104.248.134.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 3 20:15:58 vm1 sshd[18048]: Did not receive identification string from 104.248.134.3 port 58754 Sep 3 20:16:50 vm1 sshd[18049]: Invalid user tk from 104.248.134.3 port 45342 Sep 3 20:16:50 vm1 sshd[18049]: Received disconnect from 104.248.134.3 port 45342:11: Normal Shutdown, Thank you for playing [preauth] Sep 3 20:16:50 vm1 sshd[18049]: Disconnected from 104.248.134.3 port 45342 [preauth] Sep 3 20:17:42 vm1 sshd[18054]: Invalid user tanulo from 104.248.134.3 port 57006 Sep 3 20:17:42 vm1 sshd[18054]: Received disconnect from 104.248.134.3 port 57006:11: Normal Shutdown, Thank you for playing [preauth] Sep 3 20:17:42 vm1 sshd[18054]: Disconnected from 104.248.134.3 port 57006 [preauth] Sep 3 20:18:37 vm1 sshd[18056]: Invalid user konyvtar from 104.248.134.3 port 40432 Sep 3 20:18:37 vm1 sshd[18056]: Received disconnect from 104.248.134.3 port 40432:11: Normal Shutdown, Thank you for playing [preauth] Sep 3 20:18:37 vm1 sshd[18056]: Disconnected from 104.2........ -------------------------------	2019-09-04 03:54:34

Type

Details

Datetime

attack

Sep  3 20:15:58 vm1 sshd[18048]: Did not receive identification string from 104.248.134.3 port 58754
Sep  3 20:16:50 vm1 sshd[18049]: Invalid user tk from 104.248.134.3 port 45342
Sep  3 20:16:50 vm1 sshd[18049]: Received disconnect from 104.248.134.3 port 45342:11: Normal Shutdown, Thank you for playing [preauth]
Sep  3 20:16:50 vm1 sshd[18049]: Disconnected from 104.248.134.3 port 45342 [preauth]
Sep  3 20:17:42 vm1 sshd[18054]: Invalid user tanulo from 104.248.134.3 port 57006
Sep  3 20:17:42 vm1 sshd[18054]: Received disconnect from 104.248.134.3 port 57006:11: Normal Shutdown, Thank you for playing [preauth]
Sep  3 20:17:42 vm1 sshd[18054]: Disconnected from 104.248.134.3 port 57006 [preauth]
Sep  3 20:18:37 vm1 sshd[18056]: Invalid user konyvtar from 104.248.134.3 port 40432
Sep  3 20:18:37 vm1 sshd[18056]: Received disconnect from 104.248.134.3 port 40432:11: Normal Shutdown, Thank you for playing [preauth]
Sep  3 20:18:37 vm1 sshd[18056]: Disconnected from 104.2........
-------------------------------

2019-09-04 03:54:34

Comments on same subnet:

