45.252.248.138

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: AZDIGI Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	xmlrpc attack	2019-11-01 20:07:48

Comments on same subnet:

IP	Type	Details	Datetime
45.252.248.16	attackspam	45.252.248.16 - - [24/Jun/2020:14:05:52 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 45.252.248.16 - - [24/Jun/2020:14:05:54 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" ...	2020-06-25 00:08:23
45.252.248.16	attackspam	MYH,DEF GET /wp-login.php GET /wp-login.php	2020-06-04 22:57:18
45.252.248.13	attack	REQUESTED PAGE: /wp-login.php	2020-05-09 05:24:23
45.252.248.23	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-04 20:52:57
45.252.248.23	attackspam	Apr 4 01:56:35 karger wordpress(buerg)[4145]: Authentication attempt for unknown user domi from 45.252.248.23 Apr 4 03:37:01 karger wordpress(buerg)[4145]: Authentication attempt for unknown user domi from 45.252.248.23 ...	2020-04-04 09:57:10
45.252.248.23	attackbots	fail2ban/45.252.248.23 - - [02/Apr/2020:21:42:33 +0000] "POST /wp-login.php HTTP/1.0" 200 9822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.23 - - [02/Apr/2020:21:46:22 +0000] "POST /wp-login.php HTTP/1.0" 200 9852 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.23 - - [02/Apr/2020:21:51:39 +0000] "POST /wp-login.php HTTP/1.0" 200 9823 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-03 07:02:49
45.252.248.23	attack	WordPress login Brute force / Web App Attack on client site.	2020-03-24 07:30:36
45.252.248.23	attack	php WP PHPmyadamin ABUSE blocked for 12h	2020-03-11 00:41:35
45.252.248.18	attack	REQUESTED PAGE: /wp-login.php	2020-02-23 00:35:18
45.252.248.18	attack	45.252.248.18 - - \[21/Feb/2020:05:54:47 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - \[21/Feb/2020:05:54:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 7768 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - \[21/Feb/2020:05:54:54 +0100\] "POST /wp-login.php HTTP/1.0" 200 7634 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-02-21 16:08:44
45.252.248.18	attackspam	45.252.248.18 - - [20/Jan/2020:04:57:59 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 45.252.248.18 - - [20/Jan/2020:04:58:02 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-20 14:18:14
45.252.248.189	attackspam	Invalid user admin from 45.252.248.189 port 49318	2020-01-18 22:22:01
45.252.248.18	attackspam	WordPress wp-login brute force :: 45.252.248.18 0.080 BYPASS [10/Jan/2020:08:50:19 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-10 17:28:00
45.252.248.161	attack	Wordpress bruteforce	2019-10-08 04:25:39
45.252.248.161	attack	Automatic report - Banned IP Access	2019-09-24 21:11:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 45.252.248.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51027
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;45.252.248.138.			IN	A

;; AUTHORITY SECTION:
.			186	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110100 1800 900 604800 86400

