IP address

Search at other sites:
.0012.26.104.219
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
AbuseIPDB
2.26.104.219 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 04:00:00.641000
Was present on blacklist at: 2026-05-11 04:00, 2026-05-12 04:00, 2026-05-13 04:00
blocklist.de SSH
2.26.104.219 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 16:05:00.177000
Was present on blacklist at: 2026-05-11 04:05, 2026-05-11 10:05, 2026-05-11 16:05, 2026-05-11 22:05, 2026-05-12 04:05, 2026-05-12 10:05, 2026-05-12 16:05, 2026-05-12 22:05, 2026-05-13 04:05, 2026-05-13 10:05, 2026-05-13 16:05
CI Army
2.26.104.219 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-12 02:50:00.816000
Was present on blacklist at: 2026-05-12 02:50
UCEPROTECT L1
2.26.104.219 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-18 23:45:00.519000
Was present on blacklist at: 2026-05-12 07:45, 2026-05-12 15:45, 2026-05-12 23:45, 2026-05-13 07:45, 2026-05-13 15:45, 2026-05-13 23:45, 2026-05-14 07:45, 2026-05-14 15:45, 2026-05-14 23:45, 2026-05-15 07:45, 2026-05-15 15:45, 2026-05-15 23:45, 2026-05-16 07:45, 2026-05-16 15:45, 2026-05-16 23:45, 2026-05-17 07:45, 2026-05-17 15:45, 2026-05-17 23:45, 2026-05-18 07:45, 2026-05-18 15:45, 2026-05-18 23:45
Echelon SSH bruteforce
2.26.104.219 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-19 09:35:00.384000
Was present on blacklist at: 2026-05-12 09:35, 2026-05-18 09:35, 2026-05-19 09:35
Echelon SSH connection attempt
2.26.104.219 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-05-19 09:35:00.264000
Was present on blacklist at: 2026-05-13 09:35, 2026-05-18 09:35, 2026-05-19 09:35
Spamhaus XBL CBL
2.26.104.219 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-05-24 22:59:10.577000
Was present on blacklist at: 2026-05-17 22:59
blocklist.de Apache
2.26.104.219 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 22:05:05.262000
Was present on blacklist at: 2026-05-23 16:05, 2026-05-23 22:05, 2026-05-24 04:05, 2026-05-24 10:05, 2026-05-24 16:05, 2026-05-24 22:05
blocklist.de web-login
2.26.104.219 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 22:05:05.123000
Was present on blacklist at: 2026-05-23 16:05, 2026-05-23 22:05, 2026-05-24 04:05, 2026-05-24 10:05, 2026-05-24 16:05, 2026-05-24 22:05

Threat categories

TLRoleCategoryDetails
44 src scan port: 22, 80, 2222, 2375
43 src
41 src login protocol: ssh
port: 22, 2222
Warden events (2068)
2026-05-18
ReconScanning (node.9c1411): 3
2026-05-16
ReconScanning (node.9c1411): 19
2026-05-15
ReconScanning (node.9c1411): 59
2026-05-14
ReconScanning (node.9c1411): 33
2026-05-13
ReconScanning (node.ce2b59): 2
ReconScanning (node.9c1411): 13
2026-05-12
ReconScanning (node.ce2b59): 7
IntrusionUserCompromise (node.cfb4f7): 118
2026-05-11
ReconScanning (node.ce2b59): 37
AttemptLogin (node.ce2b59): 1
IntrusionUserCompromise (node.cfb4f7): 1771
2026-05-10
ReconScanning (node.ce2b59): 5
DShield reports (IP summary, reports)
2026-05-12
Number of reports: 175
Distinct targets: 31
2026-05-13
Number of reports: 53
Distinct targets: 14
Origin AS
AS215590 - DPKGSOFT-AS
BGP Prefix
2.26.104.0/24
geo
United States
🕑 America/Chicago
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
2.24.0.0 - 2.31.255.255
last_activity
2026-05-18 23:37:41
last_warden_event
2026-05-18 23:37:41
rep
0.0010474285705853736
reserved_range
0
ts_added
2026-05-10 22:59:01.762000
ts_last_update
2026-05-30 22:59:10.475000

Warden event timeline

DShield event timeline

Presence on blacklists