45.148.120.150

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Sijmen Klaas Bakker

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	[Tue Apr 07 00:48:43.054737 2020] [:error] [pid 135802] [client 45.148.120.150:55588] [client 45.148.120.150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "Xov4GsTCSdcWHEV@F8KFXAAAAB8"] ...	2020-04-07 17:53:09

Type

Details

Datetime

attackspambots

[Tue Apr 07 00:48:43.054737 2020] [:error] [pid 135802] [client 45.148.120.150:55588] [client 45.148.120.150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "Xov4GsTCSdcWHEV@F8KFXAAAAB8"]
...

2020-04-07 17:53:09

Comments on same subnet:

IP	Type	Details	Datetime
45.148.120.105	attackspambots	SSH login attempts.	2020-03-20 13:29:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.148.120.150
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44629
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.148.120.150.			IN	A

;; AUTHORITY SECTION:
.			248	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040500 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 05 17:42:37 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 150.120.148.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 150.120.148.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.187.81.130	attack	Port probing on unauthorized port 5555	2020-04-20 15:05:32
111.229.43.153	attack	srv03 Mass scanning activity detected Target: 11321 ..	2020-04-20 15:39:16
171.244.50.108	attackspam	leo_www	2020-04-20 15:30:52
118.89.229.117	attackbots	$f2bV_matches	2020-04-20 15:28:49
51.254.16.233	attack	GB - - [19 Apr 2020:20:12:37 +0300] "POST wp-login.php?action=register HTTP 1.1" 302 - "-" "Mozilla 5.0 Windows NT 6.1; Win64; x64; rv:66.0 Gecko 20100101 Firefox 66.0"	2020-04-20 15:17:32
125.119.35.28	attackbotsspam	Apr 20 05:46:28 web01.agentur-b-2.de postfix/smtpd[457508]: warning: unknown[125.119.35.28]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 20 05:46:28 web01.agentur-b-2.de postfix/smtpd[457508]: lost connection after AUTH from unknown[125.119.35.28] Apr 20 05:46:35 web01.agentur-b-2.de postfix/smtpd[462307]: warning: unknown[125.119.35.28]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 20 05:46:35 web01.agentur-b-2.de postfix/smtpd[462307]: lost connection after AUTH from unknown[125.119.35.28] Apr 20 05:46:46 web01.agentur-b-2.de postfix/smtpd[457508]: warning: unknown[125.119.35.28]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-04-20 15:12:42
144.217.130.102	attackspambots	$f2bV_matches	2020-04-20 15:05:51
61.93.201.198	attackbotsspam	$f2bV_matches	2020-04-20 15:34:32
104.236.142.89	attackbotsspam	Port Scan detected from 104.236.142.89 (US/United States/California/San Francisco/-). 4 hits in the last 35 seconds	2020-04-20 15:00:08
103.145.12.24	attackspambots	[2020-04-20 01:16:41] NOTICE[1170][C-00002aa4] chan_sip.c: Call from '' (103.145.12.24:57642) to extension '01146520458214' rejected because extension not found in context 'public'. [2020-04-20 01:16:41] SECURITY[1184] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-20T01:16:41.680-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146520458214",SessionID="0x7f6c0825cda8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.24/57642",ACLName="no_extension_match" [2020-04-20 01:16:45] NOTICE[1170][C-00002aa5] chan_sip.c: Call from '' (103.145.12.24:53258) to extension '01146462607510' rejected because extension not found in context 'public'. [2020-04-20 01:16:45] SECURITY[1184] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-20T01:16:45.274-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="01146462607510",SessionID="0x7f6c082b17a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103. ...	2020-04-20 15:34:05
75.109.199.102	attackspambots	Apr 20 08:04:28 ncomp sshd[5985]: Invalid user postgres from 75.109.199.102 Apr 20 08:04:28 ncomp sshd[5985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.109.199.102 Apr 20 08:04:28 ncomp sshd[5985]: Invalid user postgres from 75.109.199.102 Apr 20 08:04:30 ncomp sshd[5985]: Failed password for invalid user postgres from 75.109.199.102 port 54515 ssh2	2020-04-20 15:21:55
217.112.142.231	attackspam	Apr 20 05:48:03 mail.srvfarm.net postfix/smtpd[1041584]: NOQUEUE: reject: RCPT from unknown[217.112.142.231]: 554 5.7.1 Service unavailable; Client host [217.112.142.231] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo= Apr 20 05:48:58 mail.srvfarm.net postfix/smtpd[1039769]: NOQUEUE: reject: RCPT from unknown[217.112.142.231]: 554 5.7.1 Service unavailable; Client host [217.112.142.231] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo= Apr 20 05:54:13 mail.srvfarm.net postfix/smtpd[1039592]: NOQUEUE: reject: RCPT from unknown[217.112.142.231]: 554 5.7.1 Service unavailable; Client host [217.112.142.231] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=	2020-04-20 15:10:34
203.195.191.249	attackspambots	$f2bV_matches	2020-04-20 15:07:35
36.148.89.82	attack	Apr 20 05:56:12 prod4 vsftpd\[31624\]: \[anonymous\] FAIL LOGIN: Client "36.148.89.82" Apr 20 05:56:16 prod4 vsftpd\[31628\]: \[www\] FAIL LOGIN: Client "36.148.89.82" Apr 20 05:56:19 prod4 vsftpd\[31630\]: \[www\] FAIL LOGIN: Client "36.148.89.82" Apr 20 05:56:25 prod4 vsftpd\[31637\]: \[www\] FAIL LOGIN: Client "36.148.89.82" Apr 20 05:56:28 prod4 vsftpd\[31642\]: \[www\] FAIL LOGIN: Client "36.148.89.82" ...	2020-04-20 15:24:27
111.229.128.136	attackspam	Apr 20 05:55:09 MainVPS sshd[10986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.128.136 user=root Apr 20 05:55:11 MainVPS sshd[10986]: Failed password for root from 111.229.128.136 port 38620 ssh2 Apr 20 05:58:43 MainVPS sshd[14039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.128.136 user=root Apr 20 05:58:44 MainVPS sshd[14039]: Failed password for root from 111.229.128.136 port 45302 ssh2 Apr 20 06:01:50 MainVPS sshd[16913]: Invalid user kv from 111.229.128.136 port 48464 ...	2020-04-20 15:25:30

Recently Reported IPs

80.82.69.249	92.93.159.255	113.10.193.92	91.229.166.135
102.177.163.16	54.183.60.180	203.73.247.91	152.136.152.105
1.112.230.37	91.79.167.81	182.79.46.46	173.160.196.36
168.118.33.223	169.99.208.75	221.12.211.181	46.61.209.131
67.83.236.56	66.14.83.66	233.219.151.33	126.120.0.105