198.55.127.248

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: QuadraNet Inc

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	ssh brute force	2020-09-15 20:37:55
attackbotsspam	Sep 14 23:53:02 nxxxxxxx0 sshd[23689]: Address 198.55.127.248 maps to 198.55.127.248.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Sep 14 23:53:02 nxxxxxxx0 sshd[23689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.55.127.248 user=r.r Sep 14 23:53:03 nxxxxxxx0 sshd[23689]: Failed password for r.r from 198.55.127.248 port 45000 ssh2 Sep 14 23:53:03 nxxxxxxx0 sshd[23689]: Received disconnect from 198.55.127.248: 11: Bye Bye [preauth] Sep 14 23:58:55 nxxxxxxx0 sshd[24087]: Address 198.55.127.248 maps to 198.55.127.248.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Sep 14 23:58:55 nxxxxxxx0 sshd[24087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.55.127.248 user=r.r Sep 14 23:58:57 nxxxxxxx0 sshd[24087]: Failed password for r.r from 198.55.127.248 port 53448 ssh2 Sep 14 23:58:57 nxxxxxxx........ -------------------------------	2020-09-15 12:37:49
attack	SSH_scan	2020-09-15 04:47:12

Type

Details

Datetime

attack

ssh brute force

2020-09-15 20:37:55

attackbotsspam

Sep 14 23:53:02 nxxxxxxx0 sshd[23689]: Address 198.55.127.248 maps to 198.55.127.248.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 14 23:53:02 nxxxxxxx0 sshd[23689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.55.127.248  user=r.r
Sep 14 23:53:03 nxxxxxxx0 sshd[23689]: Failed password for r.r from 198.55.127.248 port 45000 ssh2
Sep 14 23:53:03 nxxxxxxx0 sshd[23689]: Received disconnect from 198.55.127.248: 11: Bye Bye [preauth]
Sep 14 23:58:55 nxxxxxxx0 sshd[24087]: Address 198.55.127.248 maps to 198.55.127.248.static.quadranet.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Sep 14 23:58:55 nxxxxxxx0 sshd[24087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.55.127.248  user=r.r
Sep 14 23:58:57 nxxxxxxx0 sshd[24087]: Failed password for r.r from 198.55.127.248 port 53448 ssh2
Sep 14 23:58:57 nxxxxxxx........
-------------------------------

2020-09-15 12:37:49

attack

SSH_scan

2020-09-15 04:47:12

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 198.55.127.248
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36871
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;198.55.127.248.			IN	A

;; AUTHORITY SECTION:
.			221	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091402 1800 900 604800 86400

;; Query time: 63 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 15 04:47:09 CST 2020
;; MSG SIZE  rcvd: 118

