104.248.12.166

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "elena" at 2020-05-07T05:27:21Z	2020-05-07 15:27:11

Comments on same subnet:

IP	Type	Details	Datetime
104.248.123.197	attackspam	Oct 13 12:35:05 lavrea sshd[324863]: Invalid user duncan from 104.248.123.197 port 32850 ...	2020-10-13 21:59:09
104.248.123.197	attackspambots	(sshd) Failed SSH login from 104.248.123.197 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 13 00:31:51 server sshd[31645]: Invalid user whitney from 104.248.123.197 port 42348 Oct 13 00:31:53 server sshd[31645]: Failed password for invalid user whitney from 104.248.123.197 port 42348 ssh2 Oct 13 00:41:36 server sshd[1687]: Invalid user career from 104.248.123.197 port 45714 Oct 13 00:41:38 server sshd[1687]: Failed password for invalid user career from 104.248.123.197 port 45714 ssh2 Oct 13 00:46:19 server sshd[2980]: Invalid user foma from 104.248.123.197 port 48874	2020-10-13 13:24:45
104.248.123.197	attackspam	2020-10-12T23:58:41.827679news0 sshd[579]: User root from 104.248.123.197 not allowed because not listed in AllowUsers 2020-10-12T23:58:44.098078news0 sshd[579]: Failed password for invalid user root from 104.248.123.197 port 33122 ssh2 2020-10-13T00:02:57.159211news0 sshd[700]: User root from 104.248.123.197 not allowed because not listed in AllowUsers ...	2020-10-13 06:09:46
104.248.123.197	attack	Oct 11 19:28:53 web1 sshd\[13339\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 user=root Oct 11 19:28:55 web1 sshd\[13339\]: Failed password for root from 104.248.123.197 port 59144 ssh2 Oct 11 19:33:17 web1 sshd\[13851\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 user=mysql Oct 11 19:33:19 web1 sshd\[13851\]: Failed password for mysql from 104.248.123.197 port 34434 ssh2 Oct 11 19:37:41 web1 sshd\[14333\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 user=root	2020-10-12 13:45:39
104.248.123.197	attack	Sep 30 08:32:58 roki-contabo sshd\[2298\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 user=root Sep 30 08:33:00 roki-contabo sshd\[2298\]: Failed password for root from 104.248.123.197 port 47318 ssh2 Sep 30 08:42:37 roki-contabo sshd\[2394\]: Invalid user ian from 104.248.123.197 Sep 30 08:42:37 roki-contabo sshd\[2394\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 Sep 30 08:42:39 roki-contabo sshd\[2394\]: Failed password for invalid user ian from 104.248.123.197 port 56104 ssh2 ...	2020-10-05 04:10:54
104.248.123.197	attackspam	<6 unauthorized SSH connections	2020-10-04 20:02:04
104.248.124.109	attack	104.248.124.109 - - [01/Oct/2020:21:54:13 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [01/Oct/2020:21:54:14 +0200] "POST /wp-login.php HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [01/Oct/2020:21:54:16 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [01/Oct/2020:21:54:17 +0200] "POST /wp-login.php HTTP/1.1" 200 2697 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [01/Oct/2020:21:54:19 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [01/Oct/2020:21:54:23 +0200] "POST /wp-login.php HTTP/1.1" 200 2696 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/ ...	2020-10-02 05:30:49
104.248.124.109	attackbotsspam	104.248.124.109 - - [30/Sep/2020:21:40:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [30/Sep/2020:21:40:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2656 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [30/Sep/2020:21:40:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2639 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 21:52:14
104.248.124.109	attackbotsspam	104.248.124.109 - - [30/Sep/2020:21:40:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [30/Sep/2020:21:40:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2656 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.124.109 - - [30/Sep/2020:21:40:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2639 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 14:08:47
104.248.122.143	attackspambots	Sep 18 14:55:34 sip sshd[1644402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.122.143 user=root Sep 18 14:55:37 sip sshd[1644402]: Failed password for root from 104.248.122.143 port 39224 ssh2 Sep 18 14:59:28 sip sshd[1644428]: Invalid user oracle from 104.248.122.143 port 50508 ...	2020-09-18 21:06:55
104.248.122.143	attackbots	" "	2020-09-18 13:26:09
104.248.122.143	attackbotsspam	Brute%20Force%20SSH	2020-09-18 03:40:30
104.248.123.197	attackbotsspam	Sep 15 17:14:11 pornomens sshd\[19627\]: Invalid user ubnt from 104.248.123.197 port 39688 Sep 15 17:14:11 pornomens sshd\[19627\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.123.197 Sep 15 17:14:14 pornomens sshd\[19627\]: Failed password for invalid user ubnt from 104.248.123.197 port 39688 ssh2 ...	2020-09-16 02:24:33
104.248.123.197	attack	[SID2] Fail2ban detected 5 failed SSH login attempts within 30 minutes. This report was submitted automatically.	2020-09-15 18:20:22
104.248.122.143	attackspambots	scans once in preceeding hours on the ports (in chronological order) 10584 resulting in total of 5 scans from 104.248.0.0/16 block.	2020-09-11 03:22:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.12.166
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60655
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.12.166.			IN	A

