Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Rethem Hosting LLC

Hostname: unknown

Organization: Rethem Hosting LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:
Type Details Datetime
attackbots
UDP and TCP Ports scans
2020-08-24 12:36:35
attackspambots
Jun 20 16:10:54 mail postfix/postscreen[1906]: DNSBL rank 3 for [104.152.52.28]:42223
...
2020-06-29 05:13:00
attackbots
Drop-BlasterVariant-p4444-TCP | Jun/04/2020 03:04:57
2020-06-05 01:52:56
attackbots
TCP scanned port list, 2080, 518, 49190, 53, 6679
2020-04-14 08:05:53
attackbots
Oct 28 17:17:51 mercury kernel: [UFW ALLOW] IN=eth0 OUT= MAC=f2:3c:91:bc:4d:f8:84:78:ac:0d:8f:41:08:00 SRC=104.152.52.28 DST=109.74.200.221 LEN=76 TOS=0x00 PREC=0x00 TTL=243 ID=29604 PROTO=UDP SPT=42981 DPT=123 LEN=56 
...
2020-03-04 02:41:03
attackspam
SMB Server BruteForce Attack
2019-09-01 12:09:08
attackbots
*Port Scan* detected from 104.152.52.28 (US/United States/internettl.org). 11 hits in the last 270 seconds
2019-08-01 00:05:31
attack
Jul 29 17:31:04 *** sshd[18483]: Did not receive identification string from 104.152.52.28
2019-07-30 09:05:32
attack
SMB Server BruteForce Attack
2019-07-05 19:09:51
attackbots
A portscan was detected. Details about the event:
Time.............: 2019-06-25 21:30:16
Source IP address: 104.152.52.28 (internettl.org)
2019-06-27 02:10:39
Comments on same subnet:
IP Type Details Datetime
104.152.52.231 botsattackproxy
Bot attacker IP
2025-03-25 13:44:38
104.152.52.145 botsattackproxy
Vulnerability Scanner
2025-03-20 13:41:36
104.152.52.100 spamattackproxy
VoIP blacklist IP
2025-03-14 22:09:59
104.152.52.139 attack
Brute-force attacker IP
2025-03-10 13:45:36
104.152.52.219 botsattackproxy
Bot attacker IP
2025-03-04 13:55:48
104.152.52.124 botsattackproxy
Vulnerability Scanner
2025-02-26 17:12:59
104.152.52.146 botsattackproxy
Bot attacker IP
2025-02-21 12:31:03
104.152.52.161 botsattackproxy
Vulnerability Scanner
2025-02-05 14:00:57
104.152.52.176 botsattackproxy
Botnet DB Scanner
2025-01-20 14:03:26
104.152.52.141 botsattack
Vulnerability Scanner
2025-01-09 22:45:15
104.152.52.165 botsattackproxy
Bot attacker IP
2024-09-24 16:44:08
104.152.52.226 botsattackproxy
Vulnerability Scanner
2024-08-28 12:46:53
104.152.52.142 spambotsattack
Vulnerability Scanner
2024-08-26 12:47:13
104.152.52.116 spamattack
Compromised IP
2024-07-06 14:07:26
104.152.52.204 attack
Bad IP
2024-07-01 12:36:27
Whois info:
b
Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52758
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.28.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 12 23:22:43 +08 2019
;; MSG SIZE  rcvd: 117

Host info
28.52.152.104.in-addr.arpa domain name pointer internettl.org.
Nslookup info:
Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
28.52.152.104.in-addr.arpa	name = internettl.org.

Authoritative answers can be found from:

Related IP info:
Related comments:
IP Type Details Datetime
45.80.65.76 attackbotsspam
Oct 14 11:00:14 SilenceServices sshd[18285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.80.65.76
Oct 14 11:00:17 SilenceServices sshd[18285]: Failed password for invalid user Jelszo!23 from 45.80.65.76 port 57308 ssh2
Oct 14 11:04:20 SilenceServices sshd[19413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.80.65.76
2019-10-14 17:17:05
190.85.171.126 attackspam
Oct 13 22:14:08 eddieflores sshd\[28249\]: Invalid user Green@123 from 190.85.171.126
Oct 13 22:14:08 eddieflores sshd\[28249\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.85.171.126
Oct 13 22:14:10 eddieflores sshd\[28249\]: Failed password for invalid user Green@123 from 190.85.171.126 port 40732 ssh2
Oct 13 22:18:54 eddieflores sshd\[28601\]: Invalid user 123@Debian from 190.85.171.126
Oct 13 22:18:54 eddieflores sshd\[28601\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.85.171.126
2019-10-14 17:41:53
106.12.58.4 attackspambots
2019-10-14T09:18:25.236913abusebot-4.cloudsearch.cf sshd\[23158\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.58.4  user=root
2019-10-14 17:34:16
97.74.24.136 attackbots
Automatic report - XMLRPC Attack
2019-10-14 17:30:09
159.65.189.115 attack
Oct 14 09:45:10 game-panel sshd[9696]: Failed password for root from 159.65.189.115 port 34202 ssh2
Oct 14 09:49:14 game-panel sshd[9832]: Failed password for root from 159.65.189.115 port 45232 ssh2
2019-10-14 17:58:58
122.192.33.102 attackbotsspam
2019-10-14T10:42:03.995620  sshd[27339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.192.33.102  user=root
2019-10-14T10:42:06.074028  sshd[27339]: Failed password for root from 122.192.33.102 port 36606 ssh2
2019-10-14T10:54:24.404208  sshd[27461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.192.33.102  user=root
2019-10-14T10:54:26.206747  sshd[27461]: Failed password for root from 122.192.33.102 port 54024 ssh2
2019-10-14T10:58:41.389143  sshd[27498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.192.33.102  user=root
2019-10-14T10:58:43.472741  sshd[27498]: Failed password for root from 122.192.33.102 port 33230 ssh2
...
2019-10-14 17:57:40
62.33.74.122 attackspambots
port scan and connect, tcp 23 (telnet)
2019-10-14 17:42:19
91.121.87.174 attackbots
Oct 14 09:00:35 DAAP sshd[31886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.87.174  user=root
Oct 14 09:00:37 DAAP sshd[31886]: Failed password for root from 91.121.87.174 port 59178 ssh2
Oct 14 09:05:18 DAAP sshd[31914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.87.174  user=root
Oct 14 09:05:19 DAAP sshd[31914]: Failed password for root from 91.121.87.174 port 52804 ssh2
Oct 14 09:08:49 DAAP sshd[31936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.87.174  user=root
Oct 14 09:08:51 DAAP sshd[31936]: Failed password for root from 91.121.87.174 port 36310 ssh2
...
2019-10-14 17:35:10
108.167.139.245 attackbotsspam
WordPress login Brute force / Web App Attack on client site.
2019-10-14 17:30:44
23.99.112.114 attackbotsspam
IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/23.99.112.114/ 
 US - 1H : (239)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : US 
 NAME ASN : ASN8075 
 
