148.72.64.245 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Port Scan: TCP/445	2019-09-14 10:41:29

Comments on same subnet:

IP	Type	Details	Datetime
148.72.64.192	attackspambots	148.72.64.192 - - [09/Oct/2020:20:05:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [09/Oct/2020:20:05:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2452 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [09/Oct/2020:20:05:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2454 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-10 04:09:07
148.72.64.192	attack	148.72.64.192 - - [09/Oct/2020:06:55:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2299 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [09/Oct/2020:06:55:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2282 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [09/Oct/2020:06:55:02 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-09 20:05:01
148.72.64.192	attackspambots	xmlrpc attack	2020-09-17 00:24:30
148.72.64.192	attack	xmlrpc attack	2020-09-16 16:40:31
148.72.64.192	attack	[munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:41 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:43 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:45 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:47 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:49 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 148.72.64.192 - - [10/Sep/2020:12:32:51 +0200] "POST /[munged]: HTTP/1.1" 200 9199 "-" "Mozilla/5.0 (X11; Ubun	2020-09-10 20:42:45
148.72.64.192	attackbots	xmlrpc attack	2020-09-10 12:29:25
148.72.64.192	attackbots	xmlrpc attack	2020-09-10 03:17:07
148.72.64.192	attack	148.72.64.192 - - [30/Aug/2020:17:55:09 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [30/Aug/2020:17:55:12 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - [30/Aug/2020:17:55:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-31 01:54:56
148.72.64.192	attack	Automatic report - XMLRPC Attack	2020-08-30 15:36:13
148.72.64.32	attackspambots	Lines containing failures of 148.72.64.32 Apr 14 19:49:56 ghostnameioc sshd[25492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.64.32 user=r.r Apr 14 19:49:58 ghostnameioc sshd[25492]: Failed password for r.r from 148.72.64.32 port 58514 ssh2 Apr 14 19:49:58 ghostnameioc sshd[25492]: Received disconnect from 148.72.64.32 port 58514:11: Bye Bye [preauth] Apr 14 19:49:58 ghostnameioc sshd[25492]: Disconnected from authenticating user r.r 148.72.64.32 port 58514 [preauth] Apr 14 19:57:08 ghostnameioc sshd[25671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.64.32 user=r.r Apr 14 19:57:09 ghostnameioc sshd[25671]: Failed password for r.r from 148.72.64.32 port 52874 ssh2 Apr 14 19:57:11 ghostnameioc sshd[25671]: Received disconnect from 148.72.64.32 port 52874:11: Bye Bye [preauth] Apr 14 19:57:11 ghostnameioc sshd[25671]: Disconnected from authenticating user r.r 148.72.64........ ------------------------------	2020-04-16 01:45:15
148.72.64.192	attack	Automatic report - XMLRPC Attack	2019-12-18 14:56:31
148.72.64.192	attack	www.xn--netzfundstckderwoche-yec.de 148.72.64.192 \[25/Oct/2019:06:45:14 +0200\] "POST /wp-login.php HTTP/1.1" 200 5662 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.xn--netzfundstckderwoche-yec.de 148.72.64.192 \[25/Oct/2019:06:45:15 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-10-25 18:54:57
148.72.64.192	attackspam	148.72.64.192 - - \[24/Oct/2019:09:42:29 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 148.72.64.192 - - \[24/Oct/2019:09:42:30 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-10-24 18:05:17
148.72.64.192	attack	fail2ban honeypot	2019-10-15 01:45:20
148.72.64.192	attackspam	WordPress login Brute force / Web App Attack on client site.	2019-09-23 22:10:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.72.64.245
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16374
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.72.64.245.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091302 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 10:41:19 CST 2019
;; MSG SIZE  rcvd: 117

