104.248.142.37

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Fail2Ban Ban Triggered	2019-10-20 21:04:18

Comments on same subnet:

IP	Type	Details	Datetime
104.248.142.140	attack	www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.goldgier.de 104.248.142.140 [19/May/2020:08:27:16 +0200] "POST /wp-login.php HTTP/1.1" 200 8695 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 07:08:20
104.248.142.140	attackspam	104.248.142.140 - - [22/May/2020:13:48:35 +0200] "GET /wp-login.php HTTP/1.1" 200 5865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /wp-login.php HTTP/1.1" 200 6116 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [22/May/2020:13:48:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-23 03:02:36
104.248.142.61	attackspam	Wordpress Admin Login attack	2020-04-24 22:52:51
104.248.142.62	attackspambots	C2,DEF GET /w00tw00t.at.blackhats.romanian.anti-sec:) GET /phpMyAdmin/scripts/setup.php GET /phpmyadmin/scripts/setup.php GET /myadmin/scripts/setup.php GET /MyAdmin/scripts/setup.php	2020-04-07 13:19:45
104.248.142.140	attack	104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "GET /wp-login.php HTTP/1.1" 200 5821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:52 +0200] "POST /wp-login.php HTTP/1.1" 200 6601 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [06/Apr/2020:19:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-07 03:46:18
104.248.142.140	attackbots	CMS (WordPress or Joomla) login attempt.	2020-03-30 12:44:24
104.248.142.140	attackbots	104.248.142.140 - - [09/Mar/2020:14:06:11 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [09/Mar/2020:14:06:12 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-03-09 23:30:59
104.248.142.47	attackbots	C1,DEF GET /wp-login.php	2020-02-21 06:31:18
104.248.142.47	attack	Unauthorized connection attempt detected, IP banned.	2020-02-18 01:37:52
104.248.142.47	attack	SS5,WP GET /wp-login.php	2020-02-07 00:43:41
104.248.142.140	attackbots	104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:02 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.142.140 - - [13/Jan/2020:08:27:03 +0100] "GET /wp-login.php HTTP/1.1" 404 4095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-13 16:26:00
104.248.142.140	attack	104.248.142.140 - - \[03/Jan/2020:18:12:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 7778 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:24 +0100\] "POST /wp-login.php HTTP/1.0" 200 7592 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.142.140 - - \[03/Jan/2020:18:12:25 +0100\] "POST /wp-login.php HTTP/1.0" 200 7601 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-01-04 01:10:29
104.248.142.47	attack	Automatic report - XMLRPC Attack	2019-12-30 19:01:22
104.248.142.47	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-12-22 21:27:29
104.248.142.47	attackspam	fail2ban honeypot	2019-12-06 14:59:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.142.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60548
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.142.37.			IN	A

;; AUTHORITY SECTION:
.			332	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102000 1800 900 604800 86400

;; Query time: 115 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 20 21:04:14 CST 2019
;; MSG SIZE  rcvd: 118

