IP address: 81.22.45.219

Host rating:

2.1

out of 214 votes

Last update: 2019-09-12

Host details

Unknown
Unknown
Unknown
Unknown
See comments

Reported breaches

  • Port scan
  • Dodgy activity
Report breach

Whois record

The publicly-available Whois record found at whois.ripe.net server.

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '81.22.45.0 - 81.22.45.255'

% Abuse contact for '81.22.45.0 - 81.22.45.255' is '[email protected]'

inetnum:        81.22.45.0 - 81.22.45.255
netname:        RU-INFOTECH-20181015
country:        RU
org:            ORG-ITL54-RIPE
admin-c:        LD5832-RIPE
tech-c:         LD5832-RIPE
status:         ASSIGNED PA
mnt-by:         IP-RIPE
mnt-routes:     ru-informtech-1-mnt
mnt-routes:     MNT-SELECTEL
created:        2018-10-15T14:52:53Z
last-modified:  2019-04-08T18:52:43Z
source:         RIPE

% Information related to '81.22.45.0/24AS49505'

route:          81.22.45.0/24
descr:          Selectel Customer
origin:         AS49505
mnt-by:         MNT-SELECTEL
created:        2018-11-23T13:48:16Z
last-modified:  2018-11-23T13:48:16Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.94 (WAGYU)


User comments

214 security incident(s) reported by users

BHD Honeypot
Port scan
2019-08-07

In the last 24h, the attacker (81.22.45.219) attempted to scan 36 ports.
The following ports have been scanned: 8502/tcp, 14725/tcp, 13389/tcp, 3457/tcp (VAT default control), 7576/tcp, 8075/tcp, 5556/tcp (Freeciv gameplay), 20598/tcp, 3471/tcp (jt400-ssl), 55551/tcp, 52008/tcp, 10089/tcp, 3378/tcp (WSICOPY), 10062/tcp, 45389/tcp, 10042/tcp, 3498/tcp (DASHPAS user port), 3566/tcp (Quest Data Hub), 11394/tcp, 53992/tcp, 55001/tcp, 21685/tcp, 3381/tcp (Geneous), 60168/tcp, 8091/tcp (Jam Link Framework), 3370/tcp, 64122/tcp, 33391/tcp, 22493/tcp, 53358/tcp, 62677/tcp, 8004/tcp, 3189/tcp (Pinnacle Sys InfEx Port), 1224/tcp (VPNz), 3461/tcp (EDM Stager).
      
BHD Honeypot
Port scan
2019-08-06

In the last 24h, the attacker (81.22.45.219) attempted to scan 45 ports.
The following ports have been scanned: 10340/tcp, 21432/tcp, 55101/tcp, 56393/tcp, 3457/tcp (VAT default control), 10081/tcp (FAM Archive Server), 20301/tcp, 55255/tcp, 10300/tcp, 15582/tcp, 30330/tcp, 389/tcp (Lightweight Directory Access Protocol), 8796/tcp, 3349/tcp (Chevin Services), 4150/tcp (PowerAlert Network Shutdown Agent), 50046/tcp, 5504/tcp (fcp-cics-gw1), 40003/tcp, 50011/tcp, 3055/tcp (Policy Server), 21064/tcp, 6602/tcp (Windows WSS Communication Framework), 7388/tcp, 3445/tcp (Media Object Network), 1140/tcp (AutoNOC Network Operations Protocol), 10579/tcp, 40004/tcp, 5557/tcp (Sandlab FARENET), 43388/tcp, 21189/tcp, 8925/tcp, 28098/tcp, 65059/tcp, 33444/tcp, 3990/tcp (BindView-IS), 3903/tcp (CharsetMGR), 57035/tcp, 9832/tcp, 8999/tcp (Brodos Crypto Trade Protocol), 1528/tcp, 62634/tcp, 3500/tcp (RTMP Port), 3721/tcp (Xsync), 15900/tcp, 7075/tcp.
      
BHD Honeypot
Port scan
2019-08-05

In the last 24h, the attacker (81.22.45.219) attempted to scan 25 ports.
The following ports have been scanned: 6667/tcp, 8595/tcp, 7676/tcp (iMQ Broker Rendezvous), 20345/tcp, 31680/tcp, 4201/tcp, 33995/tcp, 3408/tcp (BES Api Port), 3405/tcp (Nokia Announcement ch 1), 8389/tcp, 7689/tcp (Collaber Network Service), 24592/tcp, 3385/tcp (qnxnetman), 777/tcp (Multiling HTTP), 9354/tcp, 20283/tcp, 9835/tcp, 10019/tcp, 9804/tcp, 10155/tcp, 8399/tcp, 4009/tcp (Chimera HWM), 26689/tcp, 9321/tcp (guibase), 38017/tcp.
      
