104.248.94.159

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorised connection attempt detected at AUO NODE 4. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-05-23 14:19:28
attack	May 22 17:22:45 xeon sshd[25949]: Failed password for invalid user wit from 104.248.94.159 port 46482 ssh2	2020-05-23 01:12:29
attackbots	5x Failed Password	2020-05-15 22:27:33
attackspam	" "	2020-05-06 14:04:24
attackspam	Apr 24 07:57:07 debian-2gb-nbg1-2 kernel: \[9966772.924980\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=104.248.94.159 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=37616 PROTO=TCP SPT=52994 DPT=23654 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-24 14:49:55
attack	Apr 15 15:14:57 srv206 sshd[12053]: Invalid user york from 104.248.94.159 Apr 15 15:14:57 srv206 sshd[12053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Apr 15 15:14:57 srv206 sshd[12053]: Invalid user york from 104.248.94.159 Apr 15 15:14:58 srv206 sshd[12053]: Failed password for invalid user york from 104.248.94.159 port 43826 ssh2 ...	2020-04-15 21:55:15
attack	Invalid user bike from 104.248.94.159 port 54104	2020-04-15 07:05:11
attack	Invalid user bike from 104.248.94.159 port 54104	2020-04-14 16:16:46
attack	Apr 13 09:19:38 server sshd[17894]: Failed password for root from 104.248.94.159 port 53698 ssh2 Apr 13 10:00:18 server sshd[28994]: Failed password for invalid user st1lesha from 104.248.94.159 port 46312 ssh2 Apr 13 10:03:40 server sshd[30054]: Failed password for root from 104.248.94.159 port 54064 ssh2	2020-04-13 16:11:30
attackbots	Apr 9 22:45:29 cvbnet sshd[15739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Apr 9 22:45:31 cvbnet sshd[15739]: Failed password for invalid user odoo from 104.248.94.159 port 38072 ssh2 ...	2020-04-10 05:43:50
attackbots	Apr 7 15:27:53 legacy sshd[30365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Apr 7 15:27:55 legacy sshd[30365]: Failed password for invalid user confa from 104.248.94.159 port 38782 ssh2 Apr 7 15:31:38 legacy sshd[30490]: Failed password for root from 104.248.94.159 port 49110 ssh2 ...	2020-04-07 21:38:49
attackbots	k+ssh-bruteforce	2020-04-07 09:59:29
attackspambots	Mar 26 00:26:53 ks10 sshd[670657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Mar 26 00:26:55 ks10 sshd[670657]: Failed password for invalid user sysbackup from 104.248.94.159 port 35330 ssh2 ...	2020-03-26 07:33:46
attack	Mar 22 17:14:50 plex sshd[25493]: Invalid user btf from 104.248.94.159 port 59384	2020-03-23 01:14:21
attack	Feb 13 14:50:11 v22018076622670303 sshd\[32333\]: Invalid user gustavo from 104.248.94.159 port 33806 Feb 13 14:50:11 v22018076622670303 sshd\[32333\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Feb 13 14:50:13 v22018076622670303 sshd\[32333\]: Failed password for invalid user gustavo from 104.248.94.159 port 33806 ssh2 ...	2020-02-13 22:18:02
attackspambots	SSH authentication failure x 6 reported by Fail2Ban ...	2020-02-06 23:40:23
attackspam	Fail2Ban Ban Triggered	2020-02-03 20:03:14
attackspam	Unauthorized connection attempt detected from IP address 104.248.94.159 to port 2220 [J]	2020-01-21 22:28:20
attackspambots	SSH login attempts.	2019-12-18 06:06:56
attack	2019-12-14T19:54:46.662345abusebot-6.cloudsearch.cf sshd\[15517\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=root 2019-12-14T19:54:48.335756abusebot-6.cloudsearch.cf sshd\[15517\]: Failed password for root from 104.248.94.159 port 53614 ssh2 2019-12-14T19:59:58.604772abusebot-6.cloudsearch.cf sshd\[15527\]: Invalid user backup from 104.248.94.159 port 38568 2019-12-14T19:59:58.610932abusebot-6.cloudsearch.cf sshd\[15527\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159	2019-12-15 05:13:57
attackbotsspam	Dec 13 05:23:09 areeb-Workstation sshd[886]: Failed password for root from 104.248.94.159 port 53292 ssh2 Dec 13 05:28:14 areeb-Workstation sshd[1585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 ...	2019-12-13 09:08:32
attack	Dec 9 00:10:16 localhost sshd[44996]: Failed password for invalid user acount from 104.248.94.159 port 36458 ssh2 Dec 9 00:20:34 localhost sshd[47204]: Failed password for invalid user mysql from 104.248.94.159 port 55694 ssh2 Dec 9 00:26:07 localhost sshd[48493]: Failed password for invalid user webmaster from 104.248.94.159 port 36776 ssh2	2019-12-09 07:57:38
