104.248.85.105

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Splunk® : port scan detected: Jul 20 05:51:52 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=104.248.85.105 DST=104.248.11.191 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=5104 DF PROTO=TCP SPT=54036 DPT=8161 WINDOW=29200 RES=0x00 SYN URGP=0	2019-07-20 18:04:52

Type

Details

Datetime

attackbots

Splunk® : port scan detected:
Jul 20 05:51:52 testbed kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=104.248.85.105 DST=104.248.11.191 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=5104 DF PROTO=TCP SPT=54036 DPT=8161 WINDOW=29200 RES=0x00 SYN URGP=0

2019-07-20 18:04:52

Comments on same subnet:

IP	Type	Details	Datetime
104.248.85.54	attack	Sep 9 15:21:49 localhost sshd\[340\]: Invalid user guest from 104.248.85.54 port 42604 Sep 9 15:21:49 localhost sshd\[340\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 Sep 9 15:21:51 localhost sshd\[340\]: Failed password for invalid user guest from 104.248.85.54 port 42604 ssh2 Sep 9 15:32:02 localhost sshd\[708\]: Invalid user ftp_test from 104.248.85.54 port 46362 Sep 9 15:32:02 localhost sshd\[708\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 ...	2019-09-10 01:52:11
104.248.85.54	attackbots	Sep 9 09:04:19 localhost sshd\[117470\]: Invalid user web5 from 104.248.85.54 port 53012 Sep 9 09:04:19 localhost sshd\[117470\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 Sep 9 09:04:21 localhost sshd\[117470\]: Failed password for invalid user web5 from 104.248.85.54 port 53012 ssh2 Sep 9 09:10:11 localhost sshd\[117727\]: Invalid user sammy from 104.248.85.54 port 56502 Sep 9 09:10:11 localhost sshd\[117727\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 ...	2019-09-09 17:23:34
104.248.85.54	attackbots	Sep 7 05:46:42 sachi sshd\[26126\]: Invalid user guest1 from 104.248.85.54 Sep 7 05:46:42 sachi sshd\[26126\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 Sep 7 05:46:44 sachi sshd\[26126\]: Failed password for invalid user guest1 from 104.248.85.54 port 50610 ssh2 Sep 7 05:51:34 sachi sshd\[26573\]: Invalid user musicbot from 104.248.85.54 Sep 7 05:51:34 sachi sshd\[26573\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54	2019-09-08 02:29:16
104.248.85.54	attackbots	Aug 15 21:20:26 MK-Soft-VM3 sshd\[12473\]: Invalid user qhsupport from 104.248.85.54 port 42458 Aug 15 21:20:26 MK-Soft-VM3 sshd\[12473\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 Aug 15 21:20:28 MK-Soft-VM3 sshd\[12473\]: Failed password for invalid user qhsupport from 104.248.85.54 port 42458 ssh2 ...	2019-08-16 05:52:50
104.248.85.115	attackspam	Aug 14 01:28:22 XXX sshd[23842]: Invalid user lehranstalt from 104.248.85.115 port 17281	2019-08-14 09:03:51
104.248.85.54	attack	Aug 10 18:49:03 meumeu sshd[14078]: Failed password for invalid user diradmin from 104.248.85.54 port 38426 ssh2 Aug 10 18:53:08 meumeu sshd[14510]: Failed password for invalid user jacob123 from 104.248.85.54 port 33662 ssh2 ...	2019-08-11 01:06:24
104.248.85.54	attackbots	May 11 04:09:39 ubuntu sshd[24022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 May 11 04:09:42 ubuntu sshd[24022]: Failed password for invalid user webadmin from 104.248.85.54 port 59184 ssh2 May 11 04:12:45 ubuntu sshd[24099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 May 11 04:12:47 ubuntu sshd[24099]: Failed password for invalid user dreambaseftp from 104.248.85.54 port 32770 ssh2	2019-07-31 16:16:47
104.248.85.54	attackspambots	Jul 28 00:40:32 localhost sshd\[9136\]: Invalid user paddy from 104.248.85.54 Jul 28 00:40:32 localhost sshd\[9136\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 Jul 28 00:40:34 localhost sshd\[9136\]: Failed password for invalid user paddy from 104.248.85.54 port 36550 ssh2 Jul 28 00:44:25 localhost sshd\[9152\]: Invalid user maxided from 104.248.85.54 Jul 28 00:44:25 localhost sshd\[9152\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.85.54 ...	2019-07-28 08:42:01
104.248.85.226	attack	DATE:2019-07-14 02:42:02, IP:104.248.85.226, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc)	2019-07-14 08:45:05
