162.243.128.48

Basic Info

City: San Francisco

Region: California

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	firewall-block, port(s): 40550/tcp	2020-08-04 08:31:09
attackbots	5431/tcp 435/tcp 5357/tcp... [2020-02-10/04-07]31pkt,27pt.(tcp),2pt.(udp)	2020-04-09 03:18:50
attackbots	srv.marc-hoffrichter.de:443 162.243.128.48 - - [08/Feb/2020:15:22:20 +0100] "GET / HTTP/1.1" 403 4815 "-" "Mozilla/5.0 zgrab/0.x"	2020-02-09 05:12:18

Type

Details

Datetime

attackspam

firewall-block, port(s): 40550/tcp

2020-08-04 08:31:09

attackbots

5431/tcp 435/tcp 5357/tcp...
[2020-02-10/04-07]31pkt,27pt.(tcp),2pt.(udp)

2020-04-09 03:18:50

attackbots

srv.marc-hoffrichter.de:443 162.243.128.48 - - [08/Feb/2020:15:22:20 +0100] "GET / HTTP/1.1" 403 4815 "-" "Mozilla/5.0 zgrab/0.x"

2020-02-09 05:12:18

Comments on same subnet:

IP	Type	Details	Datetime
162.243.128.132	attackbotsspam	SP-Scan 43646:9042 detected 2020.10.13 21:22:22 blocked until 2020.12.02 13:25:09	2020-10-14 07:02:01
162.243.128.189	attack	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-13 02:32:26
162.243.128.189	attackspambots	Port scanning [3 denied]	2020-10-12 17:58:27
162.243.128.12	attackbotsspam	TCP port : 631	2020-10-12 03:55:08
162.243.128.133	attackspambots	7210/tcp 1521/tcp 8090/tcp... [2020-08-21/10-10]28pkt,26pt.(tcp),1pt.(udp)	2020-10-12 02:41:08
162.243.128.71	attackspam	50000/tcp 1527/tcp 4567/tcp... [2020-08-21/10-11]23pkt,21pt.(tcp),1pt.(udp)	2020-10-12 01:26:02
162.243.128.12	attack	TCP port : 631	2020-10-11 19:51:16
162.243.128.133	attack	HTTP_USER_AGENT Mozilla/5.0 zgrab/0.x	2020-10-11 18:32:12
162.243.128.71	attack	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-11 17:16:50
162.243.128.127	attackbots	scans once in preceeding hours on the ports (in chronological order) 1434 resulting in total of 6 scans from 162.243.0.0/16 block.	2020-10-10 22:07:07
162.243.128.127	attack	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-10 13:59:54
162.243.128.94	attack	TCP port : 631	2020-10-09 06:31:46
162.243.128.176	attack	firewall-block, port(s): 26/tcp	2020-10-09 05:24:23
162.243.128.251	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-09 03:19:05
162.243.128.94	attackspam	TCP port : 631	2020-10-08 22:52:56

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 162.243.128.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29161
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;162.243.128.48.			IN	A

;; AUTHORITY SECTION:
.			521	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020800 1800 900 604800 86400

;; Query time: 737 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 09 05:12:14 CST 2020
;; MSG SIZE  rcvd: 118