Host info

37.142.248.104.in-addr.arpa domain name pointer min-extra-safe-406-de-prod.binaryedge.ninja.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
37.142.248.104.in-addr.arpa	name = min-extra-safe-406-de-prod.binaryedge.ninja.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
192.3.114.16	attackbots	(From eric@talkwithcustomer.com) Hi, You know it’s true… Your competition just can’t hold a candle to the way you DELIVER real solutions to your customers on your website whatcomchiropractic.com. But it’s a shame when good people who need what you have to offer wind up settling for second best or even worse. Not only do they deserve better, you deserve to be at the top of their list. TalkWithCustomer can reliably turn your website whatcomchiropractic.com into a serious, lead generating machine. With TalkWithCustomer installed on your site, visitors can either call you immediately or schedule a call for you in the future. And the difference to your business can be staggering – up to 100X more leads could be yours, just by giving TalkWithCustomer a FREE 14 Day Test Drive. There’s absolutely NO risk to you, so CLICK HERE http://www.talkwithcustomer.com to sign up for this free test drive now. Tons more leads? You deserve it. Sincerely, Eric PS: Odds are, you won’t have lon	2020-01-02 18:44:48
116.72.199.105	attack	/wp-login.php	2020-01-02 18:11:36
52.35.221.17	attackbots	02.01.2020 07:25:41 - Bad Robot Ignore Robots.txt	2020-01-02 18:49:10
159.203.201.205	attackbotsspam	firewall-block, port(s): 1527/tcp	2020-01-02 18:23:00
23.95.239.110	attack	(From eric@talkwithcustomer.com) Hi, You know it’s true… Your competition just can’t hold a candle to the way you DELIVER real solutions to your customers on your website whatcomchiropractic.com. But it’s a shame when good people who need what you have to offer wind up settling for second best or even worse. Not only do they deserve better, you deserve to be at the top of their list. TalkWithCustomer can reliably turn your website whatcomchiropractic.com into a serious, lead generating machine. With TalkWithCustomer installed on your site, visitors can either call you immediately or schedule a call for you in the future. And the difference to your business can be staggering – up to 100X more leads could be yours, just by giving TalkWithCustomer a FREE 14 Day Test Drive. There’s absolutely NO risk to you, so CLICK HERE http://www.talkwithcustomer.com to sign up for this free test drive now. Tons more leads? You deserve it. Sincerely, Eric PS: Odds are, you won’t have lon	2020-01-02 18:46:00
139.155.151.50	attack	Jan 2 10:02:51 silence02 sshd[25452]: Failed password for root from 139.155.151.50 port 49892 ssh2 Jan 2 10:06:26 silence02 sshd[25594]: Failed password for root from 139.155.151.50 port 48046 ssh2 Jan 2 10:09:53 silence02 sshd[25728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.151.50	2020-01-02 18:40:13
110.36.177.124	attack	Host Scan	2020-01-02 18:44:18
113.175.250.190	attackbots	20/1/2@01:26:08: FAIL: Alarm-Network address from=113.175.250.190 ...	2020-01-02 18:19:10
222.252.16.140	attackbots	Triggered by Fail2Ban at Vostok web server	2020-01-02 18:10:11
88.146.219.245	attack	Repeated brute force against a port	2020-01-02 18:32:39
68.116.41.6	attack	Invalid user kurtzahn from 68.116.41.6 port 35660	2020-01-02 18:38:11
119.252.174.195	attackbotsspam	$f2bV_matches	2020-01-02 18:41:15
122.155.6.206	attack	Jan 2 09:48:24 relay postfix/smtpd\[25948\]: warning: unknown\[122.155.6.206\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 2 09:48:31 relay postfix/smtpd\[25949\]: warning: unknown\[122.155.6.206\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 2 09:48:42 relay postfix/smtpd\[25769\]: warning: unknown\[122.155.6.206\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 2 09:49:07 relay postfix/smtpd\[25769\]: warning: unknown\[122.155.6.206\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jan 2 09:49:14 relay postfix/smtpd\[25948\]: warning: unknown\[122.155.6.206\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-01-02 18:30:57
46.146.242.149	attackbotsspam	Jan 2 09:10:07 MK-Soft-VM7 sshd[4814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.146.242.149 Jan 2 09:10:08 MK-Soft-VM7 sshd[4814]: Failed password for invalid user kuniotr from 46.146.242.149 port 44422 ssh2 ...	2020-01-02 18:20:26
171.217.59.134	attackbots	Dec 30 02:48:25 ahost sshd[22706]: Invalid user webadmin from 171.217.59.134 Dec 30 02:48:25 ahost sshd[22706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.217.59.134 Dec 30 02:48:27 ahost sshd[22706]: Failed password for invalid user webadmin from 171.217.59.134 port 58090 ssh2 Dec 30 02:48:27 ahost sshd[22706]: Received disconnect from 171.217.59.134: 11: Bye Bye [preauth] Dec 30 02:50:05 ahost sshd[22823]: Invalid user maghandl from 171.217.59.134 Dec 30 02:50:05 ahost sshd[22823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.217.59.134 Dec 30 02:50:08 ahost sshd[22823]: Failed password for invalid user maghandl from 171.217.59.134 port 41692 ssh2 Dec 30 02:50:08 ahost sshd[22823]: Received disconnect from 171.217.59.134: 11: Bye Bye [preauth] Dec 30 02:51:55 ahost sshd[22907]: Invalid user dennis from 171.217.59.134 Dec 30 02:51:55 ahost sshd[22907]: pam_unix(sshd:auth): ........ ------------------------------	2020-01-02 18:13:31

Recently Reported IPs

92.53.92.218	1.255.153.167	245.212.202.228	28.48.144.157
115.197.207.174	24.215.145.208	104.199.218.222	186.126.74.177
76.99.98.44	117.92.16.140	89.191.226.39	185.40.12.178
175.143.5.17	83.142.52.44	217.112.142.117	177.113.171.84
10.152.8.66	188.225.11.158	45.148.232.94	182.50.130.2