148.72.42.108 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Port Scan: TCP/445	2019-09-14 10:41:53

相同子网IP讨论:

IP	类型	评论内容	时间
148.72.42.181	attack	148.72.42.181 - - [28/Sep/2020:16:56:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:56:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:57:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 04:00:55
148.72.42.181	attackbotsspam	148.72.42.181 - - [28/Sep/2020:12:55:35 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2180 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2225 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 20:14:35
148.72.42.181	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-28 12:18:50
148.72.42.181	attackspam	148.72.42.181 - - [23/Sep/2020:09:14:19 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-23 20:24:17
148.72.42.181	attack	148.72.42.181 - - \[23/Sep/2020:04:37:59 +0200\] "POST /wp-login.php HTTP/1.0" 200 5983 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:01 +0200\] "POST /wp-login.php HTTP/1.0" 200 5981 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:12 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-23 12:47:39
148.72.42.181	attack	Automatic report generated by Wazuh	2020-09-23 04:32:10
148.72.42.181	attack	xmlrpc attack	2020-09-08 21:51:37
148.72.42.181	attackbotsspam	148.72.42.181 - - [08/Sep/2020:07:10:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21244 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [08/Sep/2020:07:29:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 11291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-08 13:39:25
148.72.42.181	attack	148.72.42.181 - - \[07/Sep/2020:19:39:20 +0200\] "POST /wp-login.php HTTP/1.0" 200 3152 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 3118 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:25 +0200\] "POST /wp-login.php HTTP/1.0" 200 3113 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-08 06:14:29
148.72.42.181	attack	WordPress login Brute force / Web App Attack on client site.	2020-08-13 05:25:19
148.72.42.181	attackbots	148.72.42.181 - - [18/Jul/2020:04:55:20 +0100] "POST /wp-login.php HTTP/1.1" 200 2082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2063 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-18 13:24:04
148.72.42.181	attack	148.72.42.181 - - [24/Jun/2020:07:34:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-24 15:32:00
148.72.42.181	attack	CMS (WordPress or Joomla) login attempt.	2020-05-13 14:49:57
148.72.42.181	attackbotsspam	Automatic report - Banned IP Access	2020-02-28 14:23:14
148.72.42.181	attackbotsspam	GET /wp-login.php HTTP/1.1	2020-02-23 01:46:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.42.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35089
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.72.42.108.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091302 1800 900 604800 86400

;; Query time: 12 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 10:41:43 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

108.42.72.148.in-addr.arpa domain name pointer ip-148-72-42-108.ip.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
108.42.72.148.in-addr.arpa	name = ip-148-72-42-108.ip.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
27.106.18.218	attackbotsspam	$f2bV_matches	2019-07-11 18:22:21
83.15.183.138	attackbots	Jul 11 06:23:01 legacy sshd[28574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.15.183.138 Jul 11 06:23:02 legacy sshd[28574]: Failed password for invalid user stack from 83.15.183.138 port 15557 ssh2 Jul 11 06:26:31 legacy sshd[28724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.15.183.138 ...	2019-07-11 18:16:38
80.211.102.169	attackspam	Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=80.211.102.169	2019-07-11 18:40:36
187.109.55.43	attack	$f2bV_matches	2019-07-11 19:06:37
177.66.59.220	attackbots	Excessive failed login attempts on port 587	2019-07-11 19:21:32
169.38.81.226	attackbotsspam	Fail2Ban Ban Triggered	2019-07-11 18:36:59
5.188.62.5	attackspambots	Jul1109:59:55server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hostingsvizzera]Jul1110:12:52server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hostingsvizzera]Jul1110:18:43server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[swiss-web-hosting]Jul1110:18:45server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hosting-ticino-svizzera]Jul1110:18:50server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hostingsvizzera]Jul1110:18:57server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hosting-domain-swiss]Jul1110:27:46server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[planetescortgold]Jul1110:31:40server2pure-ftpd:$\?@5.188.62.5$[WARNING]Authenticationfailedforuser[hosting-ticino-svizzera]	2019-07-11 18:47:08
116.4.97.247	attack	DATE:2019-07-11_08:47:34, IP:116.4.97.247, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-07-11 18:28:46
175.161.59.56	attackbotsspam	Caught in portsentry honeypot	2019-07-11 18:28:19
185.176.27.26	attack	11.07.2019 08:52:33 Connection to port 18988 blocked by firewall	2019-07-11 18:21:51
31.170.123.203	attackbots	9-7-2019 11:16:37 Brute force attack by common bot infected identified EHLO/HELO: USER 9-7-2019 11:16:37 Connection from IP address: 31.170.123.203 on port: 25 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=31.170.123.203	2019-07-11 18:19:17
46.101.88.10	attackspambots	Jul 11 12:36:45 mail sshd\[4955\]: Invalid user devil from 46.101.88.10 Jul 11 12:36:45 mail sshd\[4955\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.88.10 Jul 11 12:36:48 mail sshd\[4955\]: Failed password for invalid user devil from 46.101.88.10 port 16034 ssh2 ...	2019-07-11 19:24:16
84.201.184.53	attack	" "	2019-07-11 19:20:09
1.6.114.75	attackspam	Jul 11 07:00:36 fr01 sshd[12252]: Invalid user flex from 1.6.114.75 Jul 11 07:00:36 fr01 sshd[12252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.6.114.75 Jul 11 07:00:36 fr01 sshd[12252]: Invalid user flex from 1.6.114.75 Jul 11 07:00:38 fr01 sshd[12252]: Failed password for invalid user flex from 1.6.114.75 port 58994 ssh2 Jul 11 07:03:43 fr01 sshd[12755]: Invalid user carlos from 1.6.114.75 ...	2019-07-11 18:27:18
80.82.77.139	attack	11.07.2019 10:02:51 Connection to port 5001 blocked by firewall	2019-07-11 18:17:00

最近上报的IP列表

101.16.64.83	0.171.113.113	210.185.134.149	95.18.154.158
251.5.192.171	232.231.98.210	81.223.138.158	92.252.165.50
142.214.107.228	205.198.216.153	255.189.5.202	153.123.157.183
53.17.166.130	31.45.174.123	91.191.221.13	199.171.189.32
86.244.44.110	132.203.122.117	78.85.48.130	74.208.166.63