;; Query time: 384 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Nov 01 20:07:38 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 138.248.252.45.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 138.248.252.45.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
133.130.113.206	attackspam	Apr 2 21:46:04 game-panel sshd[6335]: Failed password for root from 133.130.113.206 port 39714 ssh2 Apr 2 21:53:06 game-panel sshd[6586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.113.206 Apr 2 21:53:08 game-panel sshd[6586]: Failed password for invalid user user from 133.130.113.206 port 60844 ssh2	2020-04-03 06:05:35
95.170.202.18	attack	ssh brute force, port scan	2020-04-03 05:45:33
101.91.114.27	attackspambots	Mar 31 13:20:15 yesfletchmain sshd\[7703\]: Invalid user so from 101.91.114.27 port 41708 Mar 31 13:20:15 yesfletchmain sshd\[7703\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.114.27 Mar 31 13:20:17 yesfletchmain sshd\[7703\]: Failed password for invalid user so from 101.91.114.27 port 41708 ssh2 Mar 31 13:24:53 yesfletchmain sshd\[7850\]: User root from 101.91.114.27 not allowed because not listed in AllowUsers Mar 31 13:24:53 yesfletchmain sshd\[7850\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.114.27 user=root ...	2020-04-03 05:43:47
209.105.243.145	attackspambots	SASL PLAIN auth failed: ruser=...	2020-04-03 06:16:20
106.13.175.210	attackbotsspam	Apr 2 15:05:39 sip sshd[27768]: Failed password for root from 106.13.175.210 port 38766 ssh2 Apr 2 15:18:26 sip sshd[30965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.175.210 Apr 2 15:18:28 sip sshd[30965]: Failed password for invalid user mercube from 106.13.175.210 port 48512 ssh2	2020-04-03 05:42:20
177.44.168.146	attack	Invalid user cpx from 177.44.168.146 port 48793	2020-04-03 06:18:34
185.176.27.174	attack	04/02/2020-17:07:57.256890 185.176.27.174 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-04-03 05:42:03
222.186.175.163	attackbotsspam	Apr 2 23:53:11 legacy sshd[24663]: Failed password for root from 222.186.175.163 port 32996 ssh2 Apr 2 23:53:14 legacy sshd[24663]: Failed password for root from 222.186.175.163 port 32996 ssh2 Apr 2 23:53:18 legacy sshd[24663]: Failed password for root from 222.186.175.163 port 32996 ssh2 Apr 2 23:53:21 legacy sshd[24663]: Failed password for root from 222.186.175.163 port 32996 ssh2 ...	2020-04-03 05:57:32
111.231.33.135	attackbots	Apr 2 23:48:04 eventyay sshd[15044]: Failed password for root from 111.231.33.135 port 45618 ssh2 Apr 2 23:50:34 eventyay sshd[15138]: Failed password for root from 111.231.33.135 port 48950 ssh2 ...	2020-04-03 06:10:35
58.37.230.85	attack	IP blocked	2020-04-03 06:03:03
124.30.44.214	attack	Aug 12 20:01:21 yesfletchmain sshd\[9566\]: Invalid user git from 124.30.44.214 port 19803 Aug 12 20:01:21 yesfletchmain sshd\[9566\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.30.44.214 Aug 12 20:01:23 yesfletchmain sshd\[9566\]: Failed password for invalid user git from 124.30.44.214 port 19803 ssh2 Aug 12 20:06:35 yesfletchmain sshd\[9636\]: Invalid user gitblit from 124.30.44.214 port 18327 Aug 12 20:06:35 yesfletchmain sshd\[9636\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.30.44.214 ...	2020-04-03 05:48:55
218.92.0.138	attackspambots	Apr 3 00:00:29 server sshd[36647]: Failed none for root from 218.92.0.138 port 29538 ssh2 Apr 3 00:00:32 server sshd[36647]: Failed password for root from 218.92.0.138 port 29538 ssh2 Apr 3 00:00:35 server sshd[36647]: Failed password for root from 218.92.0.138 port 29538 ssh2	2020-04-03 06:14:41
49.234.207.124	attackspam	Apr 2 09:11:49 main sshd[19607]: Failed password for invalid user admin from 49.234.207.124 port 44188 ssh2 Apr 2 09:45:40 main sshd[20202]: Failed password for invalid user uk from 49.234.207.124 port 51648 ssh2 Apr 2 09:56:21 main sshd[20369]: Failed password for invalid user saku from 49.234.207.124 port 33688 ssh2 Apr 2 10:01:18 main sshd[20465]: Failed password for invalid user kafka from 49.234.207.124 port 38812 ssh2 Apr 2 10:27:15 main sshd[20947]: Failed password for invalid user pma from 49.234.207.124 port 36100 ssh2 Apr 2 10:31:34 main sshd[21013]: Failed password for invalid user uj from 49.234.207.124 port 41190 ssh2 Apr 2 11:00:35 main sshd[21497]: Failed password for invalid user user2 from 49.234.207.124 port 43478 ssh2 Apr 2 11:11:34 main sshd[21775]: Failed password for invalid user ts3 from 49.234.207.124 port 53734 ssh2	2020-04-03 05:50:32
185.103.51.85	attack	SASL PLAIN auth failed: ruser=...	2020-04-03 06:12:32
167.114.156.183	attackspam	Apr 2 22:52:52 combo sshd[15619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.156.183 user=bin Apr 2 22:52:54 combo sshd[15619]: Failed password for bin from 167.114.156.183 port 41235 ssh2 Apr 2 22:52:54 combo sshd[15629]: Invalid user localhost from 167.114.156.183 port 44756 ...	2020-04-03 06:15:10

Recently Reported IPs

170.6.116.189	46.169.180.104	206.51.169.234	21.231.23.76
247.57.184.247	211.255.130.51	38.12.53.46	15.130.233.241
104.126.227.163	171.44.67.156	249.165.53.119	217.251.72.42
4.65.115.152	8.137.188.152	145.2.81.88	194.236.10.145
71.147.52.24	138.160.219.126	23.169.205.66	50.220.10.115