212.237.34.145

Basic Info

City: Arezzo

Region: Tuscany

Country: Italy

Internet Service Provider: Aruba Business S.R.L.

Hostname: unknown

Organization: Aruba S.p.A.

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Request: "GET / HTTP/1.1"	2019-06-22 09:57:28

Comments on same subnet:

IP	Type	Details	Datetime
212.237.34.156	attackbots	[ssh] SSH attack	2020-06-14 18:32:46
212.237.34.156	attackbots	2020-06-08T00:35:36.217766+02:00 sshd[3105]: Failed password for root from 212.237.34.156 port 44604 ssh2	2020-06-08 06:49:18
212.237.34.156	attackbots	Jun 3 01:12:16 gw1 sshd[14504]: Failed password for root from 212.237.34.156 port 60076 ssh2 ...	2020-06-03 04:19:49
212.237.34.156	attackspambots	May 13 18:56:31 IngegnereFirenze sshd[14211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 user=root ...	2020-05-14 03:17:36
212.237.34.156	attackbotsspam	May 11 18:08:19 vps647732 sshd[1090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 May 11 18:08:21 vps647732 sshd[1090]: Failed password for invalid user teste from 212.237.34.156 port 51294 ssh2 ...	2020-05-12 00:58:33
212.237.34.156	attackbotsspam	$f2bV_matches	2020-05-02 05:37:21
212.237.34.156	attackbots	Invalid user admin from 212.237.34.156 port 46926	2020-04-28 03:13:42
212.237.34.156	attackbotsspam	Invalid user vv from 212.237.34.156 port 46006	2020-04-21 20:15:35
212.237.34.156	attackbots	Found by fail2ban	2020-04-17 22:21:11
212.237.34.156	attack	Mar 25 09:22:12 server sshd\[22403\]: Invalid user andreyd from 212.237.34.156 Mar 25 09:22:12 server sshd\[22403\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 Mar 25 09:22:13 server sshd\[22403\]: Failed password for invalid user andreyd from 212.237.34.156 port 52852 ssh2 Mar 25 09:33:17 server sshd\[25704\]: Invalid user git from 212.237.34.156 Mar 25 09:33:17 server sshd\[25704\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 ...	2020-03-25 14:53:15
212.237.34.156	attackspam	Mar 22 05:37:28 legacy sshd[18176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 Mar 22 05:37:30 legacy sshd[18176]: Failed password for invalid user vnc from 212.237.34.156 port 36142 ssh2 Mar 22 05:42:50 legacy sshd[18257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 ...	2020-03-22 13:41:02
212.237.34.94	attack	Oct 21 03:03:19 ms-srv sshd[4860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.94 user=root Oct 21 03:03:21 ms-srv sshd[4860]: Failed password for invalid user root from 212.237.34.94 port 50126 ssh2	2020-03-09 03:07:58
212.237.34.94	attackbots	Oct 21 03:03:19 ms-srv sshd[4860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.94 user=root Oct 21 03:03:21 ms-srv sshd[4860]: Failed password for invalid user root from 212.237.34.94 port 50126 ssh2	2020-02-15 22:44:35
212.237.34.156	attack	Feb 8 19:09:44 localhost sshd\[26301\]: Invalid user rrm from 212.237.34.156 port 54974 Feb 8 19:09:44 localhost sshd\[26301\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 Feb 8 19:09:46 localhost sshd\[26301\]: Failed password for invalid user rrm from 212.237.34.156 port 54974 ssh2 ...	2020-02-09 05:12:49
212.237.34.156	attack	Feb 8 05:56:40 legacy sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 Feb 8 05:56:41 legacy sshd[12534]: Failed password for invalid user dtp from 212.237.34.156 port 42194 ssh2 Feb 8 05:59:57 legacy sshd[12678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.34.156 ...	2020-02-08 13:14:25

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.237.34.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20038
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.237.34.145.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061101 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jun 12 10:57:54 CST 2019
;; MSG SIZE  rcvd: 118