Host info

248.127.55.198.in-addr.arpa domain name pointer 198.55.127.248.static.quadranet.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
248.127.55.198.in-addr.arpa	name = 198.55.127.248.static.quadranet.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.215.194.183	attackbotsspam	445/tcp 445/tcp 445/tcp [2019-08-16]3pkt	2019-08-16 21:57:38
51.75.29.61	attackbots	Aug 16 14:59:31 * sshd[13965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.29.61 Aug 16 14:59:32 * sshd[13965]: Failed password for invalid user musicbot from 51.75.29.61 port 49324 ssh2	2019-08-16 21:17:27
23.129.64.190	attackspam	Aug 16 15:31:03 ns41 sshd[9730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.129.64.190 Aug 16 15:31:05 ns41 sshd[9730]: Failed password for invalid user admin from 23.129.64.190 port 59899 ssh2 Aug 16 15:31:07 ns41 sshd[9730]: Failed password for invalid user admin from 23.129.64.190 port 59899 ssh2 Aug 16 15:31:10 ns41 sshd[9730]: Failed password for invalid user admin from 23.129.64.190 port 59899 ssh2	2019-08-16 21:40:17
196.65.152.166	attackbots	Automatic report - Port Scan Attack	2019-08-16 21:21:11
54.38.241.162	attack	Aug 16 03:04:23 hiderm sshd\[27788\]: Invalid user craig2 from 54.38.241.162 Aug 16 03:04:23 hiderm sshd\[27788\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.ip-54-38-241.eu Aug 16 03:04:25 hiderm sshd\[27788\]: Failed password for invalid user craig2 from 54.38.241.162 port 39342 ssh2 Aug 16 03:13:43 hiderm sshd\[28657\]: Invalid user git from 54.38.241.162 Aug 16 03:13:43 hiderm sshd\[28657\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.ip-54-38-241.eu	2019-08-16 21:36:24
211.23.61.194	attack	Aug 16 13:55:02 ip-172-31-62-245 sshd\[12043\]: Invalid user raju from 211.23.61.194\ Aug 16 13:55:04 ip-172-31-62-245 sshd\[12043\]: Failed password for invalid user raju from 211.23.61.194 port 35570 ssh2\ Aug 16 13:59:46 ip-172-31-62-245 sshd\[12076\]: Invalid user joana from 211.23.61.194\ Aug 16 13:59:48 ip-172-31-62-245 sshd\[12076\]: Failed password for invalid user joana from 211.23.61.194 port 54472 ssh2\ Aug 16 14:04:29 ip-172-31-62-245 sshd\[12115\]: Invalid user postmaster from 211.23.61.194\	2019-08-16 22:10:51
88.214.26.171	attackbotsspam	Aug 16 16:05:29 srv-4 sshd\[28237\]: Invalid user admin from 88.214.26.171 Aug 16 16:05:29 srv-4 sshd\[28237\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.214.26.171 Aug 16 16:05:29 srv-4 sshd\[28238\]: Invalid user admin from 88.214.26.171 Aug 16 16:05:29 srv-4 sshd\[28238\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.214.26.171 ...	2019-08-16 21:38:08
23.129.64.188	attack	[ssh] SSH attack	2019-08-16 21:43:27
202.29.20.117	attack	Aug 16 12:39:47 v22019058497090703 sshd[8965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.20.117 Aug 16 12:39:48 v22019058497090703 sshd[8965]: Failed password for invalid user Inf3ct from 202.29.20.117 port 37238 ssh2 Aug 16 12:45:11 v22019058497090703 sshd[9382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.20.117 ...	2019-08-16 22:24:17
36.84.49.222	attackspam	445/tcp [2019-08-16]1pkt	2019-08-16 21:18:02
52.155.217.246	attack	Port Scan: TCP/445	2019-08-16 21:33:37
179.108.244.123	attack	Aug 16 07:15:12 xeon postfix/smtpd[37781]: warning: unknown[179.108.244.123]: SASL PLAIN authentication failed: authentication failure	2019-08-16 22:24:54
118.25.152.121	attackbots	Invalid user alexander from 118.25.152.121 port 32854	2019-08-16 21:19:32
181.111.60.13	attackspam	445/tcp 445/tcp [2019-08-16]2pkt	2019-08-16 21:30:10
103.27.237.45	attackbots	Aug 16 14:12:32 root sshd[7978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.237.45 Aug 16 14:12:34 root sshd[7978]: Failed password for invalid user shiva123 from 103.27.237.45 port 34514 ssh2 Aug 16 14:18:17 root sshd[8077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.27.237.45 ...	2019-08-16 21:14:16

Recently Reported IPs

178.207.51.78	156.54.170.161	215.88.67.59	147.0.184.53
113.220.60.113	154.219.155.235	28.115.32.43	160.83.147.152
161.164.182.105	75.24.50.215	111.98.69.238	23.246.116.3
92.218.111.63	147.118.203.162	55.233.196.246	133.226.107.113
67.144.240.167	239.77.43.155	126.78.242.252	99.46.198.125