45.252.248.138

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: AZDIGI Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	xmlrpc attack	2019-11-01 20:07:48

Comments on same subnet:

IP	Type	Details	Datetime
45.252.248.16	attackspam	45.252.248.16 - - [24/Jun/2020:14:05:52 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 45.252.248.16 - - [24/Jun/2020:14:05:54 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" ...	2020-06-25 00:08:23
45.252.248.16	attackspam	MYH,DEF GET /wp-login.php GET /wp-login.php	2020-06-04 22:57:18
45.252.248.13	attack	REQUESTED PAGE: /wp-login.php	2020-05-09 05:24:23
45.252.248.23	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-04 20:52:57
45.252.248.23	attackspam	Apr 4 01:56:35 karger wordpress(buerg)[4145]: Authentication attempt for unknown user domi from 45.252.248.23 Apr 4 03:37:01 karger wordpress(buerg)[4145]: Authentication attempt for unknown user domi from 45.252.248.23 ...	2020-04-04 09:57:10
45.252.248.23	attackbots	fail2ban/45.252.248.23 - - [02/Apr/2020:21:42:33 +0000] "POST /wp-login.php HTTP/1.0" 200 9822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.23 - - [02/Apr/2020:21:46:22 +0000] "POST /wp-login.php HTTP/1.0" 200 9852 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.23 - - [02/Apr/2020:21:51:39 +0000] "POST /wp-login.php HTTP/1.0" 200 9823 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-03 07:02:49
45.252.248.23	attack	WordPress login Brute force / Web App Attack on client site.	2020-03-24 07:30:36
45.252.248.23	attack	php WP PHPmyadamin ABUSE blocked for 12h	2020-03-11 00:41:35
45.252.248.18	attack	REQUESTED PAGE: /wp-login.php	2020-02-23 00:35:18
45.252.248.18	attack	45.252.248.18 - - \[21/Feb/2020:05:54:47 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - \[21/Feb/2020:05:54:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 7768 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - \[21/Feb/2020:05:54:54 +0100\] "POST /wp-login.php HTTP/1.0" 200 7634 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-02-21 16:08:44
45.252.248.18	attackspam	45.252.248.18 - - [20/Jan/2020:04:57:59 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - [20/Jan/2020:04:58:02 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-20 14:18:14
45.252.248.189	attackspam	Invalid user admin from 45.252.248.189 port 49318	2020-01-18 22:22:01
45.252.248.18	attackspam	WordPress wp-login brute force :: 45.252.248.18 0.080 BYPASS [10/Jan/2020:08:50:19 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-10 17:28:00
45.252.248.161	attack	Wordpress bruteforce	2019-10-08 04:25:39
45.252.248.161	attack	Automatic report - Banned IP Access	2019-09-24 21:11:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.252.248.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51027
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.252.248.138.			IN	A

;; AUTHORITY SECTION:
.			186	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110100 1800 900 604800 86400

