Go
198.108.67.48
is an
Open Proxy
used by
Hackers
100 %
United States
Report Abuse
968attacks reported
669Port Scan
43Port ScanHacking
42Brute-Force
39Port ScanHackingExploited Host
38Port ScanHackingWeb App Attack
13HackingBrute-Force
13Port ScanBrute-Force
11Hacking
11Port ScanWeb App Attack
8Port ScanHackingBrute-Force
...
37abuse reported
23Email Spam
5Email SpamBrute-Force
4Email SpamHacking
1Web SpamBrute-ForceWeb App AttackSSH
1Email SpamWeb Spam
1Web Spam
1Email SpamPort ScanBrute-ForceSSH
1Email SpamPort ScanHackingBrute-Force
9anonymizers reported
2VPN IPPort Scan
1VPN IPPort ScanHackingSpoofingBrute-Force
1VPN IPPort ScanHacking
1Open ProxyPort ScanHackingBrute-ForceWeb App AttackSSH
1VPN IP
1VPN IPBrute-Force
1VPN IPPort ScanBrute-Force
1Open Proxy
7reputation reported
5uncategorized
2Brute-ForceMailserver Attack
3malware reported
2Malware
1Exploited Host
from 47 distinct reporters
and 6 distinct sources : Blocklist.de, NormShield.com, BadIPs.com, FireHOL, DShield.org, AbuseIPDB
198.108.67.48 was first signaled at 2018-08-16 15:35 and last record was at 2019-09-26 03:47.
IP

198.108.67.48

Organization
Censys, Inc.
Localisation
United States
Michigan, Ann Arbor
NetRange : First & Last IP
198.108.66.0 - 198.108.67.255
Network CIDR
198.108.66.0/23