BHD Honeypot
Port scan
2019-08-04

Port scan from IP: 81.22.45.219 detected by psad.
Annoyed
Port scan
2019-07-25

Constant port scans reported by SonicWall.
hans
Port scan
2019-07-23

massive port scans reported by our SOPHOS UTM
81.22.45.219
Port scan
2019-07-22

Portscan
Bowen
Port scan
2019-07-22

port scanning over two days
sammo
Port scan
2019-07-21

relentless port scanning
BHD Honeypot
Port scan
2019-07-20

In the last 24h, the attacker (81.22.45.219) attempted to scan 170 ports.
The following ports have been scanned: 61402/tcp, 6667/tcp, 3031/tcp (Remote AppleEvents/PPC Toolbox), 10005/tcp (EMC Replication Manager Server), 6018/tcp, 10154/tcp, 9009/tcp (Pichat Server), 8018/tcp, 9788/tcp, 3700/tcp (LRS NetPage), 9000/tcp (CSlistener), 21432/tcp, 9830/tcp, 65001/tcp, 32999/tcp, 9006/tcp, 117/tcp (UUCP Path Service), 8011/tcp, 30189/tcp, 6838/tcp, 6169/tcp, 22222/tcp, 12308/tcp, 9189/tcp, 60502/tcp, 12100/tcp, 620/tcp (SCO WebServer Manager), 52389/tcp, 33988/tcp, 3383/tcp (Enterprise Software Products License Manager), 10919/tcp, 6600/tcp (Microsoft Hyper-V Live Migration), 22092/tcp, 10079/tcp, 20301/tcp, 8082/tcp (Utilistor (Client)), 20053/tcp, 4030/tcp (Accell/JSP Daemon Port), 3676/tcp (VisualAge Pacbase server), 59243/tcp, 10003/tcp (EMC-Documentum Content Server Product), 25623/tcp, 10008/tcp (Octopus Multiplexer), 5590/tcp, 7373/tcp, 20037/tcp, 1978/tcp (UniSQL), 21153/tcp, 33109/tcp, 5701/tcp, 61000/tcp, 11275/tcp, 8060/tcp, 3121/tcp, 33888/tcp, 10020/tcp, 1002/tcp, 843/tcp, 4000/tcp (Terabase), 1472/tcp (csdm), 127/tcp (Locus PC-Interface Conn Server), 4321/tcp (Remote Who Is), 6100/tcp (SynchroNet-db), 3111/tcp (Web Synchronous Services), 30007/tcp, 12389/tcp, 3311/tcp (MCNS Tel Ret), 3384/tcp (Cluster Management Services), 20055/tcp, 5001/tcp (commplex-link), 10101/tcp (eZmeeting), 6123/tcp (Backup Express), 33895/tcp, 53391/tcp, 33898/tcp, 2137/tcp (CONNECT), 3411/tcp (BioLink Authenteon server), 20041/tcp, 3024/tcp (NDS_SSO), 3351/tcp (Btrieve port), 40163/tcp, 16377/tcp, 4111/tcp (Xgrid), 10012/tcp, 3450/tcp (CAStorProxy), 6831/tcp (ambit-lm), 3030/tcp (Arepa Cas), 4127/tcp (NetUniKeyServer), 9527/tcp, 21028/tcp, 60044/tcp, 33009/tcp, 6060/tcp, 3010/tcp (Telerate Workstation), 3498/tcp (DASHPAS user port), 1981/tcp (p2pQ), 40022/tcp, 9101/tcp (Bacula Director), 23389/tcp, 9856/tcp, 10051/tcp (Zabbix Trapper), 12115/tcp, 5558/tcp, 21189/tcp, 6465/tcp, 3232/tcp (MDT port), 4004/tcp (pxc-roid), 23419/tcp, 9390/tcp (OpenVAS Transfer Protocol), 6789/tcp (SMC-HTTPS), 11338/tcp, 53992/tcp, 3374/tcp (Cluster Disc), 33335/tcp, 25253/tcp, 5900/tcp (Remote Framebuffer), 4389/tcp (Xandros Community Management Service), 21712/tcp, 26689/tcp, 9879/tcp, 6200/tcp (LM-X License Manager by X-Formation), 8091/tcp (Jam Link Framework), 1025/tcp (network blackjack), 21181/tcp, 3333/tcp (DEC Notes), 4489/tcp, 3903/tcp (CharsetMGR), 6614/tcp, 3839/tcp (AMX Resource Management Suite), 33079/tcp, 3838/tcp (Scito Object Server), 25000/tcp (icl-twobase1), 9321/tcp (guibase), 9250/tcp, 19006/tcp, 49374/tcp, 10000/tcp (Network Data Management Protocol), 25888/tcp, 15678/tcp, 2430/tcp (venus), 9980/tcp, 10162/tcp (SNMP-Trap-TLS), 2210/tcp (NOAAPORT Broadcast Network), 53511/tcp, 40002/tcp, 3240/tcp (Trio Motion Control Port), 50351/tcp, 20101/tcp, 9834/tcp, 3721/tcp (Xsync), 4063/tcp (Ice Firewall Traversal Service (TCP)), 3415/tcp (BCI Name Service), 9939/tcp, 35589/tcp, 19105/tcp, 8833/tcp, 2727/tcp (Media Gateway Control Protocol Call Agent), 1107/tcp (ISOIPSIGPORT-2), 25668/tcp.
      
