204.48.21.31 - IPInfo

Basic Info

City: North Bergen

Region: New Jersey

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DATE:2020-02-02 19:03:33, IP:204.48.21.31, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-02-03 04:58:36

Comments on same subnet:

IP	Type	Details	Datetime
204.48.21.103	attack	Port Scan	2020-04-07 15:11:05
204.48.21.47	attackspambots	WordPress login Brute force / Web App Attack on client site.	2019-11-22 03:41:07
204.48.21.47	attackspam	Automatic report - XMLRPC Attack	2019-11-21 16:23:24
204.48.21.165	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-08-14 04:30:52

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 204.48.21.31
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15497
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;204.48.21.31.			IN	A

;; AUTHORITY SECTION:
.			532	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020201 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 03 04:58:33 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 31.21.48.204.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 31.21.48.204.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
165.22.82.120	attack	invalid user	2020-09-22 12:42:01
189.252.62.213	attack	Icarus honeypot on github	2020-09-22 12:16:26
195.54.160.180	attackbots	Sep 21 21:51:52 ny01 sshd[15648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.54.160.180 Sep 21 21:51:55 ny01 sshd[15648]: Failed password for invalid user mmcgowan from 195.54.160.180 port 18834 ssh2	2020-09-22 12:18:42
111.229.226.212	attackspambots	Sep 22 00:41:55 mavik sshd[17619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.226.212 Sep 22 00:41:57 mavik sshd[17619]: Failed password for invalid user tom from 111.229.226.212 port 43134 ssh2 Sep 22 00:45:24 mavik sshd[17841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.226.212 user=bin Sep 22 00:45:26 mavik sshd[17841]: Failed password for bin from 111.229.226.212 port 43636 ssh2 Sep 22 00:48:57 mavik sshd[18028]: Invalid user ami from 111.229.226.212 ...	2020-09-22 12:41:38
112.85.42.195	attackspambots	Sep 22 06:20:08 server2 sshd\[26189\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers Sep 22 06:21:42 server2 sshd\[26253\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers Sep 22 06:23:05 server2 sshd\[26362\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers Sep 22 06:24:42 server2 sshd\[26417\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers Sep 22 06:26:12 server2 sshd\[26663\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers Sep 22 06:27:44 server2 sshd\[26711\]: User root from 112.85.42.195 not allowed because not listed in AllowUsers	2020-09-22 12:28:57
103.4.217.138	attackspambots	(sshd) Failed SSH login from 103.4.217.138 (TH/Thailand/-): 5 in the last 3600 secs	2020-09-22 12:39:46
59.29.2.16	attackspam	2020-09-21T22:01:24.268585Z 6e65d069474f New connection: 59.29.2.16:54756 (172.17.0.5:2222) [session: 6e65d069474f] 2020-09-21T22:01:24.270051Z de237cf4c27d New connection: 59.29.2.16:56118 (172.17.0.5:2222) [session: de237cf4c27d]	2020-09-22 08:19:41
51.83.134.233	attackspam	Sep 22 06:24:53 vmd17057 sshd[21063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.134.233 Sep 22 06:24:55 vmd17057 sshd[21063]: Failed password for invalid user eclipse from 51.83.134.233 port 44420 ssh2 ...	2020-09-22 12:33:08
45.178.175.140	attackbotsspam	Unauthorized connection attempt from IP address 45.178.175.140 on Port 445(SMB)	2020-09-22 08:28:10
163.172.24.40	attackspambots	SSH Invalid Login	2020-09-22 08:19:05
167.71.203.215	attackspam	Sep 22 01:40:41 vserver sshd\[11531\]: Invalid user frederick from 167.71.203.215Sep 22 01:40:42 vserver sshd\[11531\]: Failed password for invalid user frederick from 167.71.203.215 port 43994 ssh2Sep 22 01:44:55 vserver sshd\[11577\]: Invalid user prueba from 167.71.203.215Sep 22 01:44:57 vserver sshd\[11577\]: Failed password for invalid user prueba from 167.71.203.215 port 53944 ssh2 ...	2020-09-22 08:29:31
20.185.47.152	attackspambots	Sep 22 01:02:14 ourumov-web sshd\[29872\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.185.47.152 user=root Sep 22 01:02:16 ourumov-web sshd\[29872\]: Failed password for root from 20.185.47.152 port 50810 ssh2 Sep 22 01:21:10 ourumov-web sshd\[31302\]: Invalid user git from 20.185.47.152 port 33904 ...	2020-09-22 08:25:34
181.49.118.185	attackspambots	2020-09-22T03:05:42.628739ollin.zadara.org sshd[943437]: Invalid user jeremy from 181.49.118.185 port 35896 2020-09-22T03:05:44.285579ollin.zadara.org sshd[943437]: Failed password for invalid user jeremy from 181.49.118.185 port 35896 ssh2 ...	2020-09-22 12:32:04
201.163.180.183	attack	2020-09-22T00:40:44.108412ks3355764 sshd[10581]: Invalid user lisa from 201.163.180.183 port 39257 2020-09-22T00:40:46.209390ks3355764 sshd[10581]: Failed password for invalid user lisa from 201.163.180.183 port 39257 ssh2 ...	2020-09-22 12:14:47
106.12.194.204	attack	Sep 22 05:40:16 vserver sshd\[15718\]: Invalid user fred from 106.12.194.204Sep 22 05:40:18 vserver sshd\[15718\]: Failed password for invalid user fred from 106.12.194.204 port 55960 ssh2Sep 22 05:48:43 vserver sshd\[16019\]: Invalid user asd from 106.12.194.204Sep 22 05:48:45 vserver sshd\[16019\]: Failed password for invalid user asd from 106.12.194.204 port 41604 ssh2 ...	2020-09-22 12:35:05

Recently Reported IPs

107.216.52.224	183.92.104.181	3.122.238.124	114.223.186.110
113.181.121.232	136.191.243.164	73.226.146.220	110.145.118.5
212.243.77.133	115.64.13.204	110.137.80.117	193.124.179.224
42.104.116.22	131.112.217.219	190.80.238.102	32.133.78.171
143.129.178.80	12.178.88.142	122.137.187.254	39.193.91.158