145.131.25.242

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: PCextreme B.V.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	windhundgang.de 145.131.25.242 [14/Jun/2020:09:36:07 +0200] "POST /wp-login.php HTTP/1.1" 200 8454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" windhundgang.de 145.131.25.242 [14/Jun/2020:09:36:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-14 17:02:56

Type

Details

Datetime

attack

windhundgang.de 145.131.25.242 [14/Jun/2020:09:36:07 +0200] "POST /wp-login.php HTTP/1.1" 200 8454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
windhundgang.de 145.131.25.242 [14/Jun/2020:09:36:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2020-06-14 17:02:56

Comments on same subnet:

IP	Type	Details	Datetime
145.131.25.134	attack	145.131.25.134 - - [01/Oct/2020:13:36:33 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 145.131.25.134 - - [01/Oct/2020:13:42:33 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 02:21:05
145.131.25.134	attack	2020-09-30T23:05:10.418302843Z wordpress(demeter.olimpo.tic.ufrj.br): Blocked username authentication attempt for admin from 145.131.25.134 ...	2020-10-01 18:30:01
145.131.25.135	attack	Wordpress malicious attack:[octablocked]	2020-05-21 17:40:29
145.131.25.241	attackspam	Automatic report - XMLRPC Attack	2019-10-19 13:53:08
145.131.25.241	attackspambots	www.handydirektreparatur.de 145.131.25.241 \[17/Oct/2019:05:53:14 +0200\] "POST /wp-login.php HTTP/1.1" 200 5665 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.handydirektreparatur.de 145.131.25.241 \[17/Oct/2019:05:53:14 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4114 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-10-17 14:47:25
145.131.25.241	attack	Automatic report - XMLRPC Attack	2019-09-30 23:24:48
145.131.25.241	attackbotsspam	fail2ban honeypot	2019-09-17 08:51:09
145.131.25.254	attack	REQUESTED PAGE: /wp-login.php	2019-08-11 14:09:59
145.131.25.241	attackbotsspam	Wordpress Admin Login attack	2019-08-01 19:19:40
145.131.25.253	attackspambots	Automatic report - Banned IP Access	2019-07-17 05:21:47
145.131.25.253	attackspambots	Automatic report - Web App Attack	2019-07-09 00:01:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 145.131.25.242
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;145.131.25.242.			IN	A

;; AUTHORITY SECTION:
.			405	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061400 1800 900 604800 86400