BHD Honeypot
Port scan
2019-07-19

In the last 24h, the attacker (81.22.45.219) attempted to scan 189 ports.
The following ports have been scanned: 4010/tcp (Samsung Unidex), 22072/tcp, 6187/tcp, 10010/tcp (ooRexx rxapi services), 6621/tcp (Kerberos V5 FTP Control), 9990/tcp (OSM Applet Server), 6596/tcp, 33205/tcp, 6018/tcp, 4103/tcp (Braille protocol), 11039/tcp, 5858/tcp, 20151/tcp, 3410/tcp (NetworkLens SSL Event), 9830/tcp, 9090/tcp (WebSM), 4780/tcp, 65533/tcp, 9443/tcp (WSO2 Tungsten HTTPS), 6289/tcp, 50015/tcp, 9132/tcp, 22222/tcp, 10050/tcp (Zabbix Agent), 55000/tcp, 50006/tcp, 9011/tcp, 12308/tcp, 16001/tcp (Administration Server Connector), 6698/tcp, 3318/tcp (Swith to Swith Routing Information Protocol), 9833/tcp, 4008/tcp (NetCheque accounting), 9001/tcp (ETL Service Manager), 33995/tcp, 58011/tcp, 3407/tcp (LDAP admin server port), 6600/tcp (Microsoft Hyper-V Live Migration), 15000/tcp (Hypack Data Aquisition), 22092/tcp, 6203/tcp, 17896/tcp, 61203/tcp, 22381/tcp, 4455/tcp (PR Chat User), 1102/tcp (ADOBE SERVER 1), 6778/tcp, 3320/tcp (Office Link 2000), 10800/tcp (Gestor de Acaparamiento para Pocket PCs), 3676/tcp (VisualAge Pacbase server), 9898/tcp (MonkeyCom), 10040/tcp, 33911/tcp, 63115/tcp, 3330/tcp (MCS Calypso ICF), 40021/tcp, 56888/tcp, 10003/tcp (EMC-Documentum Content Server Product), 1988/tcp (cisco RSRB Priority 2 port), 222/tcp (Berkeley rshd with SPX auth), 110/tcp (Post Office Protocol - Version 3), 1978/tcp (UniSQL), 6565/tcp, 3408/tcp (BES Api Port), 48426/tcp, 60089/tcp, 9918/tcp, 56804/tcp, 50218/tcp, 4150/tcp (PowerAlert Network Shutdown Agent), 20243/tcp, 49800/tcp, 50505/tcp, 4000/tcp (Terabase), 42159/tcp, 50311/tcp, 16090/tcp, 10001/tcp (SCP Configuration), 60002/tcp, 24592/tcp, 20598/tcp, 13415/tcp, 2017/tcp (cypress-stat), 8956/tcp, 10389/tcp, 888/tcp (CD Database Protocol), 33113/tcp, 10088/tcp, 10445/tcp, 3392/tcp (EFI License Management), 3309/tcp (TNS ADV), 56467/tcp, 34413/tcp, 4043/tcp (Neighbour Identity Resolution), 36500/tcp, 23856/tcp, 10579/tcp, 1337/tcp (menandmice DNS), 3030/tcp (Arepa Cas), 9160/tcp (apani1), 2888/tcp (SPCSDLOBBY), 33090/tcp, 40022/tcp, 9013/tcp, 13131/tcp, 8963/tcp, 23389/tcp, 3413/tcp (SpecView Networking), 51123/tcp, 3510/tcp (XSS Port), 9755/tcp, 8898/tcp, 20009/tcp, 65500/tcp, 9010/tcp (Secure Data Replicator Protocol), 4402/tcp (ASIGRA Televaulting DS-Client Service), 10462/tcp, 4450/tcp (Camp), 1008/tcp, 3501/tcp (iSoft-P2P), 3003/tcp (CGMS), 25001/tcp (icl-twobase2), 14012/tcp, 8591/tcp, 3690/tcp (Subversion), 963/tcp, 16699/tcp, 4389/tcp (Xandros Community Management Service), 24683/tcp, 17856/tcp, 10261/tcp, 12001/tcp (IBM Enterprise Extender SNA COS Network Priority), 3087/tcp (Asoki SMA), 1023/tcp, 3903/tcp (CharsetMGR), 16714/tcp, 8938/tcp, 33923/tcp, 12019/tcp, 3443/tcp (OpenView Network Node Manager WEB Server), 10086/tcp, 2048/tcp (dls-monitor), 3138/tcp (rtnt-2 data packets), 6553/tcp, 4245/tcp, 42310/tcp, 17168/tcp, 8589/tcp, 44551/tcp, 8230/tcp (RexecJ Server), 62677/tcp, 19001/tcp, 85/tcp (MIT ML Device), 33393/tcp, 10025/tcp, 4499/tcp, 7105/tcp, 1281/tcp (healthd), 4097/tcp (Patrol View), 2210/tcp (NOAAPORT Broadcast Network), 3375/tcp (VSNM Agent), 4243/tcp, 10114/tcp (NetIQ Qcheck), 2006/tcp (invokator), 4490/tcp, 3240/tcp (Trio Motion Control Port), 10093/tcp, 10351/tcp, 37389/tcp, 20101/tcp, 9099/tcp, 15900/tcp, 15963/tcp, 9939/tcp, 11027/tcp, 19105/tcp, 20089/tcp.
      
BHD Honeypot
Port scan
2019-07-18

In the last 24h, the attacker (81.22.45.219) attempted to scan 169 ports.
The following ports have been scanned: 58934/tcp, 3589/tcp (isomair), 6596/tcp, 9005/tcp, 8896/tcp, 5188/tcp, 7125/tcp, 9092/tcp (Xml-Ipc Server Reg), 12121/tcp (NuPaper Session Service), 9000/tcp (CSlistener), 9830/tcp, 10142/tcp, 9090/tcp (WebSM), 7100/tcp (X Font Service), 7788/tcp, 40011/tcp, 4729/tcp, 50015/tcp, 62001/tcp, 8990/tcp (webmail HTTP service), 9011/tcp, 1/tcp (TCP Port Service Multiplexer), 9189/tcp, 30000/tcp, 8910/tcp (manyone-http), 13388/tcp, 21233/tcp, 23/tcp (Telnet), 60077/tcp, 9037/tcp, 22092/tcp, 9201/tcp (WAP session service), 11786/tcp, 10009/tcp (Systemwalker Desktop Patrol), 8912/tcp (Windows Client Backup), 8090/tcp, 9898/tcp (MonkeyCom), 13721/tcp (BPDBM Protocol (VERITAS NetBackup)), 8944/tcp, 61789/tcp, 3008/tcp (Midnight Technologies), 33125/tcp, 50003/tcp, 8796/tcp, 6677/tcp, 3000/tcp (RemoteWare Client), 56804/tcp, 56789/tcp, 7069/tcp, 3535/tcp (MS-LA), 8050/tcp, 50007/tcp, 63978/tcp, 38399/tcp, 57/tcp (any private terminal access), 8989/tcp (Sun Web Server SSL Admin Service), 50002/tcp, 11912/tcp, 45236/tcp, 47935/tcp, 50114/tcp, 63763/tcp, 33/tcp (Display Support Protocol), 33200/tcp, 10110/tcp (NMEA-0183 Navigational Data), 11052/tcp, 3471/tcp (jt400-ssl), 40202/tcp, 9103/tcp (Bacula Storage Daemon), 33392/tcp, 50040/tcp, 21709/tcp, 33253/tcp, 63456/tcp, 11010/tcp, 3445/tcp (Media Object Network), 45389/tcp, 10579/tcp, 10012/tcp, 8585/tcp, 3645/tcp (Cyc), 1576/tcp (Moldflow License Manager), 9014/tcp, 3450/tcp (CAStorProxy), 61001/tcp, 10230/tcp, 9527/tcp, 63458/tcp, 3353/tcp (FATPIPE), 9224/tcp, 9797/tcp, 3300/tcp, 8963/tcp, 23389/tcp, 3413/tcp (SpecView Networking), 43388/tcp, 55555/tcp, 5600/tcp (Enterprise Security Manager), 666/tcp (doom Id Software), 5877/tcp, 9390/tcp (OpenVAS Transfer Protocol), 8881/tcp, 9804/tcp, 56186/tcp, 3995/tcp (ISS Management Svcs SSL), 5551/tcp, 8889/tcp (Desktop Data TCP 1), 8591/tcp, 21167/tcp, 51741/tcp, 7979/tcp (Micromuse-ncps), 31582/tcp, 58369/tcp, 3889/tcp (D and V Tester Control Port), 3102/tcp (SoftlinK Slave Mon Port), 32189/tcp, 7634/tcp, 50000/tcp, 33211/tcp, 15500/tcp, 50295/tcp, 21181/tcp, 60102/tcp, 64122/tcp, 10004/tcp (EMC Replication Manager Client), 3839/tcp (AMX Resource Management Suite), 15001/tcp, 29292/tcp, 44444/tcp, 10053/tcp, 5632/tcp (pcANYWHEREstat), 6553/tcp, 38017/tcp, 5537/tcp, 19006/tcp, 2020/tcp (xinupageserver), 4432/tcp, 17168/tcp, 15201/tcp, 1987/tcp (cisco RSRB Priority 1 port), 40066/tcp, 8230/tcp (RexecJ Server), 3361/tcp (KV Agent), 8004/tcp, 85/tcp (MIT ML Device), 6688/tcp (CleverView for TCP/IP Message Service), 33889/tcp, 15882/tcp, 9999/tcp (distinct), 3529/tcp (JBoss IIOP/SSL), 9931/tcp, 13398/tcp, 10194/tcp, 2809/tcp (CORBA LOC), 3416/tcp (AirMobile IS Command Port), 33894/tcp, 35589/tcp.
      
