104.152.52.22 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Rethem Hosting LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Multiport scan 35 ports : 443(x2) 445(x4) 520(x2) 847(x2) 993(x2) 994(x2) 997(x2) 1503(x2) 1589(x2) 1701(x2) 1720(x2) 1812(x2) 1813(x2) 2083(x2) 2086(x2) 2222(x2) 2223(x2) 2427(x2) 3456(x2) 4243(x2) 5228(x2) 5242(x2) 5722(x2) 5985(x2) 5986(x2) 7306(x2) 7687(x2) 7946(x2) 8000(x2) 8080(x2) 8116(x2) 8998(x2) 9090(x2) 9200(x2) 23399(x2)	2020-09-19 01:05:44
attackspam	Multiport scan 35 ports : 443(x2) 445(x4) 520(x2) 847(x2) 993(x2) 994(x2) 997(x2) 1503(x2) 1589(x2) 1701(x2) 1720(x2) 1812(x2) 1813(x2) 2083(x2) 2086(x2) 2222(x2) 2223(x2) 2427(x2) 3456(x2) 4243(x2) 5228(x2) 5242(x2) 5722(x2) 5985(x2) 5986(x2) 7306(x2) 7687(x2) 7946(x2) 8000(x2) 8080(x2) 8116(x2) 8998(x2) 9090(x2) 9200(x2) 23399(x2)	2020-09-18 17:07:26
attackbotsspam	Multiport scan 35 ports : 443(x2) 445(x4) 520(x2) 847(x2) 993(x2) 994(x2) 997(x2) 1503(x2) 1589(x2) 1701(x2) 1720(x2) 1812(x2) 1813(x2) 2083(x2) 2086(x2) 2222(x2) 2223(x2) 2427(x2) 3456(x2) 4243(x2) 5228(x2) 5242(x2) 5722(x2) 5985(x2) 5986(x2) 7306(x2) 7687(x2) 7946(x2) 8000(x2) 8080(x2) 8116(x2) 8998(x2) 9090(x2) 9200(x2) 23399(x2)	2020-09-18 07:21:54
attack	Dec 14 04:25:44 mercury kernel: [UFW ALLOW] IN=eth0 OUT= MAC=f2:3c:91:bc:4d:f8:84:78:ac:5a:1a:41:08:00 SRC=104.152.52.22 DST=109.74.200.221 LEN=76 TOS=0x00 PREC=0x00 TTL=243 ID=28234 PROTO=UDP SPT=57479 DPT=123 LEN=56 ...	2020-03-04 03:05:08
attack	slow and persistent scanner	2019-06-22 00:23:06

Comments on same subnet:

IP	Type	Details	Datetime
104.152.52.231	botsattackproxy	Bot attacker IP	2025-03-25 13:44:38
104.152.52.145	botsattackproxy	Vulnerability Scanner	2025-03-20 13:41:36
104.152.52.100	spamattackproxy	VoIP blacklist IP	2025-03-14 22:09:59
104.152.52.139	attack	Brute-force attacker IP	2025-03-10 13:45:36
104.152.52.219	botsattackproxy	Bot attacker IP	2025-03-04 13:55:48
104.152.52.124	botsattackproxy	Vulnerability Scanner	2025-02-26 17:12:59
104.152.52.146	botsattackproxy	Bot attacker IP	2025-02-21 12:31:03
104.152.52.161	botsattackproxy	Vulnerability Scanner	2025-02-05 14:00:57
104.152.52.176	botsattackproxy	Botnet DB Scanner	2025-01-20 14:03:26
104.152.52.141	botsattack	Vulnerability Scanner	2025-01-09 22:45:15
104.152.52.165	botsattackproxy	Bot attacker IP	2024-09-24 16:44:08
104.152.52.226	botsattackproxy	Vulnerability Scanner	2024-08-28 12:46:53
104.152.52.142	spambotsattack	Vulnerability Scanner	2024-08-26 12:47:13
104.152.52.116	spamattack	Compromised IP	2024-07-06 14:07:26
104.152.52.204	attack	Bad IP	2024-07-01 12:36:27

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5588
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.22.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019052401 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat May 25 04:52:53 CST 2019
;; MSG SIZE  rcvd: 117