IP	Type	Details	Datetime
104.248.134.212	attack	Jul 13 21:49:30 pve1 sshd[8743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 Jul 13 21:49:32 pve1 sshd[8743]: Failed password for invalid user kwu from 104.248.134.212 port 32860 ssh2 ...	2020-07-14 04:03:18
104.248.134.212	attack	Port scan denied	2020-07-13 16:16:46
104.248.134.212	attackbotsspam	Jul 11 16:34:15 ajax sshd[544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 Jul 11 16:34:17 ajax sshd[544]: Failed password for invalid user qmaill from 104.248.134.212 port 55204 ssh2	2020-07-11 23:45:56
104.248.134.212	attackspam	27634/tcp 29525/tcp 5279/tcp... [2020-06-22/07-10]44pkt,16pt.(tcp)	2020-07-10 23:25:58
104.248.134.212	attackbotsspam	TCP (SYN) 104.248.134.212:51856 -> port 6470, len 44	2020-07-05 18:22:14
104.248.134.212	attackbotsspam	Jul 3 21:43:56 debian-2gb-nbg1-2 kernel: \[16064058.493318\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=104.248.134.212 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=27077 PROTO=TCP SPT=57390 DPT=30272 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-04 03:44:24
104.248.134.212	attackbots	Invalid user lqq from 104.248.134.212 port 34070	2020-06-26 15:21:59
104.248.134.212	attackspambots	ssh brute force	2020-06-22 14:11:18
104.248.134.212	attack	Jun 19 14:11:46 vps687878 sshd\[9962\]: Failed password for invalid user deploy from 104.248.134.212 port 52238 ssh2 Jun 19 14:14:38 vps687878 sshd\[10185\]: Invalid user njs from 104.248.134.212 port 49676 Jun 19 14:14:38 vps687878 sshd\[10185\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 Jun 19 14:14:40 vps687878 sshd\[10185\]: Failed password for invalid user njs from 104.248.134.212 port 49676 ssh2 Jun 19 14:17:28 vps687878 sshd\[10511\]: Invalid user virtual from 104.248.134.212 port 47110 Jun 19 14:17:28 vps687878 sshd\[10511\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 ...	2020-06-19 20:25:13
104.248.134.212	attack	Jun 16 23:49:41 minden010 sshd[9676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 Jun 16 23:49:44 minden010 sshd[9676]: Failed password for invalid user www from 104.248.134.212 port 34662 ssh2 Jun 16 23:52:33 minden010 sshd[11734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 ...	2020-06-17 06:17:44
104.248.134.212	attackspam	$f2bV_matches	2020-06-14 22:00:53
104.248.134.212	attackbotsspam	Jun 13 21:11:14 mockhub sshd[19136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 Jun 13 21:11:17 mockhub sshd[19136]: Failed password for invalid user narcissa from 104.248.134.212 port 47054 ssh2 ...	2020-06-14 13:26:15
104.248.134.212	attackspambots	Jun 9 17:51:58 vps639187 sshd\[27199\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 user=root Jun 9 17:52:00 vps639187 sshd\[27199\]: Failed password for root from 104.248.134.212 port 51268 ssh2 Jun 9 17:55:19 vps639187 sshd\[27262\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.134.212 user=root ...	2020-06-10 02:27:49
104.248.134.212	attackspam	5x Failed Password	2020-06-09 08:21:13
104.248.134.183	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-01-29 21:40:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.134.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48078
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.134.3.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090301 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 04 03:54:28 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 3.134.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 3.134.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
60.12.221.84	attack	Unauthorized connection attempt detected from IP address 60.12.221.84 to port 12850 [T]	2020-03-22 20:04:49
185.245.41.25	attackspam	B: ssh repeated attack for invalid user	2020-03-22 20:10:34
58.220.87.226	attack	SSH login attempts @ 2020-03-07 05:35:01	2020-03-22 20:34:06
