45.252.250.106

基本信息:

城市(city): Thuan An

省份(region): Tinh Quang Nam

国家(country): Vietnam

运营商(isp): AZDIGI Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	45.252.250.106 - - [07/Jun/2020:21:14:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.106 - - [07/Jun/2020:21:14:40 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.106 - - [07/Jun/2020:21:28:23 +0100] "POST /wp-login.php HTTP/1.1" 200 2040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-08 04:54:13
attackspam	CMS (WordPress or Joomla) login attempt.	2020-06-02 01:27:57
attack	404 NOT FOUND	2020-05-17 06:39:58
attackbotsspam	Automatic report - XMLRPC Attack	2020-02-08 21:42:28
attack	Automatic report - XMLRPC Attack	2019-11-26 02:51:08

相同子网IP讨论:

IP	类型	评论内容	时间
45.252.250.64	attackbots	firewall-block, port(s): 18148/tcp	2020-06-26 12:42:00
45.252.250.64	attackbots	Port scan denied	2020-06-24 13:51:20
45.252.250.64	attackbotsspam	(sshd) Failed SSH login from 45.252.250.64 (VN/Vietnam/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 14 00:08:30 ubnt-55d23 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.252.250.64 user=root Jun 14 00:08:32 ubnt-55d23 sshd[22726]: Failed password for root from 45.252.250.64 port 43144 ssh2	2020-06-14 06:12:03
45.252.250.13	attackbotsspam	Automatic report - XMLRPC Attack	2020-03-04 08:16:17
45.252.250.13	attack	Automatic report - XMLRPC Attack	2020-03-02 02:14:12
45.252.250.11	attackbotsspam	45.252.250.11 - - \[16/Jan/2020:22:50:40 +0100\] "POST /wp-login.php HTTP/1.0" 200 6597 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[16/Jan/2020:22:50:44 +0100\] "POST /wp-login.php HTTP/1.0" 200 6410 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[16/Jan/2020:22:50:45 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-01-17 06:01:14
45.252.250.11	attackspam	xmlrpc attack	2019-11-28 02:34:31
45.252.250.11	attack	xmlrpc attack	2019-11-15 08:57:42
45.252.250.11	attack	WordPress wp-login brute force :: 45.252.250.11 0.188 - [14/Nov/2019:06:25:17 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2043 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2019-11-14 18:36:03
45.252.250.11	attack	45.252.250.11 - - \[10/Nov/2019:15:46:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 2406 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[10/Nov/2019:15:46:20 +0100\] "POST /wp-login.php HTTP/1.0" 200 2364 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 45.252.250.11 - - \[10/Nov/2019:15:46:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 2374 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-10 23:40:08
45.252.250.110	attackbotsspam	xmlrpc attack	2019-09-02 06:29:53
45.252.250.110	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-08-04 02:34:05
45.252.250.201	attack	[FriJul0500:54:05.2852492019][:error][pid4583:tid47152594962176][client45.252.250.201:58682][client45.252.250.201]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\<\\|script\\|\>$"atARGS:domain.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"317"][id"347147"][rev"1"][msg"Atomicorp.comWAFRules:Wordpressadmin-ajaxXSSattack"][data"admin-ajax.php"][severity"CRITICAL"][hostname"cser.ch"][uri"/wp-admin/admin-ajax.php"][unique_id"XR6DjRmG7onBEAjys9uJmQAAAMk"][FriJul0500:58:24.9255002019][:error][pid29575:tid47152590759680][client45.252.250.201:42480][client45.252.250.201]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"miglaa\?_"atARGS:action.[file"/usr/local/apache.ea3/conf/modsec_rules/99_asl_jitp.conf"][line"60"][id"334072"][rev"5"][msg"Atomicorp.comWAFRules:CVE-2019-6703Attackblocked"][severity"ALERT"][hostname"cser.ch"][uri"/wp-admin/admin-ajax.php"][unique_id"XR6EkOJOLgY93J5KRwqZPAAAAUc"]	2019-07-05 07:42:20
45.252.250.110	attackspambots	45.252.250.110 - - [02/Jul/2019:15:58:38 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:43 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:49 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:54 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:55 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.250.110 - - [02/Jul/2019:15:58:56 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-02 23:26:15

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.252.250.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.252.250.106.			IN	A

;; AUTHORITY SECTION:
.			326	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112501 1800 900 604800 86400

