104.152.52.72 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Rethem Hosting LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[MultiHost/MultiPort scan (14)] tcp/110, tcp/135, tcp/143, tcp/1433, tcp/21, tcp/22, tcp/23, tcp/3306, tcp/3389, tcp/5060, tcp/5357, tcp/554, tcp/81, tcp/993 [scan/connect: 32 time(s)] *(RWIN=14600)(11190859)	2019-11-19 17:59:32

Type

Details

Datetime

attack

[MultiHost/MultiPort scan (14)] tcp/110, tcp/135, tcp/143, tcp/1433, tcp/21, tcp/22, tcp/23, tcp/3306, tcp/3389, tcp/5060, tcp/5357, tcp/554, tcp/81, tcp/993
[scan/connect: 32 time(s)]
*(RWIN=14600)(11190859)

2019-11-19 17:59:32

Comments on same subnet:

IP	Type	Details	Datetime
104.152.52.231	botsattackproxy	Bot attacker IP	2025-03-25 13:44:38
104.152.52.145	botsattackproxy	Vulnerability Scanner	2025-03-20 13:41:36
104.152.52.100	spamattackproxy	VoIP blacklist IP	2025-03-14 22:09:59
104.152.52.139	attack	Brute-force attacker IP	2025-03-10 13:45:36
104.152.52.219	botsattackproxy	Bot attacker IP	2025-03-04 13:55:48
104.152.52.124	botsattackproxy	Vulnerability Scanner	2025-02-26 17:12:59
104.152.52.146	botsattackproxy	Bot attacker IP	2025-02-21 12:31:03
104.152.52.161	botsattackproxy	Vulnerability Scanner	2025-02-05 14:00:57
104.152.52.176	botsattackproxy	Botnet DB Scanner	2025-01-20 14:03:26
104.152.52.141	botsattack	Vulnerability Scanner	2025-01-09 22:45:15
104.152.52.165	botsattackproxy	Bot attacker IP	2024-09-24 16:44:08
104.152.52.226	botsattackproxy	Vulnerability Scanner	2024-08-28 12:46:53
104.152.52.142	spambotsattack	Vulnerability Scanner	2024-08-26 12:47:13
104.152.52.116	spamattack	Compromised IP	2024-07-06 14:07:26
104.152.52.204	attack	Bad IP	2024-07-01 12:36:27

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47367
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.72.			IN	A

;; AUTHORITY SECTION:
.			165	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111900 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 19 18:02:22 CST 2019
;; MSG SIZE  rcvd: 117

Host info

72.52.152.104.in-addr.arpa domain name pointer internettl.org.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
72.52.152.104.in-addr.arpa	name = internettl.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
36.235.80.180	attackspam	Unauthorized connection attempt from IP address 36.235.80.180 on Port 445(SMB)	2020-01-23 13:40:49
111.230.157.95	attackspam	Unauthorized connection attempt detected from IP address 111.230.157.95 to port 80 [T]	2020-01-23 13:55:49
218.17.122.50	attack	Unauthorized connection attempt detected from IP address 218.17.122.50 to port 2220 [J]	2020-01-23 14:04:19
140.143.226.19	attack	Jan 23 04:52:34 mail1 sshd\[23463\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.226.19 user=root Jan 23 04:52:36 mail1 sshd\[23463\]: Failed password for root from 140.143.226.19 port 36414 ssh2 Jan 23 05:17:54 mail1 sshd\[21181\]: Invalid user holdfast from 140.143.226.19 port 44258 Jan 23 05:17:54 mail1 sshd\[21181\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.226.19 Jan 23 05:17:56 mail1 sshd\[21181\]: Failed password for invalid user holdfast from 140.143.226.19 port 44258 ssh2 ...	2020-01-23 13:58:23
37.98.161.216	attackspambots	Honeypot attack, port: 5555, PTR: PTR record not found	2020-01-23 13:38:10
119.247.82.74	attackbotsspam	Unauthorized connection attempt detected from IP address 119.247.82.74 to port 5555 [J]	2020-01-23 13:40:00
124.156.55.214	attackbots	Unauthorized connection attempt detected from IP address 124.156.55.214 to port 5357 [J]	2020-01-23 14:02:27
168.181.178.5	attack	Unauthorized connection attempt from IP address 168.181.178.5 on Port 445(SMB)	2020-01-23 14:11:49
222.128.20.226	attack	Unauthorized connection attempt detected from IP address 222.128.20.226 to port 2220 [J]	2020-01-23 13:48:24
187.221.101.196	attack	Honeypot attack, port: 81, PTR: dsl-187-221-101-196-dyn.prod-infinitum.com.mx.	2020-01-23 13:44:43
94.199.19.178	attack	Unauthorized connection attempt from IP address 94.199.19.178 on Port 445(SMB)	2020-01-23 13:45:29
221.158.111.70	attackbotsspam	Honeypot attack, port: 81, PTR: PTR record not found	2020-01-23 13:46:38
115.186.108.81	attackbots	Honeypot attack, port: 445, PTR: wtl.worldcall.net.pk.	2020-01-23 13:39:41
104.34.204.226	attackspam	Unauthorized connection attempt detected from IP address 104.34.204.226 to port 81 [J]	2020-01-23 13:42:38
222.186.175.202	attackspam	Jan 22 20:05:19 php1 sshd\[4973\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.202 user=root Jan 22 20:05:21 php1 sshd\[4973\]: Failed password for root from 222.186.175.202 port 21672 ssh2 Jan 22 20:05:37 php1 sshd\[4985\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.202 user=root Jan 22 20:05:39 php1 sshd\[4985\]: Failed password for root from 222.186.175.202 port 47236 ssh2 Jan 22 20:05:59 php1 sshd\[5019\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.202 user=root	2020-01-23 14:08:07

Recently Reported IPs

116.219.183.106	177.38.10.98	157.245.127.237	35.4.158.251
98.131.37.62	138.204.50.169	46.193.64.143	121.98.4.191
131.221.250.232	121.100.160.88	125.24.184.106	124.142.112.221
118.172.40.209	111.19.179.156	110.184.218.78	103.111.134.6
91.226.172.108	89.36.147.124	79.107.96.156	61.154.170.26