attackspambots	Dec 8 03:04:03 ws12vmsma01 sshd[33602]: Invalid user bezhan from 104.248.94.159 Dec 8 03:04:05 ws12vmsma01 sshd[33602]: Failed password for invalid user bezhan from 104.248.94.159 port 36604 ssh2 Dec 8 03:08:59 ws12vmsma01 sshd[34338]: Invalid user jangsumall from 104.248.94.159 ...	2019-12-08 13:26:51
attackbotsspam	2019-12-07T05:50:12.719883shield sshd\[15922\]: Invalid user jj from 104.248.94.159 port 44514 2019-12-07T05:50:12.725561shield sshd\[15922\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 2019-12-07T05:50:14.569405shield sshd\[15922\]: Failed password for invalid user jj from 104.248.94.159 port 44514 ssh2 2019-12-07T05:55:15.927738shield sshd\[18063\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=root 2019-12-07T05:55:18.368716shield sshd\[18063\]: Failed password for root from 104.248.94.159 port 53166 ssh2	2019-12-07 14:09:30
attack	Nov 15 06:30:43 tdfoods sshd\[3384\]: Invalid user a from 104.248.94.159 Nov 15 06:30:43 tdfoods sshd\[3384\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Nov 15 06:30:45 tdfoods sshd\[3384\]: Failed password for invalid user a from 104.248.94.159 port 53802 ssh2 Nov 15 06:34:27 tdfoods sshd\[3683\]: Invalid user wangfei from 104.248.94.159 Nov 15 06:34:27 tdfoods sshd\[3683\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159	2019-11-16 00:39:19
attackbotsspam	Oct 27 17:36:49 MK-Soft-Root1 sshd[24230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Oct 27 17:36:51 MK-Soft-Root1 sshd[24230]: Failed password for invalid user royal from 104.248.94.159 port 34272 ssh2 ...	2019-10-28 03:57:23
attackspam	Oct 27 01:08:04 eddieflores sshd\[24660\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=root Oct 27 01:08:05 eddieflores sshd\[24660\]: Failed password for root from 104.248.94.159 port 33000 ssh2 Oct 27 01:11:38 eddieflores sshd\[24990\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=root Oct 27 01:11:40 eddieflores sshd\[24990\]: Failed password for root from 104.248.94.159 port 42714 ssh2 Oct 27 01:15:09 eddieflores sshd\[25253\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=root	2019-10-27 19:27:09
attackspambots	Oct 26 11:32:45 tdfoods sshd\[24034\]: Invalid user nihao123!@\#g from 104.248.94.159 Oct 26 11:32:45 tdfoods sshd\[24034\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Oct 26 11:32:47 tdfoods sshd\[24034\]: Failed password for invalid user nihao123!@\#g from 104.248.94.159 port 36672 ssh2 Oct 26 11:36:27 tdfoods sshd\[24378\]: Invalid user steve666 from 104.248.94.159 Oct 26 11:36:27 tdfoods sshd\[24378\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159	2019-10-27 05:48:36
attackbotsspam	Oct 22 19:32:28 pi01 sshd[19626]: Connection from 104.248.94.159 port 41442 on 192.168.1.10 port 22 Oct 22 19:32:29 pi01 sshd[19626]: User r.r from 104.248.94.159 not allowed because not listed in AllowUsers Oct 22 19:32:29 pi01 sshd[19626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 user=r.r Oct 22 19:32:30 pi01 sshd[19626]: Failed password for invalid user r.r from 104.248.94.159 port 41442 ssh2 Oct 22 19:32:30 pi01 sshd[19626]: Received disconnect from 104.248.94.159 port 41442:11: Bye Bye [preauth] Oct 22 19:32:30 pi01 sshd[19626]: Disconnected from 104.248.94.159 port 41442 [preauth] Oct 22 19:39:28 pi01 sshd[19714]: Connection from 104.248.94.159 port 43726 on 192.168.1.10 port 22 Oct 22 19:39:29 pi01 sshd[19714]: User r.r from 104.248.94.159 not allowed because not listed in AllowUsers Oct 22 19:39:29 pi01 sshd[19714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rho........ -------------------------------	2019-10-23 22:05:35
attackspam	Oct 21 22:29:03 legacy sshd[31470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.94.159 Oct 21 22:29:05 legacy sshd[31470]: Failed password for invalid user sqlite from 104.248.94.159 port 41448 ssh2 Oct 21 22:32:58 legacy sshd[31573]: Failed password for root from 104.248.94.159 port 53068 ssh2 ...	2019-10-22 08:13:03

