148.72.42.23 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
148.72.42.181	attack	148.72.42.181 - - [28/Sep/2020:16:56:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:56:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:16:57:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 04:00:55
148.72.42.181	attackbotsspam	148.72.42.181 - - [28/Sep/2020:12:55:35 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2180 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [28/Sep/2020:12:55:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2225 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 20:14:35
148.72.42.181	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-28 12:18:50
148.72.42.181	attackspam	148.72.42.181 - - [23/Sep/2020:09:14:19 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-23 20:24:17
148.72.42.181	attack	148.72.42.181 - - \[23/Sep/2020:04:37:59 +0200\] "POST /wp-login.php HTTP/1.0" 200 5983 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:01 +0200\] "POST /wp-login.php HTTP/1.0" 200 5981 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[23/Sep/2020:04:38:12 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-23 12:47:39
148.72.42.181	attack	Automatic report generated by Wazuh	2020-09-23 04:32:10
148.72.42.181	attack	xmlrpc attack	2020-09-08 21:51:37
148.72.42.181	attackbotsspam	148.72.42.181 - - [08/Sep/2020:07:10:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21244 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [08/Sep/2020:07:29:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 11291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-08 13:39:25
148.72.42.181	attack	148.72.42.181 - - \[07/Sep/2020:19:39:20 +0200\] "POST /wp-login.php HTTP/1.0" 200 3152 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 3118 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.42.181 - - \[07/Sep/2020:19:39:25 +0200\] "POST /wp-login.php HTTP/1.0" 200 3113 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-09-08 06:14:29
148.72.42.181	attack	WordPress login Brute force / Web App Attack on client site.	2020-08-13 05:25:19
148.72.42.181	attackbots	148.72.42.181 - - [18/Jul/2020:04:55:20 +0100] "POST /wp-login.php HTTP/1.1" 200 2082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [18/Jul/2020:04:55:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2063 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-18 13:24:04
148.72.42.181	attack	148.72.42.181 - - [24/Jun/2020:07:34:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.42.181 - - [24/Jun/2020:07:34:58 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-24 15:32:00
148.72.42.181	attack	CMS (WordPress or Joomla) login attempt.	2020-05-13 14:49:57
148.72.42.181	attackbotsspam	Automatic report - Banned IP Access	2020-02-28 14:23:14
148.72.42.181	attackbotsspam	GET /wp-login.php HTTP/1.1	2020-02-23 01:46:37

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.42.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30712
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;148.72.42.23.			IN	A

;; AUTHORITY SECTION:
.			297	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021702 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 12:45:34 CST 2022
;; MSG SIZE  rcvd: 105

Host info

23.42.72.148.in-addr.arpa domain name pointer ip-148-72-42-23.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
23.42.72.148.in-addr.arpa	name = ip-148-72-42-23.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.52.119.91	attack	$f2bV_matches	2020-04-15 18:42:38
66.249.66.200	attack	Automatic report - Banned IP Access	2020-04-15 19:06:18
186.121.202.2	attackspambots	Apr 15 14:04:45 f sshd\[26099\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.202.2 user=root Apr 15 14:04:46 f sshd\[26099\]: Failed password for root from 186.121.202.2 port 46694 ssh2 Apr 15 14:19:19 f sshd\[26354\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.202.2 user=root ...	2020-04-15 18:29:47
115.159.220.190	attackbots	$f2bV_matches	2020-04-15 18:52:15
103.100.211.119	attackspam	Apr 15 12:34:25 plex sshd[6324]: Invalid user user from 103.100.211.119 port 38403	2020-04-15 18:57:28
159.203.175.195	attack	Apr 15 11:12:45 vps sshd[28229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.175.195 Apr 15 11:12:47 vps sshd[28229]: Failed password for invalid user admin from 159.203.175.195 port 51358 ssh2 Apr 15 11:20:08 vps sshd[28617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.175.195 ...	2020-04-15 18:32:36
61.35.4.150	attackbots	Apr 15 17:57:46 webhost01 sshd[6911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.35.4.150 Apr 15 17:57:48 webhost01 sshd[6911]: Failed password for invalid user deploy from 61.35.4.150 port 36192 ssh2 ...	2020-04-15 19:01:23
51.178.2.79	attack	2020-04-15T10:29:03.345110shield sshd\[15166\]: Invalid user tester from 51.178.2.79 port 58460 2020-04-15T10:29:03.348838shield sshd\[15166\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip79.ip-51-178-2.eu 2020-04-15T10:29:05.713881shield sshd\[15166\]: Failed password for invalid user tester from 51.178.2.79 port 58460 ssh2 2020-04-15T10:33:59.798991shield sshd\[16142\]: Invalid user stats from 51.178.2.79 port 48152 2020-04-15T10:33:59.803567shield sshd\[16142\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip79.ip-51-178-2.eu	2020-04-15 18:49:40
171.224.180.99	attackspambots	Unauthorized connection attempt detected from IP address 171.224.180.99 to port 445	2020-04-15 18:44:32
64.225.1.4	attackbots	2020-04-15 11:18:40,925 fail2ban.actions: WARNING [ssh] Ban 64.225.1.4	2020-04-15 18:37:26
213.159.213.137	attackspam	Malicious brute force vulnerability hacking attacks	2020-04-15 18:56:19
124.77.44.61	attackbots	20/4/14@23:52:47: FAIL: Alarm-Intrusion address from=124.77.44.61 ...	2020-04-15 19:00:09
113.31.114.43	attackbotsspam	Invalid user resellers from 113.31.114.43 port 45772	2020-04-15 19:01:10
106.54.86.242	attackbots	Apr 15 12:21:29 legacy sshd[25982]: Failed password for root from 106.54.86.242 port 33210 ssh2 Apr 15 12:24:23 legacy sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.86.242 Apr 15 12:24:26 legacy sshd[26081]: Failed password for invalid user user1 from 106.54.86.242 port 46876 ssh2 ...	2020-04-15 18:34:34
106.53.3.117	attack	$f2bV_matches	2020-04-15 18:45:51

Recently Reported IPs

148.72.40.124	148.72.51.54	148.72.52.146	148.72.49.146
148.72.57.157	148.72.52.24	148.72.30.21	148.72.53.238
148.72.57.49	148.72.61.200	148.72.61.248	148.72.64.121
148.72.59.29	148.72.62.240	148.72.64.189	148.72.64.60
148.72.64.168	148.72.65.7	148.72.68.11	148.72.65.118