172.245.85.214

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Hudson Valley Host

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	MYH,DEF GET /adminer.php	2020-03-09 19:50:56

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 172.245.85.214
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42224
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.245.85.214.			IN	A

;; AUTHORITY SECTION:
.			337	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030900 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 09 19:50:45 CST 2020
;; MSG SIZE  rcvd: 118

Host info

214.85.245.172.in-addr.arpa domain name pointer 172-245-85-214-host.colocrossing.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
214.85.245.172.in-addr.arpa	name = 172-245-85-214-host.colocrossing.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
151.177.184.180	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-09-12 02:36:31
138.68.94.142	attack	Port scan: Attack repeated for 24 hours	2020-09-12 02:27:28
83.48.29.116	attackspam	2020-09-11T18:23:18.714506ks3355764 sshd[17662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.48.29.116 user=root 2020-09-11T18:23:20.414923ks3355764 sshd[17662]: Failed password for root from 83.48.29.116 port 32661 ssh2 ...	2020-09-12 02:52:03
192.99.175.86	attackbots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-12 02:33:14
177.10.22.126	attackspam	Sep 10 02:35:48 mail.srvfarm.net postfix/smtps/smtpd[2854037]: warning: unknown[177.10.22.126]: SASL PLAIN authentication failed: Sep 10 02:35:49 mail.srvfarm.net postfix/smtps/smtpd[2854037]: lost connection after AUTH from unknown[177.10.22.126] Sep 10 02:37:03 mail.srvfarm.net postfix/smtps/smtpd[2854037]: warning: unknown[177.10.22.126]: SASL PLAIN authentication failed: Sep 10 02:37:04 mail.srvfarm.net postfix/smtps/smtpd[2854037]: lost connection after AUTH from unknown[177.10.22.126] Sep 10 02:45:27 mail.srvfarm.net postfix/smtpd[2859616]: warning: unknown[177.10.22.126]: SASL PLAIN authentication failed:	2020-09-12 02:41:38
113.160.148.180	attackbotsspam	Listed on rbldns-ru also zen-spamhaus / proto=6 . srcport=62405 . dstport=445 . (754)	2020-09-12 02:34:33
103.133.110.47	attackbotsspam	Fail2Ban Ban Triggered	2020-09-12 02:36:46
200.174.72.131	attackbots	Sep 11 12:47:50 HPCompaq6200-Xubuntu sshd[1512384]: Invalid user admin from 200.174.72.131 port 51284 Sep 11 12:47:50 HPCompaq6200-Xubuntu sshd[1512384]: Connection closed by invalid user admin 200.174.72.131 port 51284 [preauth] Sep 11 12:47:50 HPCompaq6200-Xubuntu sshd[1512384]: Invalid user admin from 200.174.72.131 port 51284 Sep 11 12:47:50 HPCompaq6200-Xubuntu sshd[1512384]: Connection closed by invalid user admin 200.174.72.131 port 51284 [preauth] Sep 11 12:47:54 HPCompaq6200-Xubuntu sshd[1512390]: Connection closed by authenticating user root 200.174.72.131 port 51399 [preauth] ...	2020-09-12 02:37:43
167.248.133.36	attack	Lines containing failures of 167.248.133.36 Sep 7 05:08:45 * sshd[6911]: refused connect from 167.248.133.36 (167.248.133.36) Sep 7 05:08:50 * sshd[6912]: refused connect from 167.248.133.36 (167.248.133.36) Sep 7 05:08:51 *** sshd[6913]: refused connect from 167.248.133.36 (167.248.133.36) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=167.248.133.36	2020-09-12 02:31:07
182.122.10.215	attack	Lines containing failures of 182.122.10.215 Sep 11 07:02:49 keyhelp sshd[31257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.122.10.215 user=r.r Sep 11 07:02:51 keyhelp sshd[31257]: Failed password for r.r from 182.122.10.215 port 13400 ssh2 Sep 11 07:02:51 keyhelp sshd[31257]: Received disconnect from 182.122.10.215 port 13400:11: Bye Bye [preauth] Sep 11 07:02:51 keyhelp sshd[31257]: Disconnected from authenticating user r.r 182.122.10.215 port 13400 [preauth] Sep 11 07:05:16 keyhelp sshd[31868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.122.10.215 user=r.r Sep 11 07:05:19 keyhelp sshd[31868]: Failed password for r.r from 182.122.10.215 port 42430 ssh2 Sep 11 07:05:19 keyhelp sshd[31868]: Received disconnect from 182.122.10.215 port 42430:11: Bye Bye [preauth] Sep 11 07:05:19 keyhelp sshd[31868]: Disconnected from authenticating user r.r 182.122.10.215 port 42430 [preaut........ ------------------------------	2020-09-12 02:47:30
