104.244.72.136

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.244.72.38	attackbotsspam	xmlrpc attack	2020-10-10 22:15:36
104.244.72.38	attack	CMS (WordPress or Joomla) login attempt.	2020-10-10 14:08:50
104.244.72.115	attack	104.244.72.115 (US/United States/-), 7 distributed sshd attacks on account [admin] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 20 10:06:28 server2 sshd[15527]: Failed password for invalid user admin from 104.244.72.115 port 57964 ssh2 Sep 20 10:06:30 server2 sshd[15572]: Invalid user admin from 95.128.43.164 Sep 20 10:06:32 server2 sshd[15572]: Failed password for invalid user admin from 95.128.43.164 port 55602 ssh2 Sep 20 10:06:34 server2 sshd[15610]: Invalid user admin from 104.244.75.157 Sep 20 10:06:36 server2 sshd[15610]: Failed password for invalid user admin from 104.244.75.157 port 34573 ssh2 Sep 20 10:07:22 server2 sshd[16018]: Invalid user admin from 212.21.66.6 Sep 20 10:06:25 server2 sshd[15527]: Invalid user admin from 104.244.72.115 IP Addresses Blocked:	2020-09-20 23:32:54
104.244.72.115	attack	Sep 20 08:04:25 vpn01 sshd[9754]: Failed password for root from 104.244.72.115 port 47340 ssh2 Sep 20 08:04:36 vpn01 sshd[9754]: error: maximum authentication attempts exceeded for root from 104.244.72.115 port 47340 ssh2 [preauth] ...	2020-09-20 15:21:30
104.244.72.115	attackspambots	Sep 20 00:03:39 sigma sshd\[30820\]: Invalid user admin from 104.244.72.115Sep 20 00:03:40 sigma sshd\[30820\]: Failed password for invalid user admin from 104.244.72.115 port 45068 ssh2 ...	2020-09-20 07:17:51
104.244.72.203	attackbots	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 20:20:32
104.244.72.203	attackspambots	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 12:53:28
104.244.72.203	attack	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 04:38:14
104.244.72.115	attackbotsspam	Jun 26 11:25:48 IngegnereFirenze sshd[15703]: User root from 104.244.72.115 not allowed because not listed in AllowUsers ...	2020-06-27 00:36:02
104.244.72.115	attackspam	srv02 SSH BruteForce Attacks 22 ..	2020-06-13 22:10:32
104.244.72.115	attackbotsspam	prod6 ...	2020-06-09 14:06:47
104.244.72.115	attackspam	US_FranTech BuyVM_<177>1585281315 [1:2522002:4013] ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 3 [Classification: Misc Attack] [Priority: 2]: {TCP} 104.244.72.115:46840	2020-03-27 12:22:51
104.244.72.54	attack	scans 2 times in preceeding hours on the ports (in chronological order) 52869 52869	2020-02-27 00:56:43
104.244.72.115	attack	02/21/2020-14:20:55.747469 104.244.72.115 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 2	2020-02-21 21:33:41
104.244.72.115	attack	xmlrpc attack	2020-02-10 07:35:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.244.72.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5109
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.244.72.136.			IN	A

;; AUTHORITY SECTION:
.			289	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020700 1800 900 604800 86400

;; Query time: 63 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 07 21:22:30 CST 2022
;; MSG SIZE  rcvd: 107