Comments on same subnet:

IP	Type	Details	Datetime
104.248.94.229	attackbotsspam	$f2bV_matches	2019-12-27 02:45:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.94.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18347
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.248.94.159.			IN	A

;; AUTHORITY SECTION:
.			515	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102101 1800 900 604800 86400

;; Query time: 114 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 22 08:13:01 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 159.94.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 159.94.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
176.113.70.60	attackbotsspam	176.113.70.60 was recorded 12 times by 5 hosts attempting to connect to the following ports: 1900. Incident counter (4h, 24h, all-time): 12, 55, 327	2020-01-15 15:50:40
154.70.208.66	attackbots	Invalid user zope from 154.70.208.66 port 57228	2020-01-15 15:49:30
50.116.97.126	attackspam	Automatic report - XMLRPC Attack	2020-01-15 15:59:31
222.186.15.158	attack	Unauthorized connection attempt detected from IP address 222.186.15.158 to port 22	2020-01-15 15:52:16
205.205.150.52	attackspambots	Jan 15 06:53:14 h2177944 kernel: \[2266017.335054\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=205.205.150.52 DST=85.214.117.9 LEN=52 TOS=0x00 PREC=0x00 TTL=242 ID=60930 PROTO=TCP SPT=48577 DPT=54322 WINDOW=1024 RES=0x00 SYN URGP=0 Jan 15 06:53:14 h2177944 kernel: \[2266017.335064\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=205.205.150.52 DST=85.214.117.9 LEN=52 TOS=0x00 PREC=0x00 TTL=242 ID=60930 PROTO=TCP SPT=48577 DPT=54322 WINDOW=1024 RES=0x00 SYN URGP=0 Jan 15 06:54:17 h2177944 kernel: \[2266080.739905\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=205.205.150.52 DST=85.214.117.9 LEN=52 TOS=0x00 PREC=0x00 TTL=242 ID=13794 PROTO=TCP SPT=34069 DPT=55443 WINDOW=1024 RES=0x00 SYN URGP=0 Jan 15 06:55:13 h2177944 kernel: \[2266136.330237\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=205.205.150.52 DST=85.214.117.9 LEN=52 TOS=0x00 PREC=0x00 TTL=242 ID=1898 PROTO=TCP SPT=36848 DPT=55553 WINDOW=1024 RES=0x00 SYN URGP=0 Jan 15 06:55:13 h2177944 kernel: \[2266136.330254\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=205.205.150.52 DST=85.2	2020-01-15 16:18:29
185.156.73.54	attackbots	01/15/2020-02:54:56.065290 185.156.73.54 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-01-15 16:15:57
121.229.2.190	attackbotsspam	Invalid user student from 121.229.2.190 port 38060	2020-01-15 16:16:17
