184.105.139.104

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Hurricane Electric LLC

Hostname: unknown

Organization: Hurricane Electric LLC

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Hit honeypot r.	2020-08-23 13:23:47
attackbotsspam	srv02 Mass scanning activity detected Target: 123(ntp) ..	2020-08-15 18:07:58
attack	firewall-block, port(s): 123/udp	2020-07-20 19:25:53
attackspambots	TCP (SYN) 184.105.139.104:54281 -> port 2323, len 44	2020-06-26 15:22:54
attackspam	389/tcp 4786/tcp 7547/tcp... [2020-02-05/04-04]28pkt,15pt.(tcp),1pt.(udp)	2020-04-05 03:55:52
attackspambots	" "	2020-02-29 15:02:16
attack	Port scan: Attack repeated for 24 hours	2020-02-21 05:29:00
attack	IP: 184.105.139.104 Ports affected http protocol over TLS/SSL (443) Abuse Confidence rating 100% ASN Details AS6939 Hurricane Electric LLC United States (US) CIDR 184.105.139.96/27 Log Date: 3/01/2020 4:50:43 AM UTC	2020-01-03 15:04:07
attack	4786/tcp 23/tcp 445/tcp... [2019-07-17/09-11]33pkt,20pt.(tcp),2pt.(udp)	2019-09-12 01:52:56
attackbots	scan r	2019-09-02 11:50:53
attackbotsspam	scan z	2019-07-18 16:22:12
attackspambots	" "	2019-06-25 21:15:18

Comments on same subnet:

IP	Type	Details	Datetime
184.105.139.105	attackproxy	Compromised IP	2024-05-09 23:09:39
184.105.139.109	attackproxy	Vulnerability Scanner	2024-04-30 12:59:43
184.105.139.70	attack	Vulnerability Scanner	2024-04-20 00:30:49
184.105.139.90	botsattackproxy	Ddos bot	2024-04-20 00:26:45
184.105.139.68	attack	Vulnerability Scanner	2024-04-10 01:16:38
184.105.139.69	proxy	VPN fraud	2023-05-15 19:23:33
184.105.139.120	proxy	VPN fraud	2023-05-10 13:17:43
184.105.139.103	proxy	VPN fraud	2023-03-20 14:02:25
184.105.139.99	proxy	VPN fraud	2023-03-20 13:57:09
184.105.139.74	proxy	VPN	2023-01-30 14:03:54
184.105.139.86	proxy	VPN	2023-01-19 13:51:12
184.105.139.124	attackproxy	VPN	2022-12-29 20:40:24
184.105.139.124	attack	VPN	2022-12-29 20:40:21
184.105.139.126	proxy	Attack VPN	2022-12-09 13:59:02
184.105.139.70	attackbotsspam	TCP (SYN) 184.105.139.70:51140 -> port 5900, len 40	2020-10-14 04:24:47

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 184.105.139.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46155
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;184.105.139.104.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Mon Apr 15 10:15:51 +08 2019
;; MSG SIZE  rcvd: 119

