201.148.247.138

基本信息:

城市(city): Caxias do Sul

省份(region): Rio Grande do Sul

国家(country): Brazil

运营商(isp): Blankenburg Comunicacoes Ltda

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Automatic report - Port Scan Attack	2020-09-07 00:31:23
attackbots	Automatic report - Port Scan Attack	2020-09-06 15:52:03
attack	Automatic report - Port Scan Attack	2020-09-06 07:54:42

相同子网IP讨论:

IP	类型	评论内容	时间
201.148.247.102	attackbots	Aug 16 05:08:51 mail.srvfarm.net postfix/smtps/smtpd[1888715]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:08:52 mail.srvfarm.net postfix/smtps/smtpd[1888715]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:18:30 mail.srvfarm.net postfix/smtps/smtpd[1890438]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed:	2020-08-16 13:10:33
201.148.247.109	attack	(smtpauth) Failed SMTP AUTH login from 201.148.247.109 (BR/Brazil/ip-201-148-247-109.sulig.net.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-08 08:09:31 plain authenticator failed for ([201.148.247.109]) [201.148.247.109]: 535 Incorrect authentication data (set_id=info@mobarakehpipe.com)	2020-07-08 19:45:55
201.148.247.92	attackbotsspam	Jun 4 13:46:55 mail.srvfarm.net postfix/smtps/smtpd[2499228]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:46:56 mail.srvfarm.net postfix/smtps/smtpd[2499228]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:49:46 mail.srvfarm.net postfix/smtps/smtpd[2498061]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:49:47 mail.srvfarm.net postfix/smtps/smtpd[2498061]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:53:09 mail.srvfarm.net postfix/smtpd[2502231]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed:	2020-06-05 03:18:08
201.148.247.206	attackspam	Automatic report - Port Scan Attack	2020-01-04 02:38:23
201.148.247.80	attackbots	Unauthorized SMTP/IMAP/POP3 connection attempt	2019-09-11 12:49:35
201.148.247.84	attackspam	SASL PLAIN auth failed: ruser=...	2019-08-13 09:38:41
201.148.247.251	attackspam	failed_logins	2019-08-11 02:24:40
201.148.247.142	attackbotsspam	Try access to SMTP/POP/IMAP server.	2019-08-02 04:18:30
201.148.247.220	attack	libpam_shield report: forced login attempt	2019-07-30 15:21:15
201.148.247.240	attackbotsspam	Unauthorized connection attempt from IP address 201.148.247.240 on Port 25(SMTP)	2019-07-26 15:27:25
201.148.247.0	attackbotsspam	$f2bV_matches	2019-07-21 07:20:23
201.148.247.180	attackspambots	Brute force attempt	2019-07-17 14:50:21
201.148.247.158	attackbots	Brute force attempt	2019-07-17 05:50:08
201.148.247.83	attackspam	$f2bV_matches	2019-07-12 02:41:40
201.148.247.81	attackbotsspam	SMTP-sasl brute force ...	2019-07-08 11:33:23

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.148.247.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35496
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.148.247.138.		IN	A

;; AUTHORITY SECTION:
.			535	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090501 1800 900 604800 86400

;; Query time: 485 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 06 07:54:39 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

138.247.148.201.in-addr.arpa domain name pointer ip-201-148-247-138.sulig.net.br.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
138.247.148.201.in-addr.arpa	name = ip-201-148-247-138.sulig.net.br.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
72.210.252.154	attackspam	IMAP	2020-08-04 02:11:59
193.32.161.141	attackbots	08/03/2020-13:19:46.541517 193.32.161.141 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-08-04 02:00:01
95.128.142.76	attackbots	Dovecot Invalid User Login Attempt.	2020-08-04 02:20:06
85.209.89.216	attack	Referer Spam	2020-08-04 02:19:43
82.64.77.30	attack	prod6 ...	2020-08-04 02:02:31
129.122.16.156	attackspam	SSH Brute-Forcing (server1)	2020-08-04 01:58:33
159.65.147.235	attack	trying to access non-authorized port	2020-08-04 02:01:51
185.209.20.147	attack	Referer Spam	2020-08-04 02:22:15
104.158.244.29	attackbots	Aug 3 15:55:08 eventyay sshd[15317]: Failed password for root from 104.158.244.29 port 58418 ssh2 Aug 3 15:59:18 eventyay sshd[15459]: Failed password for root from 104.158.244.29 port 39886 ssh2 ...	2020-08-04 02:07:55
27.102.67.107	attackspam	IP blocked	2020-08-04 01:53:23
179.182.201.218	attackbots	Unauthorized connection attempt from IP address 179.182.201.218 on Port 445(SMB)	2020-08-04 02:05:43
46.119.63.148	attackspam	B: Why website_form ?	2020-08-04 02:05:09
185.153.196.226	attack	W 31101,/var/log/nginx/access.log,-,-	2020-08-04 02:18:10
123.56.26.222	attackbotsspam	123.56.26.222 - - [03/Aug/2020:15:30:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2081 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 123.56.26.222 - - [03/Aug/2020:15:30:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2081 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 123.56.26.222 - - [03/Aug/2020:15:30:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2084 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-04 02:00:55
128.14.237.239	attackbotsspam	Aug 3 17:48:46 OPSO sshd\[29338\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.14.237.239 user=root Aug 3 17:48:48 OPSO sshd\[29338\]: Failed password for root from 128.14.237.239 port 35654 ssh2 Aug 3 17:53:32 OPSO sshd\[30534\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.14.237.239 user=root Aug 3 17:53:34 OPSO sshd\[30534\]: Failed password for root from 128.14.237.239 port 48220 ssh2 Aug 3 17:58:21 OPSO sshd\[31421\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.14.237.239 user=root	2020-08-04 01:57:40

最近上报的IP列表

163.178.219.39	118.168.79.47	121.145.80.45	43.249.113.243
178.47.63.98	164.147.173.221	12.77.2.232	79.41.234.173
111.163.55.93	2.38.130.63	88.71.117.132	173.197.76.9
92.201.220.198	3.23.95.220	197.201.87.129	150.147.166.181
151.11.210.174	108.30.221.151	210.212.230.7	85.119.77.112