;; Query time: 384 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Nov 01 20:07:38 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 138.248.252.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 138.248.252.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
62.234.122.141	attackspam	Dec 9 01:12:43 srv206 sshd[22526]: Invalid user postgres from 62.234.122.141 ...	2019-12-09 08:29:17
27.154.225.186	attack	SSH bruteforce	2019-12-09 07:56:19
104.177.180.24	attackbots	Dec 9 01:12:49 herz-der-gamer sshd[683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.177.180.24 user=backup Dec 9 01:12:51 herz-der-gamer sshd[683]: Failed password for backup from 104.177.180.24 port 54870 ssh2 ...	2019-12-09 08:22:07
90.178.139.0	attack	(pop3d) Failed POP3 login from 90.178.139.0 (CZ/Czechia/0.139.broadband11.iol.cz): 10 in the last 3600 secs	2019-12-09 08:02:24
106.12.33.50	attackspambots	Dec 8 23:59:01 MK-Soft-VM8 sshd[23935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.33.50 Dec 8 23:59:04 MK-Soft-VM8 sshd[23935]: Failed password for invalid user parson from 106.12.33.50 port 56578 ssh2 ...	2019-12-09 08:03:37
24.121.219.54	attack	Dec 9 01:12:49 grey postfix/smtpd\[23079\]: NOQUEUE: reject: RCPT from unknown\[24.121.219.54\]: 554 5.7.1 Service unavailable\; Client host \[24.121.219.54\] blocked using bl.spamcop.net\; Blocked - see https://www.spamcop.net/bl.shtml\?24.121.219.54\; from=\ to=\ proto=ESMTP helo=\<24-121-219-54.erkacmtk02.com.sta.suddenlink.net\> ...	2019-12-09 08:24:50
69.181.180.81	attackspam	2019-12-09T00:12:59.080998abusebot.cloudsearch.cf sshd\[3815\]: Invalid user wl from 69.181.180.81 port 44066 2019-12-09T00:12:59.086699abusebot.cloudsearch.cf sshd\[3815\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-69-181-180-81.hsd1.ca.comcast.net	2019-12-09 08:15:02
183.82.145.214	attack	Dec 9 06:31:20 webhost01 sshd[18105]: Failed password for root from 183.82.145.214 port 50524 ssh2 ...	2019-12-09 07:52:35
203.195.171.126	attackspam	Dec 9 02:02:38 pkdns2 sshd\[11574\]: Invalid user mariadb from 203.195.171.126Dec 9 02:02:40 pkdns2 sshd\[11574\]: Failed password for invalid user mariadb from 203.195.171.126 port 33667 ssh2Dec 9 02:05:58 pkdns2 sshd\[11802\]: Invalid user admin from 203.195.171.126Dec 9 02:06:00 pkdns2 sshd\[11802\]: Failed password for invalid user admin from 203.195.171.126 port 50835 ssh2Dec 9 02:09:29 pkdns2 sshd\[11986\]: Invalid user password from 203.195.171.126Dec 9 02:09:32 pkdns2 sshd\[11986\]: Failed password for invalid user password from 203.195.171.126 port 39790 ssh2 ...	2019-12-09 08:12:25
111.231.66.135	attackspam	Dec 8 18:29:11 linuxvps sshd\[39297\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.66.135 user=root Dec 8 18:29:14 linuxvps sshd\[39297\]: Failed password for root from 111.231.66.135 port 33530 ssh2 Dec 8 18:35:16 linuxvps sshd\[43403\]: Invalid user templates from 111.231.66.135 Dec 8 18:35:16 linuxvps sshd\[43403\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.66.135 Dec 8 18:35:18 linuxvps sshd\[43403\]: Failed password for invalid user templates from 111.231.66.135 port 35486 ssh2	2019-12-09 07:53:02
111.26.20.2	attack	RDP Brute-Force (Grieskirchen RZ2)	2019-12-09 08:21:39
110.43.42.244	attack	Dec 9 00:35:43 vps691689 sshd[20827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.43.42.244 Dec 9 00:35:45 vps691689 sshd[20827]: Failed password for invalid user server from 110.43.42.244 port 36724 ssh2 ...	2019-12-09 07:50:13
74.115.140.250	attackbots	2019-12-08T23:49:33.406140abusebot-4.cloudsearch.cf sshd\[27410\]: Invalid user 123456 from 74.115.140.250 port 41176	2019-12-09 08:11:41
119.226.30.54	attackbotsspam	Dec 9 05:18:12 vibhu-HP-Z238-Microtower-Workstation sshd\[14214\]: Invalid user stolp from 119.226.30.54 Dec 9 05:18:12 vibhu-HP-Z238-Microtower-Workstation sshd\[14214\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.226.30.54 Dec 9 05:18:14 vibhu-HP-Z238-Microtower-Workstation sshd\[14214\]: Failed password for invalid user stolp from 119.226.30.54 port 47701 ssh2 Dec 9 05:25:14 vibhu-HP-Z238-Microtower-Workstation sshd\[14731\]: Invalid user khung from 119.226.30.54 Dec 9 05:25:14 vibhu-HP-Z238-Microtower-Workstation sshd\[14731\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.226.30.54 ...	2019-12-09 07:59:08
86.110.180.50	attack	Dec 8 23:28:21 hcbbdb sshd\[7775\]: Invalid user zainuddin from 86.110.180.50 Dec 8 23:28:21 hcbbdb sshd\[7775\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.110.180.50 Dec 8 23:28:24 hcbbdb sshd\[7775\]: Failed password for invalid user zainuddin from 86.110.180.50 port 57194 ssh2 Dec 8 23:34:15 hcbbdb sshd\[8448\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.110.180.50 user=root Dec 8 23:34:17 hcbbdb sshd\[8448\]: Failed password for root from 86.110.180.50 port 33516 ssh2	2019-12-09 07:51:11

Recently Reported IPs

170.6.116.189	46.169.180.104	206.51.169.234	21.231.23.76
247.57.184.247	211.255.130.51	38.12.53.46	15.130.233.241
104.126.227.163	171.44.67.156	249.165.53.119	217.251.72.42
4.65.115.152	8.137.188.152	145.2.81.88	194.236.10.145
71.147.52.24	138.160.219.126	23.169.205.66	50.220.10.115