104.248.158.8 - IPInfo

Basic Info

City: Singapore

Region: Central Singapore Community Development Council

Country: Singapore

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Apr 10 11:42:28 ubuntu sshd[31277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.158.8 Apr 10 11:42:30 ubuntu sshd[31277]: Failed password for invalid user kaz from 104.248.158.8 port 51032 ssh2 Apr 10 11:45:55 ubuntu sshd[31942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.158.8 Apr 10 11:45:57 ubuntu sshd[31942]: Failed password for invalid user developer from 104.248.158.8 port 41562 ssh2	2019-07-31 20:25:45

Type

Details

Datetime

attackspam

Apr 10 11:42:28 ubuntu sshd[31277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.158.8
Apr 10 11:42:30 ubuntu sshd[31277]: Failed password for invalid user kaz from 104.248.158.8 port 51032 ssh2
Apr 10 11:45:55 ubuntu sshd[31942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.158.8
Apr 10 11:45:57 ubuntu sshd[31942]: Failed password for invalid user developer from 104.248.158.8 port 41562 ssh2

2019-07-31 20:25:45

Comments on same subnet:

IP	Type	Details	Datetime
104.248.158.95	attack	104.248.158.95 - - [26/Sep/2020:09:58:59 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:02 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-27 05:43:44
104.248.158.95	attackspambots	104.248.158.95 - - [26/Sep/2020:09:58:59 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:02 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:09:59:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-26 22:00:40
104.248.158.95	attackspambots	104.248.158.95 - - [26/Sep/2020:00:57:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2348 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:00:57:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [26/Sep/2020:00:57:41 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-26 13:43:51
104.248.158.95	attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-25 10:19:57
104.248.158.68	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-25 00:35:33
104.248.158.68	attack	CMS (WordPress or Joomla) login attempt.	2020-09-24 16:15:20
104.248.158.68	attackspam	Automatic report - Banned IP Access	2020-09-24 07:40:02
104.248.158.98	attackbots	104.248.158.98 - - [14/Sep/2020:18:21:54 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-15 01:38:42
104.248.158.98	attackbots	104.248.158.98 - - [14/Sep/2020:05:19:56 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:05:20:03 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:05:20:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-14 17:23:13
104.248.158.95	attackspam	Automatic report - Banned IP Access	2020-09-12 20:17:15
104.248.158.95	attack	104.248.158.95 - - [12/Sep/2020:04:27:41 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [12/Sep/2020:04:27:42 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [12/Sep/2020:04:27:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-12 12:20:09
104.248.158.95	attackbotsspam	xmlrpc attack	2020-09-12 04:08:54
104.248.158.68	attackspam	104.248.158.68 - - [09/Sep/2020:18:53:38 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 23:59:46
104.248.158.95	attack	104.248.158.95 - - [10/Sep/2020:09:33:05 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [10/Sep/2020:09:33:08 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.95 - - [10/Sep/2020:09:33:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-10 21:23:20
104.248.158.68	attackbots	104.248.158.68 - - [09/Sep/2020:18:53:38 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 15:23:36

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.158.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54763
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.158.8.			IN	A

;; AUTHORITY SECTION:
.			2979	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040301 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Thu Apr 04 13:08:09 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 8.158.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 8.158.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
39.148.40.79	attackspambots	Unauthorised access (Mar 25) SRC=39.148.40.79 LEN=40 TOS=0x04 TTL=49 ID=61778 TCP DPT=8080 WINDOW=15922 SYN Unauthorised access (Mar 25) SRC=39.148.40.79 LEN=40 TOS=0x04 TTL=48 ID=34044 TCP DPT=8080 WINDOW=10506 SYN Unauthorised access (Mar 25) SRC=39.148.40.79 LEN=40 TOS=0x04 TTL=49 ID=2319 TCP DPT=8080 WINDOW=32736 SYN Unauthorised access (Mar 24) SRC=39.148.40.79 LEN=40 TOS=0x04 TTL=50 ID=41679 TCP DPT=8080 WINDOW=10506 SYN	2020-03-26 04:02:35
196.219.113.46	attackspam	Honeypot attack, port: 81, PTR: host-196.219.113.46-static.tedata.net.	2020-03-26 04:16:49
185.39.10.10	attackbotsspam	(PERMBLOCK) 185.39.10.10 (CH/Switzerland/-) has had more than 4 temp blocks in the last 86400 secs	2020-03-26 03:38:14
187.214.103.199	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 25-03-2020 12:45:16.	2020-03-26 03:52:42
193.112.127.245	attackbots	Mar 25 19:57:13 cloud sshd[31912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.245 Mar 25 19:57:15 cloud sshd[31912]: Failed password for invalid user jose from 193.112.127.245 port 59650 ssh2	2020-03-26 04:14:10
103.129.206.179	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 25-03-2020 12:45:15.	2020-03-26 03:55:14
180.76.158.139	attack	$f2bV_matches	2020-03-26 04:18:33
27.37.211.209	attackbots	Mar 25 13:45:03 debian-2gb-nbg1-2 kernel: \[7399383.229941\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=27.37.211.209 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=17618 PROTO=TCP SPT=65185 DPT=23 WINDOW=54153 RES=0x00 SYN URGP=0	2020-03-26 04:10:52
222.186.30.167	attackspambots	DATE:2020-03-25 21:08:37, IP:222.186.30.167, PORT:ssh SSH brute force auth on honeypot server (epe-honey1-hq)	2020-03-26 04:13:39
213.33.226.202	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-26 04:08:33
58.153.109.49	attackspam	Honeypot attack, port: 5555, PTR: n058153109049.netvigator.com.	2020-03-26 03:46:09
142.11.227.203	attackbotsspam	142.11.227.203 has been banned for [spam] ...	2020-03-26 04:15:23
193.169.5.190	attack	Unauthorized connection attempt from IP address 193.169.5.190 on Port 445(SMB)	2020-03-26 04:06:12
157.55.39.36	attack	Automatic report - Banned IP Access	2020-03-26 03:43:12
45.124.19.82	attackbotsspam	Unauthorized connection attempt detected from IP address 45.124.19.82 to port 1433	2020-03-26 04:01:06

Recently Reported IPs

119.15.153.235	79.189.165.170	51.38.64.136	213.97.245.39
123.185.17.186	115.54.209.24	103.232.154.51	94.183.235.165
92.61.39.107	90.203.227.96	77.240.172.86	68.183.161.41
61.216.152.45	59.13.221.253	52.2.170.252	148.66.132.190
87.193.158.236	103.6.50.166	69.248.107.81	202.79.52.22