Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Rethem Hosting LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:
Type Details Datetime
attack
[MultiHost/MultiPort scan (14)] tcp/110, tcp/135, tcp/143, tcp/1433, tcp/21, tcp/22, tcp/23, tcp/3306, tcp/3389, tcp/5060, tcp/5357, tcp/554, tcp/81, tcp/993
[scan/connect: 32 time(s)]
*(RWIN=14600)(11190859)
2019-11-19 17:59:32
Comments on same subnet:
IP Type Details Datetime
104.152.52.231 botsattackproxy
Bot attacker IP
2025-03-25 13:44:38
104.152.52.145 botsattackproxy
Vulnerability Scanner
2025-03-20 13:41:36
104.152.52.100 spamattackproxy
VoIP blacklist IP
2025-03-14 22:09:59
104.152.52.139 attack
Brute-force attacker IP
2025-03-10 13:45:36
104.152.52.219 botsattackproxy
Bot attacker IP
2025-03-04 13:55:48
104.152.52.124 botsattackproxy
Vulnerability Scanner
2025-02-26 17:12:59
104.152.52.146 botsattackproxy
Bot attacker IP
2025-02-21 12:31:03
104.152.52.161 botsattackproxy
Vulnerability Scanner
2025-02-05 14:00:57
104.152.52.176 botsattackproxy
Botnet DB Scanner
2025-01-20 14:03:26
104.152.52.141 botsattack
Vulnerability Scanner
2025-01-09 22:45:15
104.152.52.165 botsattackproxy
Bot attacker IP
2024-09-24 16:44:08
104.152.52.226 botsattackproxy
Vulnerability Scanner
2024-08-28 12:46:53
104.152.52.142 spambotsattack
Vulnerability Scanner
2024-08-26 12:47:13
104.152.52.116 spamattack
Compromised IP
2024-07-06 14:07:26
104.152.52.204 attack
Bad IP
2024-07-01 12:36:27
Whois info:
b
Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.72
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47367
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.72.			IN	A

;; AUTHORITY SECTION:
.			165	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111900 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 19 18:02:22 CST 2019
;; MSG SIZE  rcvd: 117

Host info
72.52.152.104.in-addr.arpa domain name pointer internettl.org.
Nslookup info:
Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
72.52.152.104.in-addr.arpa	name = internettl.org.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
137.74.41.119 attackbotsspam
Aug 16 17:12:05 ns382633 sshd\[16982\]: Invalid user tunnel from 137.74.41.119 port 45152
Aug 16 17:12:05 ns382633 sshd\[16982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.41.119
Aug 16 17:12:06 ns382633 sshd\[16982\]: Failed password for invalid user tunnel from 137.74.41.119 port 45152 ssh2
Aug 16 17:22:46 ns382633 sshd\[18863\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.41.119  user=root
Aug 16 17:22:48 ns382633 sshd\[18863\]: Failed password for root from 137.74.41.119 port 53846 ssh2
2020-08-16 23:42:53
45.95.168.96 attackbotsspam
2020-08-16 17:45:00 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=no-reply@nophost.com\)
2020-08-16 17:45:38 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=webmail@opso.it\)
2020-08-16 17:45:38 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=webmail@nophost.com\)
2020-08-16 17:49:34 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=webmail@nopcommerce.it\)
2020-08-16 17:51:33 dovecot_login authenticator failed for pr.predictams.live \(USER\) \[45.95.168.96\]: 535 Incorrect authentication data \(set_id=webmail@nophost.com\)
2020-08-16 23:54:59
152.136.152.45 attackspambots
Aug 16 17:47:31 vps333114 sshd[6165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.152.45
Aug 16 17:47:33 vps333114 sshd[6165]: Failed password for invalid user vick from 152.136.152.45 port 18864 ssh2
...
2020-08-17 00:08:21
222.186.175.169 attackbotsspam
SSH auth scanning - multiple failed logins
2020-08-17 00:02:38
132.148.28.20 attackbotsspam
132.148.28.20 - - [16/Aug/2020:15:09:49 +0100] "POST /wp-login.php HTTP/1.1" 200 1910 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.28.20 - - [16/Aug/2020:15:09:51 +0100] "POST /wp-login.php HTTP/1.1" 200 1844 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.28.20 - - [16/Aug/2020:15:09:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1847 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2020-08-17 00:22:41
24.6.59.51 attackspam
Failed password for invalid user uat from 24.6.59.51 port 50384 ssh2
2020-08-17 00:29:18
128.199.44.102 attackspambots
2020-08-16T14:13:02.052804n23.at sshd[3864542]: Invalid user cbs from 128.199.44.102 port 58692
2020-08-16T14:13:03.732418n23.at sshd[3864542]: Failed password for invalid user cbs from 128.199.44.102 port 58692 ssh2
2020-08-16T14:23:20.133703n23.at sshd[3873111]: Invalid user ftpusers from 128.199.44.102 port 41973
...
2020-08-17 00:10:26
222.186.30.35 attackspam
Aug 16 11:41:53 plusreed sshd[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.35  user=root
Aug 16 11:41:55 plusreed sshd[2648]: Failed password for root from 222.186.30.35 port 42737 ssh2
...
2020-08-16 23:42:32
114.237.182.216 attackbots
Automatic report - Port Scan Attack
2020-08-16 23:49:38
61.161.86.195 attack
Aug 16 13:51:20 rocket sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.161.86.195
Aug 16 13:51:22 rocket sshd[32647]: Failed password for invalid user wangyin from 61.161.86.195 port 11249 ssh2
...
2020-08-16 23:53:58
148.252.132.148 attackbotsspam
Lines containing failures of 148.252.132.148
Aug 16 14:02:51 keyhelp sshd[6002]: Invalid user garibaldi from 148.252.132.148 port 45757
Aug 16 14:02:51 keyhelp sshd[6002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.252.132.148
Aug 16 14:02:53 keyhelp sshd[6002]: Failed password for invalid user garibaldi from 148.252.132.148 port 45757 ssh2
Aug 16 14:02:53 keyhelp sshd[6002]: Received disconnect from 148.252.132.148 port 45757:11: Bye Bye [preauth]
Aug 16 14:02:53 keyhelp sshd[6002]: Disconnected from invalid user garibaldi 148.252.132.148 port 45757 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=148.252.132.148
2020-08-17 00:21:47
119.45.137.52 attackspambots
(sshd) Failed SSH login from 119.45.137.52 (CN/China/-): 5 in the last 3600 secs
2020-08-17 00:28:53
222.186.190.14 attackbots
Aug 16 16:59:52 rocket sshd[26671]: Failed password for root from 222.186.190.14 port 56468 ssh2
Aug 16 17:00:00 rocket sshd[26688]: Failed password for root from 222.186.190.14 port 36374 ssh2
...
2020-08-17 00:05:51
106.12.46.229 attack
prod6
...
2020-08-16 23:49:54
93.107.187.162 attackbots
Aug 16 18:01:57 fhem-rasp sshd[2793]: Invalid user vicente from 93.107.187.162 port 54486
...
2020-08-17 00:20:32

Recently Reported IPs

116.219.183.106 177.38.10.98 157.245.127.237 35.4.158.251
98.131.37.62 138.204.50.169 46.193.64.143 121.98.4.191
131.221.250.232 121.100.160.88 125.24.184.106 124.142.112.221
118.172.40.209 111.19.179.156 110.184.218.78 103.111.134.6
91.226.172.108 89.36.147.124 79.107.96.156 61.154.170.26