BHD Honeypot
Port scan
2019-07-18

Port scan from IP: 81.22.45.219 detected by psad.
BHD Honeypot
Port scan
2019-07-17

In the last 24h, the attacker (81.22.45.219) attempted to scan 170 ports.
The following ports have been scanned: 61402/tcp, 56588/tcp, 6001/tcp, 10793/tcp, 8088/tcp (Radan HTTP), 9292/tcp (ArmTech Daemon), 3398/tcp (Mercantile), 9009/tcp (Pichat Server), 9092/tcp (Xml-Ipc Server Reg), 12306/tcp, 5858/tcp, 4689/tcp (Altova DatabaseCentral), 13579/tcp, 820/tcp, 13888/tcp, 60001/tcp, 9520/tcp, 11153/tcp, 8990/tcp (webmail HTTP service), 8935/tcp, 9011/tcp, 60502/tcp, 5631/tcp (pcANYWHEREdata), 3457/tcp (VAT default control), 39389/tcp, 130/tcp (cisco FNATIVE), 9201/tcp (WAP session service), 5010/tcp (TelepathStart), 43383/tcp, 83/tcp (MIT ML Device), 61203/tcp, 55050/tcp, 14826/tcp, 54389/tcp, 5200/tcp (TARGUS GetData), 3091/tcp (1Ci Server Management), 20000/tcp (DNP), 13390/tcp, 5800/tcp, 36501/tcp, 5590/tcp, 8839/tcp, 5560/tcp, 1299/tcp (hp-sci), 40029/tcp, 3406/tcp (Nokia Announcement ch 2), 8796/tcp, 60273/tcp, 60089/tcp, 60000/tcp, 3000/tcp (RemoteWare Client), 1318/tcp (krb5gatekeeper), 64500/tcp, 11275/tcp, 60390/tcp, 3332/tcp (MCS Mail Server), 4012/tcp (PDA Gate), 11111/tcp (Viral Computing Environment (VCE)), 8389/tcp, 42389/tcp, 55893/tcp, 3111/tcp (Web Synchronous Services), 20353/tcp, 20598/tcp, 3200/tcp (Press-sense Tick Port), 13892/tcp, 6123/tcp (Backup Express), 3471/tcp (jt400-ssl), 33113/tcp, 10088/tcp, 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 1027/tcp, 3393/tcp (D2K Tapestry Client to Server), 9296/tcp, 20439/tcp, 33392/tcp, 2137/tcp (CONNECT), 12301/tcp, 3394/tcp (D2K Tapestry Server to Server), 58595/tcp, 6133/tcp (New Boundary Tech WOL), 3451/tcp (ASAM Services), 4550/tcp (Perman I Interbase Server), 10042/tcp, 51888/tcp, 1576/tcp (Moldflow License Manager), 33341/tcp, 3306/tcp (MySQL), 40004/tcp, 8300/tcp (Transport Management Interface), 9835/tcp, 33090/tcp, 10234/tcp, 3011/tcp (Trusted Web), 444/tcp (Simple Network Paging Protocol), 666/tcp (doom Id Software), 9015/tcp, 5877/tcp, 10462/tcp, 10500/tcp, 50/tcp (Remote Mail Checking Protocol), 4635/tcp, 10155/tcp, 3607/tcp (Precise I3), 33335/tcp, 60190/tcp, 25253/tcp, 26622/tcp, 61718/tcp, 3102/tcp (SoftlinK Slave Mon Port), 963/tcp, 33211/tcp, 28098/tcp, 9879/tcp, 33306/tcp, 63393/tcp, 21165/tcp, 40013/tcp, 9379/tcp, 7001/tcp (callbacks to cache managers), 6699/tcp, 3443/tcp (OpenView Network Node Manager WEB Server), 33391/tcp, 8888/tcp (NewsEDGE server TCP (TCP 1)), 38899/tcp, 1412/tcp (InnoSys), 3342/tcp (WebTIE), 40028/tcp, 1218/tcp (AeroFlight-ADs), 8589/tcp, 40066/tcp, 8230/tcp (RexecJ Server), 4011/tcp (Alternate Service Boot), 3420/tcp (iFCP User Port), 33001/tcp, 1085/tcp (Web Objects), 63104/tcp, 3505/tcp (CCM communications port), 9002/tcp (DynamID authentication), 1224/tcp (VPNz), 43123/tcp, 56523/tcp, 3004/tcp (Csoft Agent), 8383/tcp (M2m Services), 9999/tcp (distinct), 12000/tcp (IBM Enterprise Extender SNA XID Exchange), 3495/tcp (securitylayer over tcp), 4023/tcp (ESNM Zoning Port), 9191/tcp (Sun AppSvr JPDA), 11888/tcp, 3416/tcp (AirMobile IS Command Port), 3461/tcp (EDM Stager), 10006/tcp, 59980/tcp.
      
