104.149.152.28

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.149.152.114	attack	Sep 25 10:34:21 localhost sshd\[5119\]: Invalid user ems from 104.149.152.114 port 39594 Sep 25 10:34:21 localhost sshd\[5119\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.149.152.114 Sep 25 10:34:23 localhost sshd\[5119\]: Failed password for invalid user ems from 104.149.152.114 port 39594 ssh2	2019-09-25 16:34:32

Type

Details

Datetime

104.149.152.114

attack

Sep 25 10:34:21 localhost sshd\[5119\]: Invalid user ems from 104.149.152.114 port 39594
Sep 25 10:34:21 localhost sshd\[5119\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.149.152.114
Sep 25 10:34:23 localhost sshd\[5119\]: Failed password for invalid user ems from 104.149.152.114 port 39594 ssh2

2019-09-25 16:34:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.149.152.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.149.152.28.			IN	A

;; AUTHORITY SECTION:
.			599	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022801 1800 900 604800 86400

;; Query time: 171 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 01 03:09:20 CST 2022
;; MSG SIZE  rcvd: 107

Host info

28.152.149.104.in-addr.arpa domain name pointer unassigned.psychz.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
28.152.149.104.in-addr.arpa	name = unassigned.psychz.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
58.16.145.208	attackspambots	malicious Brute-Force reported by https://www.patrick-binder.de ...	2020-08-16 08:31:37
212.129.59.36	attackbotsspam	212.129.59.36 - - [16/Aug/2020:04:57:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2369 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 212.129.59.36 - - [16/Aug/2020:04:57:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 212.129.59.36 - - [16/Aug/2020:04:57:05 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-16 12:06:45
106.12.89.154	attack	2020-08-16T06:35:20.517971hostname sshd[45062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.89.154 user=root 2020-08-16T06:35:22.716554hostname sshd[45062]: Failed password for root from 106.12.89.154 port 37390 ssh2 ...	2020-08-16 08:31:51
122.2.109.251	attackspambots	1597550214 - 08/16/2020 05:56:54 Host: 122.2.109.251/122.2.109.251 Port: 445 TCP Blocked	2020-08-16 12:12:30
139.219.0.102	attack	Tried sshing with brute force.	2020-08-16 08:34:13
159.65.185.253	attack	Automatic report generated by Wazuh	2020-08-16 08:27:33
155.133.113.1	attackspambots	Brute force attempt	2020-08-16 12:11:46
218.92.0.216	attackbotsspam	2020-08-16T06:59:18.478267lavrinenko.info sshd[23450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216 user=root 2020-08-16T06:59:19.621376lavrinenko.info sshd[23450]: Failed password for root from 218.92.0.216 port 25855 ssh2 2020-08-16T06:59:18.478267lavrinenko.info sshd[23450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216 user=root 2020-08-16T06:59:19.621376lavrinenko.info sshd[23450]: Failed password for root from 218.92.0.216 port 25855 ssh2 2020-08-16T06:59:23.122611lavrinenko.info sshd[23450]: Failed password for root from 218.92.0.216 port 25855 ssh2 ...	2020-08-16 12:10:59
144.202.26.218	attackbotsspam	144.202.26.218 - - \[15/Aug/2020:22:57:33 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 855 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36" 144.202.26.218 - - \[15/Aug/2020:22:57:34 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 855 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36" 144.202.26.218 - - \[15/Aug/2020:22:57:34 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 855 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/79.0 Safari/537.36"	2020-08-16 08:35:52
112.120.211.200	attackspambots	Lines containing failures of 112.120.211.200 Aug 12 20:25:26 shared07 sshd[17650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.120.211.200 user=r.r Aug 12 20:25:28 shared07 sshd[17650]: Failed password for r.r from 112.120.211.200 port 46410 ssh2 Aug 12 20:25:28 shared07 sshd[17650]: Received disconnect from 112.120.211.200 port 46410:11: Bye Bye [preauth] Aug 12 20:25:28 shared07 sshd[17650]: Disconnected from authenticating user r.r 112.120.211.200 port 46410 [preauth] Aug 12 20:35:28 shared07 sshd[21460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.120.211.200 user=r.r Aug 12 20:35:30 shared07 sshd[21460]: Failed password for r.r from 112.120.211.200 port 55688 ssh2 Aug 12 20:35:31 shared07 sshd[21460]: Received disconnect from 112.120.211.200 port 55688:11: Bye Bye [preauth] Aug 12 20:35:31 shared07 sshd[21460]: Disconnected from authenticating user r.r 112.120.211.200 p........ ------------------------------	2020-08-16 12:12:58
2a01:1b0:7999:419::120	attack	2a01:1b0:7999:419::120 - - [16/Aug/2020:04:56:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 2a01:1b0:7999:419::120 - - [16/Aug/2020:04:56:54 +0100] "POST /wp-login.php HTTP/1.1" 200 2399 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 2a01:1b0:7999:419::120 - - [16/Aug/2020:04:56:54 +0100] "POST /wp-login.php HTTP/1.1" 200 2412 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-16 12:12:04
116.196.105.232	attack	Aug 16 13:57:01 localhost sshd[2508834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.105.232 user=root Aug 16 13:57:04 localhost sshd[2508834]: Failed password for root from 116.196.105.232 port 42206 ssh2 ...	2020-08-16 12:07:04
140.143.195.181	attack	Connection to SSH Honeypot - Detected by HoneypotDB	2020-08-16 08:44:39
200.73.128.252	attack	Aug 16 02:38:36 melroy-server sshd[8064]: Failed password for root from 200.73.128.252 port 44436 ssh2 ...	2020-08-16 08:47:08
45.232.191.207	attack	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-16 12:08:57

Recently Reported IPs

104.149.158.38	104.149.154.234	104.149.155.190	104.149.158.40
104.149.152.30	104.149.158.42	104.149.161.87	104.149.161.91
104.149.163.86	104.149.165.20	104.149.161.93	104.149.164.164
104.149.164.162	104.155.114.78	104.155.106.98	104.155.116.210
104.155.12.33	104.155.122.117	104.155.142.55	104.155.125.8