104.197.12.57 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: None

Internet Service Provider: Google LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	(mod_security) mod_security (id:920350) triggered by 104.197.12.57 (US/-/57.12.197.104.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/08 04:21:24 [error] 84060#0: 137266 [client 104.197.12.57] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159686048493.022923"] [ref "o0,17v21,17"], client: 104.197.12.57, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-08 16:42:42

Type

Details

Datetime

attack

(mod_security) mod_security (id:920350) triggered by 104.197.12.57 (US/-/57.12.197.104.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/08 04:21:24 [error] 84060#0: *137266 [client 104.197.12.57] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host'  [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159686048493.022923"] [ref "o0,17v21,17"], client: 104.197.12.57, [redacted] request: "GET / HTTP/1.1" [redacted]

2020-08-08 16:42:42

Comments on same subnet:

IP	Type	Details	Datetime
104.197.125.150	attackspam	SSH/22 MH Probe, BF, Hack -	2019-12-26 02:25:36
104.197.124.40	attackbotsspam	RDPBruteVIL	2019-12-20 02:32:29
104.197.122.218	attackspambots	2019-08-11T00:11:03.146484hz01.yumiweb.com sshd\[11418\]: Invalid user warehouse from 104.197.122.218 port 50368 2019-08-11T00:16:26.731638hz01.yumiweb.com sshd\[11429\]: Invalid user warehouse from 104.197.122.218 port 54016 2019-08-11T00:21:47.372170hz01.yumiweb.com sshd\[11443\]: Invalid user web from 104.197.122.218 port 57664 ...	2019-08-11 13:49:38

Type

Details

Datetime

104.197.125.150

attackspam

SSH/22 MH Probe, BF, Hack -

2019-12-26 02:25:36

104.197.124.40

attackbotsspam

RDPBruteVIL

2019-12-20 02:32:29

104.197.122.218

attackspambots

2019-08-11T00:11:03.146484hz01.yumiweb.com sshd\[11418\]: Invalid user warehouse from 104.197.122.218 port 50368
2019-08-11T00:16:26.731638hz01.yumiweb.com sshd\[11429\]: Invalid user warehouse from 104.197.122.218 port 54016
2019-08-11T00:21:47.372170hz01.yumiweb.com sshd\[11443\]: Invalid user web from 104.197.122.218 port 57664
...

2019-08-11 13:49:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.197.12.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36522
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.197.12.57.			IN	A

;; AUTHORITY SECTION:
.			461	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051700 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 17 15:41:16 CST 2020
;; MSG SIZE  rcvd: 117

Host info

57.12.197.104.in-addr.arpa domain name pointer 57.12.197.104.bc.googleusercontent.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
57.12.197.104.in-addr.arpa	name = 57.12.197.104.bc.googleusercontent.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
62.234.156.221	attack	Aug 23 07:26:33 fhem-rasp sshd[3392]: Invalid user testtest from 62.234.156.221 port 36368 ...	2020-08-23 13:59:29
103.106.76.142	attack	Invalid user andrew from 103.106.76.142 port 36006	2020-08-23 14:31:10
101.36.178.48	attack	Invalid user gerencia from 101.36.178.48 port 54598	2020-08-23 14:20:26
104.225.154.247	attackbots	Invalid user morita from 104.225.154.247 port 55202	2020-08-23 13:46:11
180.94.183.195	attackbots	20/8/22@23:53:23: FAIL: Alarm-Intrusion address from=180.94.183.195 20/8/22@23:53:24: FAIL: Alarm-Intrusion address from=180.94.183.195 ...	2020-08-23 14:02:30
186.147.35.76	attack	Invalid user hannah from 186.147.35.76 port 46757	2020-08-23 14:14:47
58.222.133.82	attack	Aug 23 08:00:18 h1745522 sshd[13557]: Invalid user ftp from 58.222.133.82 port 45864 Aug 23 08:00:18 h1745522 sshd[13557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.222.133.82 Aug 23 08:00:18 h1745522 sshd[13557]: Invalid user ftp from 58.222.133.82 port 45864 Aug 23 08:00:20 h1745522 sshd[13557]: Failed password for invalid user ftp from 58.222.133.82 port 45864 ssh2 Aug 23 08:04:06 h1745522 sshd[14195]: Invalid user ec from 58.222.133.82 port 60326 Aug 23 08:04:06 h1745522 sshd[14195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.222.133.82 Aug 23 08:04:06 h1745522 sshd[14195]: Invalid user ec from 58.222.133.82 port 60326 Aug 23 08:04:08 h1745522 sshd[14195]: Failed password for invalid user ec from 58.222.133.82 port 60326 ssh2 Aug 23 08:08:29 h1745522 sshd[14465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.222.133.82 user=root Aug 23 08:08 ...	2020-08-23 14:17:20
103.57.123.1	attackspambots	Invalid user raja from 103.57.123.1 port 53444	2020-08-23 13:57:51
200.116.47.247	attackspambots	Aug 23 05:53:07 mout sshd[29836]: Invalid user usuario from 200.116.47.247 port 22614 Aug 23 05:53:10 mout sshd[29836]: Failed password for invalid user usuario from 200.116.47.247 port 22614 ssh2 Aug 23 05:53:12 mout sshd[29836]: Disconnected from invalid user usuario 200.116.47.247 port 22614 [preauth]	2020-08-23 14:09:23
118.89.140.16	attack	Aug 23 06:49:28 ajax sshd[12242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.140.16 Aug 23 06:49:30 ajax sshd[12242]: Failed password for invalid user sar from 118.89.140.16 port 49110 ssh2	2020-08-23 14:15:20
85.209.0.253	attack	TCP (SYN) 85.209.0.253:38124 -> port 22, len 60	2020-08-23 14:10:07
103.86.180.10	attackspambots	SSH bruteforce	2020-08-23 14:20:02
107.158.202.162	attackspam	(From eric@talkwithwebvisitor.com) Hey, this is Eric and I ran across drjenniferbrandon.com a few minutes ago. Looks great… but now what? By that I mean, when someone like me finds your website – either through Search or just bouncing around – what happens next? Do you get a lot of leads from your site, or at least enough to make you happy? Honestly, most business websites fall a bit short when it comes to generating paying customers. Studies show that 70% of a site’s visitors disappear and are gone forever after just a moment. Here’s an idea… How about making it really EASY for every visitor who shows up to get a personal phone call you as soon as they hit your site… You can – Talk With Web Visitor is a software widget that’s works on your site, ready to capture any visitor’s Name, Email address and Phone Number. It signals you the moment they let you know they’re interested – so that you can talk to that lead while they’re literally looking over your site. CLICK HERE http://www	2020-08-23 14:28:08
200.118.57.190	attack	Aug 22 22:19:31 propaganda sshd[34958]: Connection from 200.118.57.190 port 38116 on 10.0.0.161 port 22 rdomain "" Aug 22 22:19:31 propaganda sshd[34958]: Connection closed by 200.118.57.190 port 38116 [preauth]	2020-08-23 13:50:25
178.128.242.233	attackbotsspam	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-23T03:46:28Z and 2020-08-23T03:53:29Z	2020-08-23 13:58:59

Recently Reported IPs

139.155.79.110	159.65.245.182	27.124.37.198	211.103.222.34
175.19.30.66	121.172.52.195	38.168.68.160	157.80.51.3
111.229.128.116	248.154.122.111	100.198.7.81	83.171.252.234
158.101.16.97	213.217.0.7	45.138.144.52	95.111.241.224
98.206.18.161	137.117.89.50	62.210.177.42	202.74.243.120