Host info

245.64.72.148.in-addr.arpa domain name pointer ip-148-72-64-245.ip.secureserver.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
245.64.72.148.in-addr.arpa	name = ip-148-72-64-245.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
40.113.192.120	attackspam	2020-05-15T22:14:00.0392741495-001 sshd[63533]: Failed password for invalid user ubuntu from 40.113.192.120 port 59710 ssh2 2020-05-15T22:18:06.3873901495-001 sshd[63729]: Invalid user law from 40.113.192.120 port 40202 2020-05-15T22:18:06.3950341495-001 sshd[63729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.113.192.120 2020-05-15T22:18:06.3873901495-001 sshd[63729]: Invalid user law from 40.113.192.120 port 40202 2020-05-15T22:18:08.4931891495-001 sshd[63729]: Failed password for invalid user law from 40.113.192.120 port 40202 ssh2 2020-05-15T22:22:04.2515121495-001 sshd[63892]: Invalid user 7days from 40.113.192.120 port 48868 ...	2020-05-16 19:15:14
159.89.130.231	attack	May 16 04:42:44 piServer sshd[29970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.130.231 May 16 04:42:46 piServer sshd[29970]: Failed password for invalid user test from 159.89.130.231 port 44922 ssh2 May 16 04:46:18 piServer sshd[30388]: Failed password for root from 159.89.130.231 port 51942 ssh2 ...	2020-05-16 18:49:16
162.243.137.124	attack	Port scan(s) [2 denied]	2020-05-16 18:54:57
49.88.112.68	attackbots	Tried sshing with brute force.	2020-05-16 19:14:53
150.109.41.62	attackspam	May 16 04:45:59 legacy sshd[4199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.41.62 May 16 04:46:01 legacy sshd[4199]: Failed password for invalid user laura from 150.109.41.62 port 43106 ssh2 May 16 04:49:35 legacy sshd[4357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.41.62 ...	2020-05-16 18:39:48
223.93.185.204	attackbots	May 15 23:44:11 vps46666688 sshd[20647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.93.185.204 May 15 23:44:13 vps46666688 sshd[20647]: Failed password for invalid user vanessa from 223.93.185.204 port 57468 ssh2 ...	2020-05-16 19:04:49
67.205.135.65	attackspambots	Invalid user postgres from 67.205.135.65 port 47380	2020-05-16 18:34:52
51.89.105.174	attack	UDP 51.89.105.174:5584 -> port 65476, len 438	2020-05-16 19:10:34
46.218.85.69	attackspambots	May 16 04:37:46 vps687878 sshd\[32613\]: Failed password for invalid user test from 46.218.85.69 port 52786 ssh2 May 16 04:41:41 vps687878 sshd\[767\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.218.85.69 user=root May 16 04:41:43 vps687878 sshd\[767\]: Failed password for root from 46.218.85.69 port 56315 ssh2 May 16 04:45:44 vps687878 sshd\[1256\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.218.85.69 user=root May 16 04:45:46 vps687878 sshd\[1256\]: Failed password for root from 46.218.85.69 port 59843 ssh2 ...	2020-05-16 18:47:57
61.141.64.240	attackbotsspam	May 16 03:38:21 dev0-dcde-rnet sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.141.64.240 May 16 03:38:24 dev0-dcde-rnet sshd[4015]: Failed password for invalid user apache from 61.141.64.240 port 41380 ssh2 May 16 03:45:34 dev0-dcde-rnet sshd[4154]: Failed password for root from 61.141.64.240 port 61836 ssh2	2020-05-16 19:07:10
87.251.74.198	attackbotsspam	May 16 04:14:47 debian-2gb-nbg1-2 kernel: \[11854133.413471\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=87.251.74.198 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33315 PROTO=TCP SPT=41212 DPT=12634 WINDOW=1024 RES=0x00 SYN URGP=0	2020-05-16 19:02:22
47.52.30.46	attack	Sql/code injection probe	2020-05-16 18:37:28
2.134.176.32	attackspam	Unauthorized connection attempt from IP address 2.134.176.32 on Port 445(SMB)	2020-05-16 19:17:52
119.28.7.77	attackspambots	Invalid user veronica from 119.28.7.77 port 42790	2020-05-16 18:59:36
118.172.181.236	attackbotsspam	SSH invalid-user multiple login try	2020-05-16 19:05:36

Recently Reported IPs

148.1.186.26	101.16.64.83	0.171.113.113	210.185.134.149
95.18.154.158	251.5.192.171	232.231.98.210	81.223.138.158
92.252.165.50	142.214.107.228	205.198.216.153	255.189.5.202
153.123.157.183	53.17.166.130	31.45.174.123	91.191.221.13
199.171.189.32	86.244.44.110	132.203.122.117	78.85.48.130