148.72.42.108 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Port Scan: TCP/445	2019-09-14 10:41:53

相同子网IP讨论:

IP	类型	评论内容	时间
148.72.42.181	attack	148.72.42.181 - - [28/Sep/2020:16:56:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:56:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:57:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 04:00:55
148.72.42.181	attackbotsspam	148.72.42.181 - - [28/Sep/2020:12:55:35 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2180 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2225 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 20:14:35
148.72.42.181	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-28 12:18:50
148.72.42.181	attackspam	148.72.42.181 - - [23/Sep/2020:09:14:19 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-23 20:24:17
148.72.42.181	attack	148.72.42.181 - - \[23/Sep/2020:04:37:59 +0200\] "POST /wp-login.php HTTP/1.0" 200 5983 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:01 +0200\] "POST /wp-login.php HTTP/1.0" 200 5981 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:12 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-23 12:47:39
148.72.42.181	attack	Automatic report generated by Wazuh	2020-09-23 04:32:10
148.72.42.181	attack	xmlrpc attack	2020-09-08 21:51:37
148.72.42.181	attackbotsspam	148.72.42.181 - - [08/Sep/2020:07:10:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21244 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [08/Sep/2020:07:29:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 11291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-08 13:39:25
148.72.42.181	attack	148.72.42.181 - - \[07/Sep/2020:19:39:20 +0200\] "POST /wp-login.php HTTP/1.0" 200 3152 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 3118 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:25 +0200\] "POST /wp-login.php HTTP/1.0" 200 3113 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-08 06:14:29
148.72.42.181	attack	WordPress login Brute force / Web App Attack on client site.	2020-08-13 05:25:19
148.72.42.181	attackbots	148.72.42.181 - - [18/Jul/2020:04:55:20 +0100] "POST /wp-login.php HTTP/1.1" 200 2082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2063 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-18 13:24:04
148.72.42.181	attack	148.72.42.181 - - [24/Jun/2020:07:34:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-24 15:32:00
148.72.42.181	attack	CMS (WordPress or Joomla) login attempt.	2020-05-13 14:49:57
148.72.42.181	attackbotsspam	Automatic report - Banned IP Access	2020-02-28 14:23:14
148.72.42.181	attackbotsspam	GET /wp-login.php HTTP/1.1	2020-02-23 01:46:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.42.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35089
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.72.42.108.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091302 1800 900 604800 86400

;; Query time: 12 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 10:41:43 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

