104.248.155.112

Basic Info

City: Singapore

Region: unknown

Country: Singapore

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Apr 21 04:10:16 ubuntu sshd[11693]: Failed password for invalid user ankesh from 104.248.155.112 port 34105 ssh2 Apr 21 04:15:01 ubuntu sshd[12422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.112 Apr 21 04:15:02 ubuntu sshd[12422]: Failed password for invalid user kids from 104.248.155.112 port 47284 ssh2 Apr 21 04:19:38 ubuntu sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.112	2019-07-31 20:57:52

Type

Details

Datetime

attackbotsspam

Apr 21 04:10:16 ubuntu sshd[11693]: Failed password for invalid user ankesh from 104.248.155.112 port 34105 ssh2
Apr 21 04:15:01 ubuntu sshd[12422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.112
Apr 21 04:15:02 ubuntu sshd[12422]: Failed password for invalid user kids from 104.248.155.112 port 47284 ssh2
Apr 21 04:19:38 ubuntu sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.112

2019-07-31 20:57:52

Comments on same subnet:

IP	Type	Details	Datetime
104.248.155.233	attackspambots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-06 02:02:36
104.248.155.233	attackbotsspam	TCP (SYN) 104.248.155.233:57480 -> port 31240, len 44	2020-09-05 17:35:39
104.248.155.247	attackbotsspam	Aug 25 14:44:01 vps647732 sshd[10184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.247 Aug 25 14:44:02 vps647732 sshd[10184]: Failed password for invalid user y from 104.248.155.247 port 59726 ssh2 ...	2020-08-25 20:49:49
104.248.155.247	attackspambots	SSH invalid-user multiple login try	2020-08-25 13:04:35
104.248.155.247	attack	Aug 24 14:48:11 vm1 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.247 Aug 24 14:48:13 vm1 sshd[11657]: Failed password for invalid user nexus from 104.248.155.247 port 54778 ssh2 ...	2020-08-24 20:59:45
104.248.155.233	attackbots	Port scan: Attack repeated for 24 hours	2020-08-16 04:10:03
104.248.155.233	attackbotsspam	Port scan denied	2020-07-30 17:26:15
104.248.155.233	attack	" "	2020-07-20 13:08:20
104.248.155.233	attackbotsspam	scans once in preceeding hours on the ports (in chronological order) 3026 resulting in total of 6 scans from 104.248.0.0/16 block.	2020-07-07 00:13:03
104.248.155.41	attackspambots	Apr 26 02:43:51 ubuntu sshd[10426]: Failed password for backup from 104.248.155.41 port 51002 ssh2 Apr 26 02:46:23 ubuntu sshd[10764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.41 Apr 26 02:46:25 ubuntu sshd[10764]: Failed password for invalid user robert from 104.248.155.41 port 51292 ssh2	2019-07-31 20:51:04
104.248.155.91	attackbots	May 13 08:59:19 ubuntu sshd[19020]: Failed password for invalid user lh from 104.248.155.91 port 35920 ssh2 May 13 09:03:10 ubuntu sshd[19105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.91 May 13 09:03:12 ubuntu sshd[19105]: Failed password for invalid user matt from 104.248.155.91 port 37860 ssh2 May 13 09:07:07 ubuntu sshd[19196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.155.91	2019-07-31 20:42:55

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.155.112
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26383
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.155.112.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041601 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Wed Apr 17 05:15:07 +08 2019
;; MSG SIZE  rcvd: 119

