104.248.142.213

Basic Info

City: Frankfurt am Main

Region: Hesse

Country: Germany

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.142.140	attack	www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 07:08:20
104.248.142.140	attackspam	104.248.142.140 - - [22/May/2020:13:48:35 +0200] "GET /wp-login.php HTTP/1.1" 200 5865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /wp-login.php HTTP/1.1" 200 6116 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 03:02:36
104.248.142.61	attackspam	Wordpress Admin Login attack	2020-04-24 22:52:51
104.248.142.62	attackspambots	C2,DEF GET /w00tw00t.at.blackhats.romanian.anti-sec:) GET /phpMyAdmin/scripts/setup.php GET /phpmyadmin/scripts/setup.php GET /myadmin/scripts/setup.php GET /MyAdmin/scripts/setup.php	2020-04-07 13:19:45
104.248.142.140	attack	104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "GET /wp-login.php HTTP/1.1" 200 5821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "POST /wp-login.php HTTP/1.1" 200 6601 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-07 03:46:18
104.248.142.140	attackbots	CMS (WordPress or Joomla) login attempt.	2020-03-30 12:44:24
104.248.142.140	attackbots	104.248.142.140 - - [09/Mar/2020:14:06:11 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [09/Mar/2020:14:06:12 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-03-09 23:30:59
104.248.142.47	attackbots	C1,DEF GET /wp-login.php	2020-02-21 06:31:18
104.248.142.47	attack	Unauthorized connection attempt detected, IP banned.	2020-02-18 01:37:52
104.248.142.47	attack	SS5,WP GET /wp-login.php	2020-02-07 00:43:41
104.248.142.140	attackbots	104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:03 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-13 16:26:00
104.248.142.140	attack	104.248.142.140 - - \[03/Jan/2020:18:12:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:24 +0100\] "POST /wp-login.php HTTP/1.0" 200 7592 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:25 +0100\] "POST /wp-login.php HTTP/1.0" 200 7601 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-01-04 01:10:29
104.248.142.47	attack	Automatic report - XMLRPC Attack	2019-12-30 19:01:22
104.248.142.47	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-12-22 21:27:29
104.248.142.47	attackspam	fail2ban honeypot	2019-12-06 14:59:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.142.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56172
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.142.213.		IN	A

;; AUTHORITY SECTION:
.			146	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022052602 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri May 27 07:50:16 CST 2022
;; MSG SIZE  rcvd: 108