BHD Honeypot
Port scan
2019-07-16

In the last 24h, the attacker (81.22.45.219) attempted to scan 122 ports.
The following ports have been scanned: 58934/tcp, 3005/tcp (Genius License Manager), 9092/tcp (Xml-Ipc Server Reg), 33388/tcp, 3396/tcp (Printer Agent), 10452/tcp, 3359/tcp (WG NetForce), 9876/tcp (Session Director), 6687/tcp (CleverView for cTrace Message Service), 9830/tcp, 4006/tcp (pxc-spvr), 9006/tcp, 4591/tcp (HRPD L3T (AT-AN)), 5678/tcp (Remote Replication Agent Connection), 5390/tcp, 20047/tcp, 53521/tcp, 55000/tcp, 33110/tcp, 10021/tcp, 30000/tcp, 620/tcp (SCO WebServer Manager), 4545/tcp (WorldScores), 9001/tcp (ETL Service Manager), 3383/tcp (Enterprise Software Products License Manager), 61203/tcp, 4030/tcp (Accell/JSP Daemon Port), 14826/tcp, 1118/tcp (SACRED), 59243/tcp, 10003/tcp (EMC-Documentum Content Server Product), 25623/tcp, 13390/tcp, 10008/tcp (Octopus Multiplexer), 222/tcp (Berkeley rshd with SPX auth), 5210/tcp, 31028/tcp, 30389/tcp, 58888/tcp, 11047/tcp, 3636/tcp (SerVistaITSM), 5656/tcp, 4150/tcp (PowerAlert Network Shutdown Agent), 5301/tcp (HA cluster general services), 55893/tcp, 4321/tcp (Remote Who Is), 5556/tcp (Freeciv gameplay), 5769/tcp (x509solutions Internal CA), 55588/tcp, 5696/tcp, 24592/tcp, 777/tcp (Multiling HTTP), 33200/tcp, 10110/tcp (NMEA-0183 Navigational Data), 3456/tcp (VAT default data), 33010/tcp, 3480/tcp (Secure Virtual Workspace), 6114/tcp (WRspice IPC Service), 33113/tcp, 10087/tcp, 5665/tcp, 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 53391/tcp, 64634/tcp, 33253/tcp, 63456/tcp, 33169/tcp, 33012/tcp, 33150/tcp, 3645/tcp (Cyc), 1055/tcp (ANSYS - License Manager), 6831/tcp (ambit-lm), 63458/tcp, 10234/tcp, 8939/tcp, 1010/tcp (surf), 5366/tcp, 5566/tcp (Westec Connect), 64789/tcp, 31000/tcp, 3340/tcp (OMF data m), 4402/tcp (ASIGRA Televaulting DS-Client Service), 3355/tcp (Ordinox Dbase), 9804/tcp, 3607/tcp (Precise I3), 5551/tcp, 3879/tcp (appss license manager), 3336/tcp (Direct TV Tickers), 5002/tcp (radio free ethernet), 31582/tcp, 3690/tcp (Subversion), 24683/tcp, 11003/tcp, 60012/tcp, 3903/tcp (CharsetMGR), 5534/tcp, 3334/tcp (Direct TV Webcasting), 6008/tcp, 5568/tcp (Session Data Transport Multicast), 3366/tcp (Creative Partner), 33079/tcp, 5577/tcp, 3312/tcp (Application Management Server), 5456/tcp (APC 5456), 3989/tcp (BindView-Query Engine), 33042/tcp, 6688/tcp (CleverView for TCP/IP Message Service), 33183/tcp, 9980/tcp, 2089/tcp (Security Encapsulation Protocol - SEP), 13398/tcp, 5702/tcp.
      
