104.248.191.159

Basic Info

City: Santa Clara

Region: California

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: DigitalOcean, LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2019-09-20T16:39:11.0247491495-001 sshd\[42592\]: Failed password for invalid user splashmc from 104.248.191.159 port 57616 ssh2 2019-09-20T16:51:31.9665091495-001 sshd\[43498\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 user=operator 2019-09-20T16:51:34.1284571495-001 sshd\[43498\]: Failed password for operator from 104.248.191.159 port 41058 ssh2 2019-09-20T16:55:38.6904481495-001 sshd\[43783\]: Invalid user deso from 104.248.191.159 port 54366 2019-09-20T16:55:38.6939511495-001 sshd\[43783\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 2019-09-20T16:55:40.4336511495-001 sshd\[43783\]: Failed password for invalid user deso from 104.248.191.159 port 54366 ssh2 ...	2019-09-21 07:24:25
attackspam	Sep 20 08:17:40 s64-1 sshd[23290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 Sep 20 08:17:42 s64-1 sshd[23290]: Failed password for invalid user aldair from 104.248.191.159 port 36110 ssh2 Sep 20 08:21:49 s64-1 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 ...	2019-09-20 16:42:29
attack	Invalid user git from 104.248.191.159 port 45948	2019-09-15 09:26:14
attack	Invalid user git from 104.248.191.159 port 45948	2019-09-14 09:12:39
attackspambots	2019-09-08 17:03:58,873 fail2ban.actions [814]: NOTICE [sshd] Ban 104.248.191.159 2019-09-08 20:14:22,538 fail2ban.actions [814]: NOTICE [sshd] Ban 104.248.191.159 2019-09-08 23:21:23,805 fail2ban.actions [814]: NOTICE [sshd] Ban 104.248.191.159 ...	2019-09-13 12:28:32
attackspambots	Sep 8 08:00:38 OPSO sshd\[1086\]: Invalid user musikbot from 104.248.191.159 port 48078 Sep 8 08:00:38 OPSO sshd\[1086\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 Sep 8 08:00:40 OPSO sshd\[1086\]: Failed password for invalid user musikbot from 104.248.191.159 port 48078 ssh2 Sep 8 08:05:20 OPSO sshd\[1931\]: Invalid user test from 104.248.191.159 port 35182 Sep 8 08:05:20 OPSO sshd\[1931\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159	2019-09-08 14:10:40
attackbots	Sep 5 15:11:48 debian sshd\[17494\]: Invalid user csgoserver from 104.248.191.159 port 38026 Sep 5 15:11:48 debian sshd\[17494\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 Sep 5 15:11:50 debian sshd\[17494\]: Failed password for invalid user csgoserver from 104.248.191.159 port 38026 ssh2 ...	2019-09-06 03:17:06
attackspambots	Sep 4 21:40:10 dedicated sshd[25146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 user=root Sep 4 21:40:12 dedicated sshd[25146]: Failed password for root from 104.248.191.159 port 56214 ssh2	2019-09-05 03:41:58
attackspambots	Aug 27 19:26:16 aiointranet sshd\[32688\]: Invalid user 123321 from 104.248.191.159 Aug 27 19:26:16 aiointranet sshd\[32688\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 Aug 27 19:26:18 aiointranet sshd\[32688\]: Failed password for invalid user 123321 from 104.248.191.159 port 53264 ssh2 Aug 27 19:30:11 aiointranet sshd\[543\]: Invalid user liu from 104.248.191.159 Aug 27 19:30:11 aiointranet sshd\[543\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159	2019-08-28 13:57:16
attackbotsspam	Fail2Ban Ban Triggered	2019-08-26 16:40:51
attackbotsspam	SSH authentication failure x 6 reported by Fail2Ban ...	2019-08-18 10:22:02
attackspam	Aug 17 11:02:22 XXXXXX sshd[12701]: Invalid user card from 104.248.191.159 port 37626	2019-08-18 02:25:59
attackspam	Aug 12 07:14:42 XXX sshd[12693]: Invalid user samira from 104.248.191.159 port 54096	2019-08-12 14:03:58
attack	Aug 11 18:14:00 marvibiene sshd[60361]: Invalid user wiki from 104.248.191.159 port 36286 Aug 11 18:14:00 marvibiene sshd[60361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 Aug 11 18:14:00 marvibiene sshd[60361]: Invalid user wiki from 104.248.191.159 port 36286 Aug 11 18:14:01 marvibiene sshd[60361]: Failed password for invalid user wiki from 104.248.191.159 port 36286 ssh2 ...	2019-08-12 04:14:46
attackbots	Automatic report - Banned IP Access	2019-08-08 21:52:25
attackspambots	Invalid user nagios from 104.248.191.159 port 52902	2019-08-03 02:14:47
attackspambots	2019-07-22T15:36:43.276754cavecanem sshd[3748]: Invalid user noreply from 104.248.191.159 port 37730 2019-07-22T15:36:43.280000cavecanem sshd[3748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 2019-07-22T15:36:43.276754cavecanem sshd[3748]: Invalid user noreply from 104.248.191.159 port 37730 2019-07-22T15:36:45.436692cavecanem sshd[3748]: Failed password for invalid user noreply from 104.248.191.159 port 37730 ssh2 2019-07-22T15:41:12.187048cavecanem sshd[9929]: Invalid user larry from 104.248.191.159 port 32796 2019-07-22T15:41:12.189665cavecanem sshd[9929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 2019-07-22T15:41:12.187048cavecanem sshd[9929]: Invalid user larry from 104.248.191.159 port 32796 2019-07-22T15:41:14.607813cavecanem sshd[9929]: Failed password for invalid user larry from 104.248.191.159 port 32796 ssh2 2019-07-22T15:45:45.947987cavecanem sshd[16228 ...	2019-07-22 21:50:45
attackbotsspam	2019-07-22T09:47:52.513060cavecanem sshd[19110]: Invalid user student1 from 104.248.191.159 port 56064 2019-07-22T09:47:52.515629cavecanem sshd[19110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 2019-07-22T09:47:52.513060cavecanem sshd[19110]: Invalid user student1 from 104.248.191.159 port 56064 2019-07-22T09:47:54.208261cavecanem sshd[19110]: Failed password for invalid user student1 from 104.248.191.159 port 56064 ssh2 2019-07-22T09:52:16.356764cavecanem sshd[24839]: Invalid user big from 104.248.191.159 port 51118 2019-07-22T09:52:16.359099cavecanem sshd[24839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.191.159 2019-07-22T09:52:16.356764cavecanem sshd[24839]: Invalid user big from 104.248.191.159 port 51118 2019-07-22T09:52:18.628278cavecanem sshd[24839]: Failed password for invalid user big from 104.248.191.159 port 51118 ssh2 2019-07-22T09:56:36.284252cavecanem sshd[ ...	2019-07-22 16:23:53
attack	Invalid user server01 from 104.248.191.159 port 53404	2019-07-13 14:26:10
attackbotsspam	Brute force attempt	2019-06-28 15:10:58

