172.104.1.5 - IPInfo

Basic Info

City: Philadelphia

Region: Pennsylvania

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
172.104.11.34	spambotsattack	Postfix attacker IP	2025-06-13 12:50:14
172.104.155.193	attackbotsspam	Unauthorized connection attempt detected from IP address 172.104.155.193 to port 1962	2020-10-14 00:04:06
172.104.155.193	attack	Unauthorized connection attempt detected from IP address 172.104.155.193 to port 1962	2020-10-13 15:18:39
172.104.155.193	attack	Unauthorized connection attempt from IP address 172.104.155.193 on port 465	2020-10-13 07:55:08
172.104.139.66	attackspam	172.104.139.66 - - [10/Oct/2020:17:25:15 +0100] "GET /api/v1/pods HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" ...	2020-10-11 03:34:48
172.104.139.66	attackbotsspam	speculative search for an API folder	2020-10-10 19:26:54
172.104.108.109	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 172.104.108.109 (US/-/scan-92.security.ipip.net): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/04 19:47:33 [error] 246777#0: 198802 [client 172.104.108.109] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160183365376.869714"] [ref "o0,13v21,13"], client: 172.104.108.109, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-10-05 03:53:39
172.104.108.109	attackbotsspam	Use Brute-Force	2020-10-04 19:43:17
172.104.109.160	attackbotsspam	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-09-29 07:21:06
172.104.109.160	attack	TCP (SYN) 172.104.109.160:51999 -> port 7001, len 44	2020-09-28 23:52:57
172.104.109.160	attackbotsspam	TCP (SYN) 172.104.109.160:51999 -> port 7001, len 44	2020-09-28 15:54:55
172.104.14.201	attack	TCP (SYN) 172.104.14.201:40250 -> port 80, len 40	2020-09-01 02:27:01
172.104.112.118	attackspambots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-08-30 15:16:10
172.104.100.117	attack	Unauthorized connection attempt detected from IP address 172.104.100.117 to port 3128 [T]	2020-08-29 22:16:24
172.104.119.24	attackbotsspam	Unauthorized connection attempt detected from IP address 172.104.119.24 to port 8118 [T]	2020-08-29 21:29:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 172.104.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23395
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;172.104.1.5.			IN	A

;; AUTHORITY SECTION:
.			530	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022100502 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 06 10:58:03 CST 2022
;; MSG SIZE  rcvd: 104

Host info

Host 5.1.104.172.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

server can't find 172.104.1.5.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.161.51.154	attack	20/10/1@04:32:55: FAIL: Alarm-Intrusion address from=51.161.51.154 ...	2020-10-02 07:23:21
103.196.20.74	attack	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-02 07:40:50
180.250.108.130	attackbots	Invalid user tester from 180.250.108.130 port 59045	2020-10-02 07:19:53
139.59.75.111	attackbotsspam	20 attempts against mh-ssh on cloud	2020-10-02 07:33:42
182.117.107.38	attackspam	Portscan detected	2020-10-02 07:23:48
137.186.107.194	attackspambots	Listed on abuseat.org plus zen-spamhaus / proto=6 . srcport=23579 . dstport=23 Telnet . (3742)	2020-10-02 07:33:00
182.61.36.56	attackbotsspam	Found on CINS badguys / proto=6 . srcport=42790 . dstport=27006 . (658)	2020-10-02 07:53:44
111.229.121.142	attackbotsspam	2020-10-01T17:38:54.501906ollin.zadara.org sshd[1762727]: Invalid user toby from 111.229.121.142 port 40798 2020-10-01T17:38:56.595940ollin.zadara.org sshd[1762727]: Failed password for invalid user toby from 111.229.121.142 port 40798 ssh2 ...	2020-10-02 07:54:00
151.236.193.195	attackspambots	2020-10-01T15:50:15.751495yoshi.linuxbox.ninja sshd[1476141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.236.193.195 2020-10-01T15:50:15.745308yoshi.linuxbox.ninja sshd[1476141]: Invalid user rock from 151.236.193.195 port 54780 2020-10-01T15:50:17.945477yoshi.linuxbox.ninja sshd[1476141]: Failed password for invalid user rock from 151.236.193.195 port 54780 ssh2 ...	2020-10-02 07:25:33
118.125.106.12	attack	Oct 2 00:26:50 vm0 sshd[8648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.125.106.12 Oct 2 00:26:52 vm0 sshd[8648]: Failed password for invalid user roger from 118.125.106.12 port 52389 ssh2 ...	2020-10-02 07:40:00
172.112.226.49	attackbotsspam	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	2020-10-02 07:21:40
202.72.225.17	attackbots	Oct 2 01:31:39 ns381471 sshd[29542]: Failed password for root from 202.72.225.17 port 51137 ssh2 Oct 2 01:35:48 ns381471 sshd[30441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.72.225.17	2020-10-02 07:42:26
178.156.77.184	attack	2020-09-30T22:37[Censored Hostname] sshd[23872]: Invalid user admin from 178.156.77.184 port 46516 2020-09-30T22:37[Censored Hostname] sshd[23872]: Failed password for invalid user admin from 178.156.77.184 port 46516 ssh2 2020-09-30T22:37[Censored Hostname] sshd[23874]: Invalid user admin from 178.156.77.184 port 46522[...]	2020-10-02 07:47:31
167.71.218.222	attackbotsspam	$f2bV_matches	2020-10-02 07:54:44
111.229.211.5	attackspambots	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2020-10-01T23:21:59Z	2020-10-02 07:29:09

Recently Reported IPs

161.50.238.117	52.124.131.52	46.37.236.12	121.189.175.209
229.61.122.192	177.59.188.102	82.12.113.161	127.116.140.102
97.41.142.41	86.240.37.206	171.109.22.130	229.184.32.1
233.66.19.76	69.157.219.187	33.188.160.63	78.38.30.94
64.47.33.105	177.44.191.201	121.162.55.130	211.0.15.94