187.190.45.120	attackspam	2020-03-2204:47:211jFra4-00043d-Gx\<=info@whatsup2013.chH=$localhost$[14.186.182.29]:34632P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3647id=9E9B2D7E75A18F3CE0E5AC14D03BB09C@whatsup2013.chT="iamChristina"forynflyg@gmail.comjonathan_stevenson1@hotmail.com2020-03-2204:45:001jFrXn-0003sR-Do\<=info@whatsup2013.chH=045-238-122-160.provecom.com.br$localhost$[45.238.122.160]:38099P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3746id=313482D1DA0E20934F4A03BB7FA3DD33@whatsup2013.chT="iamChristina"forzzrxt420@gmail.comdemcatz@yahoo.com2020-03-2204:47:261jFra9-000442-Gu\<=info@whatsup2013.chH=fixed-187-190-45-120.totalplay.net$localhost$[187.190.45.120]:57389P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3746id=7277C192994D63D00C0940F83CF509FE@whatsup2013.chT="iamChristina"forjvcan@aol.comtjgj84@gmail.com2020-03-2204:45:101jFrXx-0003tS-BI\<=info@whatsup2013.chH=$localhost$[	2020-03-22 20:40:01
61.160.96.90	attackspam	Mar 22 06:04:40 dallas01 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.96.90 Mar 22 06:04:42 dallas01 sshd[14912]: Failed password for invalid user radio from 61.160.96.90 port 9029 ssh2 Mar 22 06:09:57 dallas01 sshd[16588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.96.90	2020-03-22 20:43:21
219.79.78.12	attackspam	Port probing on unauthorized port 5555	2020-03-22 20:34:59
106.12.120.207	attackbotsspam	SSH login attempts brute force.	2020-03-22 20:07:59
68.183.146.178	attack	B: Abusive ssh attack	2020-03-22 20:41:14
139.28.206.11	attackspambots	3x Failed Password	2020-03-22 20:35:13
51.75.254.172	attack	Mar 22 03:40:24 home sshd[29771]: Invalid user wokani from 51.75.254.172 port 57896 Mar 22 03:40:24 home sshd[29771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.254.172 Mar 22 03:40:24 home sshd[29771]: Invalid user wokani from 51.75.254.172 port 57896 Mar 22 03:40:27 home sshd[29771]: Failed password for invalid user wokani from 51.75.254.172 port 57896 ssh2 Mar 22 03:40:24 home sshd[29771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.254.172 Mar 22 03:40:24 home sshd[29771]: Invalid user wokani from 51.75.254.172 port 57896 Mar 22 03:40:27 home sshd[29771]: Failed password for invalid user wokani from 51.75.254.172 port 57896 ssh2 Mar 22 03:57:26 home sshd[30194]: Invalid user lishunyao from 51.75.254.172 port 33324 Mar 22 03:57:26 home sshd[30194]: Invalid user lishunyao from 51.75.254.172 port 33324 Mar 22 03:57:26 home sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh	2020-03-22 20:00:01
65.98.111.218	attackspambots	Invalid user test1 from 65.98.111.218 port 48470	2020-03-22 20:03:03
85.108.134.183	attack	Unauthorized connection attempt detected from IP address 85.108.134.183 to port 5555	2020-03-22 20:05:40
222.232.29.235	attackbotsspam	Mar 22 12:17:45 dev0-dcde-rnet sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.232.29.235 Mar 22 12:17:46 dev0-dcde-rnet sshd[1826]: Failed password for invalid user op from 222.232.29.235 port 39216 ssh2 Mar 22 12:23:53 dev0-dcde-rnet sshd[1912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.232.29.235	2020-03-22 20:38:28
5.32.176.112	attack	port 23	2020-03-22 20:38:12
45.133.99.3	attack	2020-03-22 12:52:19 dovecot_login authenticator failed for $\[45.133.99.3\]$ \[45.133.99.3\]: 535 Incorrect authentication data $set_id=support@orogest.it$ 2020-03-22 12:52:28 dovecot_login authenticator failed for $\[45.133.99.3\]$ \[45.133.99.3\]: 535 Incorrect authentication data 2020-03-22 12:52:38 dovecot_login authenticator failed for $\[45.133.99.3\]$ \[45.133.99.3\]: 535 Incorrect authentication data 2020-03-22 12:52:45 dovecot_login authenticator failed for $\[45.133.99.3\]$ \[45.133.99.3\]: 535 Incorrect authentication data 2020-03-22 12:52:58 dovecot_login authenticator failed for $\[45.133.99.3\]$ \[45.133.99.3\]: 535 Incorrect authentication data	2020-03-22 20:01:44

Recently Reported IPs

138.4.31.43	111.238.29.88	175.86.104.224	89.139.31.53
84.53.192.243	13.44.81.132	70.151.37.177	231.240.53.43
172.14.96.23	142.86.150.82	68.42.251.184	83.142.141.6
2.39.190.193	245.164.102.223	146.194.233.96	89.88.196.27
90.114.156.154	155.24.64.211	37.44.209.229	203.193.213.49