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.191.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54466
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.191.159.		IN	A

;; AUTHORITY SECTION:
.			2691	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019051000 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri May 10 19:27:54 +08 2019
;; MSG SIZE  rcvd: 119

Host info

Host 159.191.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 159.191.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
111.229.221.112	attackspambots	Jun 19 17:15:10 ws26vmsma01 sshd[211301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.221.112 Jun 19 17:15:12 ws26vmsma01 sshd[211301]: Failed password for invalid user oleg from 111.229.221.112 port 54740 ssh2 ...	2020-06-20 03:05:32
104.215.151.21	attack	$f2bV_matches	2020-06-20 03:19:46
196.52.84.29	attack	Automatic report - Banned IP Access	2020-06-20 02:50:15
45.95.168.173	attackspambots	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-06-19T18:54:00Z and 2020-06-19T18:56:21Z	2020-06-20 03:10:44
162.13.38.154	attackspambots	RecipientDoesNotExist Timestamp : 19-Jun-20 12:50 (From . root@503959-app1.ukatn.com) Listed on rbldns-ru (128)	2020-06-20 02:53:51
157.55.39.176	attack	Automatic report - Banned IP Access	2020-06-20 03:05:16
198.71.228.30	attackbots	(mod_security) mod_security (id:211630) triggered by 198.71.228.30 (US/United States/a2plcpnl0205.prod.iad2.secureserver.net): 5 in the last 3600 secs	2020-06-20 03:24:20
106.12.111.201	attackspambots	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-06-20 03:16:32
59.152.62.187	attackbotsspam	Jun 19 21:27:58 itv-usvr-01 sshd[29317]: Invalid user jenkins from 59.152.62.187 Jun 19 21:27:58 itv-usvr-01 sshd[29317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.152.62.187 Jun 19 21:27:58 itv-usvr-01 sshd[29317]: Invalid user jenkins from 59.152.62.187 Jun 19 21:28:00 itv-usvr-01 sshd[29317]: Failed password for invalid user jenkins from 59.152.62.187 port 50432 ssh2	2020-06-20 02:59:53
155.94.201.99	attackbotsspam	Jun 19 16:14:07 vmd48417 sshd[12189]: Failed password for root from 155.94.201.99 port 50476 ssh2	2020-06-20 02:50:38
190.147.33.171	attackspambots	Jun 19 15:47:54 server sshd[2108]: Failed password for root from 190.147.33.171 port 49242 ssh2 Jun 19 15:52:49 server sshd[3371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.147.33.171 Jun 19 15:52:51 server sshd[3371]: Failed password for invalid user zenbot from 190.147.33.171 port 60506 ssh2 ...	2020-06-20 03:27:12
187.20.148.236	attackbotsspam	187.20.148.236 - - [19/Jun/2020:15:29:52 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 187.20.148.236 - - [19/Jun/2020:15:30:02 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1857 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 187.20.148.236 - - [19/Jun/2020:15:30:06 +0100] "POST /wp/xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-20 03:17:23
45.134.179.57	attackbots	Jun 19 15:44:43 debian-2gb-nbg1-2 kernel: \[14832972.047519\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.134.179.57 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=5405 PROTO=TCP SPT=56496 DPT=62899 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-20 03:22:04
118.201.65.165	attack	Jun 19 14:12:30 ncomp sshd[13264]: Invalid user dmu from 118.201.65.165 Jun 19 14:12:30 ncomp sshd[13264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.201.65.165 Jun 19 14:12:30 ncomp sshd[13264]: Invalid user dmu from 118.201.65.165 Jun 19 14:12:32 ncomp sshd[13264]: Failed password for invalid user dmu from 118.201.65.165 port 35877 ssh2	2020-06-20 02:53:08
80.241.46.6	attack	Invalid user user from 80.241.46.6 port 6976	2020-06-20 03:21:31

Recently Reported IPs

40.32.83.253	112.17.175.46	49.53.53.138	37.97.205.59
216.233.33.59	35.252.221.62	146.52.111.201	152.91.16.140
80.170.192.40	125.123.140.76	63.83.159.219	201.36.4.46
118.24.178.224	105.104.200.26	77.211.179.184	135.4.86.152
190.207.84.209	172.236.126.188	211.174.252.221	211.14.88.7