104.248.165.49

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.165.138	attackspam	Lines containing failures of 104.248.165.138 (max 1000) Oct 7 10:36:19 archiv sshd[24269]: Did not receive identification string from 104.248.165.138 port 44542 Oct 7 10:36:45 archiv sshd[24272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.165.138 user=r.r Oct 7 10:36:47 archiv sshd[24272]: Failed password for r.r from 104.248.165.138 port 47326 ssh2 Oct 7 10:36:47 archiv sshd[24272]: Received disconnect from 104.248.165.138 port 47326:11: Normal Shutdown, Thank you for playing [preauth] Oct 7 10:36:47 archiv sshd[24272]: Disconnected from 104.248.165.138 port 47326 [preauth] Oct 7 10:37:12 archiv sshd[24275]: Invalid user oracle from 104.248.165.138 port 51628 Oct 7 10:37:12 archiv sshd[24275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.165.138 Oct 7 10:37:14 archiv sshd[24275]: Failed password for invalid user oracle from 104.248.165.138 port 51628 ssh2 Oct........ ------------------------------	2020-10-09 01:29:59
104.248.165.138	attackbots	2020-10-08T04:38:00.787232devel sshd[11462]: Failed password for root from 104.248.165.138 port 59648 ssh2 2020-10-08T04:38:24.234947devel sshd[11531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.165.138 user=root 2020-10-08T04:38:25.835949devel sshd[11531]: Failed password for root from 104.248.165.138 port 60070 ssh2	2020-10-08 17:26:13
104.248.165.195	attack	104.248.165.195 - - [07/Aug/2020:04:52:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [07/Aug/2020:04:53:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [07/Aug/2020:04:53:06 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-07 16:22:21
104.248.165.195	attack	104.248.165.195 - - [03/Aug/2020:20:51:48 +0100] "POST /wp-login.php HTTP/1.1" 200 1996 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [03/Aug/2020:20:51:59 +0100] "POST /wp-login.php HTTP/1.1" 200 1929 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [03/Aug/2020:20:51:59 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-04 04:09:04
104.248.165.195	attack	Automatic report - Banned IP Access	2020-07-11 16:42:38
104.248.165.195	attack	Automatic report - XMLRPC Attack	2020-06-23 15:16:36
104.248.165.195	attack	104.248.165.195 - - [08/Jun/2020:16:38:06 +0200] "GET /wp-login.php HTTP/1.1" 200 5861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [08/Jun/2020:16:38:08 +0200] "POST /wp-login.php HTTP/1.1" 200 6112 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.165.195 - - [08/Jun/2020:16:38:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-09 01:49:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.165.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55043
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.165.49.			IN	A

;; AUTHORITY SECTION:
.			313	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022033100 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 31 17:11:32 CST 2022
;; MSG SIZE  rcvd: 107

Host info

49.165.248.104.in-addr.arpa domain name pointer rbx2.redboxtickets.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
49.165.248.104.in-addr.arpa	name = rbx2.redboxtickets.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
162.247.74.200	attackspam	Aug 29 22:04:19 webhost01 sshd[10368]: Failed password for root from 162.247.74.200 port 43976 ssh2 Aug 29 22:04:32 webhost01 sshd[10368]: Failed password for root from 162.247.74.200 port 43976 ssh2 Aug 29 22:04:32 webhost01 sshd[10368]: error: maximum authentication attempts exceeded for root from 162.247.74.200 port 43976 ssh2 [preauth] ...	2019-08-29 23:05:14
37.59.99.243	attackbots	Aug 29 02:04:25 lcprod sshd\[12374\]: Invalid user phil from 37.59.99.243 Aug 29 02:04:25 lcprod sshd\[12374\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=243.ip-37-59-99.eu Aug 29 02:04:27 lcprod sshd\[12374\]: Failed password for invalid user phil from 37.59.99.243 port 29917 ssh2 Aug 29 02:08:28 lcprod sshd\[12718\]: Invalid user is from 37.59.99.243 Aug 29 02:08:28 lcprod sshd\[12718\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=243.ip-37-59-99.eu	2019-08-29 23:32:55
2605:6400:100:2::2	attack	WordPress XMLRPC scan :: 2605:6400:100:2::2 0.052 BYPASS [29/Aug/2019:19:25:06 1000] [censored_2] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"	2019-08-29 22:50:16
144.217.4.14	attackspambots	Aug 29 16:09:41 XXX sshd[635]: Invalid user ofsaa from 144.217.4.14 port 56355	2019-08-29 23:19:01
131.0.245.2	attack	Aug 29 14:35:37 ArkNodeAT sshd\[14879\]: Invalid user bss from 131.0.245.2 Aug 29 14:35:37 ArkNodeAT sshd\[14879\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.0.245.2 Aug 29 14:35:39 ArkNodeAT sshd\[14879\]: Failed password for invalid user bss from 131.0.245.2 port 24060 ssh2	2019-08-29 22:39:13
189.0.34.37	attackbots	Honeypot attack, port: 23, PTR: ip-189-0-34-37.user.vivozap.com.br.	2019-08-29 22:55:23
103.120.227.49	attack	Repeated brute force against a port	2019-08-29 22:28:38
106.12.89.190	attackspam	$f2bV_matches	2019-08-29 21:57:22
110.185.106.47	attackspambots	SSH Bruteforce attempt	2019-08-29 21:56:50
120.132.31.165	attack	Aug 29 12:38:59 marvibiene sshd[26971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.31.165 user=root Aug 29 12:39:02 marvibiene sshd[26971]: Failed password for root from 120.132.31.165 port 46412 ssh2 Aug 29 12:59:53 marvibiene sshd[27575]: Invalid user gorges from 120.132.31.165 port 34496 ...	2019-08-29 23:05:58
165.227.93.58	attackbotsspam	Aug 29 14:16:31 web8 sshd\[19413\]: Invalid user fw from 165.227.93.58 Aug 29 14:16:31 web8 sshd\[19413\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.93.58 Aug 29 14:16:32 web8 sshd\[19413\]: Failed password for invalid user fw from 165.227.93.58 port 43894 ssh2 Aug 29 14:20:43 web8 sshd\[21614\]: Invalid user test3 from 165.227.93.58 Aug 29 14:20:43 web8 sshd\[21614\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.93.58	2019-08-29 22:34:19
185.220.102.8	attackbots	Failed password for invalid user root from 185.220.102.8 port 45993 ssh	2019-08-29 22:38:46
140.249.35.66	attack	Aug 29 11:38:51 eventyay sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.35.66 Aug 29 11:38:53 eventyay sshd[19915]: Failed password for invalid user curtis from 140.249.35.66 port 57064 ssh2 Aug 29 11:43:33 eventyay sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.35.66 ...	2019-08-29 23:14:49
118.174.220.49	attackbotsspam	Automatic report - Banned IP Access	2019-08-29 21:54:03
125.224.14.136	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-08-29 22:34:57

Recently Reported IPs

104.248.162.42	104.248.169.69	104.248.174.201	104.248.174.229
104.248.175.17	104.248.18.58	104.248.191.202	104.248.193.171
104.248.195.126	104.248.195.44	104.248.196.99	104.248.2.80
104.248.20.130	104.248.200.217	104.252.179.8	104.252.196.7
104.252.220.240	104.252.40.199	104.253.232.186	104.253.55.2