204.93.154.212

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Rethem Hosting LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	OpenVPN attack detected by fail2ban	2020-06-18 21:44:33

Comments on same subnet:

IP	Type	Details	Datetime
204.93.154.210	attackbots	RDP brute force attack detected by fail2ban	2020-09-20 22:04:13
204.93.154.210	attack	RDP brute force attack detected by fail2ban	2020-09-20 13:57:24
204.93.154.210	attack	RDP brute force attack detected by fail2ban	2020-09-20 05:57:10
204.93.154.208	attack	SSH-bruteforce attempts	2020-04-17 17:54:37
204.93.154.196	attack	SSH-bruteforce attempts	2020-02-25 16:20:39
204.93.154.196	attackbots	Unauthorized connection attempt detected from IP address 204.93.154.196 to port 22 [J]	2020-02-04 02:13:59
204.93.154.208	attack	Unauthorized connection attempt detected from IP address 204.93.154.208 to port 22 [J]	2020-01-19 14:10:17
204.93.154.209	attackbotsspam	Unauthorized connection attempt detected from IP address 204.93.154.209 to port 22 [J]	2020-01-19 14:09:48
204.93.154.214	attackspam	Unauthorized IMAP connection attempt	2020-01-02 06:17:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 204.93.154.212
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2353
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;204.93.154.212.			IN	A

;; AUTHORITY SECTION:
.			165	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061800 1800 900 604800 86400

;; Query time: 94 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jun 18 21:44:21 CST 2020
;; MSG SIZE  rcvd: 118

Host info

212.154.93.204.in-addr.arpa domain name pointer unknown.scnet.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
212.154.93.204.in-addr.arpa	name = unknown.scnet.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
125.210.191.239	attack	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-06-03 00:47:43
84.129.152.178	attackspambots	May 29 11:22:39 v2202003116398111542 sshd[16550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.129.152.178	2020-06-03 01:02:40
54.39.156.177	attackbotsspam	prod6 ...	2020-06-03 00:56:50
37.49.226.181	attack	Jun 2 REMOVED sshd\[5161\]: Invalid user user from 37.49.226.181 Jun 2 REMOVED sshd\[5163\]: Invalid user git from 37.49.226.181 Jun 2 REMOVED sshd\[5166\]: Invalid user postgres from 37.49.226.181	2020-06-03 00:44:46
187.86.200.18	attackspam	Bruteforce detected by fail2ban	2020-06-03 00:39:47
94.122.229.229	attack	[02/Jun/2020 x@x [02/Jun/2020 x@x [02/Jun/2020 x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=94.122.229.229	2020-06-03 00:49:35
94.233.25.206	attack	1591099458 - 06/02/2020 14:04:18 Host: 94.233.25.206/94.233.25.206 Port: 445 TCP Blocked	2020-06-03 00:40:23
103.213.131.108	attack	ft-1848-basketball.de 103.213.131.108 [02/Jun/2020:14:03:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 408 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" ft-1848-basketball.de 103.213.131.108 [02/Jun/2020:14:03:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 408 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"	2020-06-03 01:04:12
106.52.137.134	attackspambots	Jun 1 12:56:46 fwservlet sshd[14913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.137.134 user=r.r Jun 1 12:56:48 fwservlet sshd[14913]: Failed password for r.r from 106.52.137.134 port 39430 ssh2 Jun 1 12:56:49 fwservlet sshd[14913]: Received disconnect from 106.52.137.134 port 39430:11: Bye Bye [preauth] Jun 1 12:56:49 fwservlet sshd[14913]: Disconnected from 106.52.137.134 port 39430 [preauth] Jun 1 13:01:57 fwservlet sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.137.134 user=r.r Jun 1 13:02:00 fwservlet sshd[15033]: Failed password for r.r from 106.52.137.134 port 36138 ssh2 Jun 1 13:02:00 fwservlet sshd[15033]: Received disconnect from 106.52.137.134 port 36138:11: Bye Bye [preauth] Jun 1 13:02:00 fwservlet sshd[15033]: Disconnected from 106.52.137.134 port 36138 [preauth] Jun 1 13:06:36 fwservlet sshd[15125]: pam_unix(sshd:auth): authenticati........ -------------------------------	2020-06-03 00:51:11
45.141.84.44	attackbots	Jun 2 19:00:01 debian-2gb-nbg1-2 kernel: \[13375967.917458\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.141.84.44 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11104 PROTO=TCP SPT=58485 DPT=6995 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-03 01:00:22
179.221.72.99	attackspambots	2020-06-02T16:15:11.798476vps751288.ovh.net sshd\[16862\]: Invalid user equinox\\r from 179.221.72.99 port 53164 2020-06-02T16:15:11.806003vps751288.ovh.net sshd\[16862\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.221.72.99 2020-06-02T16:15:13.813745vps751288.ovh.net sshd\[16862\]: Failed password for invalid user equinox\\r from 179.221.72.99 port 53164 ssh2 2020-06-02T16:21:38.993786vps751288.ovh.net sshd\[16912\]: Invalid user !QAZ1231zxc\\r from 179.221.72.99 port 58272 2020-06-02T16:21:39.002710vps751288.ovh.net sshd\[16912\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.221.72.99	2020-06-03 01:22:52
106.75.130.166	attackspam	5x Failed Password	2020-06-03 01:22:23
209.141.60.208	attack	Malicious Traffic/Form Submission	2020-06-03 01:05:14
123.143.203.67	attack	Unauthorised connection attempt detected at AUO FR1 NODE2. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-06-03 00:42:08
192.119.71.147	attackspam	SSH Brute force	2020-06-03 00:38:44

Recently Reported IPs

105.98.30.96	95.163.255.48	71.221.32.243	101.143.3.173
154.160.22.139	196.235.139.89	36.90.164.81	186.92.111.225
92.249.145.105	85.107.100.124	36.67.253.135	192.236.193.167
103.92.26.252	253.69.235.104	36.233.92.84	143.28.177.212
181.41.80.208	117.69.241.58	165.227.182.136	156.96.46.17