BHD Honeypot
Port scan
2019-07-15

In the last 24h, the attacker (81.22.45.219) attempted to scan 186 ports.
The following ports have been scanned: 22072/tcp, 6667/tcp, 6596/tcp, 6500/tcp (BoKS Master), 1654/tcp (stargatealerts), 9292/tcp (ArmTech Daemon), 3398/tcp (Mercantile), 9092/tcp (Xml-Ipc Server Reg), 3489/tcp (DTP/DIA), 5858/tcp, 11305/tcp, 4780/tcp, 6610/tcp, 3321/tcp (VNSSTR), 10352/tcp, 43245/tcp, 3421/tcp (Bull Apprise portmapper), 33189/tcp, 6838/tcp, 6169/tcp, 1157/tcp (Oracle iASControl), 4002/tcp (pxc-spvr-ft), 62001/tcp, 2001/tcp (dc), 9988/tcp (Software Essentials Secure HTTP server), 6030/tcp, 3407/tcp (LDAP admin server port), 5358/tcp (WS for Devices Secured), 43383/tcp, 10079/tcp, 60031/tcp, 11786/tcp, 3363/tcp (NATI Vi Server), 5152/tcp (ESRI SDE Instance Discovery), 5091/tcp, 8090/tcp, 10800/tcp (Gestor de Acaparamiento para Pocket PCs), 5589/tcp, 63115/tcp, 56888/tcp, 5200/tcp (TARGUS GetData), 8588/tcp, 11965/tcp, 10055/tcp (Quantapoint FLEXlm Licensing Service), 5560/tcp, 65535/tcp, 3045/tcp (ResponseNet), 3379/tcp (SOCORFS), 8965/tcp, 34635/tcp, 95/tcp (SUPDUP), 48426/tcp, 33109/tcp, 6062/tcp, 9989/tcp, 10048/tcp, 56804/tcp, 5656/tcp, 60026/tcp, 50046/tcp, 5301/tcp (HA cluster general services), 3535/tcp (MS-LA), 3376/tcp (CD Broker), 11000/tcp (IRISA), 47896/tcp, 63978/tcp, 8989/tcp (Sun Web Server SSL Admin Service), 8104/tcp, 50004/tcp, 10172/tcp, 6012/tcp, 9091/tcp (xmltec-xmlmail), 63763/tcp, 60002/tcp, 777/tcp (Multiling HTTP), 3200/tcp (Press-sense Tick Port), 3480/tcp (Secure Virtual Workspace), 61157/tcp, 3414/tcp (BroadCloud WIP Port), 3493/tcp (Network UPS Tools), 4200/tcp (-4299  VRML Multi User Systems), 64634/tcp, 20439/tcp, 12301/tcp, 22389/tcp, 11010/tcp, 29735/tcp, 10062/tcp, 7772/tcp, 45000/tcp, 8799/tcp, 3335/tcp (Direct TV Software Updates), 9014/tcp, 14820/tcp, 40004/tcp, 60044/tcp, 1981/tcp (p2pQ), 9224/tcp, 1100/tcp (MCTP), 5544/tcp, 43398/tcp, 3491/tcp (SWR Port), 5920/tcp, 8901/tcp (JMB-CDS 2), 10041/tcp, 9010/tcp (Secure Data Replicator Protocol), 3355/tcp (Ordinox Dbase), 8881/tcp, 4635/tcp, 8026/tcp (CA Audit Distribution Server), 55337/tcp, 6004/tcp, 63389/tcp, 1005/tcp, 5551/tcp, 8030/tcp, 5900/tcp (Remote Framebuffer), 26/tcp, 7634/tcp, 11250/tcp, 33011/tcp, 8893/tcp (Desktop Data TCP 5: NewsEDGE/Web application), 9200/tcp (WAP connectionless session service), 4009/tcp (Chimera HWM), 2856/tcp (cesdinv), 30005/tcp, 33897/tcp, 26689/tcp, 49999/tcp, 50295/tcp, 3333/tcp (DEC Notes), 40130/tcp, 5534/tcp, 1314/tcp (Photoscript Distributed Printing System), 6699/tcp, 3839/tcp (AMX Resource Management Suite), 3116/tcp (MCTET Gateway), 3442/tcp (OC Connect Server), 5632/tcp (pcANYWHEREstat), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8890/tcp (Desktop Data TCP 2), 63129/tcp, 55940/tcp, 1989/tcp (MHSnet system), 25000/tcp (icl-twobase1), 9321/tcp (guibase), 9994/tcp (OnLive-3), 4411/tcp, 15201/tcp, 5456/tcp (APC 5456), 10242/tcp, 2430/tcp (venus), 33333/tcp (Digital Gaslight Service), 5960/tcp, 3420/tcp (iFCP User Port), 9003/tcp, 33889/tcp, 3505/tcp (CCM communications port), 5530/tcp, 2210/tcp (NOAAPORT Broadcast Network), 9999/tcp (distinct), 62634/tcp, 10888/tcp, 13398/tcp, 50008/tcp, 10206/tcp, 1947/tcp (SentinelSRM), 5702/tcp, 5300/tcp (HA cluster heartbeat), 2019/tcp (whosockami), 55678/tcp, 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2019-07-14

In the last 24h, the attacker (81.22.45.219) attempted to scan 70 ports.
The following ports have been scanned: 39130/tcp, 47190/tcp, 9876/tcp (Session Director), 4591/tcp (HRPD L3T (AT-AN)), 56767/tcp, 7894/tcp, 5902/tcp, 23/tcp (Telnet), 22092/tcp, 20301/tcp, 63115/tcp, 4711/tcp, 6565/tcp, 95/tcp (SUPDUP), 25589/tcp, 5656/tcp, 47896/tcp, 5011/tcp (TelepathAttack), 5504/tcp (fcp-cics-gw1), 5006/tcp (wsm server), 9987/tcp (DSM/SCM Target Interface), 40202/tcp, 9130/tcp, 34413/tcp, 16136/tcp, 54320/tcp, 6831/tcp (ambit-lm), 64444/tcp, 43398/tcp, 6101/tcp (SynchroNet-rtc), 5558/tcp, 3601/tcp (Visinet Gui), 5600/tcp (Enterprise Security Manager), 31000/tcp, 20009/tcp, 5455/tcp (APC 5455), 10462/tcp, 45678/tcp (EBA PRISE), 8399/tcp, 9389/tcp (Active Directory Web Services), 26622/tcp, 65059/tcp, 33158/tcp, 3334/tcp (Direct TV Webcasting), 1314/tcp (Photoscript Distributed Printing System), 55055/tcp, 15001/tcp, 3443/tcp (OpenView Network Node Manager WEB Server), 5632/tcp (pcANYWHEREstat), 56000/tcp, 2018/tcp (terminaldb), 3312/tcp (Application Management Server), 63129/tcp, 3138/tcp (rtnt-2 data packets), 9321/tcp (guibase), 9994/tcp (OnLive-3), 1412/tcp (InnoSys), 9250/tcp, 33108/tcp, 53389/tcp, 1281/tcp (healthd), 5300/tcp (HA cluster heartbeat), 2727/tcp (Media Gateway Control Protocol Call Agent).
      