104.248.85.226	attackspam	TCP port 23 (Telnet) attempt blocked by firewall. [2019-07-12 02:01:19]	2019-07-12 11:11:46
104.248.85.226	attack	Caught in portsentry honeypot	2019-07-11 18:09:06
104.248.85.54	attackspam	ssh failed login	2019-07-07 09:16:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.85.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56618
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.85.105.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jul 20 18:04:44 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 105.85.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 105.85.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
134.209.96.136	attack	Aug 1 12:43:05 ovpn sshd[27934]: Invalid user sierra from 134.209.96.136 Aug 1 12:43:05 ovpn sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.96.136 Aug 1 12:43:07 ovpn sshd[27934]: Failed password for invalid user sierra from 134.209.96.136 port 35940 ssh2 Aug 1 12:43:07 ovpn sshd[27934]: Received disconnect from 134.209.96.136 port 35940:11: Bye Bye [preauth] Aug 1 12:43:07 ovpn sshd[27934]: Disconnected from 134.209.96.136 port 35940 [preauth] Aug 1 13:16:24 ovpn sshd[1483]: Invalid user center from 134.209.96.136 Aug 1 13:16:24 ovpn sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.96.136 Aug 1 13:16:26 ovpn sshd[1483]: Failed password for invalid user center from 134.209.96.136 port 51146 ssh2 Aug 1 13:16:26 ovpn sshd[1483]: Received disconnect from 134.209.96.136 port 51146:11: Bye Bye [preauth] Aug 1 13:16:26 ovpn sshd[1483]: Disconnected........ ------------------------------	2019-08-02 08:14:16
114.108.177.69	attackspambots	SMB Server BruteForce Attack	2019-08-02 08:24:30
220.76.230.169	attackbotsspam	scan r	2019-08-02 08:45:15
123.233.246.52	attack		2019-08-02 08:05:34
114.67.224.87	attack	2019-08-01T23:27:26.208914abusebot-6.cloudsearch.cf sshd\[24327\]: Invalid user factoria from 114.67.224.87 port 38000	2019-08-02 07:57:27
193.188.22.12	attack	Invalid user ubnt from 193.188.22.12 port 32902	2019-08-02 08:04:25
107.170.239.108	attackbotsspam	" "	2019-08-02 08:37:08
2607:5300:60:359c::1	attack	WordPress wp-login brute force :: 2607:5300:60:359c::1 0.048 BYPASS [02/Aug/2019:09:26:27 1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-02 08:28:03
200.83.229.52	attackspambots	Aug 2 03:14:31 server sshd\[14483\]: Invalid user ubuntu from 200.83.229.52 port 37079 Aug 2 03:14:31 server sshd\[14483\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.83.229.52 Aug 2 03:14:33 server sshd\[14483\]: Failed password for invalid user ubuntu from 200.83.229.52 port 37079 ssh2 Aug 2 03:24:21 server sshd\[8174\]: Invalid user user1 from 200.83.229.52 port 63562 Aug 2 03:24:21 server sshd\[8174\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.83.229.52	2019-08-02 08:38:11
58.144.151.45	attackbots	abuse-sasl	2019-08-02 08:18:06
171.25.193.235	attackbots	Aug 2 01:26:36 * sshd[21507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.193.235 Aug 2 01:26:38 * sshd[21507]: Failed password for invalid user amx from 171.25.193.235 port 11302 ssh2	2019-08-02 08:21:01
120.29.155.122	attackbotsspam	Aug 2 01:58:46 MK-Soft-Root1 sshd\[25231\]: Invalid user clock from 120.29.155.122 port 45958 Aug 2 01:58:46 MK-Soft-Root1 sshd\[25231\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.29.155.122 Aug 2 01:58:48 MK-Soft-Root1 sshd\[25231\]: Failed password for invalid user clock from 120.29.155.122 port 45958 ssh2 ...	2019-08-02 08:06:36
2001:41d0:203:3af::	attack	WordPress wp-login brute force :: 2001:41d0:203:3af:: 0.064 BYPASS [02/Aug/2019:10:10:15 1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-02 08:40:19
139.59.4.63	attackbotsspam	xmlrpc attack	2019-08-02 08:10:09
103.249.239.221	attack	Bruteforce on SSH Honeypot	2019-08-02 08:44:10

Recently Reported IPs

197.15.39.84	16.215.222.131	75.212.5.67	82.74.38.141
17.255.228.187	185.244.25.177	59.173.185.111	114.28.29.136
137.18.134.160	102.210.252.93	94.77.192.54	138.68.72.10
157.230.171.90	246.94.53.193	138.122.37.230	52.253.2.0
89.35.39.126	83.135.219.101	153.126.130.183	103.50.5.164