104.206.128.50

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: AAA Enterprises

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-09-16 01:44:17
attackbotsspam	Telnet/23 MH Probe, Scan, BF, Hack -	2020-09-15 17:37:27
attack	TCP ports : 3306 / 5060 / 5432; UDP port : 161	2020-09-13 20:20:15
attackbotsspam	Honeypot hit.	2020-09-13 12:14:08
attackspam	Honeypot hit.	2020-09-13 04:01:48
attackspambots	firewall-block, port(s): 3306/tcp	2020-09-06 03:45:18
attackbotsspam	TCP ports : 3306 / 5060	2020-09-05 19:24:16
attackbots	TCP (SYN) 104.206.128.50:54228 -> port 5900, len 44	2020-06-13 02:00:18
attackbotsspam	May 12 01:23:04 debian-2gb-nbg1-2 kernel: \[11498249.144012\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=104.206.128.50 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54713 DPT=1543 WINDOW=65535 RES=0x00 SYN URGP=0	2020-05-12 08:27:03
attackspam	Port Scan: Events[1] countPorts[1]: 1433 ..	2020-04-18 06:37:46
attackspam	firewall-block, port(s): 5900/tcp	2020-02-26 01:18:22
attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-19 23:05:23
attackbotsspam	Unauthorized connection attempt detected from IP address 104.206.128.50 to port 8444 [J]	2020-02-04 13:35:04
attackspambots	[MySQL inject/portscan] tcp/3306 *(RWIN=1024)(01291848)	2020-01-30 00:22:16
attackspambots	Unauthorized connection attempt detected from IP address 104.206.128.50 to port 3389	2019-12-29 09:03:36
attack	81/tcp 5900/tcp 8444/tcp... [2019-10-27/12-27]41pkt,13pt.(tcp),1pt.(udp)	2019-12-28 04:50:16
attackspambots	104.206.128.50 was recorded 6 times by 6 hosts attempting to connect to the following ports: 161,23,3306,1433. Incident counter (4h, 24h, all-time): 6, 7, 246	2019-12-10 04:23:59
attackspambots	Fail2Ban Ban Triggered	2019-11-16 01:49:24
attackbots	104.206.128.50 was recorded 5 times by 5 hosts attempting to connect to the following ports: 161,5900,5060. Incident counter (4h, 24h, all-time): 5, 10, 43	2019-11-11 04:55:54
attackbotsspam	Automatic report - Port Scan Attack	2019-10-16 01:29:49
attack	firewall-block, port(s): 52311/tcp	2019-08-10 09:58:28
attack	:	2019-08-04 06:14:45
attackspambots	Portscan or hack attempt detected by psad/fwsnort	2019-07-31 15:07:02
attack	Honeypot attack, port: 23, PTR: 50-128.206.104.serverhubrdns.in-addr.arpa.	2019-07-25 03:47:19
attackbots	" "	2019-07-16 04:17:52
attack	" "	2019-07-03 01:30:41

Comments on same subnet:

IP	Type	Details	Datetime
104.206.128.6	attackspambots	Automatic report - Banned IP Access	2020-10-09 02:32:26
104.206.128.6	attackbots	bruteforce, ssh, scan port	2020-10-08 18:31:18
104.206.128.34	attackbots	TCP (SYN) 104.206.128.34:62942 -> port 3389, len 44	2020-10-06 04:52:48
104.206.128.74	attackspambots	UDP 104.206.128.74:57326 -> port 161, len 71	2020-10-06 04:12:44
104.206.128.2	attackspambots	TCP (SYN) 104.206.128.2:60162 -> port 1433, len 44	2020-10-06 04:10:28
104.206.128.42	attackbots	TCP (SYN) 104.206.128.42:50739 -> port 23, len 44	2020-10-06 02:55:43
104.206.128.66	attackbotsspam	TCP (SYN) 104.206.128.66:63773 -> port 3306, len 44	2020-10-06 00:59:51
104.206.128.34	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-05 20:55:21
104.206.128.74	attackspambots	TCP (SYN) 104.206.128.74:55896 -> port 3389, len 44	2020-10-05 20:11:31
104.206.128.2	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-05 20:09:04
104.206.128.42	attackbots	Icarus honeypot on github	2020-10-05 18:46:02
104.206.128.34	attackbotsspam	Found on Alienvault / proto=6 . srcport=64630 . dstport=5900 . (3726)	2020-10-05 12:44:44
104.206.128.74	attackbots	TCP (SYN) 104.206.128.74:55896 -> port 3389, len 44	2020-10-05 12:03:44
104.206.128.2	attackspambots	Found on Binary Defense / proto=6 . srcport=52605 . dstport=21 FTP . (3566)	2020-10-05 12:01:30
104.206.128.6	attackbots	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-03 04:43:15

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.206.128.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37609
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.206.128.50.			IN	A

;; AUTHORITY SECTION:
.			846	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061302 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 14 13:35:25 CST 2019
;; MSG SIZE  rcvd: 118

