104.244.72.242

Basic Info

City: unknown

Region: unknown

Country: None

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.244.72.38	attackbotsspam	xmlrpc attack	2020-10-10 22:15:36
104.244.72.38	attack	CMS (WordPress or Joomla) login attempt.	2020-10-10 14:08:50
104.244.72.115	attack	104.244.72.115 (US/United States/-), 7 distributed sshd attacks on account [admin] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 20 10:06:28 server2 sshd[15527]: Failed password for invalid user admin from 104.244.72.115 port 57964 ssh2 Sep 20 10:06:30 server2 sshd[15572]: Invalid user admin from 95.128.43.164 Sep 20 10:06:32 server2 sshd[15572]: Failed password for invalid user admin from 95.128.43.164 port 55602 ssh2 Sep 20 10:06:34 server2 sshd[15610]: Invalid user admin from 104.244.75.157 Sep 20 10:06:36 server2 sshd[15610]: Failed password for invalid user admin from 104.244.75.157 port 34573 ssh2 Sep 20 10:07:22 server2 sshd[16018]: Invalid user admin from 212.21.66.6 Sep 20 10:06:25 server2 sshd[15527]: Invalid user admin from 104.244.72.115 IP Addresses Blocked:	2020-09-20 23:32:54
104.244.72.115	attack	Sep 20 08:04:25 vpn01 sshd[9754]: Failed password for root from 104.244.72.115 port 47340 ssh2 Sep 20 08:04:36 vpn01 sshd[9754]: error: maximum authentication attempts exceeded for root from 104.244.72.115 port 47340 ssh2 [preauth] ...	2020-09-20 15:21:30
104.244.72.115	attackspambots	Sep 20 00:03:39 sigma sshd\[30820\]: Invalid user admin from 104.244.72.115Sep 20 00:03:40 sigma sshd\[30820\]: Failed password for invalid user admin from 104.244.72.115 port 45068 ssh2 ...	2020-09-20 07:17:51
104.244.72.203	attackbots	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 20:20:32
104.244.72.203	attackspambots	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 12:53:28
104.244.72.203	attack	(mod_security) mod_security (id:980001) triggered by 104.244.72.203 (US/United States/-): 5 in the last 14400 secs; ID: rub	2020-09-16 04:38:14
104.244.72.115	attackbotsspam	Jun 26 11:25:48 IngegnereFirenze sshd[15703]: User root from 104.244.72.115 not allowed because not listed in AllowUsers ...	2020-06-27 00:36:02
104.244.72.115	attackspam	srv02 SSH BruteForce Attacks 22 ..	2020-06-13 22:10:32
104.244.72.115	attackbotsspam	prod6 ...	2020-06-09 14:06:47
104.244.72.115	attackspam	US_FranTech BuyVM_<177>1585281315 [1:2522002:4013] ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 3 [Classification: Misc Attack] [Priority: 2]: {TCP} 104.244.72.115:46840	2020-03-27 12:22:51
104.244.72.54	attack	scans 2 times in preceeding hours on the ports (in chronological order) 52869 52869	2020-02-27 00:56:43
104.244.72.115	attack	02/21/2020-14:20:55.747469 104.244.72.115 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 2	2020-02-21 21:33:41
104.244.72.115	attack	xmlrpc attack	2020-02-10 07:35:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.244.72.242
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64371
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.244.72.242.			IN	A

;; AUTHORITY SECTION:
.			180	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030300 1800 900 604800 86400

;; Query time: 19 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 01:59:54 CST 2022
;; MSG SIZE  rcvd: 107

