104.248.22.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.248.224.124	attackspambots	104.248.224.124 - - [27/Sep/2020:20:10:36 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.224.124 - - [27/Sep/2020:20:10:38 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.224.124 - - [27/Sep/2020:20:10:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-28 02:23:54
104.248.224.124	attack	104.248.224.124 - - [27/Sep/2020:09:00:57 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-27 18:30:04
104.248.226.186	attackspambots	Lines containing failures of 104.248.226.186 (max 1000) Sep 24 13:21:39 UTC__SANYALnet-Labs__cac12 sshd[26117]: Connection from 104.248.226.186 port 37632 on 64.137.176.96 port 22 Sep 24 13:21:39 UTC__SANYALnet-Labs__cac12 sshd[26117]: Did not receive identification string from 104.248.226.186 port 37632 Sep 24 13:21:40 UTC__SANYALnet-Labs__cac12 sshd[26118]: Connection from 104.248.226.186 port 39460 on 64.137.176.96 port 22 Sep 24 13:21:40 UTC__SANYALnet-Labs__cac12 sshd[26120]: Connection from 104.248.226.186 port 39726 on 64.137.176.96 port 22 Sep 24 13:21:40 UTC__SANYALnet-Labs__cac12 sshd[26122]: Connection from 104.248.226.186 port 40058 on 64.137.176.96 port 22 Sep 24 13:21:40 UTC__SANYALnet-Labs__cac12 sshd[26124]: Connection from 104.248.226.186 port 40360 on 64.137.176.96 port 22 Sep 24 13:21:41 UTC__SANYALnet-Labs__cac12 sshd[26120]: User r.r from 104.248.226.186 not allowed because not listed in AllowUsers Sep 24 13:21:41 UTC__SANYALnet-Labs__cac12 sshd[2611........ ------------------------------	2020-09-26 05:48:57
104.248.226.186	attackspambots	Sep 24 20:18:44 php1 sshd\[30583\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.226.186 user=root Sep 24 20:18:45 php1 sshd\[30585\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.226.186 user=root Sep 24 20:18:45 php1 sshd\[30587\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.226.186 user=root Sep 24 20:18:45 php1 sshd\[30583\]: Failed password for root from 104.248.226.186 port 53036 ssh2 Sep 24 20:18:46 php1 sshd\[30589\]: Invalid user admin from 104.248.226.186	2020-09-25 14:27:08
104.248.22.143	attackspambots	104.248.22.143 - - [24/Sep/2020:20:54:32 +0100] "POST /wp-login.php HTTP/1.1" 200 2588 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.22.143 - - [24/Sep/2020:20:54:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2520 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.22.143 - - [24/Sep/2020:20:54:49 +0100] "POST /wp-login.php HTTP/1.1" 200 2520 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-25 04:26:52
104.248.22.27	attackspambots	firewall-block, port(s): 8736/tcp	2020-09-20 23:57:21
104.248.22.27	attackspambots	TCP (SYN) 104.248.22.27:58654 -> port 8736, len 44	2020-09-20 15:50:36
104.248.22.27	attackspambots	Port scan: Attack repeated for 24 hours	2020-09-20 07:41:05
104.248.225.22	attackspam	Automatic report generated by Wazuh	2020-09-19 03:06:58
104.248.225.22	attack	SS1,DEF GET /wp-login.php	2020-09-18 19:09:24
104.248.22.27	attack	2020-09-15T17:11:45.435687abusebot-4.cloudsearch.cf sshd[24046]: Invalid user ginger from 104.248.22.27 port 36136 2020-09-15T17:11:45.444363abusebot-4.cloudsearch.cf sshd[24046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.22.27 2020-09-15T17:11:45.435687abusebot-4.cloudsearch.cf sshd[24046]: Invalid user ginger from 104.248.22.27 port 36136 2020-09-15T17:11:47.086672abusebot-4.cloudsearch.cf sshd[24046]: Failed password for invalid user ginger from 104.248.22.27 port 36136 ssh2 2020-09-15T17:15:28.494750abusebot-4.cloudsearch.cf sshd[24062]: Invalid user shekhar from 104.248.22.27 port 40316 2020-09-15T17:15:28.501783abusebot-4.cloudsearch.cf sshd[24062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.22.27 2020-09-15T17:15:28.494750abusebot-4.cloudsearch.cf sshd[24062]: Invalid user shekhar from 104.248.22.27 port 40316 2020-09-15T17:15:30.756462abusebot-4.cloudsearch.cf sshd[24062]: ...	2020-09-16 02:43:44
104.248.225.22	attackspambots	104.248.225.22 - - [15/Sep/2020:17:50:50 +0100] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.225.22 - - [15/Sep/2020:17:50:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1685 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.225.22 - - [15/Sep/2020:17:51:01 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-16 01:56:23
104.248.224.124	attackspambots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-16 00:13:27
104.248.22.27	attackspambots	TCP port : 23212	2020-09-15 18:41:56
104.248.225.22	attackbots	104.248.225.22 - - [15/Sep/2020:08:31:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.225.22 - - [15/Sep/2020:08:31:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.225.22 - - [15/Sep/2020:08:31:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2400 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-15 17:49:52

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.248.22.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60399
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.248.22.21.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022202 1800 900 604800 86400

;; Query time: 94 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Feb 23 04:21:02 CST 2022
;; MSG SIZE  rcvd: 106

Host info

21.22.248.104.in-addr.arpa domain name pointer 686160.cloudwaysapps.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
21.22.248.104.in-addr.arpa	name = 686160.cloudwaysapps.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.163.135.17	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:48:28
119.42.118.157	attackspam	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:27:01
117.240.95.58	attackspambots	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 03:02:44
118.121.38.90	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:55:19
121.33.247.107	attackbotsspam	Jul 30 03:12:04 debian postfix/smtpd\[7295\]: connect from unknown\[121.33.247.107\] ...	2019-08-06 02:39:11
118.99.104.130	attackbots	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:56:22
119.226.175.133	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:17:34
118.163.143.170	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:47:22
117.213.22.97	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 03:03:40
12.1.141.146	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:38:45
117.193.162.149	attackbotsspam	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 03:06:19
118.122.106.117	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:52:13
119.53.149.66	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:25:35
117.213.21.50	attackspambots	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 03:04:05
118.174.65.251	attack	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 02:44:23

Recently Reported IPs

104.248.217.2	104.248.224.106	104.248.229.202	104.248.235.183
104.248.238.95	178.19.87.136	104.248.239.200	104.248.239.56
104.248.241.193	104.248.246.9	104.248.252.29	104.248.252.84
104.248.254.220	104.248.255.90	104.248.26.37	104.248.26.60
104.248.28.133	104.248.29.172	104.248.30.234	104.248.34.40