13.66.4.248 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Sep 26 18:49:27 mellenthin sshd[13942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248 user=root Sep 26 18:49:29 mellenthin sshd[13942]: Failed password for invalid user root from 13.66.4.248 port 9104 ssh2	2020-09-27 00:51:20
attackspam	Sep 26 08:24:38 web1 sshd[7127]: Invalid user 124 from 13.66.4.248 port 51664 Sep 26 08:24:38 web1 sshd[7126]: Invalid user 124 from 13.66.4.248 port 51659 Sep 26 08:24:38 web1 sshd[7127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248 Sep 26 08:24:38 web1 sshd[7127]: Invalid user 124 from 13.66.4.248 port 51664 Sep 26 08:24:39 web1 sshd[7127]: Failed password for invalid user 124 from 13.66.4.248 port 51664 ssh2 Sep 26 08:24:38 web1 sshd[7126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248 Sep 26 08:24:38 web1 sshd[7126]: Invalid user 124 from 13.66.4.248 port 51659 Sep 26 08:24:39 web1 sshd[7126]: Failed password for invalid user 124 from 13.66.4.248 port 51659 ssh2 Sep 26 17:34:19 web1 sshd[30255]: Invalid user admin from 13.66.4.248 port 31674 Sep 26 17:34:19 web1 sshd[30257]: Invalid user admin from 13.66.4.248 port 31679 ...	2020-09-26 16:41:57

Type

Details

Datetime

attackspam

Sep 26 18:49:27 mellenthin sshd[13942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248  user=root
Sep 26 18:49:29 mellenthin sshd[13942]: Failed password for invalid user root from 13.66.4.248 port 9104 ssh2

2020-09-27 00:51:20

attackspam

Sep 26 08:24:38 web1 sshd[7127]: Invalid user 124 from 13.66.4.248 port 51664
Sep 26 08:24:38 web1 sshd[7126]: Invalid user 124 from 13.66.4.248 port 51659
Sep 26 08:24:38 web1 sshd[7127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248
Sep 26 08:24:38 web1 sshd[7127]: Invalid user 124 from 13.66.4.248 port 51664
Sep 26 08:24:39 web1 sshd[7127]: Failed password for invalid user 124 from 13.66.4.248 port 51664 ssh2
Sep 26 08:24:38 web1 sshd[7126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.4.248
Sep 26 08:24:38 web1 sshd[7126]: Invalid user 124 from 13.66.4.248 port 51659
Sep 26 08:24:39 web1 sshd[7126]: Failed password for invalid user 124 from 13.66.4.248 port 51659 ssh2
Sep 26 17:34:19 web1 sshd[30255]: Invalid user admin from 13.66.4.248 port 31674
Sep 26 17:34:19 web1 sshd[30257]: Invalid user admin from 13.66.4.248 port 31679
...

2020-09-26 16:41:57

Comments on same subnet:

IP	Type	Details	Datetime
13.66.48.116	attackspam	Unauthorized connection attempt from IP address 13.66.48.116 on port 3389	2020-08-05 01:56:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 13.66.4.248
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25382
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;13.66.4.248.			IN	A

;; AUTHORITY SECTION:
.			194	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092600 1800 900 604800 86400

;; Query time: 71 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Sep 26 16:41:51 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 248.4.66.13.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 248.4.66.13.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.82.35.95	attackbots	Postfix RBL failed	2020-01-08 02:57:04
1.212.62.171	attack	Unauthorized connection attempt detected from IP address 1.212.62.171 to port 2220 [J]	2020-01-08 02:42:05
218.92.0.191	attackspam	Jan 7 19:52:20 dcd-gentoo sshd[2451]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Jan 7 19:52:23 dcd-gentoo sshd[2451]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Jan 7 19:52:20 dcd-gentoo sshd[2451]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Jan 7 19:52:23 dcd-gentoo sshd[2451]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Jan 7 19:52:20 dcd-gentoo sshd[2451]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Jan 7 19:52:23 dcd-gentoo sshd[2451]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Jan 7 19:52:23 dcd-gentoo sshd[2451]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.191 port 27059 ssh2 ...	2020-01-08 03:04:16
185.153.199.142	attackspam	RDP brute forcing (r)	2020-01-08 02:49:20
49.88.112.113	attackspambots	Jan 7 08:24:53 eddieflores sshd\[2269\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root Jan 7 08:24:55 eddieflores sshd\[2269\]: Failed password for root from 49.88.112.113 port 58223 ssh2 Jan 7 08:25:53 eddieflores sshd\[2354\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root Jan 7 08:25:55 eddieflores sshd\[2354\]: Failed password for root from 49.88.112.113 port 50532 ssh2 Jan 7 08:29:03 eddieflores sshd\[2619\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.113 user=root	2020-01-08 02:32:49
213.91.109.17	attack	3x Failed Password	2020-01-08 02:34:24
222.186.31.166	attackbots	01/07/2020-13:44:14.462432 222.186.31.166 Protocol: 6 ET SCAN Potential SSH Scan	2020-01-08 02:50:19
177.40.148.12	attack	1578401866 - 01/07/2020 13:57:46 Host: 177.40.148.12/177.40.148.12 Port: 445 TCP Blocked	2020-01-08 02:47:40
92.222.15.203	attack	Unauthorized connection attempt detected from IP address 92.222.15.203 to port 2220 [J]	2020-01-08 02:32:18
46.38.144.57	attackbots	Jan 7 18:22:13 blackbee postfix/smtpd\[26232\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: authentication failure Jan 7 18:23:42 blackbee postfix/smtpd\[26232\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: authentication failure Jan 7 18:25:11 blackbee postfix/smtpd\[26232\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: authentication failure Jan 7 18:26:36 blackbee postfix/smtpd\[26232\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: authentication failure Jan 7 18:28:03 blackbee postfix/smtpd\[26232\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: authentication failure ...	2020-01-08 02:28:24
49.207.180.223	attackbotsspam	1578401874 - 01/07/2020 13:57:54 Host: 49.207.180.223/49.207.180.223 Port: 445 TCP Blocked	2020-01-08 02:40:49
189.1.132.90	attackbots	20/1/7@09:36:10: FAIL: Alarm-Network address from=189.1.132.90 20/1/7@09:36:11: FAIL: Alarm-Network address from=189.1.132.90 ...	2020-01-08 03:01:13
109.92.88.111	attackbots	Unauthorized connection attempt detected from IP address 109.92.88.111 to port 2220 [J]	2020-01-08 02:51:06
182.180.67.55	attackspam	1578401874 - 01/07/2020 13:57:54 Host: 182.180.67.55/182.180.67.55 Port: 445 TCP Blocked	2020-01-08 02:40:30
103.54.217.173	attackspam	Unauthorized connection attempt detected from IP address 103.54.217.173 to port 2220 [J]	2020-01-08 02:40:10

Recently Reported IPs

49.83.86.91	64.225.75.212	27.156.119.8	192.241.239.201
103.124.193.31	46.183.223.106	152.231.107.22	2409:8a34:4032:97f0:45fd:e870:6d33:5f87
40.117.173.200	206.189.148.19	151.60.5.173	104.45.193.247
140.143.20.135	186.32.106.106	78.93.119.5	115.56.170.16
51.15.181.38	10.35.92.64	213.186.183.185	35.245.13.164