104.248.158.68

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-25 00:35:33
attack	CMS (WordPress or Joomla) login attempt.	2020-09-24 16:15:20
attackspam	Automatic report - Banned IP Access	2020-09-24 07:40:02
attackspam	104.248.158.68 - - [09/Sep/2020:18:53:38 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 23:59:46
attackbots	104.248.158.68 - - [09/Sep/2020:18:53:38 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 15:23:36
attackbotsspam	104.248.158.68 - - [09/Sep/2020:18:53:38 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 06:00:06
attackspam	Automatically reported by fail2ban report script (mx1)	2020-07-19 14:20:53

Comments on same subnet:

IP	Type	Details	Datetime
104.248.158.95	attack	104.248.158.95 - - [26/Sep/2020:09:58:59 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:02 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-27 05:43:44
104.248.158.95	attackspambots	104.248.158.95 - - [26/Sep/2020:09:58:59 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:02 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-26 22:00:40
104.248.158.95	attackspambots	104.248.158.95 - - [26/Sep/2020:00:57:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2348 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:00:57:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:00:57:41 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-26 13:43:51
104.248.158.95	attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-25 10:19:57
104.248.158.98	attackbots	104.248.158.98 - - [14/Sep/2020:18:21:54 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-15 01:38:42
104.248.158.98	attackbots	104.248.158.98 - - [14/Sep/2020:05:19:56 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:05:20:03 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:05:20:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-14 17:23:13
104.248.158.95	attackspam	Automatic report - Banned IP Access	2020-09-12 20:17:15
104.248.158.95	attack	104.248.158.95 - - [12/Sep/2020:04:27:41 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [12/Sep/2020:04:27:42 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [12/Sep/2020:04:27:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-12 12:20:09
104.248.158.95	attackbotsspam	xmlrpc attack	2020-09-12 04:08:54
104.248.158.95	attack	104.248.158.95 - - [10/Sep/2020:09:33:05 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [10/Sep/2020:09:33:08 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [10/Sep/2020:09:33:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-10 21:23:20
104.248.158.95	attackspambots	104.248.158.95 - - [09/Sep/2020:18:57:28 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [09/Sep/2020:18:57:31 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [09/Sep/2020:18:57:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-10 13:09:26
104.248.158.95	attackbots	104.248.158.95 - - [09/Sep/2020:18:57:28 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [09/Sep/2020:18:57:31 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [09/Sep/2020:18:57:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-10 03:54:12
104.248.158.98	attackbotsspam	104.248.158.98 - - \[30/Aug/2020:07:56:12 +0200\] "POST /wp-login.php HTTP/1.0" 200 5924 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.158.98 - - \[30/Aug/2020:07:56:25 +0200\] "POST /wp-login.php HTTP/1.0" 200 5737 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 104.248.158.98 - - \[30/Aug/2020:07:56:31 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-08-30 16:26:12
104.248.158.95	attackspam	104.248.158.95 - - [25/Aug/2020:06:16:13 +0100] "POST /wp-login.php HTTP/1.1" 200 1791 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [25/Aug/2020:06:16:16 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [25/Aug/2020:06:16:18 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-25 13:39:42
104.248.158.95	attackspam	104.248.158.95 - - [23/Aug/2020:22:31:59 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [23/Aug/2020:22:32:00 +0200] "POST /wp-login.php HTTP/1.1" 200 9345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [23/Aug/2020:22:32:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-24 08:30:10

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.158.68
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4530
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.158.68.			IN	A

;; AUTHORITY SECTION:
.			531	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071900 1800 900 604800 86400

;; Query time: 37 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 19 14:20:49 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 68.158.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 68.158.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.134.179.102	attack	Aug 5 21:01:49 mertcangokgoz-v4-main kernel: [267451.071415] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:5a:6b:04:d2:74:7f:6e:37:e3:08:00 SRC=45.134.179.102 DST=94.130.96.165 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=47570 PROTO=TCP SPT=48275 DPT=5240 WINDOW=1024 RES=0x00 SYN URGP=0	2020-08-06 03:45:09
5.135.186.52	attack	SSH brute-force attempt	2020-08-06 03:43:49
219.83.54.102	attack	RecipientDoesNotExist Timestamp : 05-Aug-20 12:13 (From . atty2323info@indosat.net.id) Listed on dnsbl-sorbs spam-sorbs spamrats justspam uceprotect-1 s5h-net (62)	2020-08-06 03:19:01
198.245.50.81	attackbots	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-05T15:17:08Z and 2020-08-05T15:25:23Z	2020-08-06 03:34:55
37.29.35.190	attack	Password spray	2020-08-06 03:05:28
123.204.89.68	attackspam	" "	2020-08-06 03:25:21
142.93.226.235	attackspam	Detected by ModSecurity. Request URI: /wp-login.php	2020-08-06 03:19:39
49.230.64.42	attackspam	1596629550 - 08/05/2020 14:12:30 Host: 49.230.64.42/49.230.64.42 Port: 445 TCP Blocked	2020-08-06 03:10:38
218.92.0.171	attackbots	2020-08-05T21:16:04.319633ns386461 sshd\[7829\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.171 user=root 2020-08-05T21:16:06.794570ns386461 sshd\[7829\]: Failed password for root from 218.92.0.171 port 57893 ssh2 2020-08-05T21:16:10.569393ns386461 sshd\[7829\]: Failed password for root from 218.92.0.171 port 57893 ssh2 2020-08-05T21:16:13.564655ns386461 sshd\[7829\]: Failed password for root from 218.92.0.171 port 57893 ssh2 2020-08-05T21:16:16.642489ns386461 sshd\[7829\]: Failed password for root from 218.92.0.171 port 57893 ssh2 ...	2020-08-06 03:19:24
51.91.159.46	attack	$f2bV_matches	2020-08-06 03:17:12
49.75.199.214	attack	Aug 5 16:41:55 *** sshd[11029]: User root from 49.75.199.214 not allowed because not listed in AllowUsers	2020-08-06 03:16:12
88.102.249.203	attack	Aug 5 16:57:12 ovpn sshd\[8223\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.102.249.203 user=root Aug 5 16:57:14 ovpn sshd\[8223\]: Failed password for root from 88.102.249.203 port 40786 ssh2 Aug 5 17:07:59 ovpn sshd\[10760\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.102.249.203 user=root Aug 5 17:08:00 ovpn sshd\[10760\]: Failed password for root from 88.102.249.203 port 50771 ssh2 Aug 5 17:14:37 ovpn sshd\[12355\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.102.249.203 user=root	2020-08-06 03:24:25
110.35.80.82	attackspambots	detected by Fail2Ban	2020-08-06 03:31:08
183.60.141.171	attackbots	" "	2020-08-06 03:20:23
111.253.219.5	attackbotsspam	IP 111.253.219.5 attacked honeypot on port: 23 at 8/5/2020 5:11:07 AM	2020-08-06 03:32:00

Recently Reported IPs

98.132.43.27	223.112.124.226	115.190.80.0	91.244.74.39
83.198.125.255	105.109.110.228	111.229.194.38	42.194.195.184
106.79.229.104	151.246.57.109	173.61.80.46	2.35.245.190
189.110.194.194	109.195.46.211	111.72.194.9	192.241.221.46
14.226.237.26	220.156.166.24	34.94.247.253	114.35.219.147