148.72.158.139

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: HEG US Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Port Scan detected from 148.72.158.139 (US/United States/condor3829.startdedicated.com). 11 hits in the last 126 seconds	2020-08-11 21:15:37
attackspambots	TCP Port Scanning	2020-07-19 15:37:18

Comments on same subnet:

IP	Type	Details	Datetime
148.72.158.192	attackspambots	[2020-10-08 04:11:48] NOTICE[1182] chan_sip.c: Registration from '' failed for '148.72.158.192:58355' - Wrong password [2020-10-08 04:11:48] SECURITY[1204] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-10-08T04:11:48.450-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2000000",SessionID="0x7f22f8572958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/148.72.158.192/58355",Challenge="7ba74d30",ReceivedChallenge="7ba74d30",ReceivedHash="48c949f61c9d64cd98c26241f3e4eee7" [2020-10-08 04:12:42] NOTICE[1182] chan_sip.c: Registration from '' failed for '148.72.158.192:56110' - Wrong password ...	2020-10-09 01:24:24
148.72.158.192	attackbotsspam	[2020-10-08 04:11:48] NOTICE[1182] chan_sip.c: Registration from '' failed for '148.72.158.192:58355' - Wrong password [2020-10-08 04:11:48] SECURITY[1204] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-10-08T04:11:48.450-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2000000",SessionID="0x7f22f8572958",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/148.72.158.192/58355",Challenge="7ba74d30",ReceivedChallenge="7ba74d30",ReceivedHash="48c949f61c9d64cd98c26241f3e4eee7" [2020-10-08 04:12:42] NOTICE[1182] chan_sip.c: Registration from '' failed for '148.72.158.192:56110' - Wrong password ...	2020-10-08 17:21:21
148.72.158.151	attackbots	Automatic report - Port Scan	2020-09-06 01:30:53
148.72.158.151	attackspambots	port	2020-09-05 17:02:37
148.72.158.192	attack	[Tue Sep 01 13:46:55 2020] - DDoS Attack From IP: 148.72.158.192 Port: 40815	2020-09-03 23:36:24
148.72.158.192	attack	[Tue Sep 01 13:46:55 2020] - DDoS Attack From IP: 148.72.158.192 Port: 40815	2020-09-03 15:07:30
148.72.158.192	attackspambots	TCP (SYN) 148.72.158.192:52251 -> port 80, len 44	2020-09-03 07:20:04
148.72.158.192	attackspam	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-01 21:27:54
148.72.158.112	attackbots	Port scan: Attack repeated for 24 hours	2020-08-14 22:09:43
148.72.158.112	attackbots	UDP 148.72.158.112:5111 -> port 5060, len 444	2020-08-08 00:15:35
148.72.158.112	attack	Port scanning [3 denied]	2020-07-28 14:12:41
148.72.158.112	attackspambots	Jul 27 09:18:17 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=148.72.158.112 DST=77.73.69.240 LEN=443 TOS=0x00 PREC=0x00 TTL=52 ID=11902 DF PROTO=UDP SPT=5142 DPT=6960 LEN=423 Jul 27 09:18:17 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=148.72.158.112 DST=77.73.69.240 LEN=443 TOS=0x00 PREC=0x00 TTL=52 ID=11903 DF PROTO=UDP SPT=5142 DPT=7060 LEN=423 Jul 27 09:18:17 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=148.72.158.112 DST=77.73.69.240 LEN=442 TOS=0x00 PREC=0x00 TTL=52 ID=11899 DF PROTO=UDP SPT=5142 DPT=6660 LEN=422 Jul 27 09:18:17 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=148.72.158.112 DST=77.73.69.240 LEN=443 TOS=0x00 PREC=0x00 TTL=52 ID=11897 DF PROTO=UDP SPT=5142 DPT=6460 LEN=423 Jul 27 09:18:17 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=148. ...	2020-07-27 17:20:51
148.72.158.226	attackbots	/wp-login.php /administrator/index.php	2020-07-17 18:33:59
148.72.158.226	attackspambots	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	2020-07-09 03:22:32
148.72.158.240	attack	07/08/2020-09:46:34.586150 148.72.158.240 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-08 21:47:46

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.158.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61726
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.72.158.139.			IN	A

;; AUTHORITY SECTION:
.			445	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071900 1800 900 604800 86400

;; Query time: 70 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 19 15:37:13 CST 2020
;; MSG SIZE  rcvd: 118

