94.254.12.164 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Sweden

Internet Service Provider: Bahnhof AB

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	TCP (SYN) 94.254.12.164:47231 -> port 22, len 60	2020-09-21 03:11:16
attack	TCP (SYN) 94.254.12.164:47231 -> port 22, len 60	2020-09-20 19:15:30

Comments on same subnet:

IP	Type	Details	Datetime
94.254.125.44	attackbotsspam	Fail2Ban - SSH Bruteforce Attempt	2020-05-26 16:17:42
94.254.125.44	attack	Tried sshing with brute force.	2020-05-16 15:44:11
94.254.125.44	attack	k+ssh-bruteforce	2020-05-15 14:09:42
94.254.125.44	attackbots	Apr 28 15:04:42 powerpi2 sshd[9394]: Invalid user jagan from 94.254.125.44 port 51002 Apr 28 15:04:44 powerpi2 sshd[9394]: Failed password for invalid user jagan from 94.254.125.44 port 51002 ssh2 Apr 28 15:12:20 powerpi2 sshd[9855]: Invalid user test from 94.254.125.44 port 49204 ...	2020-04-29 03:47:10
94.254.125.44	attack	$f2bV_matches	2020-04-24 18:20:31
94.254.125.44	attack	Apr 23 18:43:42 odroid64 sshd\[16200\]: User root from 94.254.125.44 not allowed because not listed in AllowUsers Apr 23 18:43:42 odroid64 sshd\[16200\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44 user=root ...	2020-04-24 03:29:45
94.254.125.44	attackbots	Apr 20 06:11:57 meumeu sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44 Apr 20 06:12:00 meumeu sshd[17466]: Failed password for invalid user cg from 94.254.125.44 port 51060 ssh2 Apr 20 06:16:22 meumeu sshd[18061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44 ...	2020-04-20 12:19:50
94.254.125.44	attackspambots	2020-04-17 12:57:29,519 fail2ban.actions: WARNING [ssh] Ban 94.254.125.44	2020-04-17 19:39:33
94.254.125.44	attackspam	Apr 17 05:00:39 web8 sshd\[17018\]: Invalid user lj from 94.254.125.44 Apr 17 05:00:39 web8 sshd\[17018\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44 Apr 17 05:00:41 web8 sshd\[17018\]: Failed password for invalid user lj from 94.254.125.44 port 47674 ssh2 Apr 17 05:04:19 web8 sshd\[19053\]: Invalid user oz from 94.254.125.44 Apr 17 05:04:19 web8 sshd\[19053\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44	2020-04-17 13:24:17
94.254.125.44	attack	Invalid user ubuntu from 94.254.125.44 port 43300	2020-04-12 04:20:30
94.254.125.44	attack	Apr 7 07:41:18 mail sshd[27222]: Invalid user ftpu from 94.254.125.44 Apr 7 07:41:18 mail sshd[27222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.125.44 Apr 7 07:41:18 mail sshd[27222]: Invalid user ftpu from 94.254.125.44 Apr 7 07:41:19 mail sshd[27222]: Failed password for invalid user ftpu from 94.254.125.44 port 34616 ssh2 Apr 7 07:46:29 mail sshd[2651]: Invalid user rushi from 94.254.125.44 ...	2020-04-07 17:55:29
94.254.125.44	attackspambots	SSH Brute Force	2020-04-05 18:52:41
94.254.125.44	attackbotsspam	$f2bV_matches	2020-04-02 03:45:07
94.254.125.44	attack	(sshd) Failed SSH login from 94.254.125.44 (SE/Sweden/h-125-44.A400.priv.bahnhof.se): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 24 19:20:54 amsweb01 sshd[1270]: Invalid user frappe from 94.254.125.44 port 52960 Mar 24 19:20:56 amsweb01 sshd[1270]: Failed password for invalid user frappe from 94.254.125.44 port 52960 ssh2 Mar 24 19:26:36 amsweb01 sshd[2173]: Invalid user hm from 94.254.125.44 port 40400 Mar 24 19:26:38 amsweb01 sshd[2173]: Failed password for invalid user hm from 94.254.125.44 port 40400 ssh2 Mar 24 19:30:25 amsweb01 sshd[2649]: Invalid user mf from 94.254.125.44 port 55146	2020-03-25 04:32:16
94.254.125.44	attackbots	2020-03-21T19:04:10.990077vps773228.ovh.net sshd[4040]: Invalid user geminroot from 94.254.125.44 port 33978 2020-03-21T19:04:11.010724vps773228.ovh.net sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=h-125-44.a400.priv.bahnhof.se 2020-03-21T19:04:10.990077vps773228.ovh.net sshd[4040]: Invalid user geminroot from 94.254.125.44 port 33978 2020-03-21T19:04:13.322540vps773228.ovh.net sshd[4040]: Failed password for invalid user geminroot from 94.254.125.44 port 33978 ssh2 2020-03-21T19:08:18.499504vps773228.ovh.net sshd[5559]: Invalid user aura from 94.254.125.44 port 53020 ...	2020-03-22 02:44:42

