201.148.247.138

基本信息:

城市(city): Caxias do Sul

省份(region): Rio Grande do Sul

国家(country): Brazil

运营商(isp): Blankenburg Comunicacoes Ltda

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Automatic report - Port Scan Attack	2020-09-07 00:31:23
attackbots	Automatic report - Port Scan Attack	2020-09-06 15:52:03
attack	Automatic report - Port Scan Attack	2020-09-06 07:54:42

相同子网IP讨论:

IP	类型	评论内容	时间
201.148.247.102	attackbots	Aug 16 05:08:51 mail.srvfarm.net postfix/smtps/smtpd[1888715]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:08:52 mail.srvfarm.net postfix/smtps/smtpd[1888715]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:18:30 mail.srvfarm.net postfix/smtps/smtpd[1890438]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed:	2020-08-16 13:10:33
201.148.247.109	attack	(smtpauth) Failed SMTP AUTH login from 201.148.247.109 (BR/Brazil/ip-201-148-247-109.sulig.net.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-08 08:09:31 plain authenticator failed for ([201.148.247.109]) [201.148.247.109]: 535 Incorrect authentication data (set_id=info@mobarakehpipe.com)	2020-07-08 19:45:55
201.148.247.92	attackbotsspam	Jun 4 13:46:55 mail.srvfarm.net postfix/smtps/smtpd[2499228]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:46:56 mail.srvfarm.net postfix/smtps/smtpd[2499228]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:49:46 mail.srvfarm.net postfix/smtps/smtpd[2498061]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:49:47 mail.srvfarm.net postfix/smtps/smtpd[2498061]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:53:09 mail.srvfarm.net postfix/smtpd[2502231]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed:	2020-06-05 03:18:08
201.148.247.206	attackspam	Automatic report - Port Scan Attack	2020-01-04 02:38:23
201.148.247.80	attackbots	Unauthorized SMTP/IMAP/POP3 connection attempt	2019-09-11 12:49:35
201.148.247.84	attackspam	SASL PLAIN auth failed: ruser=...	2019-08-13 09:38:41
201.148.247.251	attackspam	failed_logins	2019-08-11 02:24:40
201.148.247.142	attackbotsspam	Try access to SMTP/POP/IMAP server.	2019-08-02 04:18:30
201.148.247.220	attack	libpam_shield report: forced login attempt	2019-07-30 15:21:15
201.148.247.240	attackbotsspam	Unauthorized connection attempt from IP address 201.148.247.240 on Port 25(SMTP)	2019-07-26 15:27:25
201.148.247.0	attackbotsspam	$f2bV_matches	2019-07-21 07:20:23
201.148.247.180	attackspambots	Brute force attempt	2019-07-17 14:50:21
201.148.247.158	attackbots	Brute force attempt	2019-07-17 05:50:08
201.148.247.83	attackspam	$f2bV_matches	2019-07-12 02:41:40
201.148.247.81	attackbotsspam	SMTP-sasl brute force ...	2019-07-08 11:33:23

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.148.247.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35496
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.148.247.138.		IN	A

;; AUTHORITY SECTION:
.			535	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090501 1800 900 604800 86400

;; Query time: 485 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 06 07:54:39 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