177.91.178.59	attack	Sep 11 08:55:31 mail.srvfarm.net postfix/smtps/smtpd[3662994]: warning: unknown[177.91.178.59]: SASL PLAIN authentication failed: Sep 11 08:55:31 mail.srvfarm.net postfix/smtps/smtpd[3662994]: lost connection after AUTH from unknown[177.91.178.59] Sep 11 08:58:57 mail.srvfarm.net postfix/smtpd[3665246]: warning: unknown[177.91.178.59]: SASL PLAIN authentication failed: Sep 11 08:58:57 mail.srvfarm.net postfix/smtpd[3665246]: lost connection after AUTH from unknown[177.91.178.59] Sep 11 09:00:24 mail.srvfarm.net postfix/smtpd[3669818]: warning: unknown[177.91.178.59]: SASL PLAIN authentication failed:	2020-09-12 02:58:12
131.108.60.30	attack	Sep 11 16:36:04 plg sshd[29852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.60.30 user=root Sep 11 16:36:06 plg sshd[29852]: Failed password for invalid user root from 131.108.60.30 port 50718 ssh2 Sep 11 16:38:43 plg sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.60.30 user=root Sep 11 16:38:45 plg sshd[29873]: Failed password for invalid user root from 131.108.60.30 port 51992 ssh2 Sep 11 16:41:22 plg sshd[29952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.108.60.30 Sep 11 16:41:24 plg sshd[29952]: Failed password for invalid user cesar from 131.108.60.30 port 53266 ssh2 ...	2020-09-12 02:51:45
177.154.238.53	attackbots	Sep 7 12:12:37 mail.srvfarm.net postfix/smtpd[1039280]: warning: unknown[177.154.238.53]: SASL PLAIN authentication failed: Sep 7 12:12:37 mail.srvfarm.net postfix/smtpd[1039280]: lost connection after AUTH from unknown[177.154.238.53] Sep 7 12:15:23 mail.srvfarm.net postfix/smtpd[1038120]: warning: unknown[177.154.238.53]: SASL PLAIN authentication failed: Sep 7 12:15:24 mail.srvfarm.net postfix/smtpd[1038120]: lost connection after AUTH from unknown[177.154.238.53] Sep 7 12:20:28 mail.srvfarm.net postfix/smtpd[1053366]: warning: unknown[177.154.238.53]: SASL PLAIN authentication failed:	2020-09-12 02:41:21
114.67.254.244	attack	Sep 11 12:04:31 Tower sshd[16244]: Connection from 114.67.254.244 port 59866 on 192.168.10.220 port 22 rdomain "" Sep 11 12:04:34 Tower sshd[16244]: Invalid user elastic from 114.67.254.244 port 59866 Sep 11 12:04:34 Tower sshd[16244]: error: Could not get shadow information for NOUSER Sep 11 12:04:34 Tower sshd[16244]: Failed password for invalid user elastic from 114.67.254.244 port 59866 ssh2 Sep 11 12:04:35 Tower sshd[16244]: Received disconnect from 114.67.254.244 port 59866:11: Bye Bye [preauth] Sep 11 12:04:35 Tower sshd[16244]: Disconnected from invalid user elastic 114.67.254.244 port 59866 [preauth]	2020-09-12 02:31:20
45.8.124.39	attackspambots	Sep 11 12:49:19 mail.srvfarm.net postfix/submission/smtpd[3765467]: lost connection after EHLO from unknown[45.8.124.39] Sep 11 12:49:20 mail.srvfarm.net postfix/submission/smtpd[3765467]: lost connection after EHLO from unknown[45.8.124.39] Sep 11 12:49:20 mail.srvfarm.net postfix/submission/smtpd[3765467]: lost connection after EHLO from unknown[45.8.124.39] Sep 11 12:49:20 mail.srvfarm.net postfix/submission/smtpd[3765467]: lost connection after EHLO from unknown[45.8.124.39] Sep 11 12:49:20 mail.srvfarm.net postfix/submission/smtpd[3765467]: lost connection after EHLO from unknown[45.8.124.39]	2020-09-12 03:00:33

Recently Reported IPs

61.74.111.129	180.244.233.107	238.214.89.24	106.111.94.49
223.206.238.52	95.84.212.253	18.184.61.164	202.90.138.109
194.146.50.45	197.54.55.234	49.230.30.115	196.32.108.145
171.249.184.189	159.89.176.184	171.229.0.46	186.73.132.132
171.229.147.30	90.142.52.244	202.29.80.61	236.159.177.15