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.254.12.164
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33045
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.254.12.164.			IN	A

;; AUTHORITY SECTION:
.			207	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092000 1800 900 604800 86400

;; Query time: 72 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 20 19:15:25 CST 2020
;; MSG SIZE  rcvd: 117

Host info

164.12.254.94.in-addr.arpa domain name pointer h-12-164.A268.priv.bahnhof.se.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
164.12.254.94.in-addr.arpa	name = h-12-164.A268.priv.bahnhof.se.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
124.156.63.192	attack	Port scan denied	2020-10-06 00:26:22
220.86.96.97	attack	bruteforce detected	2020-10-06 00:25:43
210.179.249.45	attackspam	"fail2ban match"	2020-10-06 00:38:26
139.99.121.6	attackspambots	REQUESTED PAGE: /wp-login.php	2020-10-06 00:18:16
183.83.47.186	attack	Oct 4 21:37:11 ms-srv sshd[22478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.83.47.186 Oct 4 21:37:14 ms-srv sshd[22478]: Failed password for invalid user system from 183.83.47.186 port 6794 ssh2	2020-10-06 00:53:51
106.12.212.89	attackspambots	prod11 ...	2020-10-06 00:47:49
78.87.134.175	attackbots	Telnet Server BruteForce Attack	2020-10-06 01:00:23
139.186.68.226	attackbots	5x Failed Password	2020-10-06 00:35:27
40.127.169.230	attackbotsspam	Oct 5 00:18:19 rocket sshd[16003]: Failed password for root from 40.127.169.230 port 2048 ssh2 Oct 5 00:22:44 rocket sshd[16689]: Failed password for root from 40.127.169.230 port 2048 ssh2 ...	2020-10-06 01:03:58
220.161.81.131	attackbotsspam	Oct 5 07:38:09 abendstille sshd\[28689\]: Invalid user fake from 220.161.81.131 Oct 5 07:38:09 abendstille sshd\[28689\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.161.81.131 Oct 5 07:38:10 abendstille sshd\[28689\]: Failed password for invalid user fake from 220.161.81.131 port 34864 ssh2 Oct 5 07:45:31 abendstille sshd\[3113\]: Invalid user Orange from 220.161.81.131 Oct 5 07:45:31 abendstille sshd\[3113\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.161.81.131 ...	2020-10-06 00:59:16
45.228.137.6	attackbotsspam	SSH Honeypot -> SSH Bruteforce / Login	2020-10-06 00:39:19
114.231.45.160	attackbots	Oct 4 23:04:22 srv01 postfix/smtpd\[17307\]: warning: unknown\[114.231.45.160\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 23:04:34 srv01 postfix/smtpd\[17307\]: warning: unknown\[114.231.45.160\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 23:04:50 srv01 postfix/smtpd\[17307\]: warning: unknown\[114.231.45.160\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 23:05:10 srv01 postfix/smtpd\[17307\]: warning: unknown\[114.231.45.160\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 23:05:22 srv01 postfix/smtpd\[17307\]: warning: unknown\[114.231.45.160\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-10-06 00:25:12
196.17.240.15	attackbots	Automatic report - Banned IP Access	2020-10-06 00:32:40
119.45.199.253	attackspam	Brute-force attempt banned	2020-10-06 00:29:33
103.223.9.109	attack	Threat Management Alert 2: Attempted Information Leak. Signature ET EXPLOIT Netgear DGN Remote Command Execution. From: 103.223.9.109:10961, to: 192.168.31.48:80, protocol: TCP	2020-10-06 00:30:47

Recently Reported IPs

43.230.29.79	127.211.245.99	41.154.132.39	181.190.249.169
25.58.133.182	65.235.63.40	176.111.173.11	194.176.17.242
112.253.106.44	2605:7380:1000:1310:9c59:c3ff:fe14:7a8d	104.41.5.247	207.244.117.125
125.44.61.174	161.35.88.139	80.82.64.99	119.28.75.179
119.45.243.54	34.207.38.76	174.217.29.152	83.15.108.140