Host info

50.128.206.104.in-addr.arpa domain name pointer 50-128.206.104.serverhubrdns.in-addr.arpa.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
50.128.206.104.in-addr.arpa	name = 50-128.206.104.serverhubrdns.in-addr.arpa.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
183.134.65.197	attackbotsspam	Jul 24 18:30:49 h2829583 sshd[27406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.134.65.197	2020-07-25 02:06:50
198.98.49.181	attack	Jul 25 00:37:50 linode sshd[22546]: Invalid user ubuntu from 198.98.49.181 port 37710 Jul 25 00:37:50 linode sshd[22548]: Invalid user jenkins from 198.98.49.181 port 37726 Jul 25 00:37:50 linode sshd[22549]: Invalid user guest from 198.98.49.181 port 37728 ...	2020-07-25 01:59:54
202.131.138.162	attackspambots	Unauthorized connection attempt from IP address 202.131.138.162 on Port 445(SMB)	2020-07-25 02:24:00
134.119.216.167	attackbotsspam	Unauthorized access detected from black listed ip!	2020-07-25 01:54:14
117.102.95.135	attackspam	Unauthorized connection attempt from IP address 117.102.95.135 on Port 445(SMB)	2020-07-25 02:04:18
187.121.221.126	attack	Attempted Brute Force (dovecot)	2020-07-25 02:11:28
111.92.240.206	attackspam	111.92.240.206 - - [24/Jul/2020:15:51:30 +1000] "POST /wp-login.php HTTP/1.1" 200 1925 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 111.92.240.206 - - [24/Jul/2020:15:51:33 +1000] "POST /wp-login.php HTTP/1.1" 200 1880 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 111.92.240.206 - - [24/Jul/2020:20:34:07 +1000] "POST /wp-login.php HTTP/1.0" 200 12596 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 111.92.240.206 - - [24/Jul/2020:22:29:12 +1000] "POST /wp-login.php HTTP/1.1" 200 1934 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 111.92.240.206 - - [25/Jul/2020:02:07:35 +1000] "POST /wp-login.php HTTP/1.0" 200 12596 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-25 02:18:03
23.160.192.153	attackspam	Jul 24 19:20:35 vps768472 sshd\[3758\]: Invalid user minecraft from 23.160.192.153 port 57794 Jul 24 19:20:35 vps768472 sshd\[3758\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.160.192.153 Jul 24 19:20:37 vps768472 sshd\[3758\]: Failed password for invalid user minecraft from 23.160.192.153 port 57794 ssh2 ...	2020-07-25 01:53:05
182.76.29.59	attackspam	Unauthorized connection attempt from IP address 182.76.29.59 on Port 445(SMB)	2020-07-25 01:53:50
91.121.162.198	attackbots	2020-07-24T13:33:50.9748901495-001 sshd[50965]: Invalid user dck from 91.121.162.198 port 50504 2020-07-24T13:33:53.2378471495-001 sshd[50965]: Failed password for invalid user dck from 91.121.162.198 port 50504 ssh2 2020-07-24T13:40:09.9762401495-001 sshd[51215]: Invalid user david from 91.121.162.198 port 40780 2020-07-24T13:40:09.9794541495-001 sshd[51215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns360380.ip-91-121-162.eu 2020-07-24T13:40:09.9762401495-001 sshd[51215]: Invalid user david from 91.121.162.198 port 40780 2020-07-24T13:40:12.6029691495-001 sshd[51215]: Failed password for invalid user david from 91.121.162.198 port 40780 ssh2 ...	2020-07-25 02:05:54
14.172.54.106	attack	Automatic report - Port Scan Attack	2020-07-25 02:12:28
104.248.244.119	attackspam	Jul 24 15:58:14 django-0 sshd[31535]: Invalid user postgres from 104.248.244.119 ...	2020-07-25 02:20:29
39.41.37.183	attack	Attempted connection to port 445.	2020-07-25 01:55:00
159.65.143.227	attackspambots	Jul 24 19:49:10 sip sshd[1065420]: Invalid user coffee from 159.65.143.227 port 12726 Jul 24 19:49:13 sip sshd[1065420]: Failed password for invalid user coffee from 159.65.143.227 port 12726 ssh2 Jul 24 19:54:20 sip sshd[1065427]: Invalid user kji from 159.65.143.227 port 43960 ...	2020-07-25 02:07:06
197.211.238.220	attackbotsspam	Dovecot Invalid User Login Attempt.	2020-07-25 01:50:18

Recently Reported IPs

176.150.124.192	40.77.167.13	177.137.220.79	132.255.187.240
177.130.139.108	77.40.62.96	88.12.49.249	186.224.80.30
5.135.207.104	178.151.177.243	104.206.128.74	188.209.153.191
59.15.57.96	121.162.88.249	117.119.83.84	203.176.181.93
70.60.38.12	173.254.201.197	93.64.215.66	36.66.67.252