019][:error][pid4583:tid47152594962176][client45.252.250.201:58682][client45.252.250.201]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\(\?:\<\\|script\\|\>\)"atARGS:domain.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"317"][id"347147"][rev"1"][msg"Atomicorp.comWAFRules:Wordpressadmin-ajaxXSSattack"][data"admin-ajax.php"][severity"CRITICAL"][hostname"cser.ch"][uri"/wp-admin/admin-ajax.php"][unique_id"XR6DjRmG7onBEAjys9uJmQAAAMk"][FriJul0500:58:24.9255002019][:error][pid29575:tid47152590759680][client45.252.250.201:42480][client45.252.250.201]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"miglaa\?_"atARGS:action.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"60"][id"334072"][rev"5"][msg"Atomicorp.comWAFRules:CVE-2019-6703Attackblocked"][severity"ALERT"][hostname"cser.ch"][uri"/wp-admin/admin-ajax.php"][unique_id"XR6EkOJOLgY93J5KRwqZPAAAAUc"]	2019-07-05 07:42:20
45.252.250.110	attackspambots	45.252.250.110 - - [02/Jul/2019:15:58:38 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:43 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:49 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:54 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:55 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:56 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-02 23:26:15

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.252.250.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.252.250.106.			IN	A

;; AUTHORITY SECTION:
.			326	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112501 1800 900 604800 86400

;; Query time: 185 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 26 02:51:04 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 106.250.252.45.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 106.250.252.45.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
197.210.53.77	attackspambots	Unauthorized connection attempt from IP address 197.210.53.77 on Port 445(SMB)	2020-09-16 14:48:43
168.181.49.39	attack	detected by Fail2Ban	2020-09-16 14:39:18
157.245.64.140	attackspam	s2.hscode.pl - SSH Attack	2020-09-16 15:22:58
144.217.42.212	attack	Sep 16 09:16:15 vmd26974 sshd[5880]: Failed password for root from 144.217.42.212 port 34818 ssh2 ...	2020-09-16 15:27:20
200.108.143.6	attack	2020-09-16T04:53:25.034112abusebot-3.cloudsearch.cf sshd[8496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.108.143.6 user=root 2020-09-16T04:53:26.941905abusebot-3.cloudsearch.cf sshd[8496]: Failed password for root from 200.108.143.6 port 52178 ssh2 2020-09-16T04:58:22.760475abusebot-3.cloudsearch.cf sshd[8608]: Invalid user service from 200.108.143.6 port 36500 2020-09-16T04:58:22.766547abusebot-3.cloudsearch.cf sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.108.143.6 2020-09-16T04:58:22.760475abusebot-3.cloudsearch.cf sshd[8608]: Invalid user service from 200.108.143.6 port 36500 2020-09-16T04:58:24.779775abusebot-3.cloudsearch.cf sshd[8608]: Failed password for invalid user service from 200.108.143.6 port 36500 ssh2 2020-09-16T05:03:13.450370abusebot-3.cloudsearch.cf sshd[8731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.108.143 ...	2020-09-16 14:26:42
89.248.167.141	attackbots	TCP (SYN) 89.248.167.141:8080 -> port 7458, len 44	2020-09-16 14:40:35
1.171.97.246	attackbots	Sep 16 02:01:49 ssh2 sshd[67552]: Connection from 1.171.97.246 port 50266 on 192.240.101.3 port 22 Sep 16 02:01:50 ssh2 sshd[67552]: User root from 1-171-97-246.dynamic-ip.hinet.net not allowed because not listed in AllowUsers Sep 16 02:01:50 ssh2 sshd[67552]: Failed password for invalid user root from 1.171.97.246 port 50266 ssh2 ...	2020-09-16 14:28:20
92.36.233.40	attack	Automatic report - Port Scan Attack	2020-09-16 15:33:35
210.55.3.250	attack	Sep 16 04:03:00 pve1 sshd[16730]: Failed password for root from 210.55.3.250 port 56526 ssh2 ...	2020-09-16 15:35:25
104.248.160.58	attackbotsspam	Sep 16 09:05:49 santamaria sshd\[27804\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.160.58 user=root Sep 16 09:05:51 santamaria sshd\[27804\]: Failed password for root from 104.248.160.58 port 46036 ssh2 Sep 16 09:09:22 santamaria sshd\[27872\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.160.58 user=root Sep 16 09:09:25 santamaria sshd\[27872\]: Failed password for root from 104.248.160.58 port 56864 ssh2 ...	2020-09-16 15:30:47
178.62.230.153	attack	SSH Brute Force	2020-09-16 14:44:21
178.54.238.138	attackspambots	Sep 15 16:05:27 scw-focused-cartwright sshd[9158]: Failed password for root from 178.54.238.138 port 49292 ssh2	2020-09-16 14:31:37
115.97.67.121	attackspambots	Telnetd brute force attack detected by fail2ban	2020-09-16 15:29:15
41.111.135.199	attackbots	2020-09-16T05:41:32.889616ks3355764 sshd[31638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.111.135.199 user=root 2020-09-16T05:41:34.697813ks3355764 sshd[31638]: Failed password for root from 41.111.135.199 port 37202 ssh2 ...	2020-09-16 15:08:53
94.20.64.42	attackbots	400 BAD REQUEST	2020-09-16 14:39:46

最近上报的IP列表

184.103.108.32	115.240.242.43	115.61.123.138	130.161.78.188
70.27.171.122	188.247.73.225	65.216.85.50	87.242.198.12
12.61.176.184	111.47.188.182	41.83.130.209	155.159.186.150
113.70.26.64	177.91.200.7	66.183.237.10	115.176.102.192
45.5.97.3	62.254.16.78	68.186.87.64	63.28.240.21