104.192.1.138 - IPInfo

Basic Info

City: Middleboro

Region: Massachusetts

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.192.113.252	attack	Connection by 104.192.113.252 on port: 1433 got caught by honeypot at 5/7/2020 12:58:15 PM	2020-05-08 01:25:01
104.192.163.119	attack	Unauthorized connection attempt detected from IP address 104.192.163.119 to port 2220 [J]	2020-01-13 17:41:22
104.192.111.79	attack	RDP Bruteforce	2020-01-10 05:47:51
104.192.1.59	attack	Unauthorized connection attempt detected from IP address 104.192.1.59 to port 3389	2020-01-05 06:46:27
104.192.108.175	attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-12-23 07:47:04
104.192.108.175	attackbots	[IPBX probe: SIP=tcp/5060] *(RWIN=1024)(12211217)	2019-12-21 19:43:07
104.192.111.79	attackspam	RDP brute forcing (d)	2019-12-12 18:40:24
104.192.111.79	attackspambots	RDP Bruteforce	2019-11-28 07:47:10
104.192.109.140	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2019-10-05 17:52:21
104.192.109.140	attackspam	Sep 29 08:10:03 localhost kernel: [3496822.005490] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=104.192.109.140 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54759 PROTO=TCP SPT=44617 DPT=7676 SEQ=3966675045 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 29 10:24:08 localhost kernel: [3504867.049597] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=104.192.109.140 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2403 PROTO=TCP SPT=44617 DPT=106 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 29 10:24:08 localhost kernel: [3504867.049626] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=104.192.109.140 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2403 PROTO=TCP SPT=44617 DPT=106 SEQ=3535038839 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0	2019-09-30 01:30:51
104.192.138.232	attackspambots	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 06:49:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.192.1.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63787
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.192.1.138.			IN	A

;; AUTHORITY SECTION:
.			541	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022062301 1800 900 604800 86400

;; Query time: 186 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jun 24 08:07:09 CST 2022
;; MSG SIZE  rcvd: 106

Host info

138.1.192.104.in-addr.arpa domain name pointer ip-104-192-1-138.host.datawagon.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
138.1.192.104.in-addr.arpa	name = ip-104-192-1-138.host.datawagon.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
179.107.132.35	attackspam	Unauthorised access (Aug 7) SRC=179.107.132.35 LEN=52 TTL=111 ID=30395 DF TCP DPT=445 WINDOW=8192 SYN	2020-08-08 06:50:57
82.79.236.65	attack	diesunddas.net 82.79.236.65 [07/Aug/2020:22:25:20 +0200] "POST /wp-login.php HTTP/1.1" 200 12716 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" diesunddas.net 82.79.236.65 [07/Aug/2020:22:25:21 +0200] "POST /wp-login.php HTTP/1.1" 200 12716 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"	2020-08-08 07:03:00
52.147.198.177	attackbots	Time: Fri Aug 7 18:47:16 2020 -0300 IP: 52.147.198.177 (US/United States/-) Failures: 30 (smtpauth) Interval: 3600 seconds Blocked: Permanent Block	2020-08-08 07:19:41
139.217.233.15	attackbots	Aug 7 22:19:31 Ubuntu-1404-trusty-64-minimal sshd\[30284\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.233.15 user=root Aug 7 22:19:33 Ubuntu-1404-trusty-64-minimal sshd\[30284\]: Failed password for root from 139.217.233.15 port 52576 ssh2 Aug 7 22:24:22 Ubuntu-1404-trusty-64-minimal sshd\[32761\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.233.15 user=root Aug 7 22:24:24 Ubuntu-1404-trusty-64-minimal sshd\[32761\]: Failed password for root from 139.217.233.15 port 42534 ssh2 Aug 7 22:25:24 Ubuntu-1404-trusty-64-minimal sshd\[735\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.233.15 user=root	2020-08-08 07:01:05
181.40.76.162	attackspam	Aug 8 00:34:23 nextcloud sshd\[26408\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.40.76.162 user=root Aug 8 00:34:25 nextcloud sshd\[26408\]: Failed password for root from 181.40.76.162 port 38386 ssh2 Aug 8 00:39:10 nextcloud sshd\[31125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.40.76.162 user=root	2020-08-08 07:21:28
46.227.180.155	attackbotsspam	Port Scan detected! ...	2020-08-08 06:54:44
8.208.76.187	attackspam	Aug 4 12:25:48 srv05 sshd[8849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.208.76.187 user=r.r Aug 4 12:25:50 srv05 sshd[8849]: Failed password for r.r from 8.208.76.187 port 44482 ssh2 Aug 4 12:25:50 srv05 sshd[8849]: Received disconnect from 8.208.76.187: 11: Bye Bye [preauth] Aug 4 12:47:15 srv05 sshd[10134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.208.76.187 user=r.r Aug 4 12:47:17 srv05 sshd[10134]: Failed password for r.r from 8.208.76.187 port 60522 ssh2 Aug 4 12:47:17 srv05 sshd[10134]: Received disconnect from 8.208.76.187: 11: Bye Bye [preauth] Aug 4 12:58:23 srv05 sshd[10661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.208.76.187 user=r.r Aug 4 12:58:25 srv05 sshd[10661]: Failed password for r.r from 8.208.76.187 port 57658 ssh2 Aug 4 12:58:56 srv05 sshd[10661]: Received disconnect from 8.208.76.187: 11: ........ -------------------------------	2020-08-08 06:51:49
110.45.155.101	attack	prod11 ...	2020-08-08 07:14:14
103.246.240.26	attackspambots	Aug 7 23:21:49 *** sshd[1439]: User root from 103.246.240.26 not allowed because not listed in AllowUsers	2020-08-08 07:26:02
222.186.175.182	attackbots	Aug 8 01:02:47 nextcloud sshd\[21976\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.182 user=root Aug 8 01:02:49 nextcloud sshd\[21976\]: Failed password for root from 222.186.175.182 port 51352 ssh2 Aug 8 01:02:58 nextcloud sshd\[21976\]: Failed password for root from 222.186.175.182 port 51352 ssh2	2020-08-08 07:04:09
162.241.142.103	attackbotsspam	08/07/2020-16:25:01.385162 162.241.142.103 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-08-08 07:17:07
114.235.182.219	attackspam	Aug 7 19:55:33 vps46666688 sshd[21386]: Failed password for root from 114.235.182.219 port 11518 ssh2 ...	2020-08-08 07:22:31
64.225.124.179	attackbots	firewall-block, port(s): 427/tcp	2020-08-08 07:05:56
122.228.19.80	attack	122.228.19.80 was recorded 8 times by 1 hosts attempting to connect to the following ports: 3001,6488,8123,4880,34567,3310,8140,8083. Incident counter (4h, 24h, all-time): 8, 38, 33251	2020-08-08 07:23:19
51.158.65.150	attack	SSH Brute Force	2020-08-08 07:02:42

Recently Reported IPs

5.167.67.44	5.167.67.96	137.226.4.247	103.136.42.251
137.226.4.155	5.2.67.139	5.167.67.76	5.167.67.92
43.156.123.181	157.230.1.224	202.87.227.205	5.167.67.211
116.110.2.237	183.91.215.14	181.206.100.44	188.114.96.209
68.183.8.63	177.93.50.164	177.86.5.146	89.27.248.60