3.85.104.204 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Amazon Data Services NoVa

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Port Scan: TCP/9200	2019-09-14 11:00:51

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 3.85.104.204
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48678
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.85.104.204.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091302 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 11:00:45 CST 2019
;; MSG SIZE  rcvd: 116

Host info

204.104.85.3.in-addr.arpa domain name pointer ec2-3-85-104-204.compute-1.amazonaws.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
204.104.85.3.in-addr.arpa	name = ec2-3-85-104-204.compute-1.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
162.222.179.81	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/162.222.179.81/ US - 1H : (14) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : US NAME ASN : ASN15169 IP : 162.222.179.81 CIDR : 162.222.176.0/21 PREFIX COUNT : 602 UNIQUE IP COUNT : 8951808 ATTACKS DETECTED ASN15169 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 4 DateTime : 2020-01-05 22:47:19 INFO : HACK ! - Looking for resource vulnerabilities Scan Detected and Blocked by ADMIN - data recovery	2020-01-06 09:08:00
157.230.128.181	attackspambots	Jan 5 20:51:06 vps46666688 sshd[31330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.128.181 Jan 5 20:51:09 vps46666688 sshd[31330]: Failed password for invalid user alcaide from 157.230.128.181 port 55932 ssh2 ...	2020-01-06 09:09:51
125.59.232.198	attack	Unauthorized connection attempt detected from IP address 125.59.232.198 to port 5555 [J]	2020-01-06 09:26:01
183.177.97.14	attack	Jan 5 22:47:00 h2177944 kernel: \[1459388.570465\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=183.177.97.14 DST=85.214.117.9 LEN=340 TOS=0x00 PREC=0x00 TTL=117 ID=28658 PROTO=UDP SPT=1011 DPT=500 LEN=320 Jan 5 22:47:00 h2177944 kernel: \[1459388.570477\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=183.177.97.14 DST=85.214.117.9 LEN=340 TOS=0x00 PREC=0x00 TTL=117 ID=28658 PROTO=UDP SPT=1011 DPT=500 LEN=320 Jan 5 22:47:07 h2177944 kernel: \[1459395.918299\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=183.177.97.14 DST=85.214.117.9 LEN=364 TOS=0x00 PREC=0x00 TTL=117 ID=30683 PROTO=UDP SPT=1011 DPT=500 LEN=344 Jan 5 22:47:07 h2177944 kernel: \[1459395.918312\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=183.177.97.14 DST=85.214.117.9 LEN=364 TOS=0x00 PREC=0x00 TTL=117 ID=30683 PROTO=UDP SPT=1011 DPT=500 LEN=344 Jan 5 22:47:07 h2177944 kernel: \[1459395.922006\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=183.177.97.14 DST=85.214.117.9 LEN=340 TOS=0x00 PREC=0x00 TTL=117 ID=30684 PROTO=UDP SPT=1011 DPT=500 LEN=320 Jan 5 22:47:07 h21	2020-01-06 09:18:14
112.85.42.194	attackbots	2020-01-06T02:11:58.458860scmdmz1 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.194 user=root 2020-01-06T02:12:00.629418scmdmz1 sshd[4619]: Failed password for root from 112.85.42.194 port 59371 ssh2 2020-01-06T02:12:03.293105scmdmz1 sshd[4619]: Failed password for root from 112.85.42.194 port 59371 ssh2 2020-01-06T02:11:58.458860scmdmz1 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.194 user=root 2020-01-06T02:12:00.629418scmdmz1 sshd[4619]: Failed password for root from 112.85.42.194 port 59371 ssh2 2020-01-06T02:12:03.293105scmdmz1 sshd[4619]: Failed password for root from 112.85.42.194 port 59371 ssh2 2020-01-06T02:11:58.458860scmdmz1 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.194 user=root 2020-01-06T02:12:00.629418scmdmz1 sshd[4619]: Failed password for root from 112.85.42.194 port 59371 ssh2 2020-01-06T02:12:	2020-01-06 09:23:54
183.63.87.236	attack	Unauthorized connection attempt detected from IP address 183.63.87.236 to port 2220 [J]	2020-01-06 09:09:23
106.13.145.44	attack	Unauthorized connection attempt detected from IP address 106.13.145.44 to port 2220 [J]	2020-01-06 09:22:43
89.248.169.95	attackspambots	Scanning random ports - tries to find possible vulnerable services	2020-01-06 09:30:14
73.164.118.33	attackbots	Unauthorized connection attempt detected from IP address 73.164.118.33 to port 2220 [J]	2020-01-06 09:36:29
138.117.162.86	attackspambots	Unauthorized connection attempt detected from IP address 138.117.162.86 to port 2220 [J]	2020-01-06 09:00:25
73.124.236.66	attack	Jan 5 20:18:44 linuxvps sshd\[13564\]: Invalid user xb from 73.124.236.66 Jan 5 20:18:44 linuxvps sshd\[13564\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.124.236.66 Jan 5 20:18:46 linuxvps sshd\[13564\]: Failed password for invalid user xb from 73.124.236.66 port 40408 ssh2 Jan 5 20:19:34 linuxvps sshd\[14079\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.124.236.66 user=root Jan 5 20:19:35 linuxvps sshd\[14079\]: Failed password for root from 73.124.236.66 port 45306 ssh2	2020-01-06 09:27:01
162.241.182.29	attackspambots	SSH-BruteForce	2020-01-06 09:31:10
139.99.219.75	attackspambots	Jan x@x Jan x@x Jan x@x Jan x@x Jan x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=139.99.219.75	2020-01-06 09:11:18
1.165.145.49	attackbots	1578260810 - 01/05/2020 22:46:50 Host: 1.165.145.49/1.165.145.49 Port: 445 TCP Blocked	2020-01-06 09:30:40
195.208.167.18	attackspam	20/1/5@17:15:23: FAIL: Alarm-Network address from=195.208.167.18 ...	2020-01-06 09:07:30

Recently Reported IPs

160.20.182.104	35.183.160.115	141.105.69.102	59.13.53.139
139.59.107.152	123.133.165.230	121.234.4.9	118.168.7.148
118.160.4.9	117.44.125.131	115.204.161.210	109.187.226.144
123.243.109.6	108.248.133.85	108.170.1.134	107.9.51.19
8.17.222.65	198.12.12.162	101.21.133.153	99.195.133.249