Host info

145.34.237.212.in-addr.arpa domain name pointer host145-34-237-212.serverdedicati.aruba.it.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
145.34.237.212.in-addr.arpa	name = host145-34-237-212.serverdedicati.aruba.it.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
217.14.211.216	attack	2020-09-21T10:08:25.725238centos sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.14.211.216 2020-09-21T10:08:25.717755centos sshd[14461]: Invalid user testuser from 217.14.211.216 port 35682 2020-09-21T10:08:27.580025centos sshd[14461]: Failed password for invalid user testuser from 217.14.211.216 port 35682 ssh2 ...	2020-09-21 18:29:17
192.236.155.132	attack	Sep 20 16:58:01 hermescis postfix/smtpd[25060]: NOQUEUE: reject: RCPT from unknown[192.236.155.132]: 550 5.1.1 : Recipient address rejected:* from=<193@l.massivellion.buzz> to= proto=ESMTP helo=	2020-09-21 18:39:30
142.93.52.174	attack	142.93.52.174 - - [21/Sep/2020:12:12:36 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:37 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-21 19:01:02
167.172.195.99	attack	(sshd) Failed SSH login from 167.172.195.99 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 21 05:53:52 idl1-dfw sshd[1738190]: Invalid user git from 167.172.195.99 port 35106 Sep 21 05:53:53 idl1-dfw sshd[1738190]: Failed password for invalid user git from 167.172.195.99 port 35106 ssh2 Sep 21 06:04:24 idl1-dfw sshd[1745897]: Invalid user info from 167.172.195.99 port 33806 Sep 21 06:04:27 idl1-dfw sshd[1745897]: Failed password for invalid user info from 167.172.195.99 port 33806 ssh2 Sep 21 06:08:06 idl1-dfw sshd[1748399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.195.99 user=root	2020-09-21 18:45:55
118.24.82.81	attack	[ssh] SSH attack	2020-09-21 18:33:22
138.68.95.204	attack	TCP port : 7727	2020-09-21 18:49:51
61.133.232.253	attackbotsspam	Sep 21 10:02:13 melroy-server sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.133.232.253 Sep 21 10:02:15 melroy-server sshd[4341]: Failed password for invalid user sysadmin from 61.133.232.253 port 26194 ssh2 ...	2020-09-21 19:00:18
111.67.204.109	attackbotsspam	Sep 21 11:34:03 ns3164893 sshd[26691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.204.109 Sep 21 11:34:06 ns3164893 sshd[26691]: Failed password for invalid user student from 111.67.204.109 port 10536 ssh2 ...	2020-09-21 18:52:06
60.243.168.25	attack	Listed on dnsbl-sorbs plus abuseat.org and zen-spamhaus / proto=6 . srcport=62854 . dstport=23 . (2296)	2020-09-21 18:37:02
113.193.63.170	attack	(smtpauth) Failed SMTP AUTH login from 113.193.63.170 (IN/India/-): 5 in the last 3600 secs	2020-09-21 18:46:39
165.22.223.121	attackspambots	Sep 21 08:46:23 marvibiene sshd[44633]: Invalid user nagios from 165.22.223.121 port 46000 Sep 21 08:46:23 marvibiene sshd[44633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.223.121 Sep 21 08:46:23 marvibiene sshd[44633]: Invalid user nagios from 165.22.223.121 port 46000 Sep 21 08:46:24 marvibiene sshd[44633]: Failed password for invalid user nagios from 165.22.223.121 port 46000 ssh2	2020-09-21 18:43:42
125.25.83.71	attack	Automatic report - Banned IP Access	2020-09-21 18:44:24
112.254.55.131	attack	[Sun Sep 20 23:58:02.153212 2020] [:error] [pid 23423:tid 140118059661056] [client 112.254.55.131:39665] [client 112.254.55.131] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1041"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/setup.cgi"] [unique_id "AAAAAKyLvmllluV-tW9b4QAAAC0"] ...	2020-09-21 18:45:11
125.227.255.79	attackspambots	2020-09-21T09:22:40.532464abusebot-7.cloudsearch.cf sshd[10445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125-227-255-79.hinet-ip.hinet.net user=root 2020-09-21T09:22:41.981136abusebot-7.cloudsearch.cf sshd[10445]: Failed password for root from 125.227.255.79 port 57486 ssh2 2020-09-21T09:26:46.367801abusebot-7.cloudsearch.cf sshd[10502]: Invalid user ftpuser from 125.227.255.79 port 65167 2020-09-21T09:26:46.371690abusebot-7.cloudsearch.cf sshd[10502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125-227-255-79.hinet-ip.hinet.net 2020-09-21T09:26:46.367801abusebot-7.cloudsearch.cf sshd[10502]: Invalid user ftpuser from 125.227.255.79 port 65167 2020-09-21T09:26:48.592942abusebot-7.cloudsearch.cf sshd[10502]: Failed password for invalid user ftpuser from 125.227.255.79 port 65167 ssh2 2020-09-21T09:30:47.953003abusebot-7.cloudsearch.cf sshd[10515]: pam_unix(sshd:auth): authentication failure; log ...	2020-09-21 18:58:55
51.38.188.20	attackbotsspam	Triggered by Fail2Ban at Ares web server	2020-09-21 19:02:17

Recently Reported IPs

14.161.8.222	117.239.217.36	176.167.3.182	211.143.180.58
92.81.159.243	105.207.159.108	32.49.246.105	216.218.145.156
194.43.243.148	174.91.42.28	96.66.137.214	200.219.119.54
103.216.128.112	44.96.224.196	158.121.176.207	162.176.166.56
96.65.47.17	124.109.20.62	2.215.159.193	71.177.136.140