104.248.142.156

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.142.140	attack	www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 07:08:20
104.248.142.140	attackspam	104.248.142.140 - - [22/May/2020:13:48:35 +0200] "GET /wp-login.php HTTP/1.1" 200 5865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /wp-login.php HTTP/1.1" 200 6116 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 03:02:36
104.248.142.61	attackspam	Wordpress Admin Login attack	2020-04-24 22:52:51
104.248.142.62	attackspambots	C2,DEF GET /w00tw00t.at.blackhats.romanian.anti-sec:) GET /phpMyAdmin/scripts/setup.php GET /phpmyadmin/scripts/setup.php GET /myadmin/scripts/setup.php GET /MyAdmin/scripts/setup.php	2020-04-07 13:19:45
104.248.142.140	attack	104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "GET /wp-login.php HTTP/1.1" 200 5821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "POST /wp-login.php HTTP/1.1" 200 6601 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-07 03:46:18
104.248.142.140	attackbots	CMS (WordPress or Joomla) login attempt.	2020-03-30 12:44:24
104.248.142.140	attackbots	104.248.142.140 - - [09/Mar/2020:14:06:11 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [09/Mar/2020:14:06:12 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-03-09 23:30:59
104.248.142.47	attackbots	C1,DEF GET /wp-login.php	2020-02-21 06:31:18
104.248.142.47	attack	Unauthorized connection attempt detected, IP banned.	2020-02-18 01:37:52
104.248.142.47	attack	SS5,WP GET /wp-login.php	2020-02-07 00:43:41
104.248.142.140	attackbots	104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:03 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-13 16:26:00
104.248.142.140	attack	104.248.142.140 - - \[03/Jan/2020:18:12:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:24 +0100\] "POST /wp-login.php HTTP/1.0" 200 7592 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:25 +0100\] "POST /wp-login.php HTTP/1.0" 200 7601 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-01-04 01:10:29
104.248.142.47	attack	Automatic report - XMLRPC Attack	2019-12-30 19:01:22
104.248.142.47	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-12-22 21:27:29
104.248.142.47	attackspam	fail2ban honeypot	2019-12-06 14:59:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.142.156
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36433
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.142.156.		IN	A

;; AUTHORITY SECTION:
.			327	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022500 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 25 20:23:40 CST 2022
;; MSG SIZE  rcvd: 108

Host info

Host 156.142.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 156.142.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
94.191.47.31	attackbots	Nov 17 00:12:52 ny01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.47.31 Nov 17 00:12:54 ny01 sshd[15458]: Failed password for invalid user named from 94.191.47.31 port 43114 ssh2 Nov 17 00:17:50 ny01 sshd[15917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.47.31	2019-11-17 13:24:12
185.176.27.6	attackbotsspam	Nov 17 06:09:15 mc1 kernel: \[5253618.678028\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.6 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=39636 PROTO=TCP SPT=45486 DPT=27681 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 17 06:18:02 mc1 kernel: \[5254145.617775\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.6 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54456 PROTO=TCP SPT=45486 DPT=13948 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 17 06:19:01 mc1 kernel: \[5254204.507101\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.6 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1490 PROTO=TCP SPT=45486 DPT=17585 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-11-17 13:22:54
178.32.161.90	attack	Nov 17 05:22:32 web8 sshd\[18279\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.32.161.90 user=root Nov 17 05:22:35 web8 sshd\[18279\]: Failed password for root from 178.32.161.90 port 37618 ssh2 Nov 17 05:26:12 web8 sshd\[20649\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.32.161.90 user=man Nov 17 05:26:14 web8 sshd\[20649\]: Failed password for man from 178.32.161.90 port 56515 ssh2 Nov 17 05:30:15 web8 sshd\[22501\]: Invalid user pcap from 178.32.161.90 Nov 17 05:30:15 web8 sshd\[22501\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.32.161.90	2019-11-17 13:39:40
58.248.235.38	attack	Nov 17 05:58:31 vmd26974 sshd[28734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.248.235.38 Nov 17 05:58:32 vmd26974 sshd[28734]: Failed password for invalid user hadoop from 58.248.235.38 port 2234 ssh2 ...	2019-11-17 13:07:17
128.199.129.68	attack	Automatic report - Banned IP Access	2019-11-17 13:08:07
60.29.241.2	attackbotsspam	2019-11-17T05:31:20.131049abusebot-6.cloudsearch.cf sshd\[13980\]: Invalid user gaowen from 60.29.241.2 port 53515	2019-11-17 13:39:03
36.36.200.181	attackspambots	Fail2Ban - SSH Bruteforce Attempt	2019-11-17 13:38:16
123.138.18.11	attack	2019-11-17T05:30:23.297946abusebot.cloudsearch.cf sshd\[17408\]: Invalid user sexsex from 123.138.18.11 port 45932	2019-11-17 13:37:01
60.185.71.147	attackspam	badbot	2019-11-17 13:26:57
66.85.188.242	attackspambots	Automatic report - XMLRPC Attack	2019-11-17 13:15:16
142.44.160.214	attackbots	Nov 17 07:49:19 server sshd\[12587\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=214.ip-142-44-160.net user=root Nov 17 07:49:22 server sshd\[12587\]: Failed password for root from 142.44.160.214 port 50610 ssh2 Nov 17 08:00:30 server sshd\[15856\]: Invalid user mayako from 142.44.160.214 Nov 17 08:00:30 server sshd\[15856\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=214.ip-142-44-160.net Nov 17 08:00:32 server sshd\[15856\]: Failed password for invalid user mayako from 142.44.160.214 port 58585 ssh2 ...	2019-11-17 13:20:21
188.93.231.151	attack	Automatic report - XMLRPC Attack	2019-11-17 13:35:36
123.207.79.126	attackspambots	Nov 17 09:54:14 gw1 sshd[14550]: Failed password for root from 123.207.79.126 port 45368 ssh2 Nov 17 09:58:28 gw1 sshd[14643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.79.126 ...	2019-11-17 13:08:31
118.168.73.103	attack	Telnet Server BruteForce Attack	2019-11-17 13:46:14
181.10.135.221	attack	spam, scanner BC	2019-11-17 13:43:04

Recently Reported IPs

104.248.141.92	104.248.142.172	104.248.142.165	104.248.142.152
101.109.59.149	104.248.142.241	104.248.142.178	104.248.143.13
104.248.144.235	104.248.144.52	104.248.145.100	104.248.145.161
104.248.145.233	104.248.145.250	4.202.128.255	104.248.145.206
104.248.145.242	104.248.145.60	104.248.145.6	104.248.146.100