104.248.2.196 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.240.174	attackproxy	Fraud connect	2024-05-14 20:51:04
104.248.205.67	spamattack	Phishing	2022-01-28 16:41:36
104.248.246.41	attack	fail2ban detected brute force on sshd	2020-10-12 07:24:44
104.248.205.67	attackspambots	Oct 11 20:16:41 cho sshd[449424]: Failed password for invalid user mugihiko from 104.248.205.67 port 47586 ssh2 Oct 11 20:19:53 cho sshd[449593]: Invalid user chick from 104.248.205.67 port 51910 Oct 11 20:19:53 cho sshd[449593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.205.67 Oct 11 20:19:53 cho sshd[449593]: Invalid user chick from 104.248.205.67 port 51910 Oct 11 20:19:55 cho sshd[449593]: Failed password for invalid user chick from 104.248.205.67 port 51910 ssh2 ...	2020-10-12 02:35:14
104.248.246.41	attackbots	Invalid user test from 104.248.246.41 port 55920	2020-10-11 23:39:01
104.248.205.67	attackbots	TCP port : 3918	2020-10-11 18:26:20
104.248.246.41	attackbotsspam	(sshd) Failed SSH login from 104.248.246.41 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 00:30:27 server4 sshd[7206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.41 user=root Oct 11 00:30:29 server4 sshd[7206]: Failed password for root from 104.248.246.41 port 44390 ssh2 Oct 11 00:39:51 server4 sshd[12389]: Invalid user prueba from 104.248.246.41 Oct 11 00:39:52 server4 sshd[12389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.41 Oct 11 00:39:53 server4 sshd[12389]: Failed password for invalid user prueba from 104.248.246.41 port 54958 ssh2	2020-10-11 15:38:18
104.248.246.41	attack	SSH brutforce	2020-10-11 08:55:57
104.248.246.8	attackspam	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2020-10-07T19:04:42Z	2020-10-08 05:35:17
104.248.246.8	attack	Oct 6 06:01:26 ns4 sshd[27242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:01:29 ns4 sshd[27242]: Failed password for r.r from 104.248.246.8 port 46506 ssh2 Oct 6 06:10:46 ns4 sshd[28508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:10:48 ns4 sshd[28508]: Failed password for r.r from 104.248.246.8 port 33954 ssh2 Oct 6 06:14:29 ns4 sshd[28931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:14:31 ns4 sshd[28931]: Failed password for r.r from 104.248.246.8 port 44924 ssh2 Oct 6 06:18:09 ns4 sshd[29265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:18:11 ns4 sshd[29265]: Failed password for r.r from 104.248.246.8 port 55894 ssh2 Oct 6 06:22:32 ns4 sshd[29859]: pam........ -------------------------------	2020-10-07 21:59:43
104.248.246.8	attack	Oct 6 06:01:26 ns4 sshd[27242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:01:29 ns4 sshd[27242]: Failed password for r.r from 104.248.246.8 port 46506 ssh2 Oct 6 06:10:46 ns4 sshd[28508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:10:48 ns4 sshd[28508]: Failed password for r.r from 104.248.246.8 port 33954 ssh2 Oct 6 06:14:29 ns4 sshd[28931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:14:31 ns4 sshd[28931]: Failed password for r.r from 104.248.246.8 port 44924 ssh2 Oct 6 06:18:09 ns4 sshd[29265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.246.8 user=r.r Oct 6 06:18:11 ns4 sshd[29265]: Failed password for r.r from 104.248.246.8 port 55894 ssh2 Oct 6 06:22:32 ns4 sshd[29859]: pam........ -------------------------------	2020-10-07 13:49:05
104.248.230.153	attackspam	(sshd) Failed SSH login from 104.248.230.153 (US/United States/-): 5 in the last 3600 secs	2020-10-07 05:24:27
104.248.230.153	attackspambots	Oct 6 15:02:03 xeon sshd[32516]: Failed password for root from 104.248.230.153 port 58082 ssh2	2020-10-06 21:33:55
104.248.230.153	attack	malicious Brute-Force reported by https://www.patrick-binder.de ...	2020-10-06 13:15:39
104.248.231.200	attack	Oct 4 20:50:32 electroncash sshd[3649]: Failed password for root from 104.248.231.200 port 34936 ssh2 Oct 4 20:51:37 electroncash sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.231.200 user=root Oct 4 20:51:38 electroncash sshd[4070]: Failed password for root from 104.248.231.200 port 54398 ssh2 Oct 4 20:52:42 electroncash sshd[4489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.231.200 user=root Oct 4 20:52:45 electroncash sshd[4489]: Failed password for root from 104.248.231.200 port 45634 ssh2 ...	2020-10-05 05:43:15