 IP : 23.99.112.114 
 
 CIDR : 23.96.0.0/14 
 
 PREFIX COUNT : 242 
 
 UNIQUE IP COUNT : 18722560 
 
 
 WYKRYTE ATAKI Z ASN8075 :  
  1H - 2 
  3H - 4 
  6H - 4 
 12H - 6 
 24H - 6 
 
 DateTime : 2019-10-14 06:50:32 
 
 INFO : Port Scan TELNET Detected and Blocked by ADMIN  - data recovery
2019-10-14 17:18:44
169.255.10.82 attackbots
Oct 14 13:51:34 our-server-hostname postfix/smtpd[1767]: connect from unknown[169.255.10.82]
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x
Oct x@x


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=169.255.10.82
2019-10-14 17:49:26
115.238.236.74 attackbots
Oct 14 05:48:56 firewall sshd[14261]: Invalid user 123Abstract from 115.238.236.74
Oct 14 05:48:58 firewall sshd[14261]: Failed password for invalid user 123Abstract from 115.238.236.74 port 31826 ssh2
Oct 14 05:54:05 firewall sshd[14367]: Invalid user Salon@123 from 115.238.236.74
...
2019-10-14 17:26:40
118.69.191.110 attackspam
Oct 14 08:48:00 rotator sshd\[24065\]: Invalid user Admin010 from 118.69.191.110Oct 14 08:48:02 rotator sshd\[24065\]: Failed password for invalid user Admin010 from 118.69.191.110 port 52818 ssh2Oct 14 08:52:16 rotator sshd\[24858\]: Invalid user @\#$wersdfXCV from 118.69.191.110Oct 14 08:52:18 rotator sshd\[24858\]: Failed password for invalid user @\#$wersdfXCV from 118.69.191.110 port 36170 ssh2Oct 14 08:56:31 rotator sshd\[25674\]: Invalid user @\#$wersdfXCV from 118.69.191.110Oct 14 08:56:33 rotator sshd\[25674\]: Failed password for invalid user @\#$wersdfXCV from 118.69.191.110 port 47750 ssh2
...
2019-10-14 17:37:19
116.7.176.146 attackbots
Oct 14 06:05:52 ncomp sshd[18967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.7.176.146  user=root
Oct 14 06:05:53 ncomp sshd[18967]: Failed password for root from 116.7.176.146 port 47448 ssh2
Oct 14 06:21:00 ncomp sshd[19202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.7.176.146  user=root
Oct 14 06:21:02 ncomp sshd[19202]: Failed password for root from 116.7.176.146 port 55466 ssh2
2019-10-14 17:40:39
46.38.144.202 attack
Oct 14 11:30:19 webserver postfix/smtpd\[29637\]: warning: unknown\[46.38.144.202\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 14 11:32:11 webserver postfix/smtpd\[29637\]: warning: unknown\[46.38.144.202\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 14 11:34:09 webserver postfix/smtpd\[31358\]: warning: unknown\[46.38.144.202\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 14 11:36:08 webserver postfix/smtpd\[29637\]: warning: unknown\[46.38.144.202\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 14 11:38:04 webserver postfix/smtpd\[31362\]: warning: unknown\[46.38.144.202\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
...
2019-10-14 17:42:35

Recently Reported IPs

118.89.33.17 42.239.87.9 162.241.154.60 12.244.69.178
119.42.119.20 177.126.212.128 38.92.125.10 27.201.253.164
201.231.101.234 27.152.113.203 177.67.162.43 14.34.202.51
146.0.135.115 223.181.232.168 1.161.90.215 40.134.163.163
41.190.62.205 125.40.199.8 189.149.19.137 177.36.201.81