108.42.72.148.in-addr.arpa domain name pointer ip-148-72-42-108.ip.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
108.42.72.148.in-addr.arpa	name = ip-148-72-42-108.ip.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
51.83.74.126	attackspambots	Jul 21 23:51:20 george sshd[13023]: Failed password for invalid user dockeruser from 51.83.74.126 port 47052 ssh2 Jul 21 23:55:16 george sshd[13741]: Invalid user banner from 51.83.74.126 port 60792 Jul 21 23:55:16 george sshd[13741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.74.126 Jul 21 23:55:17 george sshd[13741]: Failed password for invalid user banner from 51.83.74.126 port 60792 ssh2 Jul 21 23:59:25 george sshd[14462]: Invalid user fx from 51.83.74.126 port 46300 ...	2020-07-22 12:22:30
2a00:1768:2001:7a::20	attack	20 attempts against mh_ha-misbehave-ban on lb	2020-07-22 12:26:37
49.233.182.205	attackspam	Jul 21 20:57:04 pixelmemory sshd[3809813]: Invalid user mo from 49.233.182.205 port 35724 Jul 21 20:57:04 pixelmemory sshd[3809813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.182.205 Jul 21 20:57:04 pixelmemory sshd[3809813]: Invalid user mo from 49.233.182.205 port 35724 Jul 21 20:57:06 pixelmemory sshd[3809813]: Failed password for invalid user mo from 49.233.182.205 port 35724 ssh2 Jul 21 20:59:32 pixelmemory sshd[3812567]: Invalid user aureliano from 49.233.182.205 port 37966 ...	2020-07-22 12:18:33
14.40.65.91	attackbots	Jul 22 05:59:27 tor-proxy-04 sshd\[2690\]: Invalid user admin from 14.40.65.91 port 57276 Jul 22 05:59:28 tor-proxy-04 sshd\[2690\]: Connection closed by 14.40.65.91 port 57276 \[preauth\] Jul 22 05:59:38 tor-proxy-04 sshd\[2692\]: Invalid user admin from 14.40.65.91 port 36782 ...	2020-07-22 12:13:30
222.186.180.41	attackbotsspam	2020-07-22T04:08:44.836834randservbullet-proofcloud-66.localdomain sshd[21432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.41 user=root 2020-07-22T04:08:46.635863randservbullet-proofcloud-66.localdomain sshd[21432]: Failed password for root from 222.186.180.41 port 49636 ssh2 2020-07-22T04:08:49.795642randservbullet-proofcloud-66.localdomain sshd[21432]: Failed password for root from 222.186.180.41 port 49636 ssh2 2020-07-22T04:08:44.836834randservbullet-proofcloud-66.localdomain sshd[21432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.41 user=root 2020-07-22T04:08:46.635863randservbullet-proofcloud-66.localdomain sshd[21432]: Failed password for root from 222.186.180.41 port 49636 ssh2 2020-07-22T04:08:49.795642randservbullet-proofcloud-66.localdomain sshd[21432]: Failed password for root from 222.186.180.41 port 49636 ssh2 ...	2020-07-22 12:09:49
111.72.194.204	attack	Jul 22 05:57:29 srv01 postfix/smtpd\[15103\]: warning: unknown\[111.72.194.204\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 22 05:57:41 srv01 postfix/smtpd\[15103\]: warning: unknown\[111.72.194.204\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 22 05:57:56 srv01 postfix/smtpd\[15103\]: warning: unknown\[111.72.194.204\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 22 05:58:16 srv01 postfix/smtpd\[15103\]: warning: unknown\[111.72.194.204\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 22 06:04:28 srv01 postfix/smtpd\[23970\]: warning: unknown\[111.72.194.204\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-22 12:18:02
40.68.94.141	attackspambots	Jul 19 22:54:39 myvps sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.68.94.141 Jul 19 22:54:42 myvps sshd[8718]: Failed password for invalid user demo from 40.68.94.141 port 34770 ssh2 Jul 21 23:47:28 myvps sshd[7415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.68.94.141 ...	2020-07-22 09:58:38
190.247.254.96	attack	Brute force attempt	2020-07-22 12:12:20
87.233.227.228	attackbotsspam	87.233.227.228 - - \[22/Jul/2020:05:59:11 +0200\] "POST /wp-login.php HTTP/1.1" 200 9954 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 87.233.227.228 - - \[22/Jul/2020:05:59:11 +0200\] "POST /wp-login.php HTTP/1.1" 200 9789 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2020-07-22 12:30:24
218.92.0.221	attack	$f2bV_matches	2020-07-22 12:07:52
50.63.196.205	attackbotsspam	Automatic report - XMLRPC Attack	2020-07-22 12:28:41
97.74.24.193	attackbots	Automatic report - XMLRPC Attack	2020-07-22 12:28:11
218.92.0.215	attack	Unauthorized connection attempt detected from IP address 218.92.0.215 to port 22	2020-07-22 12:15:05
186.3.83.162	attackspambots	Invalid user cod2server from 186.3.83.162 port 36568	2020-07-22 10:05:01
106.13.189.172	attack	Jul 22 05:42:30 ns382633 sshd\[29523\]: Invalid user lillo from 106.13.189.172 port 53912 Jul 22 05:42:30 ns382633 sshd\[29523\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.189.172 Jul 22 05:42:32 ns382633 sshd\[29523\]: Failed password for invalid user lillo from 106.13.189.172 port 53912 ssh2 Jul 22 05:59:10 ns382633 sshd\[32261\]: Invalid user sagar from 106.13.189.172 port 45446 Jul 22 05:59:10 ns382633 sshd\[32261\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.189.172	2020-07-22 12:31:33

最近上报的IP列表

101.16.64.83	0.171.113.113	210.185.134.149	95.18.154.158
251.5.192.171	232.231.98.210	81.223.138.158	92.252.165.50
142.214.107.228	205.198.216.153	255.189.5.202	153.123.157.183
53.17.166.130	31.45.174.123	91.191.221.13	199.171.189.32
86.244.44.110	132.203.122.117	78.85.48.130	74.208.166.63