Cybercrime IP Feeds

Date UTC Category Sub Categories Source List Source Logs
2019-04-08 05:16 attacks FTP Brute-Force AbuseIPDB  
2019-04-08 04:22 attacks Port ScanHacking AbuseIPDB  
2019-04-08 01:41 attacks HackingBrute-ForceWeb App Attack AbuseIPDB HTTP/80/443 Probe, BF, WP, Hack -
2019-04-08 00:44 attacks Port ScanHacking AbuseIPDB Port Scan 7001
2019-04-07 18:29 attacks Port ScanHacking AbuseIPDB non-SMTP command from worker-18.sfj.corp.censys.io[198.108.67.48]: GET / HTTP/1.1
2019-04-07 17:47 attacks Hacking AbuseIPDB  
2019-04-07 00:17 attacks FTP Brute-ForceHacking AbuseIPDB Attempted connection of private FTP server
2019-04-06 22:30 abuse Email Spam AbuseIPDB [connect count:3 time(s)][SMTP/25/465/587 Probe] in blocklist.de:"listed [mail]" *(04071024)
2019-04-06 21:22 attacks Port Scan AbuseIPDB  
2019-04-06 19:52 attacks Port ScanHackingWeb App Attack AbuseIPDB @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-04-07 04:00:09,702 INFO [
2019-04-06 19:14 attacks Port ScanHackingBrute-Force AbuseIPDB Port Scan 3389
2019-04-06 17:48 attacks Port Scan AbuseIPDB firewall-block, port(s): 1111/tcp
2019-04-06 16:45 attacks DDoS AttackEmail Spam AbuseIPDB Apr 7 03:45:16 mailserver postfix/smtps/smtpd[62639]: connect from worker-18.sfj.corp.censys.io[198.108.67.48] Apr 7 03:45:17 mailserver postfix/smtps
2019-04-06 14:35 attacks Port ScanHackingBrute-Force AbuseIPDB TCP scanned port list, 100, 1000, 1012, 1022, 1023, 1024, 1025, 1026, 1027, 1028
2019-04-06 14:17 abuse Email Spam AbuseIPDB f2b trigger Multiple SASL failures
2019-04-06 13:23 attacks Port Scan AbuseIPDB port scan and connect, tcp 3050 (firebird)
2019-04-06 10:52 attacks HackingBrute-Force AbuseIPDB 06.04.2019 21:52:10 - RDP Login Fail Detected by https://www.elinox.de/RDP-Wächter
2019-04-06 08:25 attacks Brute-Force AbuseIPDB 3389BruteforceFW21
2019-04-06 07:11 abuse Email SpamHacking AbuseIPDB Apr 6 16:11:23 staklim-malang postfix/smtpd[29339]: lost connection after CONNECT from worker-18.sfj.corp.censys.io[198.108.67.48]
2019-04-06 07:02 attacks Brute-Force AbuseIPDB Unauthorized connection attempt from IP address 198.108.67.48 on Port 465(SMTPS)
2019-04-06 04:14 attacks SQL Injection AbuseIPDB 198.108.67.48 - - [29/Mar/2019:19:46:11 +0800] "\x16\x03\x01\x00\x89\x01\x00\x00\x85\x03\x03(\xE5D?\xF73\x90\xE7\x06\x84\xCC\xF9z\xC2\xF9\xFE\xA7
2019-04-06 04:02 attacks Port Scan AbuseIPDB port 8000
2019-04-06 02:54 attacks Port ScanHackingExploited HostBrute-Force AbuseIPDB scan z
2019-04-06 00:40 attacks HackingWeb App AttackPort ScanBrute-Force AbuseIPDB  
2019-04-05 20:41 attacks Fraud VoIP AbuseIPDB  
2019-04-05 18:56 abuse Email SpamBrute-Force AbuseIPDB SASL Brute Force
2019-04-05 01:42 attacks Port ScanBrute-Force AbuseIPDB  
2019-04-04 23:38 attacks HackingBrute-Force AbuseIPDB 05.04.2019 10:38:23 - RDP Login Fail Detected by https://www.elinox.de/RDP-Wächter
2019-04-04 21:56 attacks Port Scan AbuseIPDB port scan and connect, tcp 3128 (squid-http)
2019-04-04 13:44 abuse Email SpamHacking AbuseIPDB Apr 4 22:43:58 staklim-malang postfix/smtpd[9747]: lost connection after CONNECT from worker-18.sfj.corp.censys.io[198.108.67.48]
2019-04-04 05:32 attacks Port ScanBrute-Force AbuseIPDB  
2019-04-03 08:10 attacks DDoS AttackPing of DeathPort ScanHacking AbuseIPDB NAME : MICH-15324 CIDR : 198.108.66.0/23 | EMAIL - SPAM {Looking for resource vulnerabilities} DDoS Attack USA - Michigan - block certain countries :)
2019-04-02 09:17 abuse Email Spam AbuseIPDB f2b trigger Multiple SASL failures
2019-04-01 23:38 attacks HackingBrute-ForceWeb App Attack AbuseIPDB HTTP/80/443 Probe, BF, WP, Hack -
2019-04-01 23:08 attacks Port Scan AbuseIPDB  
2019-04-01 09:54 attacks Port Scan AbuseIPDB port scan and connect, tcp 8443 (https-alt)
2019-04-01 06:57 attacks Port ScanHacking AbuseIPDB  
2019-04-01 05:35 attacks SSH AbuseIPDB  
2019-03-31 22:37 attacks HackingBrute-ForceWeb App Attack AbuseIPDB HTTP/80/443 Probe, BF, WP, Hack -
2019-03-31 21:12 attacks Port ScanHackingExploited Host AbuseIPDB scan z
2019-03-30 21:22 attacks Port Scan AbuseIPDB  
2019-03-30 01:51 attacks Fraud VoIPPort Scan AbuseIPDB  
2019-03-29 23:37 abuse Email Spam AbuseIPDB [connect count:3 time(s)][SMTP/25/465/587 Probe] *(03301105)
2019-03-29 21:22 attacks Port Scan AbuseIPDB  
2019-03-29 19:25 abuse Email Spam AbuseIPDB f2b trigger Multiple SASL failures
2019-03-29 15:43 attacks Port Scan AbuseIPDB TCP scanned port list, 100, 1000, 1012, 1022, 1023, 1024, 1025, 1026, 1027, 1028
2019-03-29 15:03 attacks Brute-Force AbuseIPDB Unauthorized connection attempt from IP address 198.108.67.48 on Port 465(SMTPS)
2019-03-29 10:06 attacks Port ScanHackingBrute-Force AbuseIPDB Port Scan 3389
2019-03-29 09:12 attacks Port Scan AbuseIPDB firewall-block, port(s): 1111/tcp
2019-03-29 08:25 attacks HackingBrute-Force AbuseIPDB 29.03.2019 18:23:32 - RDP Login Fail Detected by https://www.elinox.de/RDP-Wächter
2018-08-16 15:35 attacks Port Scan AbuseIPDB port scan and connect, tcp 1433 (ms-sql-s)
2018-08-22 04:26 attacks AbuseIPDB  
2018-08-22 07:09 attacks HackingBrute-Force AbuseIPDB Attempts against Pop3/IMAP
2018-08-22 08:12 attacks Port Scan AbuseIPDB 993/tcp [2018-08-22]1pkt
2018-09-01 20:41 attacks Port Scan AbuseIPDB 143/tcp 993/tcp [2018-08-22/09-02]2pkt
2018-12-02 20:30 attacks Port Scan AbuseIPDB Hit our honeypot for 27 times at 8403/TCP -- First time seen.
2018-12-02 21:10 attacks Port Scan AbuseIPDB Hit our honeypot for 40 times at 1366/TCP -- First time seen.
2018-12-02 21:50 attacks Port Scan AbuseIPDB Hit our honeypot for 34 times at 6352/TCP -- First time seen.
2018-12-02 23:20 attacks Port Scan AbuseIPDB Hit our honeypot for 41 times at 1200/TCP -- First time seen.
2018-12-03 01:50 attacks Port Scan AbuseIPDB Hit our honeypot for 46 times at 8002/TCP -- First time seen.
2019-03-29 18:18 reputation bds_atif  
2019-03-29 18:21 attacks blocklist_de Blocklist.de  
2019-03-29 18:21 attacks Brute-ForceMailserver Attack blocklist_de_mail Blocklist.de  
2019-03-29 18:41 attacks normshield_all_attack NormShield.com  
2019-03-29 18:41 attacks normshield_high_attack NormShield.com  
2019-03-29 18:41 reputation Brute-ForceMailserver Attack packetmail  
2019-03-29 18:41 reputation Brute-ForceMailserver Attack packetmail_ramnode  
2019-03-29 18:53 reputation turris_greylist  
2019-06-04 22:29 malware Malware normshield_all_wormscan NormShield.com  
2019-06-04 22:29 malware Malware normshield_high_wormscan NormShield.com  
2019-06-09 17:21 attacks SSH blocklist_de_ssh Blocklist.de  
2019-07-14 05:01 attacks bi_any_0_1d BadIPs.com  
2019-07-14 05:03 attacks Bad Web Bot bi_badbots_0_1d BadIPs.com  
2019-07-14 05:03 attacks Brute-Force bi_bruteforce_0_1d BadIPs.com  
2019-07-27 20:57 attacks Brute-ForceMailserver Attack bi_mail_0_1d BadIPs.com  
2019-07-27 20:57 attacks Mailserver Attack bi_smtp_0_1d BadIPs.com  
2019-07-28 21:09 anonymizers Open Proxy firehol_proxies FireHOL  
2019-08-20 17:15 reputation alienvault_reputation  
2019-08-21 16:20 reputation ciarmy  
2019-09-18 11:37 attacks bi_http_0_1d BadIPs.com  
2019-09-26 03:47 attacks firehol_level2 FireHOL  
2019-03-29 18:23 attacks dshield_1d DShield.org  
2019-03-29 18:23 attacks dshield DShield.org  
2019-08-22 15:41 reputation iblocklist_ciarmy_malicious  
only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse
IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)
anonymizer
Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.
attacks
bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.
malware
Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