Host info

136.72.244.104.in-addr.arpa domain name pointer exitrelay17.medvideos-tor.org.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
136.72.244.104.in-addr.arpa	name = exitrelay17.medvideos-tor.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.12.209.81	attackbots	DATE:2020-03-23 16:46:59,IP:106.12.209.81,MATCHES:10,PORT:ssh	2020-03-24 02:19:31
188.35.187.50	attackbots	Mar 23 19:10:10 minden010 sshd[615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.35.187.50 Mar 23 19:10:12 minden010 sshd[615]: Failed password for invalid user ix from 188.35.187.50 port 50570 ssh2 Mar 23 19:14:19 minden010 sshd[2243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.35.187.50 ...	2020-03-24 02:15:48
193.187.118.237	attack	port scan and connect, tcp 22 (ssh)	2020-03-24 02:31:49
112.245.240.220	attack	Bot Attempts to access systems. Many different URL attempts and heavy use of PHP	2020-03-24 02:38:11
222.99.84.121	attackspambots	Invalid user vidovic from 222.99.84.121 port 34659	2020-03-24 02:24:01
178.34.156.249	attackbots	Mar 23 13:50:15 mail sshd\[24004\]: Invalid user qq from 178.34.156.249 Mar 23 13:50:15 mail sshd\[24004\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.34.156.249 ...	2020-03-24 02:14:02
185.13.127.54	attack	Mar 23 19:15:33 SilenceServices sshd[6497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.13.127.54 Mar 23 19:15:35 SilenceServices sshd[6497]: Failed password for invalid user kf2server from 185.13.127.54 port 54602 ssh2 Mar 23 19:23:05 SilenceServices sshd[28316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.13.127.54	2020-03-24 02:34:24
181.120.246.83	attackbots	Mar 23 16:48:21 ip-172-31-62-245 sshd\[26903\]: Invalid user edward from 181.120.246.83\ Mar 23 16:48:23 ip-172-31-62-245 sshd\[26903\]: Failed password for invalid user edward from 181.120.246.83 port 41416 ssh2\ Mar 23 16:52:38 ip-172-31-62-245 sshd\[26919\]: Invalid user s1 from 181.120.246.83\ Mar 23 16:52:40 ip-172-31-62-245 sshd\[26919\]: Failed password for invalid user s1 from 181.120.246.83 port 36440 ssh2\ Mar 23 16:56:54 ip-172-31-62-245 sshd\[26958\]: Invalid user test from 181.120.246.83\	2020-03-24 02:16:06
66.131.216.79	attackbots	Mar 23 17:37:55 vmd17057 sshd[8767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.131.216.79 Mar 23 17:37:57 vmd17057 sshd[8767]: Failed password for invalid user admin from 66.131.216.79 port 50363 ssh2 ...	2020-03-24 02:11:55
121.99.229.34	attackbots	Mar 23 15:46:10 l02a.shelladdress.co.uk proftpd[28044] 127.0.0.1 (::ffff:121.99.229.34[::ffff:121.99.229.34]): USER www: no such user found from ::ffff:121.99.229.34 [::ffff:121.99.229.34] to ::ffff:185.47.61.72:21 Mar 23 15:46:12 l02a.shelladdress.co.uk proftpd[28052] 127.0.0.1 (::ffff:121.99.229.34[::ffff:121.99.229.34]): USER www: no such user found from ::ffff:121.99.229.34 [::ffff:121.99.229.34] to ::ffff:185.47.61.72:21 Mar 23 15:46:13 l02a.shelladdress.co.uk proftpd[28060] 127.0.0.1 (::ffff:121.99.229.34[::ffff:121.99.229.34]): USER www: no such user found from ::ffff:121.99.229.34 [::ffff:121.99.229.34] to ::ffff:185.47.61.72:21	2020-03-24 02:50:55
54.38.185.226	attackspam	Mar 23 16:41:13 silence02 sshd[5036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.185.226 Mar 23 16:41:16 silence02 sshd[5036]: Failed password for invalid user black from 54.38.185.226 port 32924 ssh2 Mar 23 16:46:11 silence02 sshd[6033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.185.226	2020-03-24 02:53:21
202.65.148.98	attackspam	$f2bV_matches	2020-03-24 02:41:48
49.231.201.242	attackbots	(sshd) Failed SSH login from 49.231.201.242 (TH/Thailand/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 23 16:35:05 amsweb01 sshd[6290]: Invalid user o2 from 49.231.201.242 port 43784 Mar 23 16:35:07 amsweb01 sshd[6290]: Failed password for invalid user o2 from 49.231.201.242 port 43784 ssh2 Mar 23 16:45:30 amsweb01 sshd[7512]: Invalid user yangdeyue from 49.231.201.242 port 47746 Mar 23 16:45:33 amsweb01 sshd[7512]: Failed password for invalid user yangdeyue from 49.231.201.242 port 47746 ssh2 Mar 23 16:53:15 amsweb01 sshd[8288]: Invalid user mongo from 49.231.201.242 port 39570	2020-03-24 02:31:05
71.237.171.150	attackspambots	Mar 23 14:51:55 firewall sshd[10661]: Invalid user administrator from 71.237.171.150 Mar 23 14:51:57 firewall sshd[10661]: Failed password for invalid user administrator from 71.237.171.150 port 41454 ssh2 Mar 23 14:58:10 firewall sshd[10908]: Invalid user jara from 71.237.171.150 ...	2020-03-24 02:35:07
185.147.215.12	attackbots	[2020-03-23 13:17:26] NOTICE[1148] chan_sip.c: Registration from '' failed for '185.147.215.12:60692' - Wrong password [2020-03-23 13:17:26] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-23T13:17:26.512-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7466",SessionID="0x7fd82c530768",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.215.12/60692",Challenge="5726a1bf",ReceivedChallenge="5726a1bf",ReceivedHash="4bc7df838db3bac2fa5d42efe7745817" [2020-03-23 13:17:48] NOTICE[1148] chan_sip.c: Registration from '' failed for '185.147.215.12:49322' - Wrong password [2020-03-23 13:17:48] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-03-23T13:17:48.447-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="8342",SessionID="0x7fd82c40aa58",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.147.21 ...	2020-03-24 02:36:11

Recently Reported IPs

177.11.19.132	20.91.143.145	71.93.81.134	37.114.219.117
41.33.52.43	84.53.229.218	2.180.31.44	117.50.16.171
156.215.56.100	47.40.37.233	39.79.167.25	75.119.205.41
37.56.107.172	92.50.234.197	114.237.43.221	175.140.88.38
195.87.182.10	104.168.234.66	96.45.31.180	41.46.191.215