Host info

242.72.244.104.in-addr.arpa domain name pointer kuma-lux-1.services.lewiscomputing.co.uk.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
242.72.244.104.in-addr.arpa	name = kuma-lux-1.services.lewiscomputing.co.uk.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.237.144.136	attackbots		2020-01-17 21:17:00
125.212.211.7	attack	port scan and connect, tcp 1433 (ms-sql-s)	2020-01-17 21:21:51
23.245.228.248	attackspam	20/1/17@08:35:01: FAIL: Alarm-Network address from=23.245.228.248 20/1/17@08:35:01: FAIL: Alarm-Network address from=23.245.228.248 ...	2020-01-17 21:36:24
216.10.242.28	attackbotsspam	2020-01-17T13:15:23.326810shield sshd\[16522\]: Invalid user telefonica from 216.10.242.28 port 37766 2020-01-17T13:15:23.331091shield sshd\[16522\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.28 2020-01-17T13:15:25.620475shield sshd\[16522\]: Failed password for invalid user telefonica from 216.10.242.28 port 37766 ssh2 2020-01-17T13:18:56.098737shield sshd\[17733\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.28 user=root 2020-01-17T13:18:58.296246shield sshd\[17733\]: Failed password for root from 216.10.242.28 port 39244 ssh2	2020-01-17 21:30:48
51.158.21.110	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-01-17 21:43:41
152.136.101.83	attackbotsspam	Jan 17 12:38:16 vtv3 sshd[32735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.101.83 Jan 17 12:38:18 vtv3 sshd[32735]: Failed password for invalid user samba from 152.136.101.83 port 51780 ssh2 Jan 17 12:41:39 vtv3 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.101.83 Jan 17 12:51:53 vtv3 sshd[6657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.101.83 Jan 17 12:51:55 vtv3 sshd[6657]: Failed password for invalid user tanja from 152.136.101.83 port 52404 ssh2 Jan 17 12:55:08 vtv3 sshd[7967]: Failed password for root from 152.136.101.83 port 45474 ssh2 Jan 17 13:07:23 vtv3 sshd[13764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.101.83 Jan 17 13:07:25 vtv3 sshd[13764]: Failed password for invalid user backuppc from 152.136.101.83 port 46010 ssh2 Jan 17 13:10:56 vtv3 sshd[15532]: Failed password f	2020-01-17 21:16:34
213.248.242.48	attackspambots	Sending SPAM email	2020-01-17 21:11:25
51.91.108.134	attack	Unauthorized connection attempt detected from IP address 51.91.108.134 to port 2220 [J]	2020-01-17 21:31:07
220.76.205.178	attack	Jan 17 13:38:01 prox sshd[19869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.76.205.178 Jan 17 13:38:03 prox sshd[19869]: Failed password for invalid user lw from 220.76.205.178 port 59830 ssh2	2020-01-17 21:46:35
80.147.49.244	attack	Jan 17 14:04:54 sshd\[30263\]: Invalid user user from 80.147.49.244Jan 17 14:04:56 sshd\[30263\]: Failed password for invalid user user from 80.147.49.244 port 59898 ssh2 ...	2020-01-17 21:20:54
82.209.235.1	attackbotsspam	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2020-01-17 21:25:32
134.236.154.112	attackspambots	Jan 17 13:45:18 mxgate1 sshd[11470]: Invalid user admin from 134.236.154.112 port 49374 Jan 17 13:45:18 mxgate1 sshd[11470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.236.154.112 Jan 17 13:45:20 mxgate1 sshd[11470]: Failed password for invalid user admin from 134.236.154.112 port 49374 ssh2 Jan 17 13:45:20 mxgate1 sshd[11470]: Connection closed by 134.236.154.112 port 49374 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=134.236.154.112	2020-01-17 21:48:14
222.252.16.154	attackbotsspam	Jan 17 14:04:42 amit sshd\[32120\]: Invalid user sftpuser from 222.252.16.154 Jan 17 14:04:42 amit sshd\[32120\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.252.16.154 Jan 17 14:04:44 amit sshd\[32120\]: Failed password for invalid user sftpuser from 222.252.16.154 port 10416 ssh2 ...	2020-01-17 21:30:13
171.217.59.20	attackspam	Jan 17 10:30:22 new sshd[31005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.217.59.20 user=r.r Jan 17 10:30:25 new sshd[31005]: Failed password for r.r from 171.217.59.20 port 45712 ssh2 Jan 17 10:30:25 new sshd[31005]: Received disconnect from 171.217.59.20: 11: Bye Bye [preauth] Jan 17 10:36:17 new sshd[642]: Failed password for invalid user admin from 171.217.59.20 port 40088 ssh2 Jan 17 10:36:18 new sshd[642]: Received disconnect from 171.217.59.20: 11: Bye Bye [preauth] Jan 17 10:38:33 new sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.217.59.20 user=r.r Jan 17 10:38:35 new sshd[1715]: Failed password for r.r from 171.217.59.20 port 50228 ssh2 Jan 17 10:38:35 new sshd[1715]: Received disconnect from 171.217.59.20: 11: Bye Bye [preauth] Jan 17 10:41:43 new sshd[2754]: Connection closed by 171.217.59.20 [preauth] Jan 17 10:48:33 new sshd[5104]: Connection close........ -------------------------------	2020-01-17 21:19:34
78.157.216.224	attack	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2020-01-17 21:40:53

Recently Reported IPs

104.244.46.57	131.242.113.187	104.244.72.69	104.244.75.22
104.244.76.50	104.244.77.100	104.244.77.157	104.244.77.182
104.244.77.4	30.76.229.23	175.244.167.228	104.244.79.205
104.244.79.251	92.103.91.226	104.244.79.35	104.245.14.224
104.245.16.151	104.245.203.71	104.248.163.213	104.248.17.98