81.22.45.219
Port scan
2019-07-14

port scan TCP/61111 TCP/8934
BHD Honeypot
Port scan
2019-07-13

In the last 24h, the attacker (81.22.45.219) attempted to scan 510 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 55389/tcp, 22072/tcp, 6520/tcp, 6187/tcp, 3005/tcp (Genius License Manager), 6621/tcp (Kerberos V5 FTP Control), 10005/tcp (EMC Replication Manager Server), 9990/tcp (OSM Applet Server), 18828/tcp, 3305/tcp (ODETTE-FTP), 8896/tcp, 5188/tcp, 1654/tcp (stargatealerts), 57147/tcp, 10154/tcp, 9092/tcp (Xml-Ipc Server Reg), 55560/tcp, 47190/tcp, 31089/tcp, 33388/tcp, 8855/tcp, 25112/tcp, 10340/tcp, 12121/tcp (NuPaper Session Service), 12306/tcp, 60007/tcp, 13579/tcp, 4400/tcp (ASIGRA Services), 10011/tcp, 6610/tcp, 3395/tcp (Dyna License Manager (Elam)), 36363/tcp, 7788/tcp, 30801/tcp, 20345/tcp, 43245/tcp, 40011/tcp, 10028/tcp, 12012/tcp (Vipera Messaging Service), 5353/tcp (Multicast DNS), 30189/tcp, 3303/tcp (OP Session Client), 33189/tcp, 3356/tcp (UPNOTIFYPS), 4002/tcp (pxc-spvr-ft), 53521/tcp, 3345/tcp (Influence), 35969/tcp, 7781/tcp (accu-lmgr), 53694/tcp, 7531/tcp, 50155/tcp, 12022/tcp, 55000/tcp, 65530/tcp, 33110/tcp, 2001/tcp (dc), 50006/tcp, 5902/tcp, 9988/tcp (Software Essentials Secure HTTP server), 12308/tcp, 2030/tcp (device2), 12020/tcp, 10021/tcp, 9189/tcp, 9833/tcp, 4008/tcp (NetCheque accounting), 30000/tcp, 3107/tcp (Business protocol), 20067/tcp, 50541/tcp, 52389/tcp, 4545/tcp (WorldScores), 56393/tcp, 7659/tcp, 3457/tcp (VAT default control), 4014/tcp (TAICLOCK), 39389/tcp, 33230/tcp, 3383/tcp (Enterprise Software Products License Manager), 21233/tcp, 20245/tcp, 15000/tcp (Hypack Data Aquisition), 60077/tcp, 22092/tcp, 50812/tcp, 6203/tcp, 130/tcp (cisco FNATIVE), 17896/tcp, 43383/tcp, 20006/tcp, 60031/tcp, 10009/tcp (Systemwalker Desktop Patrol), 50121/tcp, 6778/tcp, 5091/tcp, 20001/tcp (MicroSAN), 38998/tcp, 4030/tcp (Accell/JSP Daemon Port), 5003/tcp (FileMaker, Inc. - Proprietary transport), 9945/tcp, 55937/tcp, 44211/tcp, 9898/tcp (MonkeyCom), 55078/tcp, 10040/tcp, 3330/tcp (MCS Calypso ICF), 22022/tcp, 3412/tcp (xmlBlaster), 56888/tcp, 10003/tcp (EMC-Documentum Content Server Product), 5200/tcp (TARGUS GetData), 60004/tcp, 4711/tcp, 50005/tcp, 11965/tcp, 55255/tcp, 3424/tcp (xTrade over TLS/SSL), 61789/tcp, 53033/tcp, 5560/tcp, 15582/tcp, 33125/tcp, 3379/tcp (SOCORFS), 1978/tcp (UniSQL), 4401/tcp (ASIGRA Televaulting DS-System Service), 389/tcp (Lightweight Directory Access Protocol), 51800/tcp, 20020/tcp, 4319/tcp, 60273/tcp, 95/tcp (SUPDUP), 48426/tcp, 9918/tcp, 10048/tcp, 3460/tcp (EDM Manger), 55559/tcp, 56804/tcp, 1318/tcp (krb5gatekeeper), 49235/tcp, 3349/tcp (Chevin Services), 8387/tcp, 21335/tcp, 3405/tcp (Nokia Announcement ch 1), 3332/tcp (MCS Mail Server), 8060/tcp, 3121/tcp, 20339/tcp, 10015/tcp, 11006/tcp, 29833/tcp, 11111/tcp (Viral Computing Environment (VCE)), 8389/tcp, 11001/tcp (Metasys), 3376/tcp (CD Broker), 11000/tcp (IRISA), 15212/tcp, 4096/tcp (BRE (Bridge Relay Element)), 50007/tcp, 13391/tcp, 50505/tcp, 47896/tcp, 63978/tcp, 55893/tcp, 33203/tcp, 33100/tcp, 8104/tcp, 42159/tcp, 10172/tcp, 16090/tcp, 50052/tcp, 59833/tcp, 12580/tcp, 25608/tcp, 45236/tcp, 47935/tcp, 10001/tcp (SCP Configuration), 5504/tcp (fcp-cics-gw1), 60002/tcp, 24592/tcp, 8800/tcp (Sun Web Server Admin Service), 42469/tcp, 20598/tcp, 50017/tcp, 13415/tcp, 3200/tcp (Press-sense Tick Port), 8130/tcp (INDIGO-VRMI), 12389/tcp, 33010/tcp, 12789/tcp, 18184/tcp (OPSEC LEA), 51000/tcp, 3310/tcp (Dyna Access), 13892/tcp, 61913/tcp, 33250/tcp, 1122/tcp (availant-mgr), 50011/tcp, 888/tcp (CD Database Protocol), 55551/tcp, 10087/tcp, 10088/tcp, 34554/tcp, 43002/tcp, 33898/tcp, 16535/tcp, 3055/tcp (Policy Server), 21064/tcp, 9875/tcp (Session Announcement v1), 52008/tcp, 20439/tcp, 33392/tcp, 10089/tcp, 8080/tcp (HTTP Alternate (see port 80)), 1717/tcp (fj-hdnet), 12301/tcp, 22389/tcp, 51002/tcp, 9354/tcp, 3900/tcp (Unidata UDT OS), 15013/tcp, 3024/tcp (NDS_SSO), 33012/tcp, 21201/tcp, 