JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 148.72.1.90

148.72.1.90 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 21%: ?

21%

ISP	GoDaddy.com, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS398101
Hostname(s)	90.1.72.148.host.secureserver.net
Domain Name	godaddy.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 148.72.1.90

Whois 148.72.1.90

IP Abuse Reports for 148.72.1.90:

This IP address has been reported a total of 8 times from 7 distinct sources. 148.72.1.90 was first reported on April 23rd 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 octageeks.com	2026-04-29 04:06:49 (1 month ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 dtorrer	2026-04-28 10:15:38 (1 month ago)	Forged login request.	Brute-Force
🇺🇸 NicoID	2026-04-26 00:14:42 (1 month ago)	148.72.1.90 - - [25/Apr/2026:02:09:01 -0600] "GET / HTTP/2.0" 301 210 "https://boiseom.com/wp-login. ... show more 148.72.1.90 - - [25/Apr/2026:02:09:01 -0600] "GET / HTTP/2.0" 301 210 "https://boiseom.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; EIE10;ENGBMSN; rv:11.0) like Gecko" ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-25 15:45:27 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 148.72.1.90 (90.1.72.148.host.secureserver.net) ... show more (mod_security) mod_security (id:225170) triggered by 148.72.1.90 (90.1.72.148.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 11:45:19.324381 2026] [security2:error] [pid 8384:tid 8384] [client 148.72.1.90:34996] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fetchamreadingroom.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fetchamreadingroom.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aezhj49kj-_h3Ii57SA4fwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-24 15:19:35 (1 month ago)	148.72.1.90 - - [24/Apr/2026:09:19:35 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (W ... show more 148.72.1.90 - - [24/Apr/2026:09:19:35 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 16:10:54 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 148.72.1.90 (90.1.72.148.host.secureserver.net) ... show more (mod_security) mod_security (id:225170) triggered by 148.72.1.90 (90.1.72.148.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 12:10:50.436821 2026] [security2:error] [pid 15992:tid 15992] [client 148.72.1.90:29366] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|crittergetterpestcontrol.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "crittergetterpestcontrol.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aepEigQYifxAhRTmxzRvqwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-04-23 16:06:21 (1 month ago)	Xmlrpc Caught (7)	Brute-Force Web App Attack
🇩🇪 london2038.com	2026-04-23 08:09:31 (1 month ago)	Attacking WordPress 148.72.1.90 - - [23/Apr/2026:10:09:28 +0200] "POST /wp-login.php HTTP/2.0" 503 1 ... show more Attacking WordPress 148.72.1.90 - - [23/Apr/2026:10:09:28 +0200] "POST /wp-login.php HTTP/2.0" 503 19289 "https://<REDACTED>/wp-login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)" show less	Brute-Force Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.145

🇧🇷 179.111.150.61

🇳🇱 176.65.148.92

🇺🇸 172.190.13.234

🇮🇳 106.0.40.245

🇬🇧 104.194.140.104

🇩🇪 62.54.176.203

🇭🇰 47.76.49.98

🇮🇳 38.134.139.33

🇧🇷 20.197.197.158

🇧🇷 189.50.35.2

🇺🇸 162.243.124.89

🇨🇳 101.64.156.230

🇷🇴 80.94.92.171

🇸🇬 35.240.174.82

🇮🇹 5.89.75.194

🇺🇸 216.180.246.188

🇬🇧 213.166.84.53

🇫🇮 193.23.200.187

🇳🇴 185.12.59.117