148.72.42.108 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Port Scan: TCP/445	2019-09-14 10:41:53

相同子网IP讨论:

IP	类型	评论内容	时间
148.72.42.181	attack	148.72.42.181 - - [28/Sep/2020:16:56:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:56:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:57:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 04:00:55
148.72.42.181	attackbotsspam	148.72.42.181 - - [28/Sep/2020:12:55:35 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2180 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2225 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 20:14:35
148.72.42.181	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-28 12:18:50
148.72.42.181	attackspam	148.72.42.181 - - [23/Sep/2020:09:14:19 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-23 20:24:17
148.72.42.181	attack	148.72.42.181 - - \[23/Sep/2020:04:37:59 +0200\] "POST /wp-login.php HTTP/1.0" 200 5983 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:01 +0200\] "POST /wp-login.php HTTP/1.0" 200 5981 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:12 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-09-23 12:47:39
148.72.42.181	attack	Automatic report generated by Wazuh	2020-09-23 04:32:10
148.72.42.181	attack	xmlrpc attack	2020-09-08 21:51:37
148.72.42.181	attackbotsspam	148.72.42.181 - - [08/Sep/2020:07:10:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21244 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [08/Sep/2020:07:29:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 11291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-08 13:39:25
148.72.42.181	attack	148.72.42.181 - - \[07/Sep/2020:19:39:20 +0200\] "POST /wp-login.php HTTP/1.0" 200 3152 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 3118 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:25 +0200\] "POST /wp-login.php HTTP/1.0" 200 3113 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-09-08 06:14:29
148.72.42.181	attack	WordPress login Brute force / Web App Attack on client site.	2020-08-13 05:25:19
148.72.42.181	attackbots	148.72.42.181 - - [18/Jul/2020:04:55:20 +0100] "POST /wp-login.php HTTP/1.1" 200 2082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2063 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-18 13:24:04
148.72.42.181	attack	148.72.42.181 - - [24/Jun/2020:07:34:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-24 15:32:00
148.72.42.181	attack	CMS (WordPress or Joomla) login attempt.	2020-05-13 14:49:57
148.72.42.181	attackbotsspam	Automatic report - Banned IP Access	2020-02-28 14:23:14
148.72.42.181	attackbotsspam	GET /wp-login.php HTTP/1.1	2020-02-23 01:46:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.42.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35089
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.72.42.108.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091302 1800 900 604800 86400

;; Query time: 12 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 10:41:43 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

108.42.72.148.in-addr.arpa domain name pointer ip-148-72-42-108.ip.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
108.42.72.148.in-addr.arpa	name = ip-148-72-42-108.ip.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
115.248.122.109	attack	1585864165 - 04/03/2020 04:49:25 Host: 115.248.122.109/115.248.122.109 Port: 23 TCP Blocked ...	2020-04-03 08:50:37
106.13.140.185	attackbots	2020-04-03T01:51:13.253816ns386461 sshd\[28223\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.140.185 user=root 2020-04-03T01:51:15.562027ns386461 sshd\[28223\]: Failed password for root from 106.13.140.185 port 55754 ssh2 2020-04-03T01:59:42.609544ns386461 sshd\[3508\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.140.185 user=root 2020-04-03T01:59:44.459405ns386461 sshd\[3508\]: Failed password for root from 106.13.140.185 port 50818 ssh2 2020-04-03T02:04:53.332509ns386461 sshd\[8058\]: Invalid user lzs from 106.13.140.185 port 52058 2020-04-03T02:04:53.337130ns386461 sshd\[8058\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.140.185 ...	2020-04-03 08:41:37
45.14.150.103	attack	SSH / Telnet Brute Force Attempts on Honeypot	2020-04-03 08:42:37
77.42.115.209	attackbots	Automatic report - Port Scan Attack	2020-04-03 08:29:08
195.158.21.134	attack	Apr 3 00:42:06 game-panel sshd[12989]: Failed password for root from 195.158.21.134 port 47697 ssh2 Apr 3 00:46:20 game-panel sshd[13112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.21.134 Apr 3 00:46:22 game-panel sshd[13112]: Failed password for invalid user me from 195.158.21.134 port 53265 ssh2	2020-04-03 08:59:49
120.29.84.25	attack	Apr 2 21:49:10 system,error,critical: login failure for user admin from 120.29.84.25 via telnet Apr 2 21:49:11 system,error,critical: login failure for user admin from 120.29.84.25 via telnet Apr 2 21:49:12 system,error,critical: login failure for user root from 120.29.84.25 via telnet Apr 2 21:49:13 system,error,critical: login failure for user root from 120.29.84.25 via telnet Apr 2 21:49:15 system,error,critical: login failure for user root from 120.29.84.25 via telnet Apr 2 21:49:16 system,error,critical: login failure for user admin1 from 120.29.84.25 via telnet Apr 2 21:49:17 system,error,critical: login failure for user root from 120.29.84.25 via telnet Apr 2 21:49:18 system,error,critical: login failure for user admin from 120.29.84.25 via telnet Apr 2 21:49:20 system,error,critical: login failure for user root from 120.29.84.25 via telnet Apr 2 21:49:21 system,error,critical: login failure for user admin from 120.29.84.25 via telnet	2020-04-03 08:53:26
49.235.0.254	attackspam	SSH / Telnet Brute Force Attempts on Honeypot	2020-04-03 08:46:26
2600:1700:8670:c150:dc6e:fa8e:d8ec:a080	spambotsattackproxynormal	Who dis? This IP address was found connected to my child's Kurio Tablet. Not sure who it is but MY ADVICE TO YOU IS ....STAY OFF OF MY CHILDS TABLET OR I WILL TAKE THE INFO I HAVE AND GET THE LAW ENFORCEMENT INVOLVED!!! And I don't care who you are and I HOPE YOU DONT LIKE IT!!! 🤨 AT&T Henryetta 😠	2020-04-03 08:56:17
103.131.71.98	attack	(mod_security) mod_security (id:210730) triggered by 103.131.71.98 (VN/Vietnam/bot-103-131-71-98.coccoc.com): 5 in the last 3600 secs	2020-04-03 08:51:57
177.75.159.24	attackbotsspam	SSH Brute Force	2020-04-03 09:08:15
51.178.16.172	attackbotsspam	2020-04-02T20:10:12.743110sorsha.thespaminator.com sshd[2745]: Failed password for root from 51.178.16.172 port 42454 ssh2 2020-04-02T20:13:54.746829sorsha.thespaminator.com sshd[3050]: Invalid user tv from 51.178.16.172 port 42412 ...	2020-04-03 08:53:44
51.144.82.235	attackspambots	SSH-BruteForce	2020-04-03 09:03:41
116.4.8.245	attackspambots	(ftpd) Failed FTP login from 116.4.8.245 (CN/China/-): 10 in the last 3600 secs	2020-04-03 08:55:50
176.31.244.63	attack	SSH / Telnet Brute Force Attempts on Honeypot	2020-04-03 09:05:20
103.129.223.149	attackbots	SSH-BruteForce	2020-04-03 09:04:33

最近上报的IP列表

101.16.64.83	0.171.113.113	210.185.134.149	95.18.154.158
251.5.192.171	232.231.98.210	81.223.138.158	92.252.165.50
142.214.107.228	205.198.216.153	255.189.5.202	153.123.157.183
53.17.166.130	31.45.174.123	91.191.221.13	199.171.189.32
86.244.44.110	132.203.122.117	78.85.48.130	74.208.166.63