138.247.148.201.in-addr.arpa domain name pointer ip-201-148-247-138.sulig.net.br.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
138.247.148.201.in-addr.arpa	name = ip-201-148-247-138.sulig.net.br.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
104.42.33.193	attack	X-Sender-IP: 104.42.33.193 X-SID-PRA: QRQBVDHL@CYHDQAGQD.COM X-SID-Result: NONE X-MS-Exchange-Organization-PCL: 2 X-Microsoft-Antispam: BCL:0; X-Forefront-Antispam-Report: CIP:104.42.33.193;CTRY:US;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:tevmtstvmtaggwp9.com;PTR:InfoDomainNonexistent;CAT:NONE;SFTY:;SFS:;DIR:INB;SFP:; X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Aug 2020 11:45:02.0935 (UTC)	2020-08-07 00:51:18
27.106.84.186	attackbotsspam	Dovecot Invalid User Login Attempt.	2020-08-07 00:58:53
77.121.81.204	attackspambots	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-06T16:18:27Z and 2020-08-06T16:26:38Z	2020-08-07 00:29:57
123.207.250.132	attack	Aug 6 17:36:53 hidden sshd[61242]: Failed password for hidden from 123.207.250.132 port 58592 ssh2 Aug 6 17:40:10 hidden sshd[61912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.250.132 user=root Aug 6 17:40:13 hidden sshd[61912]: Failed password for hidden from 123.207.250.132 port 35172 ssh2	2020-08-07 00:34:47
89.42.252.124	attack	Aug 6 11:56:28 Tower sshd[26797]: Connection from 89.42.252.124 port 33840 on 192.168.10.220 port 22 rdomain "" Aug 6 11:56:30 Tower sshd[26797]: Failed password for root from 89.42.252.124 port 33840 ssh2 Aug 6 11:56:30 Tower sshd[26797]: Received disconnect from 89.42.252.124 port 33840:11: Bye Bye [preauth] Aug 6 11:56:30 Tower sshd[26797]: Disconnected from authenticating user root 89.42.252.124 port 33840 [preauth]	2020-08-07 00:44:17
47.88.148.177	attackbots	Aug 6 17:24:21 lukav-desktop sshd\[21450\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.88.148.177 user=root Aug 6 17:24:23 lukav-desktop sshd\[21450\]: Failed password for root from 47.88.148.177 port 45770 ssh2 Aug 6 17:26:15 lukav-desktop sshd\[21468\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.88.148.177 user=root Aug 6 17:26:17 lukav-desktop sshd\[21468\]: Failed password for root from 47.88.148.177 port 55538 ssh2 Aug 6 17:28:08 lukav-desktop sshd\[21493\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.88.148.177 user=root	2020-08-07 00:36:42
51.89.68.141	attack	Aug 6 17:29:10 vpn01 sshd[10295]: Failed password for root from 51.89.68.141 port 55440 ssh2 ...	2020-08-07 01:04:55
222.186.52.86	attackbotsspam	Aug 6 17:56:28 * sshd[25919]: Failed password for root from 222.186.52.86 port 64346 ssh2	2020-08-07 00:30:15
212.18.22.236	attackbotsspam	2020-08-06T18:40:19.408377amanda2.illicoweb.com sshd\[10719\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-212-18-22-236.customer.m-online.net user=root 2020-08-06T18:40:21.193811amanda2.illicoweb.com sshd\[10719\]: Failed password for root from 212.18.22.236 port 42300 ssh2 2020-08-06T18:42:19.829273amanda2.illicoweb.com sshd\[11450\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-212-18-22-236.customer.m-online.net user=root 2020-08-06T18:42:21.423830amanda2.illicoweb.com sshd\[11450\]: Failed password for root from 212.18.22.236 port 59834 ssh2 2020-08-06T18:48:07.576999amanda2.illicoweb.com sshd\[13088\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-212-18-22-236.customer.m-online.net user=root ...	2020-08-07 00:52:21
210.105.82.53	attackspam	Aug 6 17:21:47 v22019038103785759 sshd\[6410\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.82.53 user=root Aug 6 17:21:49 v22019038103785759 sshd\[6410\]: Failed password for root from 210.105.82.53 port 58958 ssh2 Aug 6 17:26:14 v22019038103785759 sshd\[6577\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.82.53 user=root Aug 6 17:26:15 v22019038103785759 sshd\[6577\]: Failed password for root from 210.105.82.53 port 42024 ssh2 Aug 6 17:30:49 v22019038103785759 sshd\[6767\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.105.82.53 user=root ...	2020-08-07 00:38:27
194.26.29.81	attackbots	[Fri Jul 17 10:45:24 2020] - DDoS Attack From IP: 194.26.29.81 Port: 40828	2020-08-07 00:52:38
49.235.99.209	attack	Aug 6 17:23:44 ovpn sshd\[15553\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.99.209 user=root Aug 6 17:23:46 ovpn sshd\[15553\]: Failed password for root from 49.235.99.209 port 53446 ssh2 Aug 6 17:44:44 ovpn sshd\[25579\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.99.209 user=root Aug 6 17:44:46 ovpn sshd\[25579\]: Failed password for root from 49.235.99.209 port 47598 ssh2 Aug 6 17:47:35 ovpn sshd\[26741\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.99.209 user=root	2020-08-07 00:31:14
46.101.212.57	attack	Lines containing failures of 46.101.212.57 Aug 5 06:04:01 neweola sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.212.57 user=r.r Aug 5 06:04:02 neweola sshd[7245]: Failed password for r.r from 46.101.212.57 port 35308 ssh2 Aug 5 06:04:03 neweola sshd[7245]: Received disconnect from 46.101.212.57 port 35308:11: Bye Bye [preauth] Aug 5 06:04:03 neweola sshd[7245]: Disconnected from authenticating user r.r 46.101.212.57 port 35308 [preauth] Aug 5 06:11:06 neweola sshd[7658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.212.57 user=r.r Aug 5 06:11:07 neweola sshd[7658]: Failed password for r.r from 46.101.212.57 port 41940 ssh2 Aug 5 06:11:08 neweola sshd[7658]: Received disconnect from 46.101.212.57 port 41940:11: Bye Bye [preauth] Aug 5 06:11:08 neweola sshd[7658]: Disconnected from authenticating user r.r 46.101.212.57 port 41940 [preauth] Aug 5 06:16:2........ ------------------------------	2020-08-07 00:46:15
222.186.30.35	attackspambots	Aug 6 18:44:05 minden010 sshd[32390]: Failed password for root from 222.186.30.35 port 13057 ssh2 Aug 6 18:44:14 minden010 sshd[32442]: Failed password for root from 222.186.30.35 port 35116 ssh2 Aug 6 18:44:16 minden010 sshd[32442]: Failed password for root from 222.186.30.35 port 35116 ssh2 ...	2020-08-07 00:49:10
211.157.179.38	attackbotsspam	Aug 6 11:58:04 firewall sshd[13284]: Failed password for root from 211.157.179.38 port 41651 ssh2 Aug 6 12:02:39 firewall sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.157.179.38 user=root Aug 6 12:02:41 firewall sshd[13448]: Failed password for root from 211.157.179.38 port 33923 ssh2 ...	2020-08-07 00:55:29

最近上报的IP列表

163.178.219.39	118.168.79.47	121.145.80.45	43.249.113.243
178.47.63.98	164.147.173.221	12.77.2.232	79.41.234.173
111.163.55.93	2.38.130.63	88.71.117.132	173.197.76.9
92.201.220.198	3.23.95.220	197.201.87.129	150.147.166.181
151.11.210.174	108.30.221.151	210.212.230.7	85.119.77.112