;; Query time: 50 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jun 14 17:02:52 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 242.25.131.145.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 242.25.131.145.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
104.131.169.32	attack	104.131.169.32 - - \[22/Nov/2019:15:51:47 +0100\] "POST /wp-login.php HTTP/1.0" 200 2406 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.169.32 - - \[22/Nov/2019:15:51:49 +0100\] "POST /wp-login.php HTTP/1.0" 200 2364 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.169.32 - - \[22/Nov/2019:15:51:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 2374 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-22 23:46:45
220.246.26.9	attackspambots	Nov 22 12:11:43 server sshd\[10898\]: Invalid user admin from 220.246.26.9 Nov 22 12:11:43 server sshd\[10898\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=n220246026009.netvigator.com Nov 22 12:11:44 server sshd\[10898\]: Failed password for invalid user admin from 220.246.26.9 port 47113 ssh2 Nov 22 17:51:36 server sshd\[30991\]: Invalid user admin from 220.246.26.9 Nov 22 17:51:36 server sshd\[30991\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=n220246026009.netvigator.com ...	2019-11-22 23:55:42
193.255.111.139	attackspam	2019-11-22T15:56:02.007220abusebot.cloudsearch.cf sshd\[12688\]: Invalid user mogen from 193.255.111.139 port 51100	2019-11-22 23:56:14
113.125.179.213	attackspambots	Nov 22 05:44:24 sachi sshd\[15930\]: Invalid user changes from 113.125.179.213 Nov 22 05:44:24 sachi sshd\[15930\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.179.213 Nov 22 05:44:26 sachi sshd\[15930\]: Failed password for invalid user changes from 113.125.179.213 port 39418 ssh2 Nov 22 05:49:33 sachi sshd\[16340\]: Invalid user newadmin from 113.125.179.213 Nov 22 05:49:33 sachi sshd\[16340\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.179.213	2019-11-23 00:04:02
123.21.70.129	attackspambots	Nov 22 15:48:46 xeon postfix/smtpd[35567]: warning: unknown[123.21.70.129]: SASL PLAIN authentication failed: authentication failure	2019-11-22 23:40:52
222.186.42.4	attack	Nov 22 17:02:52 MainVPS sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.4 user=root Nov 22 17:02:54 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 Nov 22 17:02:57 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 Nov 22 17:02:52 MainVPS sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.4 user=root Nov 22 17:02:54 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 Nov 22 17:02:57 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 Nov 22 17:02:52 MainVPS sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.4 user=root Nov 22 17:02:54 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 Nov 22 17:02:57 MainVPS sshd[31559]: Failed password for root from 222.186.42.4 port 11828 ssh2 N	2019-11-23 00:06:11
49.88.112.114	attack	Nov 22 05:37:38 kapalua sshd\[18541\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.114 user=root Nov 22 05:37:40 kapalua sshd\[18541\]: Failed password for root from 49.88.112.114 port 32041 ssh2 Nov 22 05:41:32 kapalua sshd\[19008\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.114 user=root Nov 22 05:41:34 kapalua sshd\[19008\]: Failed password for root from 49.88.112.114 port 49499 ssh2 Nov 22 05:42:51 kapalua sshd\[19105\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.114 user=root	2019-11-22 23:46:31
211.144.114.26	attackbots	Nov 22 05:06:19 web1 sshd\[16962\]: Invalid user nickmans from 211.144.114.26 Nov 22 05:06:19 web1 sshd\[16962\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.144.114.26 Nov 22 05:06:21 web1 sshd\[16962\]: Failed password for invalid user nickmans from 211.144.114.26 port 54300 ssh2 Nov 22 05:10:26 web1 sshd\[17394\]: Invalid user webadmin from 211.144.114.26 Nov 22 05:10:26 web1 sshd\[17394\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.144.114.26	2019-11-22 23:19:35
222.186.175.169	attackspambots	Nov 22 16:28:22 vps666546 sshd\[3452\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.169 user=root Nov 22 16:28:24 vps666546 sshd\[3452\]: Failed password for root from 222.186.175.169 port 47784 ssh2 Nov 22 16:28:28 vps666546 sshd\[3452\]: Failed password for root from 222.186.175.169 port 47784 ssh2 Nov 22 16:28:32 vps666546 sshd\[3452\]: Failed password for root from 222.186.175.169 port 47784 ssh2 Nov 22 16:28:35 vps666546 sshd\[3452\]: Failed password for root from 222.186.175.169 port 47784 ssh2 ...	2019-11-22 23:33:12
120.34.102.63	attackbotsspam	badbot	2019-11-22 23:18:29
145.239.90.235	attackspam	Nov 22 05:18:07 hpm sshd\[32751\]: Invalid user bot from 145.239.90.235 Nov 22 05:18:07 hpm sshd\[32751\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=235.ip-145-239-90.eu Nov 22 05:18:09 hpm sshd\[32751\]: Failed password for invalid user bot from 145.239.90.235 port 40562 ssh2 Nov 22 05:21:46 hpm sshd\[610\]: Invalid user guest from 145.239.90.235 Nov 22 05:21:46 hpm sshd\[610\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=235.ip-145-239-90.eu	2019-11-22 23:22:14
117.121.214.50	attack	Nov 22 05:19:50 hpm sshd\[423\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.121.214.50 user=root Nov 22 05:19:52 hpm sshd\[423\]: Failed password for root from 117.121.214.50 port 55010 ssh2 Nov 22 05:23:50 hpm sshd\[787\]: Invalid user ochiai from 117.121.214.50 Nov 22 05:23:50 hpm sshd\[787\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.121.214.50 Nov 22 05:23:52 hpm sshd\[787\]: Failed password for invalid user ochiai from 117.121.214.50 port 34292 ssh2	2019-11-22 23:34:59
95.105.233.209	attackbots	Nov 22 15:29:08 ns382633 sshd\[8285\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.105.233.209 user=root Nov 22 15:29:10 ns382633 sshd\[8285\]: Failed password for root from 95.105.233.209 port 47239 ssh2 Nov 22 15:51:31 ns382633 sshd\[12599\]: Invalid user sa from 95.105.233.209 port 55519 Nov 22 15:51:31 ns382633 sshd\[12599\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.105.233.209 Nov 22 15:51:33 ns382633 sshd\[12599\]: Failed password for invalid user sa from 95.105.233.209 port 55519 ssh2	2019-11-22 23:57:10
113.77.131.224	attackspam	badbot	2019-11-22 23:26:41
24.42.63.238	attackspam	RDP Bruteforce	2019-11-23 00:02:20

Recently Reported IPs

184.176.166.23	91.106.199.101	117.67.1.225	36.232.173.23
47.241.10.157	71.59.122.52	106.226.61.51	201.236.226.19
125.167.59.127	14.20.188.60	144.91.98.31	194.62.202.162
36.76.75.167	14.175.210.240	113.160.87.66	89.187.184.193
185.225.39.240	95.141.23.206	178.151.90.188	192.145.44.220