Host info

139.158.72.148.in-addr.arpa domain name pointer condor3829.startdedicated.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
139.158.72.148.in-addr.arpa	name = condor3829.startdedicated.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
108.235.160.215	attack	Dec 23 00:59:48 cp sshd[15598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.235.160.215 Dec 23 00:59:50 cp sshd[15598]: Failed password for invalid user ching from 108.235.160.215 port 37430 ssh2 Dec 23 01:05:17 cp sshd[19323]: Failed password for root from 108.235.160.215 port 41998 ssh2	2019-12-23 08:19:52
133.242.155.85	attack	$f2bV_matches	2019-12-23 08:53:23
51.77.147.51	attackspam	Dec 23 01:08:24 meumeu sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.147.51 Dec 23 01:08:25 meumeu sshd[5738]: Failed password for invalid user yeh from 51.77.147.51 port 54768 ssh2 Dec 23 01:13:26 meumeu sshd[6509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.147.51 ...	2019-12-23 08:26:35
51.38.238.87	attackbots	Dec 22 19:10:11 plusreed sshd[25505]: Invalid user admin from 51.38.238.87 ...	2019-12-23 08:21:32
27.78.12.22	attackspam	$f2bV_matches	2019-12-23 08:56:12
41.242.82.8	attack	Unauthorized connection attempt detected from IP address 41.242.82.8 to port 445	2019-12-23 08:39:25
14.215.129.156	attackbotsspam	12/22/2019-17:51:31.173193 14.215.129.156 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-23 08:21:11
14.187.44.109	attack	Unauthorized IMAP connection attempt	2019-12-23 08:44:46
152.136.116.121	attack	Invalid user verlier from 152.136.116.121 port 56196	2019-12-23 08:43:48
41.203.156.254	attackbots	Dec 23 01:48:21 amit sshd\[3371\]: Invalid user dbus from 41.203.156.254 Dec 23 01:48:21 amit sshd\[3371\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.156.254 Dec 23 01:48:24 amit sshd\[3371\]: Failed password for invalid user dbus from 41.203.156.254 port 54672 ssh2 ...	2019-12-23 08:50:16
81.22.45.85	attackbots	2019-12-23T01:17:14.131661+01:00 lumpi kernel: [2350159.553934] INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.85 DST=78.46.199.189 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26757 PROTO=TCP SPT=55301 DPT=3309 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-12-23 08:23:57
112.85.42.180	attackbots	Dec 23 01:02:51 MK-Soft-VM7 sshd[15407]: Failed password for root from 112.85.42.180 port 5962 ssh2 Dec 23 01:02:56 MK-Soft-VM7 sshd[15407]: Failed password for root from 112.85.42.180 port 5962 ssh2 ...	2019-12-23 08:22:59
106.13.127.238	attack	Invalid user damahn from 106.13.127.238 port 12081	2019-12-23 08:23:40
107.175.79.136	attack	(From eric@talkwithcustomer.com) Hey, You have a website roscoechiro.com, right? Of course you do. I am looking at your website now. It gets traffic every day – that you’re probably spending $2 / $4 / $10 or more a click to get. Not including all of the work you put into creating social media, videos, blog posts, emails, and so on. So you’re investing seriously in getting people to that site. But how’s it working? Great? Okay? Not so much? If that answer could be better, then it’s likely you’re putting a lot of time, effort, and money into an approach that’s not paying off like it should. Now… imagine doubling your lead conversion in just minutes… In fact, I’ll go even better. You could actually get up to 100X more conversions! I’m not making this up. As Chris Smith, best-selling author of The Conversion Code says: Speed is essential - there is a 100x decrease in Leads when a Lead is contacted within 14 minutes vs being contacted within 5 minutes. He’s backed up by a stud	2019-12-23 08:23:21
185.244.167.52	attackbots	Dec 22 14:26:28 hpm sshd\[8348\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.244.167.52 user=root Dec 22 14:26:30 hpm sshd\[8348\]: Failed password for root from 185.244.167.52 port 34040 ssh2 Dec 22 14:31:13 hpm sshd\[8825\]: Invalid user lollipop from 185.244.167.52 Dec 22 14:31:13 hpm sshd\[8825\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.244.167.52 Dec 22 14:31:15 hpm sshd\[8825\]: Failed password for invalid user lollipop from 185.244.167.52 port 38340 ssh2	2019-12-23 08:49:03

Recently Reported IPs

60.167.182.225	189.254.255.3	165.22.123.206	111.72.197.159
197.255.224.149	3.231.202.60	54.82.212.216	49.233.148.122
18.205.7.106	14.182.64.97	122.116.63.135	116.131.211.210
193.93.62.13	131.100.77.30	180.183.246.173	103.114.196.254
54.82.191.139	3.133.43.109	138.204.26.143	194.1.249.25