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.2.196
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14936
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.2.196.			IN	A

;; AUTHORITY SECTION:
.			445	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022091502 1800 900 604800 86400

;; Query time: 61 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 16 05:42:15 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 196.2.248.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 196.2.248.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
148.72.65.10	attackspam	SSH Brute Force, server-1 sshd[27361]: Failed password for invalid user fred from 148.72.65.10 port 43520 ssh2	2019-07-05 15:14:12
162.243.150.234	attack	Scanning random ports - tries to find possible vulnerable services	2019-07-05 15:25:08
141.98.81.81	attack	<6 unauthorized SSH connections	2019-07-05 15:10:11
54.38.82.14	attackbots	Jul 5 01:53:39 vps200512 sshd\[24786\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.82.14 user=root Jul 5 01:53:41 vps200512 sshd\[24786\]: Failed password for root from 54.38.82.14 port 45201 ssh2 Jul 5 01:53:41 vps200512 sshd\[24788\]: Invalid user admin from 54.38.82.14 Jul 5 01:53:41 vps200512 sshd\[24788\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.82.14 Jul 5 01:53:44 vps200512 sshd\[24788\]: Failed password for invalid user admin from 54.38.82.14 port 42133 ssh2	2019-07-05 15:33:30
190.197.110.194	attackbots	Brute force attack to crack SMTP password (port 25 / 587)	2019-07-05 15:29:43
60.169.21.66	attackbotsspam	Jul 5 08:15:08 [munged] sshd[19563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.169.21.66 user=root Jul 5 08:15:11 [munged] sshd[19563]: Failed password for root from 60.169.21.66 port 43370 ssh2	2019-07-05 15:11:09
47.75.48.160	attackspam	Automatic report - Web App Attack	2019-07-05 15:09:39
194.42.156.87	attackbots	5555/tcp [2019-07-04]1pkt	2019-07-05 15:48:00
124.166.240.130	attackbots	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-07-05 15:37:37
60.173.143.222	attackbotsspam	Attempts against Pop3/IMAP	2019-07-05 15:07:47
185.173.35.33	attackspam	Automatic report - Web App Attack	2019-07-05 15:31:31
176.235.128.37	attackbotsspam	445/tcp 445/tcp 445/tcp... [2019-06-14/07-05]6pkt,1pt.(tcp)	2019-07-05 15:45:51
172.105.219.236	attackspam	Scanning random ports - tries to find possible vulnerable services	2019-07-05 15:16:17
125.89.40.92	attack	Jul 5 00:36:25 xzibhostname postfix/smtpd[22243]: warning: hostname 92.40.89.125.broad.zh.gd.dynamic.163data.com.cn does not resolve to address 125.89.40.92: Name or service not known Jul 5 00:36:25 xzibhostname postfix/smtpd[22243]: connect from unknown[125.89.40.92] Jul 5 00:36:26 xzibhostname postfix/smtpd[22243]: warning: unknown[125.89.40.92]: SASL LOGIN authentication failed: authentication failure Jul 5 00:36:26 xzibhostname postfix/smtpd[22243]: lost connection after AUTH from unknown[125.89.40.92] Jul 5 00:36:26 xzibhostname postfix/smtpd[22243]: disconnect from unknown[125.89.40.92] Jul 5 00:36:27 xzibhostname postfix/smtpd[22236]: warning: hostname 92.40.89.125.broad.zh.gd.dynamic.163data.com.cn does not resolve to address 125.89.40.92: Name or service not known Jul 5 00:36:27 xzibhostname postfix/smtpd[22236]: connect from unknown[125.89.40.92] Jul 5 00:36:28 xzibhostname postfix/smtpd[22236]: warning: unknown[125.89.40.92]: SASL LOGIN authentication........ -------------------------------	2019-07-05 15:13:38
37.203.64.30	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 15:20:29,044 INFO [shellcode_manager] (37.203.64.30) no match, writing hexdump (3a3b6fea74130cdee41548976a9d4cac :2083999) - MS17010 (EternalBlue)	2019-07-05 15:15:54

Recently Reported IPs

154.201.34.210	154.201.38.113	45.5.118.218	185.24.35.118
223.13.40.105	61.246.2.80	111.249.121.52	2.55.106.92
154.95.32.52	95.70.178.3	128.199.148.74	41.205.24.71
96.90.153.206	64.110.176.206	179.125.31.198	37.183.120.80
92.19.155.65	191.194.117.71	189.217.192.121	189.135.232.85