148.72.2.142 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
148.72.210.178	spambotsattackproxynormal	Camote	2023-08-08 14:53:17
148.72.232.35	attack	This address has been trying to hack some of my websites.	2021-01-15 18:56:07
148.72.211.177	attackbotsspam	148.72.211.177 - - [12/Oct/2020:06:45:52 +0100] "POST /wp-login.php HTTP/1.1" 200 4425 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.211.177 - - [12/Oct/2020:06:45:55 +0100] "POST /wp-login.php HTTP/1.1" 200 4425 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.211.177 - - [12/Oct/2020:06:45:57 +0100] "POST /wp-login.php HTTP/1.1" 200 4425 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-12 15:51:09
148.72.208.210	attackspambots	2020-10-09T14:19:26.844881abusebot.cloudsearch.cf sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip-148-72-208-210.ip.secureserver.net user=root 2020-10-09T14:19:28.622964abusebot.cloudsearch.cf sshd[15919]: Failed password for root from 148.72.208.210 port 54488 ssh2 2020-10-09T14:24:20.238409abusebot.cloudsearch.cf sshd[16048]: Invalid user zimeip from 148.72.208.210 port 58480 2020-10-09T14:24:20.244255abusebot.cloudsearch.cf sshd[16048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip-148-72-208-210.ip.secureserver.net 2020-10-09T14:24:20.238409abusebot.cloudsearch.cf sshd[16048]: Invalid user zimeip from 148.72.208.210 port 58480 2020-10-09T14:24:22.384393abusebot.cloudsearch.cf sshd[16048]: Failed password for invalid user zimeip from 148.72.208.210 port 58480 ssh2 2020-10-09T14:28:54.393225abusebot.cloudsearch.cf sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid ...	2020-10-10 04:22:08
148.72.23.9	attackbotsspam	[FriOct0911:05:51.2221412020][:error][pid27471:tid47492362315520][client148.72.23.9:33916][client148.72.23.9]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules:MaliciousBotBlocked$FakeMozillaUserAgentStringDetected$"][severity"CRITICAL"][hostname"www.beyondsecurity.ch"][uri"/index.php"][unique_id"X4An79szmTg2DNm15aKcOAAAABE"]\,referer:www.beyondsecurity.ch[FriOct0911:19:36.2614232020][:error][pid27471:tid47492377024256][client148.72.23.9:39558][client148.72.23.9]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules	2020-10-10 02:28:49
148.72.208.210	attackspambots	DATE:2020-10-09 11:49:32, IP:148.72.208.210, PORT:ssh SSH brute force auth (docker-dc)	2020-10-09 20:19:47
148.72.23.9	attack	[FriOct0911:05:51.2221412020][:error][pid27471:tid47492362315520][client148.72.23.9:33916][client148.72.23.9]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules:MaliciousBotBlocked$FakeMozillaUserAgentStringDetected$"][severity"CRITICAL"][hostname"www.beyondsecurity.ch"][uri"/index.php"][unique_id"X4An79szmTg2DNm15aKcOAAAABE"]\,referer:www.beyondsecurity.ch[FriOct0911:19:36.2614232020][:error][pid27471:tid47492377024256][client148.72.23.9:39558][client148.72.23.9]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$"atREQUEST_HEADERS:User-Agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"426"][id"330131"][rev"3"][msg"Atomicorp.comWAFRules	2020-10-09 18:14:08
148.72.208.210	attackspambots	bruteforce detected	2020-10-09 12:06:49
148.72.207.135	attackbotsspam	probing for vulnerabilities, found a honeypot	2020-10-08 02:26:54
148.72.207.135	attack	148.72.207.135 - - [07/Oct/2020:12:01:32 +0200] "GET /wp-login.php HTTP/1.1" 200 9184 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.207.135 - - [07/Oct/2020:12:01:35 +0200] "POST /wp-login.php HTTP/1.1" 200 9435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.207.135 - - [07/Oct/2020:12:01:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-07 18:38:00
148.72.210.140	attack	148.72.210.140 - - [01/Oct/2020:09:18:05 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.210.140 - - [01/Oct/2020:09:18:10 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.210.140 - - [01/Oct/2020:09:18:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-02 00:47:09
148.72.210.140	attackspam	148.72.210.140 - - [01/Oct/2020:09:18:05 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.210.140 - - [01/Oct/2020:09:18:10 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.210.140 - - [01/Oct/2020:09:18:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-01 16:53:59
148.72.23.247	attackbots	wp-login.php	2020-10-01 06:24:25
148.72.23.247	attackbotsspam	wp-login.php	2020-09-30 22:47:03
148.72.23.247	attack	148.72.23.247 - - [30/Sep/2020:01:10:52 -0600] "GET /wp-login.php HTTP/1.1" 301 462 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-30 15:19:06

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.2.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58448
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;148.72.2.142.			IN	A

;; AUTHORITY SECTION:
.			333	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021702 1800 900 604800 86400

;; Query time: 21 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 12:44:58 CST 2022
;; MSG SIZE  rcvd: 105

