JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.248.126.217

197.248.126.217 was found in our database!

This IP was reported 461 times. Confidence of Abuse is 100%: ?

100%

ISP	Safaricom Limited
Usage Type	Fixed Line ISP
ASN	AS37061
Hostname(s)	197-248-126-217.safaricombusiness.co.ke
Domain Name	safaricom.co.ke
Country	🇰🇪 Kenya
City	Kikuyu, Kiambu County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.248.126.217

Whois 197.248.126.217

IP Abuse Reports for 197.248.126.217:

This IP address has been reported a total of 461 times from 107 distinct sources. 197.248.126.217 was first reported on November 27th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 drewf.ink	2026-06-20 15:57:33 (2 hours ago)	[15:57] Triggered SMB honeypot on port 445. Type: NetBIOS + SMB1. Dialect(s): NT LM 0.12	Hacking Exploited Host
🇺🇸 MPL	2026-06-20 15:52:23 (2 hours ago)	tcp/445	Port Scan
🇺🇸 drewf.ink	2026-06-20 01:18:43 (17 hours ago)	[01:18] Port scanning. Port(s) scanned: TCP/1433	Port Scan
🇺🇸 RAP	2026-06-19 23:18:38 (19 hours ago)	2026-06-19 23:18:38 UTC Unauthorized activity to TCP port 1433. SQL	Port Scan
🇺🇸 RAP	2026-06-19 19:54:23 (22 hours ago)	2026-06-19 19:54:23 UTC Unauthorized activity to TCP port 1433. SQL	Port Scan
🇺🇸 RAP	2026-06-19 16:55:13 (1 day ago)	2026-06-19 16:55:13 UTC Unauthorized activity to TCP port 1433. SQL	Port Scan
🇫🇷 zulzeen	2026-06-19 08:35:30 (1 day ago)	[distribamap-0] Blocked by SysWarden Firewall [BLOCK] (SMB/Possible Ransomware Attack)	Hacking Brute-Force
🇦🇹 urnilxfgbez	2026-06-18 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 drewf.ink	2026-06-18 20:04:35 (1 day ago)	[20:04] Port scanning. Port(s) scanned: TCP/1433	Port Scan
🇺🇸 RAP	2026-06-18 18:43:10 (1 day ago)	2026-06-18 18:43:10 UTC Unauthorized activity to TCP port 445. SMB	Port Scan
🇬🇧 knock	2026-06-18 17:19:48 (2 days ago)	Knock-Knock honeypot brute-force: SMB (3 total hits)	Brute-Force
🇺🇸 RAP	2026-06-18 15:54:13 (2 days ago)	2026-06-18 15:54:13 UTC Unauthorized activity to TCP port 445. SMB	Port Scan
🇺🇸 RAP	2026-06-18 13:10:10 (2 days ago)	2026-06-18 13:10:10 UTC Unauthorized activity to TCP port 445. SMB	Port Scan
🇺🇸 RAP	2026-06-18 12:13:45 (2 days ago)	2026-06-18 12:13:45 UTC Unauthorized activity to TCP port 445. SMB	Port Scan
🇦🇺 LiftUp Hosting	2026-06-18 11:55:52 (2 days ago)	Honeypot hit: MSSQL traffic (on 1433) with username sa and empty password	Brute-Force

Showing 1 to 15 of 461 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.16

🇱🇹 141.98.11.134

🇧🇬 78.128.114.110

🇸🇾 46.53.66.89

🇳🇱 45.148.10.157

🇺🇸 13.89.124.218

🇳🇱 176.65.148.132

🇳🇱 72.56.66.71

🇷🇺 5.3.146.57

🇺🇸 4.246.231.57

🇬🇧 195.96.139.136

🇺🇸 157.245.1.7

🇩🇪 109.91.4.177

🇧🇬 78.128.112.30

🇺🇸 147.185.132.13

🇭🇰 114.111.53.214

🇮🇶 62.201.244.179

🇳🇱 45.156.128.149

🇺🇸 167.234.221.222

🇮🇩 103.179.216.158