112.85.42.182	attackbotsspam	Jan 15 11:04:44 server sshd\[2479\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.182 user=root Jan 15 11:04:46 server sshd\[2479\]: Failed password for root from 112.85.42.182 port 45413 ssh2 Jan 15 11:04:47 server sshd\[2487\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.182 user=root Jan 15 11:04:48 server sshd\[2487\]: Failed password for root from 112.85.42.182 port 28911 ssh2 Jan 15 11:04:48 server sshd\[2479\]: Failed password for root from 112.85.42.182 port 45413 ssh2 ...	2020-01-15 16:09:43
218.16.213.166	attack	Jan 15 05:50:33 * sshd[14783]: Invalid user ubuntu from 218.16.213.166 Jan 15 05:50:35 * sshd[14783]: Failed password for invalid user ubuntu from 218.16.213.166 port 52759 ssh2 Jan 15 05:55:45 *** sshd[15351]: Invalid user ubuntu from 218.16.213.166 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=218.16.213.166	2020-01-15 16:27:03
142.4.110.232	attack	10 attempts against mh_ha-misc-ban on hill.magehost.pro	2020-01-15 16:32:20
223.73.116.77	attackspambots	SPF Fail sender not permitted to send mail for @sina.com	2020-01-15 15:54:06
218.92.0.172	attackspambots	Jan 15 05:16:56 vps46666688 sshd[6026]: Failed password for root from 218.92.0.172 port 25395 ssh2 Jan 15 05:17:09 vps46666688 sshd[6026]: error: maximum authentication attempts exceeded for root from 218.92.0.172 port 25395 ssh2 [preauth] ...	2020-01-15 16:31:07
89.46.105.197	attackbots	Jan1505:52:11server2pure-ftpd:$\?@51.68.11.215$[WARNING]Authenticationfailedforuser[info]Jan1505:50:41server2pure-ftpd:$\?@203.162.31.112$[WARNING]Authenticationfailedforuser[info]Jan1505:52:14server2pure-ftpd:$\?@5.159.50.62$[WARNING]Authenticationfailedforuser[info]Jan1505:49:28server2pure-ftpd:$\?@89.46.105.197$[WARNING]Authenticationfailedforuser[info]Jan1505:52:00server2pure-ftpd:$\?@51.68.11.215$[WARNING]Authenticationfailedforuser[info]IPAddressesBlocked:51.68.11.215$FR/France/gwc.cluster011.hosting.ovh.net$203.162.31.112$VN/Vietnam/enews.vnn.vn$5.159.50.62$IR/Iran/-$	2020-01-15 16:23:06
132.148.129.180	attack	pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.129.180 Failed password for invalid user avis from 132.148.129.180 port 42388 ssh2 pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.148.129.180	2020-01-15 16:31:25
222.186.175.216	attackbots	Jan 15 09:17:18 h2177944 sshd\[16989\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.216 user=root Jan 15 09:17:19 h2177944 sshd\[16989\]: Failed password for root from 222.186.175.216 port 3952 ssh2 Jan 15 09:17:23 h2177944 sshd\[16989\]: Failed password for root from 222.186.175.216 port 3952 ssh2 Jan 15 09:17:26 h2177944 sshd\[16989\]: Failed password for root from 222.186.175.216 port 3952 ssh2 ...	2020-01-15 16:29:27

Recently Reported IPs

200.74.99.28	142.4.209.40	49.152.61.255	27.9.27.203
30.27.13.181	20.153.84.179	198.48.189.235	207.210.245.221
137.49.85.179	49.213.139.136	186.25.24.140	255.198.209.12
63.8.107.166	97.1.141.255	250.0.88.51	197.133.162.243
137.21.99.191	192.3.228.254	166.13.216.186	189.39.241.157