Host info

Host 213.142.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 213.142.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
202.142.73.107	attack	Web Probe / Attack	2019-09-01 22:38:21
23.126.140.33	attackbots	Sep 1 01:51:52 friendsofhawaii sshd\[21210\]: Invalid user hadi from 23.126.140.33 Sep 1 01:51:52 friendsofhawaii sshd\[21210\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23-126-140-33.lightspeed.miamfl.sbcglobal.net Sep 1 01:51:54 friendsofhawaii sshd\[21210\]: Failed password for invalid user hadi from 23.126.140.33 port 42192 ssh2 Sep 1 01:57:03 friendsofhawaii sshd\[21611\]: Invalid user ronda from 23.126.140.33 Sep 1 01:57:03 friendsofhawaii sshd\[21611\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23-126-140-33.lightspeed.miamfl.sbcglobal.net	2019-09-01 21:49:55
195.31.91.221	attackspam	Honeypot attack, port: 23, PTR: host221-91-static.31-195-b.business.telecomitalia.it.	2019-09-01 22:21:12
13.67.90.196	attackbotsspam	$f2bV_matches	2019-09-01 22:18:32
77.31.238.108	attackbots	Aug 31 23:16:40 sachi sshd\[28279\]: Invalid user huso from 77.31.238.108 Aug 31 23:16:40 sachi sshd\[28279\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.31.238.108 Aug 31 23:16:42 sachi sshd\[28279\]: Failed password for invalid user huso from 77.31.238.108 port 46606 ssh2 Aug 31 23:22:23 sachi sshd\[28809\]: Invalid user tmp from 77.31.238.108 Aug 31 23:22:23 sachi sshd\[28809\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.31.238.108	2019-09-01 22:23:54
223.241.16.224	attack	Sep 1 10:09:13 pl3server sshd[1401222]: Invalid user service from 223.241.16.224 Sep 1 10:09:13 pl3server sshd[1401222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.241.16.224 Sep 1 10:09:15 pl3server sshd[1401222]: Failed password for invalid user service from 223.241.16.224 port 48915 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=223.241.16.224	2019-09-01 22:58:36
167.114.0.23	attackbotsspam	Automatic report - Banned IP Access	2019-09-01 21:54:54
128.199.170.77	attack	Sep 1 05:12:33 TORMINT sshd\[31074\]: Invalid user harmonie from 128.199.170.77 Sep 1 05:12:33 TORMINT sshd\[31074\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.170.77 Sep 1 05:12:35 TORMINT sshd\[31074\]: Failed password for invalid user harmonie from 128.199.170.77 port 51328 ssh2 ...	2019-09-01 21:52:45
14.162.167.6	attackspambots	Sep 1 09:07:22 nginx sshd[80659]: Invalid user admin from 14.162.167.6 Sep 1 09:07:23 nginx sshd[80659]: Connection closed by 14.162.167.6 port 53418 [preauth]	2019-09-01 22:15:01
178.128.54.223	attackspambots	SSH Brute-Force reported by Fail2Ban	2019-09-01 22:36:50
49.88.112.77	attackspambots	2019-09-01T14:34:08.433869abusebot-3.cloudsearch.cf sshd\[23320\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root	2019-09-01 22:44:55
43.242.135.130	attack	Sep 1 12:47:01 DAAP sshd[26117]: Invalid user psc from 43.242.135.130 port 60578 Sep 1 12:47:01 DAAP sshd[26117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.242.135.130 Sep 1 12:47:01 DAAP sshd[26117]: Invalid user psc from 43.242.135.130 port 60578 Sep 1 12:47:03 DAAP sshd[26117]: Failed password for invalid user psc from 43.242.135.130 port 60578 ssh2 Sep 1 12:52:05 DAAP sshd[26158]: Invalid user master from 43.242.135.130 port 41530 ...	2019-09-01 21:56:04
2.229.2.24	attackbotsspam	Sep 1 15:53:22 eventyay sshd[5289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.229.2.24 Sep 1 15:53:24 eventyay sshd[5289]: Failed password for invalid user tecnici from 2.229.2.24 port 55665 ssh2 Sep 1 15:57:20 eventyay sshd[6293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.229.2.24 ...	2019-09-01 22:20:25
185.94.111.1	attackspam	01.09.2019 14:25:51 Recursive DNS scan	2019-09-01 22:26:35
51.75.25.164	attackbots	Sep 1 04:23:20 tdfoods sshd\[454\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.ip-51-75-25.eu user=root Sep 1 04:23:22 tdfoods sshd\[454\]: Failed password for root from 51.75.25.164 port 56096 ssh2 Sep 1 04:27:07 tdfoods sshd\[783\]: Invalid user lh from 51.75.25.164 Sep 1 04:27:07 tdfoods sshd\[783\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.ip-51-75-25.eu Sep 1 04:27:10 tdfoods sshd\[783\]: Failed password for invalid user lh from 51.75.25.164 port 43692 ssh2	2019-09-01 22:41:37

Recently Reported IPs

104.248.140.55	104.248.144.244	104.248.144.50	104.248.145.43
104.248.147.169	104.248.149.241	104.248.149.55	104.248.151.89
104.248.154.149	104.248.155.125	104.248.159.54	104.248.163.249
104.248.164.111	104.248.164.239	104.248.168.153	104.248.200.68
104.248.206.155	104.248.241.22	104.248.46.212	104.251.217.213