198.245.55.145

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Canada

运营商(isp): OVH Hosting Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	198.245.55.145 - - \[25/May/2020:06:18:30 +0200\] "POST /wp-login.php HTTP/1.0" 200 5674 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.245.55.145 - - \[25/May/2020:06:18:31 +0200\] "POST /wp-login.php HTTP/1.0" 200 5474 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.245.55.145 - - \[25/May/2020:06:18:33 +0200\] "POST /wp-login.php HTTP/1.0" 200 5490 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-05-25 14:21:58
attackbots	198.245.55.145 - - [25/Mar/2020:13:46:58 +0100] "GET /wp-login.php HTTP/1.1" 200 5688 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.245.55.145 - - [25/Mar/2020:13:47:00 +0100] "POST /wp-login.php HTTP/1.1" 200 6587 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.245.55.145 - - [25/Mar/2020:13:47:01 +0100] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-26 01:59:28
attackbotsspam	xmlrpc attack	2020-03-24 10:08:28
attackbotsspam	198.245.55.145 - - [18/Mar/2020:19:02:53 +0100] "GET /wp-login.php HTTP/1.1" 200 6582 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.245.55.145 - - [18/Mar/2020:19:02:54 +0100] "POST /wp-login.php HTTP/1.1" 200 7362 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.245.55.145 - - [18/Mar/2020:19:02:55 +0100] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-19 04:57:10

相同子网IP讨论:

IP	类型	评论内容	时间
198.245.55.59	spambotsattackproxy	Fake sites	2020-10-20 19:08:42

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 198.245.55.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57921
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;198.245.55.145.			IN	A

;; AUTHORITY SECTION:
.			296	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031801 1800 900 604800 86400

;; Query time: 94 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 19 04:57:05 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