NetRange: 198.108.0.0 - 198.111.255.255
CIDR: 198.108.0.0/14
NetName: MICH-42
NetHandle: NET-198-108-0-0-1
Parent: NET198 (NET-198-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Merit Network Inc. (MICH-Z)
RegDate: 1993-03-26
Updated: 2012-04-02
Ref: https://rdap.arin.net/registry/ip/198.108.0.0

OrgName: Merit Network Inc.
OrgId: MICH-Z
Address: 1000 Oakbrook Drive, Suite 200
City: Ann Arbor
StateProv: MI
PostalCode: 48104
Country: US
RegDate: 2009-12-08
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/MICH-Z

OrgTechHandle: MERIT-ARIN
OrgTechName: Merit Operations
OrgTechPhone: +1-734-527-5717
OrgTechEmail: operations@merit.edu
OrgTechRef: https://rdap.arin.net/registry/entity/MERIT-ARIN

OrgAbuseHandle: NETWO26-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-734-527-5740
OrgAbuseEmail: abuse@merit.edu
OrgAbuseRef: https://rdap.arin.net/registry/entity/NETWO26-ARIN


NetRange: 198.108.66.0 - 198.108.67.255
CIDR: 198.108.66.0/23
NetName: MICH-15324
NetHandle: NET-198-108-66-0-1
Parent: MICH-42 (NET-198-108-0-0-1)
NetType: Reassigned
OriginAS:
Organization: Censys, Inc. (CENSY)
RegDate: 2018-08-20
Updated: 2018-08-20
Ref: https://rdap.arin.net/registry/ip/ 198.108.66.0

OrgName: Censys, Inc.
OrgId: CENSY
Address: 116 1/2 S Main Street
City: Ann Arbor
StateProv: MI
PostalCode: 48104
Country: US
RegDate: 2018-08-06
Updated: 2019-08-03
Comment: https://censys.io
Ref: https://rdap.arin.net/registry/entity/CENSY

OrgTechHandle: COT12-ARIN
OrgTechName: Censys Operations Team
OrgTechPhone: +1-248-629-0125
OrgTechEmail: ops@censys.io
OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

OrgNOCHandle: COT12-ARIN
OrgNOCName: Censys Operations Team
OrgNOCPhone: +1-248-629-0125
OrgNOCEmail: ops@censys.io
OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN

OrgAbuseHandle: CAT20-ARIN
OrgAbuseName: Censys Abuse Team
OrgAbusePhone: +1-248-629-0125
OrgAbuseEmail: scan-abuse@censys.io
OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
most specific ip range is highlighted
Updated : 2019-08-27