Host info

Host 112.155.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 112.155.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
180.226.47.134	attackspam	Oct 10 23:58:31 server1 sshd[12153]: Bad protocol version identification 'GET / HTTP/1.1' from 180.226.47.134 port 57889 Oct 10 23:59:04 server1 sshd[14469]: Bad protocol version identification 'GET / HTTP/1.1' from 180.226.47.134 port 58396 Oct 10 23:59:08 server1 sshd[14843]: Bad protocol version identification 'GET / HTTP/1.1' from 180.226.47.134 port 58491 ...	2020-10-11 23:49:36
93.42.225.250	attackbotsspam	Oct 11 15:27:07 ift sshd\[21303\]: Failed password for root from 93.42.225.250 port 59794 ssh2Oct 11 15:30:50 ift sshd\[21766\]: Invalid user customer from 93.42.225.250Oct 11 15:30:52 ift sshd\[21766\]: Failed password for invalid user customer from 93.42.225.250 port 37390 ssh2Oct 11 15:34:42 ift sshd\[22315\]: Invalid user info2 from 93.42.225.250Oct 11 15:34:44 ift sshd\[22315\]: Failed password for invalid user info2 from 93.42.225.250 port 43240 ssh2 ...	2020-10-11 23:15:07
114.67.169.63	attackspam	sshd jail - ssh hack attempt	2020-10-11 23:48:38
177.134.162.97	attackbots	Oct 11 13:30:28 localhost sshd[94586]: Invalid user admin from 177.134.162.97 port 51068 Oct 11 13:30:28 localhost sshd[94586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.134.162.97 Oct 11 13:30:28 localhost sshd[94586]: Invalid user admin from 177.134.162.97 port 51068 Oct 11 13:30:31 localhost sshd[94586]: Failed password for invalid user admin from 177.134.162.97 port 51068 ssh2 Oct 11 13:36:46 localhost sshd[95364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.134.162.97 user=root Oct 11 13:36:48 localhost sshd[95364]: Failed password for root from 177.134.162.97 port 55291 ssh2 ...	2020-10-11 23:20:46
5.62.136.142	attackspam	Use Brute-Force	2020-10-11 23:25:33
185.202.2.147	attackspam	Unauthorized connection attempt detected from IP address 185.202.2.147 to port 3389	2020-10-11 23:20:21
218.92.0.223	attack	Oct 11 17:31:15 eventyay sshd[8693]: Failed password for root from 218.92.0.223 port 26688 ssh2 Oct 11 17:31:19 eventyay sshd[8693]: Failed password for root from 218.92.0.223 port 26688 ssh2 Oct 11 17:31:22 eventyay sshd[8693]: Failed password for root from 218.92.0.223 port 26688 ssh2 Oct 11 17:31:26 eventyay sshd[8693]: Failed password for root from 218.92.0.223 port 26688 ssh2 ...	2020-10-11 23:34:16
81.68.112.71	attackspam	Oct 11 14:23:41 jumpserver sshd[60535]: Failed password for invalid user heidrun from 81.68.112.71 port 54362 ssh2 Oct 11 14:27:14 jumpserver sshd[60575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.112.71 user=root Oct 11 14:27:16 jumpserver sshd[60575]: Failed password for root from 81.68.112.71 port 36290 ssh2 ...	2020-10-11 23:11:29
195.123.246.16	attack	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-11 23:39:48
104.148.61.175	attack	Oct 10 22:45:59 SRV001 postfix/smtpd[15262]: NOQUEUE: reject: RCPT from unknown[104.148.61.175]: 554 5.7.1 : Relay access denied; from= to= proto=SMTP helo= ...	2020-10-11 23:36:46
142.44.211.27	attackbotsspam	$f2bV_matches	2020-10-11 23:26:43
95.111.194.171	attackbots	xmlrpc attack	2020-10-11 23:18:38
118.24.208.24	attack	Oct 11 16:21:10 gospond sshd[25064]: Invalid user villa from 118.24.208.24 port 44588 ...	2020-10-11 23:41:05
51.141.76.176	attack	2020-10-11T15:17:57.311156centos sshd[7967]: Invalid user chris from 51.141.76.176 port 38390 2020-10-11T15:17:59.755037centos sshd[7967]: Failed password for invalid user chris from 51.141.76.176 port 38390 ssh2 2020-10-11T15:21:41.382181centos sshd[8231]: Invalid user matt from 51.141.76.176 port 49514 ...	2020-10-11 23:37:09
45.45.21.189	attack	srvr2: (mod_security) mod_security (id:920350) triggered by 45.45.21.189 (CA/-/modemcable189.21-45-45.mc.videotron.ca): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/10 22:46:28 [error] 201616#0: 5361 [client 45.45.21.189] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "16023627889.799352"] [ref "o0,18v21,18"], client: 45.45.21.189, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-10-11 23:36:01

Recently Reported IPs

105.226.52.99	18.208.7.54	190.12.48.38	68.5.36.73
113.105.160.2	187.19.165.188	148.70.16.92	78.211.204.110
94.23.84.44	89.207.76.158	69.55.54.27	2.139.176.35
62.203.101.244	27.128.168.159	223.202.11.46	210.18.182.17
40.117.229.31	91.144.159.73	123.207.19.57	185.229.243.202