89/tcp (SU/MIT Telnet Gateway), 58595/tcp, 8686/tcp (Sun App Server - JMX/RMI), 12388/tcp, 16136/tcp, 3316/tcp (AICC/CMI), 9008/tcp (Open Grid Services Server), 40163/tcp, 10062/tcp, 9983/tcp, 21307/tcp, 10012/tcp, 21217/tcp, 3335/tcp (Direct TV Software Updates), 51888/tcp, 57001/tcp, 54320/tcp, 33341/tcp, 61001/tcp, 21231/tcp, 3371/tcp, 21028/tcp, 3306/tcp (MySQL), 33263/tcp, 33893/tcp, 4003/tcp (pxc-splr-ft), 9835/tcp, 33009/tcp, 2828/tcp (ITM License Manager), 50020/tcp, 7776/tcp, 10234/tcp, 6834/tcp, 25389/tcp, 3353/tcp (FATPIPE), 9224/tcp, 60022/tcp, 53392/tcp, 33111/tcp, 13131/tcp, 9856/tcp, 5366/tcp, 43398/tcp, 15389/tcp, 3413/tcp (SpecView Networking), 3491/tcp (SWR Port), 51123/tcp, 3510/tcp (XSS Port), 5558/tcp, 43388/tcp, 20229/tcp, 55555/tcp, 11394/tcp, 55888/tcp, 22422/tcp, 31000/tcp, 50069/tcp, 3232/tcp (MDT port), 55668/tcp, 3340/tcp (OMF data m), 20009/tcp, 21216/tcp, 4004/tcp (pxc-roid), 23419/tcp, 5877/tcp, 1033/tcp (local netinfo port), 9390/tcp (OpenVAS Transfer Protocol), 5051/tcp (ITA Agent), 5455/tcp (APC 5455), 10462/tcp, 33989/tcp, 20327/tcp, 13382/tcp, 10500/tcp, 45678/tcp (EBA PRISE), 56186/tcp, 8026/tcp (CA Audit Distribution Server), 55337/tcp, 8200/tcp (TRIVNET), 20011/tcp, 25001/tcp (icl-twobase2), 18888/tcp (APCNECMP), 10049/tcp, 8591/tcp, 13405/tcp, 21167/tcp, 7717/tcp, 50031/tcp, 25253/tcp, 26622/tcp, 11532/tcp, 7979/tcp (Micromuse-ncps), 31582/tcp, 1289/tcp (JWalkServer), 3690/tcp (Subversion), 5900/tcp (Remote Framebuffer), 3102/tcp (SoftlinK Slave Mon Port), 32189/tcp, 1234/tcp (Infoseek Search Agent), 26/tcp, 10551/tcp, 4389/tcp (Xandros Community Management Service), 24683/tcp, 33892/tcp, 10027/tcp, 9200/tcp (WAP connectionless session service), 52123/tcp, 2856/tcp (cesdinv), 61209/tcp, 33444/tcp, 26689/tcp, 50680/tcp, 9879/tcp, 33456/tcp, 17856/tcp, 12001/tcp (IBM Enterprise Extender SNA COS Network Priority), 8091/tcp (Jam Link Framework), 21181/tcp, 1023/tcp, 21165/tcp, 13393/tcp, 4489/tcp, 3903/tcp (CharsetMGR), 16714/tcp, 18587/tcp, 2601/tcp (discp client), 1314/tcp (Photoscript Distributed Printing System), 50019/tcp, 10004/tcp (EMC Replication Manager Client), 9379/tcp, 53909/tcp, 50380/tcp, 36765/tcp, 15001/tcp, 3402/tcp (FXa Engine Network Port), 12019/tcp, 3543/tcp (qftest Lookup Port), 43396/tcp, 14444/tcp, 4590/tcp (RID over HTTP/TLS), 5222/tcp (XMPP Client Connection), 44444/tcp, 3838/tcp (Scito Object Server), 10086/tcp, 1175/tcp (Dossier Server), 8890/tcp (Desktop Data TCP 2), 55940/tcp, 22357/tcp, 7489/tcp, 1989/tcp (MHSnet system), 25000/tcp (icl-twobase1), 4245/tcp, 8182/tcp (VMware Fault Domain Manager), 12369/tcp, 9321/tcp (guibase), 38017/tcp, 10071/tcp, 1041/tcp (AK2 Product), 42310/tcp, 49374/tcp, 10000/tcp (Network Data Management Protocol), 22493/tcp, 4432/tcp, 53358/tcp, 3999/tcp (Norman distributes scanning service), 65532/tcp, 45685/tcp, 33899/tcp, 8589/tcp, 44551/tcp, 1987/tcp (cisco RSRB Priority 1 port), 7878/tcp, 44895/tcp, 3361/tcp (KV Agent), 5960/tcp, 33108/tcp, 3420/tcp (iFCP User Port), 20591/tcp, 33183/tcp, 3007/tcp (Lotus Mail Tracking Agent Protocol), 1528/tcp, 9980/tcp, 3189/tcp (Pinnacle Sys InfEx Port), 3397/tcp (Cloanto License Manager), 10025/tcp, 26000/tcp (quake), 9002/tcp (DynamID authentication), 43123/tcp, 3399/tcp (CSMS), 9991/tcp (OSM Event Server), 56523/tcp, 8383/tcp (M2m Services), 18600/tcp, 21041/tcp, 12000/tcp (IBM Enterprise Extender SNA XID Exchange), 10114/tcp (NetIQ Qcheck), 3150/tcp (NetMike Assessor Administrator), 10888/tcp, 13398/tcp, 10194/tcp, 9992/tcp (OnLive-1), 4477/tcp, 9191/tcp (Sun AppSvr JPDA), 11888/tcp, 37389/tcp, 33331/tcp (DiamondCentral Interface), 20101/tcp, 2964/tcp (BULLANT SRAP), 3721/tcp (Xsync), 2809/tcp (CORBA LOC), 55391/tcp, 10006/tcp, 18875/tcp, 3322/tcp (-3325  Active Networks), 25668/tcp.
      
BHD Honeypot
Port scan
2019-07-13

Port scan from IP: 81.22.45.219 detected by psad.

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Report breach!

Rate host 81.22.45.219