104.248.142.173

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.142.140	attack	www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 07:08:20
104.248.142.140	attackspam	104.248.142.140 - - [22/May/2020:13:48:35 +0200] "GET /wp-login.php HTTP/1.1" 200 5865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /wp-login.php HTTP/1.1" 200 6116 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 03:02:36
104.248.142.61	attackspam	Wordpress Admin Login attack	2020-04-24 22:52:51
104.248.142.62	attackspambots	C2,DEF GET /w00tw00t.at.blackhats.romanian.anti-sec:) GET /phpMyAdmin/scripts/setup.php GET /phpmyadmin/scripts/setup.php GET /myadmin/scripts/setup.php GET /MyAdmin/scripts/setup.php	2020-04-07 13:19:45
104.248.142.140	attack	104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "GET /wp-login.php HTTP/1.1" 200 5821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "POST /wp-login.php HTTP/1.1" 200 6601 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-07 03:46:18
104.248.142.140	attackbots	CMS (WordPress or Joomla) login attempt.	2020-03-30 12:44:24
104.248.142.140	attackbots	104.248.142.140 - - [09/Mar/2020:14:06:11 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [09/Mar/2020:14:06:12 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-03-09 23:30:59
104.248.142.47	attackbots	C1,DEF GET /wp-login.php	2020-02-21 06:31:18
104.248.142.47	attack	Unauthorized connection attempt detected, IP banned.	2020-02-18 01:37:52
104.248.142.47	attack	SS5,WP GET /wp-login.php	2020-02-07 00:43:41
104.248.142.140	attackbots	104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:03 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-13 16:26:00
104.248.142.140	attack	104.248.142.140 - - \[03/Jan/2020:18:12:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:24 +0100\] "POST /wp-login.php HTTP/1.0" 200 7592 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:25 +0100\] "POST /wp-login.php HTTP/1.0" 200 7601 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-01-04 01:10:29
104.248.142.47	attack	Automatic report - XMLRPC Attack	2019-12-30 19:01:22
104.248.142.47	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-12-22 21:27:29
104.248.142.47	attackspam	fail2ban honeypot	2019-12-06 14:59:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.142.173
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.142.173.		IN	A

;; AUTHORITY SECTION:
.			334	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022040201 1800 900 604800 86400

;; Query time: 66 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 03 06:08:50 CST 2022
;; MSG SIZE  rcvd: 108