Host info

48.128.243.162.in-addr.arpa domain name pointer zg-0131a-172.stretchoid.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
48.128.243.162.in-addr.arpa	name = zg-0131a-172.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
128.199.212.15	attackspam	Sep 22 18:12:15 XXXXXX sshd[19443]: Invalid user 12345 from 128.199.212.15 port 55036	2020-09-23 03:16:36
106.75.79.172	attackbotsspam	Sep 22 15:32:56 dev postfix/anvil\[18903\]: statistics: max connection rate 1/60s for \(submission:106.75.79.172\) at Sep 22 15:29:18 ...	2020-09-23 03:21:41
95.156.252.94	attack	RDP Brute-Force (honeypot 12)	2020-09-23 02:59:33
188.165.228.82	attackspam	Sep 22 18:39:13 10.23.102.230 wordpress(www.ruhnke.cloud)[41092]: Blocked authentication attempt for admin from 188.165.228.82 ...	2020-09-23 03:18:39
37.59.45.216	attackbots	106 attacks over the last 10 minutes. Below is a sample of these recent attacks: September 21, 2020 4:22pm 37.59.45.216 (France) Blocked because the IP is blacklisted September 21, 2020 4:22pm 37.59.45.216 (France) Blocked because the IP is blacklisted September 21, 2020 4:22pm 37.59.45.216 (France) Blocked because the IP is blacklisted September 21, 2020 4:22pm 37.59.45.216 (France) Blocked because the IP is blacklisted September 21, 2020 4:22pm 37.59.45.216 (France) Blocked	2020-09-23 02:51:18
106.13.63.120	attack	Sep 21 23:20:49 ip-172-31-16-56 sshd\[16633\]: Invalid user test from 106.13.63.120\ Sep 21 23:20:51 ip-172-31-16-56 sshd\[16633\]: Failed password for invalid user test from 106.13.63.120 port 50312 ssh2\ Sep 21 23:25:04 ip-172-31-16-56 sshd\[16724\]: Invalid user stunnel from 106.13.63.120\ Sep 21 23:25:06 ip-172-31-16-56 sshd\[16724\]: Failed password for invalid user stunnel from 106.13.63.120 port 59322 ssh2\ Sep 21 23:29:23 ip-172-31-16-56 sshd\[16784\]: Failed password for root from 106.13.63.120 port 40066 ssh2\	2020-09-23 03:23:16
114.246.34.150	attack	1433/tcp [2020-09-22]1pkt	2020-09-23 03:22:43
23.101.196.5	attackbotsspam	Sep 19 19:03:29 host sshd[5007]: Invalid user user from 23.101.196.5 port 38604	2020-09-23 03:14:35
129.144.9.93	attack	Sep 22 22:01:48 root sshd[31976]: Invalid user benjamin from 129.144.9.93 ...	2020-09-23 03:16:11
223.17.161.175	attack	Sep 22 19:03:20 vps639187 sshd\[1083\]: Invalid user ubuntu from 223.17.161.175 port 57015 Sep 22 19:03:20 vps639187 sshd\[1083\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.17.161.175 Sep 22 19:03:22 vps639187 sshd\[1083\]: Failed password for invalid user ubuntu from 223.17.161.175 port 57015 ssh2 ...	2020-09-23 02:47:26
193.93.62.130	attackbotsspam	RDP Bruteforce	2020-09-23 02:58:17
212.70.149.4	attackbots	2020-09-22 21:59:49 dovecot_login authenticator failed for \(User\) \[212.70.149.4\]: 535 Incorrect authentication data \(set_id=server2@org.ua\)2020-09-22 22:02:50 dovecot_login authenticator failed for \(User\) \[212.70.149.4\]: 535 Incorrect authentication data \(set_id=syslog@org.ua\)2020-09-22 22:05:51 dovecot_login authenticator failed for \(User\) \[212.70.149.4\]: 535 Incorrect authentication data \(set_id=donny@org.ua\) ...	2020-09-23 03:07:33
62.210.177.248	attack	blocked by the Wordfence Security Network at //xmlrpc.php	2020-09-23 03:07:19
114.33.20.197	attack	TCP (SYN) 114.33.20.197:32258 -> port 23, len 40	2020-09-23 02:51:05
191.239.249.47	attackbotsspam	191.239.249.47 (BR/Brazil/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 22 12:52:02 server2 sshd[6705]: Failed password for root from 221.130.29.58 port 58387 ssh2 Sep 22 12:51:42 server2 sshd[6616]: Failed password for root from 103.40.248.203 port 36796 ssh2 Sep 22 12:52:00 server2 sshd[6705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.130.29.58 user=root Sep 22 12:51:39 server2 sshd[6616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.248.203 user=root Sep 22 12:51:06 server2 sshd[5016]: Failed password for root from 62.234.78.62 port 52558 ssh2 Sep 22 12:55:21 server2 sshd[10897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.239.249.47 user=root IP Addresses Blocked: 221.130.29.58 (CN/China/-) 103.40.248.203 (CN/China/-) 62.234.78.62 (CN/China/-)	2020-09-23 02:51:59

Recently Reported IPs

3.30.8.6	157.41.190.242	7.24.84.49	223.14.61.2
113.234.172.246	216.161.162.177	217.255.244.92	41.109.47.26
140.143.88.129	61.139.163.33	70.21.243.167	27.59.80.8
146.236.39.45	62.152.32.104	162.123.30.28	72.137.87.177
5.85.236.142	113.53.46.234	178.137.221.61	110.29.3.182