;; AUTHORITY SECTION:
.			501	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050700 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 07 15:27:01 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 166.12.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 166.12.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
180.76.186.233	attackbots	Oct 6 19:14:30 h2034429 sshd[6500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.186.233 user=r.r Oct 6 19:14:32 h2034429 sshd[6500]: Failed password for r.r from 180.76.186.233 port 38456 ssh2 Oct 6 19:14:32 h2034429 sshd[6500]: Received disconnect from 180.76.186.233 port 38456:11: Bye Bye [preauth] Oct 6 19:14:32 h2034429 sshd[6500]: Disconnected from 180.76.186.233 port 38456 [preauth] Oct 6 19:23:29 h2034429 sshd[6675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.186.233 user=r.r Oct 6 19:23:31 h2034429 sshd[6675]: Failed password for r.r from 180.76.186.233 port 41696 ssh2 Oct 6 19:23:31 h2034429 sshd[6675]: Received disconnect from 180.76.186.233 port 41696:11: Bye Bye [preauth] Oct 6 19:23:31 h2034429 sshd[6675]: Disconnected from 180.76.186.233 port 41696 [preauth] Oct 6 19:28:07 h2034429 sshd[6719]: pam_unix(sshd:auth): authentication failure; lognam........ -------------------------------	2019-10-07 17:44:15
162.209.215.34	attackspambots	ECShop Remote Code Execution Vulnerability	2019-10-07 17:44:44
111.252.199.52	attackbots	Telnet Server BruteForce Attack	2019-10-07 17:37:22
134.175.197.226	attack	Lines containing failures of 134.175.197.226 Oct 6 07:43:37 shared11 sshd[18590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.197.226 user=r.r Oct 6 07:43:38 shared11 sshd[18590]: Failed password for r.r from 134.175.197.226 port 37815 ssh2 Oct 6 07:43:38 shared11 sshd[18590]: Received disconnect from 134.175.197.226 port 37815:11: Bye Bye [preauth] Oct 6 07:43:38 shared11 sshd[18590]: Disconnected from authenticating user r.r 134.175.197.226 port 37815 [preauth] Oct 6 07:58:32 shared11 sshd[23209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.197.226 user=r.r Oct 6 07:58:34 shared11 sshd[23209]: Failed password for r.r from 134.175.197.226 port 35825 ssh2 Oct 6 07:58:34 shared11 sshd[23209]: Received disconnect from 134.175.197.226 port 35825:11: Bye Bye [preauth] Oct 6 07:58:34 shared11 sshd[23209]: Disconnected from authenticating user r.r 134.175.197.226 p........ ------------------------------	2019-10-07 17:48:44
176.31.191.173	attack	Automatic report - SSH Brute-Force Attack	2019-10-07 17:39:13
128.199.223.220	attack	(imapd) Failed IMAP login from 128.199.223.220 (SG/Singapore/-): 1 in the last 3600 secs	2019-10-07 18:21:45
106.12.27.46	attackspambots	Unauthorized SSH login attempts	2019-10-07 18:15:47
112.172.147.34	attackbots	Oct 7 09:22:04 game-panel sshd[32645]: Failed password for root from 112.172.147.34 port 44078 ssh2 Oct 7 09:26:37 game-panel sshd[332]: Failed password for root from 112.172.147.34 port 27703 ssh2	2019-10-07 17:36:51
141.98.80.81	attack	Brute Force attack - banned by Fail2Ban	2019-10-07 17:46:32
178.33.185.70	attack	2019-10-07T06:52:12.630027abusebot-2.cloudsearch.cf sshd\[26698\]: Invalid user Wolf123 from 178.33.185.70 port 39152	2019-10-07 18:20:47
45.125.65.82	attackspambots	Oct 7 10:01:31 mail postfix/smtpd\[3685\]: warning: unknown\[45.125.65.82\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 7 10:28:49 mail postfix/smtpd\[5764\]: warning: unknown\[45.125.65.82\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 7 10:56:11 mail postfix/smtpd\[6864\]: warning: unknown\[45.125.65.82\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 7 11:50:05 mail postfix/smtpd\[6877\]: warning: unknown\[45.125.65.82\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\	2019-10-07 18:16:28
185.149.40.45	attackspambots	Oct 7 11:15:24 vps647732 sshd[4347]: Failed password for root from 185.149.40.45 port 60358 ssh2 ...	2019-10-07 17:38:05
217.182.172.204	attack	Oct 7 06:56:18 www5 sshd\[44203\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.172.204 user=root Oct 7 06:56:20 www5 sshd\[44203\]: Failed password for root from 217.182.172.204 port 53302 ssh2 Oct 7 07:00:14 www5 sshd\[44665\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.172.204 user=root ...	2019-10-07 18:11:36
40.73.7.218	attackspambots	Oct 7 09:53:26 legacy sshd[15234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.73.7.218 Oct 7 09:53:28 legacy sshd[15234]: Failed password for invalid user P@r0la! from 40.73.7.218 port 35002 ssh2 Oct 7 09:58:17 legacy sshd[15378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.73.7.218 ...	2019-10-07 18:20:21
213.32.92.57	attackspam	2019-10-07T09:50:12.635860abusebot-4.cloudsearch.cf sshd\[17143\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip57.ip-213-32-92.eu user=root	2019-10-07 18:00:54

Recently Reported IPs

115.111.137.241	241.203.111.228	226.72.154.61	157.245.59.139
62.80.165.66	36.228.47.19	188.170.117.222	104.174.61.206
65.132.100.142	254.162.82.152	81.55.58.155	167.102.224.8
246.131.54.113	13.92.73.88	118.244.74.224	139.3.231.56
88.4.182.24	168.174.112.219	172.224.164.220	122.213.12.69