Host info

22.52.152.104.in-addr.arpa domain name pointer internettl.org.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
22.52.152.104.in-addr.arpa	name = internettl.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
176.31.162.82	attack	Dec 1 17:47:01 legacy sshd[3934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.82 Dec 1 17:47:03 legacy sshd[3934]: Failed password for invalid user aung from 176.31.162.82 port 48212 ssh2 Dec 1 17:49:56 legacy sshd[4053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.82 ...	2019-12-02 03:43:13
2400:6180:0:d1::4dd:b001	attack	[munged]::443 2400:6180:0:d1::4dd:b001 - - [01/Dec/2019:15:38:19 +0100] "POST /[munged]: HTTP/1.1" 200 6577 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 2400:6180:0:d1::4dd:b001 - - [01/Dec/2019:15:38:27 +0100] "POST /[munged]: HTTP/1.1" 200 6437 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 2400:6180:0:d1::4dd:b001 - - [01/Dec/2019:15:38:27 +0100] "POST /[munged]: HTTP/1.1" 200 6437 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-12-02 03:49:32
185.200.118.72	attack	firewall-block, port(s): 1080/tcp	2019-12-02 03:51:33
91.248.213.143	attackspam	Dec 1 04:05:46 nbi-636 sshd[15142]: User r.r from 91.248.213.143 not allowed because not listed in AllowUsers Dec 1 04:05:46 nbi-636 sshd[15142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.248.213.143 user=r.r Dec 1 04:05:48 nbi-636 sshd[15142]: Failed password for invalid user r.r from 91.248.213.143 port 46704 ssh2 Dec 1 04:05:48 nbi-636 sshd[15142]: Received disconnect from 91.248.213.143 port 46704:11: Bye Bye [preauth] Dec 1 04:05:48 nbi-636 sshd[15142]: Disconnected from 91.248.213.143 port 46704 [preauth] Dec 1 04:12:37 nbi-636 sshd[16750]: Invalid user chiarra from 91.248.213.143 port 37120 Dec 1 04:12:39 nbi-636 sshd[16750]: Failed password for invalid user chiarra from 91.248.213.143 port 37120 ssh2 Dec 1 04:12:39 nbi-636 sshd[16750]: Received disconnect from 91.248.213.143 port 37120:11: Bye Bye [preauth] Dec 1 04:12:39 nbi-636 sshd[16750]: Disconnected from 91.248.213.143 port 37120 [preauth] Dec 1 0........ -------------------------------	2019-12-02 03:30:45
177.23.104.86	attackspambots	Unauthorised access (Dec 1) SRC=177.23.104.86 LEN=44 TOS=0x10 PREC=0x40 TTL=51 ID=59688 TCP DPT=23 WINDOW=14203 SYN	2019-12-02 03:29:08
203.195.245.13	attackbots	Dec 1 15:38:34 serwer sshd\[11797\]: User dovecot from 203.195.245.13 not allowed because not listed in AllowUsers Dec 1 15:38:34 serwer sshd\[11797\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.245.13 user=dovecot Dec 1 15:38:36 serwer sshd\[11797\]: Failed password for invalid user dovecot from 203.195.245.13 port 51552 ssh2 ...	2019-12-02 03:47:12
49.51.11.133	attack	12/01/2019-15:38:04.508388 49.51.11.133 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputation IP group 48	2019-12-02 04:02:07
157.245.96.139	attackspambots	WordPress wp-login brute force :: 157.245.96.139 0.076 BYPASS [01/Dec/2019:14:38:55 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2134 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-12-02 03:37:53
185.216.132.15	attackspambots	SSH Brute-Force attacks	2019-12-02 03:54:01
221.162.255.66	attackspam	Dec 1 18:26:49 XXX sshd[42189]: Invalid user ofsaa from 221.162.255.66 port 53246	2019-12-02 03:42:30
162.241.182.29	attack	Dec 1 20:53:40 server sshd\[7083\]: Invalid user steffane from 162.241.182.29 Dec 1 20:53:40 server sshd\[7083\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.182.29 Dec 1 20:53:42 server sshd\[7083\]: Failed password for invalid user steffane from 162.241.182.29 port 45570 ssh2 Dec 1 21:26:33 server sshd\[15971\]: Invalid user backup from 162.241.182.29 Dec 1 21:26:33 server sshd\[15971\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.182.29 ...	2019-12-02 03:37:32
181.49.254.230	attackbots	Dec 2 01:35:40 itv-usvr-01 sshd[11130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.254.230 user=root Dec 2 01:35:43 itv-usvr-01 sshd[11130]: Failed password for root from 181.49.254.230 port 44038 ssh2 Dec 2 01:39:08 itv-usvr-01 sshd[11274]: Invalid user guest from 181.49.254.230 Dec 2 01:39:08 itv-usvr-01 sshd[11274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.254.230 Dec 2 01:39:08 itv-usvr-01 sshd[11274]: Invalid user guest from 181.49.254.230 Dec 2 01:39:09 itv-usvr-01 sshd[11274]: Failed password for invalid user guest from 181.49.254.230 port 51192 ssh2	2019-12-02 04:00:58
129.154.67.65	attack	Dec 1 06:28:12 hanapaa sshd\[10010\]: Invalid user horror from 129.154.67.65 Dec 1 06:28:12 hanapaa sshd\[10010\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=oc-129-154-67-65.compute.oraclecloud.com Dec 1 06:28:13 hanapaa sshd\[10010\]: Failed password for invalid user horror from 129.154.67.65 port 51234 ssh2 Dec 1 06:32:30 hanapaa sshd\[10418\]: Invalid user 3EDC4RFV from 129.154.67.65 Dec 1 06:32:30 hanapaa sshd\[10418\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=oc-129-154-67-65.compute.oraclecloud.com	2019-12-02 03:37:21
180.76.167.9	attack	Dec 1 17:28:23 venus sshd\[1901\]: Invalid user peyton from 180.76.167.9 port 39678 Dec 1 17:28:23 venus sshd\[1901\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.167.9 Dec 1 17:28:26 venus sshd\[1901\]: Failed password for invalid user peyton from 180.76.167.9 port 39678 ssh2 ...	2019-12-02 03:49:10
70.184.80.136	attackspam	Dec 1 16:57:46 MK-Soft-VM7 sshd[23060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.184.80.136 Dec 1 16:57:49 MK-Soft-VM7 sshd[23060]: Failed password for invalid user hassel from 70.184.80.136 port 55154 ssh2 ...	2019-12-02 03:31:08

Recently Reported IPs

109.19.16.40	159.203.86.82	117.50.95.121	162.144.145.151
41.160.6.186	89.221.195.139	185.10.99.14	185.234.218.129
188.213.166.219	193.189.88.106	153.120.62.220	77.239.65.206
43.231.216.104	158.217.110.144	94.102.50.96	193.27.242.2
203.101.174.2	190.30.242.57	203.114.235.16	37.196.250.87