Host info

173.142.248.104.in-addr.arpa domain name pointer web.somify.s1.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
173.142.248.104.in-addr.arpa	name = web.somify.s1.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
84.21.188.192	attackspam	Registration form abuse	2020-07-05 00:47:16
93.87.73.118	attackspambots	Jul 4 14:14:54 prox sshd[12811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.87.73.118 Jul 4 14:14:57 prox sshd[12811]: Failed password for invalid user elk from 93.87.73.118 port 56103 ssh2	2020-07-05 00:17:19
122.51.32.91	attackspambots	Jul 4 14:07:23 localhost sshd\[26235\]: Invalid user scp from 122.51.32.91 Jul 4 14:07:23 localhost sshd\[26235\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.32.91 Jul 4 14:07:26 localhost sshd\[26235\]: Failed password for invalid user scp from 122.51.32.91 port 42254 ssh2 Jul 4 14:10:54 localhost sshd\[26499\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.32.91 user=root Jul 4 14:10:55 localhost sshd\[26499\]: Failed password for root from 122.51.32.91 port 59196 ssh2 ...	2020-07-05 00:15:47
164.52.24.175	attackspambots	Unauthorized connection attempt detected from IP address 164.52.24.175 to port 8088 [T]	2020-07-05 00:47:55
222.186.180.142	attack	2020-07-04T16:50:26.070049abusebot-6.cloudsearch.cf sshd[21317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.142 user=root 2020-07-04T16:50:28.751588abusebot-6.cloudsearch.cf sshd[21317]: Failed password for root from 222.186.180.142 port 56559 ssh2 2020-07-04T16:50:31.241916abusebot-6.cloudsearch.cf sshd[21317]: Failed password for root from 222.186.180.142 port 56559 ssh2 2020-07-04T16:50:26.070049abusebot-6.cloudsearch.cf sshd[21317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.142 user=root 2020-07-04T16:50:28.751588abusebot-6.cloudsearch.cf sshd[21317]: Failed password for root from 222.186.180.142 port 56559 ssh2 2020-07-04T16:50:31.241916abusebot-6.cloudsearch.cf sshd[21317]: Failed password for root from 222.186.180.142 port 56559 ssh2 2020-07-04T16:50:26.070049abusebot-6.cloudsearch.cf sshd[21317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 ...	2020-07-05 00:54:09
122.116.191.127	attack	firewall-block, port(s): 23/tcp	2020-07-05 01:00:35
103.132.98.108	attack	Jul 4 15:37:50 ip-172-31-62-245 sshd\[6530\]: Invalid user admin from 103.132.98.108\ Jul 4 15:37:51 ip-172-31-62-245 sshd\[6530\]: Failed password for invalid user admin from 103.132.98.108 port 51922 ssh2\ Jul 4 15:39:58 ip-172-31-62-245 sshd\[6621\]: Invalid user yen from 103.132.98.108\ Jul 4 15:40:00 ip-172-31-62-245 sshd\[6621\]: Failed password for invalid user yen from 103.132.98.108 port 53058 ssh2\ Jul 4 15:42:02 ip-172-31-62-245 sshd\[6630\]: Invalid user oracle2 from 103.132.98.108\	2020-07-05 00:39:01
167.172.187.179	attackbots	Jul 4 14:57:19 django-0 sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.187.179 user=root Jul 4 14:57:21 django-0 sshd[28892]: Failed password for root from 167.172.187.179 port 52950 ssh2 ...	2020-07-05 00:23:58
222.186.175.167	attack	Jul 5 00:21:01 bacztwo sshd[13818]: error: PAM: Authentication failure for root from 222.186.175.167 ...	2020-07-05 00:22:39
118.25.63.170	attackspambots	Jul 4 14:08:55 PorscheCustomer sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.63.170 Jul 4 14:08:56 PorscheCustomer sshd[30778]: Failed password for invalid user xq from 118.25.63.170 port 47598 ssh2 Jul 4 14:10:52 PorscheCustomer sshd[30804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.63.170 ...	2020-07-05 00:24:18
49.233.85.15	attack	2020-07-04T20:37:01.952265hostname sshd[7331]: Invalid user hadoop from 49.233.85.15 port 57220 2020-07-04T20:37:03.667797hostname sshd[7331]: Failed password for invalid user hadoop from 49.233.85.15 port 57220 ssh2 2020-07-04T20:40:21.644129hostname sshd[8651]: Invalid user marcelo from 49.233.85.15 port 55622 ...	2020-07-05 00:33:16
164.52.24.162	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-07-05 01:00:08
51.68.227.98	attackspam	Jul 4 16:44:38 home sshd[31566]: Failed password for root from 51.68.227.98 port 58748 ssh2 Jul 4 16:47:48 home sshd[31901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.227.98 Jul 4 16:47:50 home sshd[31901]: Failed password for invalid user ome from 51.68.227.98 port 55890 ssh2 ...	2020-07-05 00:34:31
103.205.68.2	attackspam	Unauthorized access to SSH at 4/Jul/2020:12:10:46 +0000.	2020-07-05 00:31:13
184.168.27.122	attackspambots	Automatic report - XMLRPC Attack	2020-07-05 00:23:40

Recently Reported IPs

104.248.141.64	242.20.251.106	104.248.146.161	104.248.148.151
104.248.149.222	104.248.17.104	104.248.170.214	104.248.174.4
104.248.175.99	104.248.180.21	104.248.2.216	104.248.200.146
104.248.203.37	104.248.204.51	104.248.207.138	104.248.210.82
104.248.223.66	104.248.224.48	104.248.235.212	104.248.239.199