145.55.245.198.in-addr.arpa domain name pointer 145.ip-198-245-55.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
145.55.245.198.in-addr.arpa	name = 145.ip-198-245-55.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
36.134.5.7	attackbotsspam	Aug 4 22:58:16 mockhub sshd[9554]: Failed password for root from 36.134.5.7 port 54404 ssh2 ...	2020-08-05 14:18:46
117.4.241.135	attackbots	ssh brute force	2020-08-05 14:14:04
157.230.111.136	attackbots	Automatic report - XMLRPC Attack	2020-08-05 14:32:56
47.93.15.43	attack	Aug 5 03:48:12 ip-172-31-61-156 sshd[21679]: Failed password for root from 47.93.15.43 port 41230 ssh2 Aug 5 03:48:10 ip-172-31-61-156 sshd[21679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.93.15.43 user=root Aug 5 03:48:12 ip-172-31-61-156 sshd[21679]: Failed password for root from 47.93.15.43 port 41230 ssh2 Aug 5 03:54:14 ip-172-31-61-156 sshd[21941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.93.15.43 user=root Aug 5 03:54:17 ip-172-31-61-156 sshd[21941]: Failed password for root from 47.93.15.43 port 37906 ssh2 ...	2020-08-05 14:28:41
5.188.206.197	attackspambots	Aug 5 07:15:16 relay postfix/smtpd\[16022\]: warning: unknown\[5.188.206.197\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 5 07:15:39 relay postfix/smtpd\[16020\]: warning: unknown\[5.188.206.197\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 5 07:20:34 relay postfix/smtpd\[16019\]: warning: unknown\[5.188.206.197\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 5 07:20:56 relay postfix/smtpd\[25268\]: warning: unknown\[5.188.206.197\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 5 07:24:19 relay postfix/smtpd\[16022\]: warning: unknown\[5.188.206.197\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-08-05 14:07:58
114.254.160.27	attack	Aug 5 05:28:38 rocket sshd[3481]: Failed password for root from 114.254.160.27 port 42676 ssh2 Aug 5 05:33:39 rocket sshd[4192]: Failed password for root from 114.254.160.27 port 54604 ssh2 ...	2020-08-05 14:40:44
123.30.149.76	attackbots	$f2bV_matches	2020-08-05 14:33:50
27.72.98.21	attackspam	20/8/4@23:54:08: FAIL: Alarm-Network address from=27.72.98.21 ...	2020-08-05 14:36:39
195.154.53.237	attackbots	[2020-08-05 01:46:24] NOTICE[1248][C-00003f8e] chan_sip.c: Call from '' (195.154.53.237:57459) to extension '900009011972595725668' rejected because extension not found in context 'public'. [2020-08-05 01:46:24] SECURITY[1275] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-05T01:46:24.780-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="900009011972595725668",SessionID="0x7f27200a09d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/195.154.53.237/57459",ACLName="no_extension_match" [2020-08-05 01:49:22] NOTICE[1248][C-00003f8f] chan_sip.c: Call from '' (195.154.53.237:49759) to extension '9000009011972595725668' rejected because extension not found in context 'public'. [2020-08-05 01:49:22] SECURITY[1275] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-05T01:49:22.102-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9000009011972595725668",SessionID="0x7f27200c80a8",LocalAddress="IPV4/UDP/192.168.244.6/5 ...	2020-08-05 14:10:36
218.76.101.25	attack	Aug 5 02:13:26 firewall sshd[27158]: Failed password for root from 218.76.101.25 port 50493 ssh2 Aug 5 02:17:43 firewall sshd[27399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.76.101.25 user=root Aug 5 02:17:45 firewall sshd[27399]: Failed password for root from 218.76.101.25 port 44652 ssh2 ...	2020-08-05 14:29:53
103.151.122.57	attackbots	Deferred Rate Control (103.151.122.57) unknown[103.151.122.57]	2020-08-05 14:05:55
47.240.41.43	attackspam	Lines containing failures of 47.240.41.43 Aug 5 05:21:26 shared05 sshd[15014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.240.41.43 user=r.r Aug 5 05:21:28 shared05 sshd[15014]: Failed password for r.r from 47.240.41.43 port 49440 ssh2 Aug 5 05:21:29 shared05 sshd[15014]: Received disconnect from 47.240.41.43 port 49440:11: Bye Bye [preauth] Aug 5 05:21:29 shared05 sshd[15014]: Disconnected from authenticating user r.r 47.240.41.43 port 49440 [preauth] Aug 5 05:37:21 shared05 sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.240.41.43 user=r.r Aug 5 05:37:24 shared05 sshd[21109]: Failed password for r.r from 47.240.41.43 port 49622 ssh2 Aug 5 05:37:24 shared05 sshd[21109]: Received disconnect from 47.240.41.43 port 49622:11: Bye Bye [preauth] Aug 5 05:37:24 shared05 sshd[21109]: Disconnected from authenticating user r.r 47.240.41.43 port 49622 [preauth] Aug 5 ........ ------------------------------	2020-08-05 14:21:42
54.38.75.42	attackspam	SSH Brute Force	2020-08-05 14:25:10
151.232.24.212	attack	Aug 5 05:40:05 mail.srvfarm.net postfix/smtpd[1876488]: warning: unknown[151.232.24.212]: SASL PLAIN authentication failed: Aug 5 05:40:05 mail.srvfarm.net postfix/smtpd[1876488]: lost connection after AUTH from unknown[151.232.24.212] Aug 5 05:45:11 mail.srvfarm.net postfix/smtps/smtpd[1876970]: warning: unknown[151.232.24.212]: SASL PLAIN authentication failed: Aug 5 05:45:12 mail.srvfarm.net postfix/smtps/smtpd[1876970]: lost connection after AUTH from unknown[151.232.24.212] Aug 5 05:45:16 mail.srvfarm.net postfix/smtps/smtpd[1876967]: warning: unknown[151.232.24.212]: SASL PLAIN authentication failed:	2020-08-05 14:02:51
170.150.55.50	attackbots	Aug 5 04:57:53 mail.srvfarm.net postfix/smtpd[1857047]: warning: unknown[170.150.55.50]: SASL PLAIN authentication failed: Aug 5 04:57:53 mail.srvfarm.net postfix/smtpd[1857047]: lost connection after AUTH from unknown[170.150.55.50] Aug 5 05:06:02 mail.srvfarm.net postfix/smtpd[1857050]: warning: unknown[170.150.55.50]: SASL PLAIN authentication failed: Aug 5 05:06:02 mail.srvfarm.net postfix/smtpd[1857050]: lost connection after AUTH from unknown[170.150.55.50] Aug 5 05:07:46 mail.srvfarm.net postfix/smtpd[1872481]: warning: unknown[170.150.55.50]: SASL PLAIN authentication failed:	2020-08-05 14:02:27

最近上报的IP列表

187.210.187.2	2.126.48.47	32.181.185.14	197.10.122.125
181.39.6.169	11.183.189.121	37.110.18.242	104.18.70.28
52.172.23.101	114.170.80.174	118.160.51.119	132.145.114.221
196.189.57.244	32.168.171.212	78.9.152.175	125.139.112.34
94.104.107.9	104.19.144.113	197.158.84.201	176.51.255.142