;; Query time: 185 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 26 02:51:04 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 106.250.252.45.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 106.250.252.45.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
159.89.177.46	attackspam	Invalid user samba from 159.89.177.46 port 37332	2020-06-27 17:22:29
37.49.224.39	attackspam	$f2bV_matches	2020-06-27 17:34:30
157.230.109.166	attackbots	Jun 27 05:53:10 vps1 sshd[1954127]: Invalid user chungheon from 157.230.109.166 port 34800 Jun 27 05:53:12 vps1 sshd[1954127]: Failed password for invalid user chungheon from 157.230.109.166 port 34800 ssh2 ...	2020-06-27 17:11:31
181.31.101.35	attackspam	(sshd) Failed SSH login from 181.31.101.35 (AR/Argentina/35-101-31-181.fibertel.com.ar): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 27 11:38:52 ubnt-55d23 sshd[4873]: Invalid user xy from 181.31.101.35 port 54370 Jun 27 11:38:53 ubnt-55d23 sshd[4873]: Failed password for invalid user xy from 181.31.101.35 port 54370 ssh2	2020-06-27 17:49:44
163.172.60.213	attackspam	163.172.60.213 - - [27/Jun/2020:11:25:09 +0300] "POST /wp-login.php HTTP/1.1" 200 2775 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-27 17:40:50
185.232.30.130	attackspambots	Jun 27 10:35:33 debian-2gb-nbg1-2 kernel: \[15505586.054004\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.232.30.130 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=39765 PROTO=TCP SPT=52805 DPT=6002 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-27 17:35:47
52.165.226.15	attackspambots	Jun 27 11:17:10 srv-ubuntu-dev3 sshd[110077]: Invalid user user from 52.165.226.15 Jun 27 11:17:10 srv-ubuntu-dev3 sshd[110077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.226.15 Jun 27 11:17:10 srv-ubuntu-dev3 sshd[110077]: Invalid user user from 52.165.226.15 Jun 27 11:17:12 srv-ubuntu-dev3 sshd[110077]: Failed password for invalid user user from 52.165.226.15 port 3962 ssh2 Jun 27 11:19:54 srv-ubuntu-dev3 sshd[110524]: Invalid user root1 from 52.165.226.15 Jun 27 11:19:54 srv-ubuntu-dev3 sshd[110524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.226.15 Jun 27 11:19:54 srv-ubuntu-dev3 sshd[110524]: Invalid user root1 from 52.165.226.15 Jun 27 11:19:57 srv-ubuntu-dev3 sshd[110524]: Failed password for invalid user root1 from 52.165.226.15 port 54702 ssh2 Jun 27 11:25:07 srv-ubuntu-dev3 sshd[111512]: Invalid user azureuser from 52.165.226.15 ...	2020-06-27 17:32:07
49.233.148.2	attackspam	Jun 27 15:59:34 webhost01 sshd[32594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.148.2 Jun 27 15:59:35 webhost01 sshd[32594]: Failed password for invalid user max from 49.233.148.2 port 36398 ssh2 ...	2020-06-27 17:25:14
52.160.40.60	attackbotsspam	sshd: Failed password for .... from 52.160.40.60 port 50399 ssh2	2020-06-27 17:22:41
101.108.67.111	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-27 17:13:39
52.165.39.249	attackbotsspam	sshd: Failed password for .... from 52.165.39.249 port 2694 ssh2 (2 attempts)	2020-06-27 17:10:02
51.254.141.211	attackbots	Jun 27 08:54:05 l03 sshd[23831]: Invalid user ts3bot from 51.254.141.211 port 44834 ...	2020-06-27 17:42:49
51.158.152.44	attack	2020-06-27T08:36:39.2307271240 sshd\[18264\]: Invalid user server from 51.158.152.44 port 47878 2020-06-27T08:36:39.2344471240 sshd\[18264\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.152.44 2020-06-27T08:36:41.3721761240 sshd\[18264\]: Failed password for invalid user server from 51.158.152.44 port 47878 ssh2 ...	2020-06-27 17:12:59
167.71.248.102	attack	unauthorized connection attempt	2020-06-27 17:23:08
58.240.54.136	attackspambots	Invalid user portal from 58.240.54.136 port 51479	2020-06-27 17:33:26

最近上报的IP列表

184.103.108.32	115.240.242.43	115.61.123.138	130.161.78.188
70.27.171.122	188.247.73.225	65.216.85.50	87.242.198.12
12.61.176.184	111.47.188.182	41.83.130.209	155.159.186.150
113.70.26.64	177.91.200.7	66.183.237.10	115.176.102.192
45.5.97.3	62.254.16.78	68.186.87.64	63.28.240.21