Host info

142.2.72.148.in-addr.arpa domain name pointer ip-148-72-2-142.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
142.2.72.148.in-addr.arpa	name = ip-148-72-2-142.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
207.236.200.70	attackspam	Dec 23 13:51:59 SilenceServices sshd[23640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.236.200.70 Dec 23 13:52:01 SilenceServices sshd[23640]: Failed password for invalid user johnathan from 207.236.200.70 port 57532 ssh2 Dec 23 13:57:41 SilenceServices sshd[25213]: Failed password for root from 207.236.200.70 port 33674 ssh2	2019-12-23 21:11:12
83.48.89.147	attackbots	Dec 23 13:49:09 ncomp sshd[20470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.48.89.147 user=root Dec 23 13:49:12 ncomp sshd[20470]: Failed password for root from 83.48.89.147 port 18494 ssh2 Dec 23 13:56:14 ncomp sshd[21908]: Invalid user vicenzig from 83.48.89.147	2019-12-23 20:54:35
36.26.72.16	attackbotsspam	Dec 23 15:20:30 server sshd\[31257\]: Invalid user password from 36.26.72.16 Dec 23 15:20:30 server sshd\[31257\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.26.72.16 Dec 23 15:20:32 server sshd\[31257\]: Failed password for invalid user password from 36.26.72.16 port 56988 ssh2 Dec 23 15:37:32 server sshd\[3260\]: Invalid user shoulders from 36.26.72.16 Dec 23 15:37:32 server sshd\[3260\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.26.72.16 ...	2019-12-23 20:58:38
92.123.23.66	attackspambots	firewall-block, port(s): 52740/tcp	2019-12-23 21:05:21
58.64.128.27	attackspambots	SMB Server BruteForce Attack	2019-12-23 20:50:55
182.61.14.224	attackbotsspam	Dec 23 13:13:02 v22018086721571380 sshd[4404]: Failed password for invalid user wwwrun from 182.61.14.224 port 47012 ssh2	2019-12-23 21:21:01
108.46.78.101	attack	Dec 23 07:25:06 h2177944 kernel: \[281083.777689\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=108.46.78.101 DST=85.214.117.9 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=3079 DF PROTO=TCP SPT=53780 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 Dec 23 07:25:06 h2177944 kernel: \[281083.777705\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=108.46.78.101 DST=85.214.117.9 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=3079 DF PROTO=TCP SPT=53780 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 Dec 23 07:25:07 h2177944 kernel: \[281084.762099\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=108.46.78.101 DST=85.214.117.9 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=3080 DF PROTO=TCP SPT=53780 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 Dec 23 07:25:07 h2177944 kernel: \[281084.762115\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=108.46.78.101 DST=85.214.117.9 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=3080 DF PROTO=TCP SPT=53780 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 Dec 23 07:25:09 h2177944 kernel: \[281086.760424\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=108.46.78.101 DST=85.214.11	2019-12-23 20:51:16
106.12.25.123	attack	Dec 23 07:52:35 minden010 sshd[20122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.25.123 Dec 23 07:52:38 minden010 sshd[20122]: Failed password for invalid user server from 106.12.25.123 port 47348 ssh2 Dec 23 07:58:38 minden010 sshd[22658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.25.123 ...	2019-12-23 21:02:12
79.137.72.171	attackbots	Dec 23 16:35:35 areeb-Workstation sshd[12839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.137.72.171 Dec 23 16:35:37 areeb-Workstation sshd[12839]: Failed password for invalid user boony from 79.137.72.171 port 34010 ssh2 ...	2019-12-23 21:21:59
101.227.243.56	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-23 21:04:46
186.130.73.151	attackspam	DATE:2019-12-23 07:24:39, IP:186.130.73.151, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-12-23 21:28:09
187.87.39.147	attackbots	Dec 23 12:40:07 zeus sshd[23168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.87.39.147 Dec 23 12:40:09 zeus sshd[23168]: Failed password for invalid user sabaratnam from 187.87.39.147 port 49488 ssh2 Dec 23 12:46:26 zeus sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.87.39.147 Dec 23 12:46:28 zeus sshd[23341]: Failed password for invalid user danna from 187.87.39.147 port 54062 ssh2	2019-12-23 20:59:21
128.74.168.241	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 23-12-2019 06:25:10.	2019-12-23 20:49:11
177.8.244.38	attackspam	[Aegis] @ 2019-12-23 10:55:46 0000 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	2019-12-23 20:48:45
103.22.250.194	attackbotsspam	C1,WP GET /suche/2019/wp-login.php	2019-12-23 21:25:28

Recently Reported IPs

148.72.199.121	148.72.2.5	148.72.200.194	148.72.200.43
148.72.201.126	148.72.203.39	148.72.201.96	148.72.202.227
148.72.203.16	148.72.206.18	148.72.203.58	148.72.206.194
148.72.206.237	148.72.207.110	148.72.207.215	148.72.207.218
139.198.24.29	148.72.206.75	148.72.208.118	148.72.207.78