Host info

104.139.105.184.in-addr.arpa is an alias for 104.64-26.139.105.184.in-addr.arpa.
104.64-26.139.105.184.in-addr.arpa domain name pointer scan-02i.shadowserver.org.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
104.139.105.184.in-addr.arpa	canonical name = 104.64-26.139.105.184.in-addr.arpa.
104.64-26.139.105.184.in-addr.arpa	name = scan-02i.shadowserver.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
86.102.88.242	attack	Dec 14 08:48:37 localhost sshd\[1418\]: Invalid user server from 86.102.88.242 Dec 14 08:48:37 localhost sshd\[1418\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.102.88.242 Dec 14 08:48:39 localhost sshd\[1418\]: Failed password for invalid user server from 86.102.88.242 port 48270 ssh2 Dec 14 08:54:51 localhost sshd\[1729\]: Invalid user Maili from 86.102.88.242 Dec 14 08:54:51 localhost sshd\[1729\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.102.88.242 ...	2019-12-14 16:03:04
129.204.101.132	attack	Dec 13 21:46:28 auw2 sshd\[24581\]: Invalid user arbin from 129.204.101.132 Dec 13 21:46:28 auw2 sshd\[24581\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.101.132 Dec 13 21:46:30 auw2 sshd\[24581\]: Failed password for invalid user arbin from 129.204.101.132 port 47822 ssh2 Dec 13 21:53:38 auw2 sshd\[25474\]: Invalid user router from 129.204.101.132 Dec 13 21:53:38 auw2 sshd\[25474\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.101.132	2019-12-14 15:59:12
204.48.19.178	attackbotsspam	--- report --- Dec 14 04:59:16 sshd: Connection from 204.48.19.178 port 39542 Dec 14 04:59:16 sshd: Invalid user postgres from 204.48.19.178 Dec 14 04:59:16 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.19.178 Dec 14 04:59:18 sshd: Failed password for invalid user postgres from 204.48.19.178 port 39542 ssh2 Dec 14 04:59:18 sshd: Received disconnect from 204.48.19.178: 11: Bye Bye [preauth]	2019-12-14 16:14:11
184.105.139.97	attackspambots	Portscan or hack attempt detected by psad/fwsnort	2019-12-14 15:45:23
112.85.42.227	attack	Dec 14 02:38:50 TORMINT sshd\[12892\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.227 user=root Dec 14 02:38:52 TORMINT sshd\[12892\]: Failed password for root from 112.85.42.227 port 22471 ssh2 Dec 14 02:42:33 TORMINT sshd\[12998\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.227 user=root ...	2019-12-14 16:01:13
111.72.197.190	attackspam	2019-12-14 00:28:12 H=(ylmf-pc) [111.72.197.190]:49269 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-14 00:28:12 H=(ylmf-pc) [111.72.197.190]:62354 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-14 00:28:14 H=(ylmf-pc) [111.72.197.190]:63269 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-14 16:15:40
40.121.194.179	attackbots	Dec 14 09:05:26 meumeu sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.121.194.179 Dec 14 09:05:28 meumeu sshd[7813]: Failed password for invalid user admin from 40.121.194.179 port 47392 ssh2 Dec 14 09:11:47 meumeu sshd[8661]: Failed password for root from 40.121.194.179 port 56620 ssh2 ...	2019-12-14 16:14:38
211.24.103.165	attackbotsspam	Dec 14 09:14:14 vps647732 sshd[31034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.24.103.165 Dec 14 09:14:16 vps647732 sshd[31034]: Failed password for invalid user moorhty from 211.24.103.165 port 43839 ssh2 ...	2019-12-14 16:24:28
5.52.126.26	attack	[portscan] Port scan	2019-12-14 16:13:00
167.172.172.118	attack	2019-12-14T07:31:08.541626shield sshd\[32257\]: Invalid user benkler from 167.172.172.118 port 42726 2019-12-14T07:31:08.546374shield sshd\[32257\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.172.118 2019-12-14T07:31:10.947560shield sshd\[32257\]: Failed password for invalid user benkler from 167.172.172.118 port 42726 ssh2 2019-12-14T07:36:25.230993shield sshd\[1084\]: Invalid user ANGEL from 167.172.172.118 port 51416 2019-12-14T07:36:25.235528shield sshd\[1084\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.172.118	2019-12-14 15:49:10
93.113.111.100	attackspambots	Automatic report - XMLRPC Attack	2019-12-14 16:11:37
92.46.247.103	attackbots	Unauthorised access (Dec 14) SRC=92.46.247.103 LEN=52 TTL=120 ID=24747 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Dec 14) SRC=92.46.247.103 LEN=52 TTL=120 ID=21000 DF TCP DPT=445 WINDOW=8192 SYN	2019-12-14 16:12:00
164.132.56.243	attackbotsspam	Invalid user uk from 164.132.56.243 port 49585	2019-12-14 16:10:19
157.39.103.232	attack	Dec 14 07:28:41 vpn01 sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.39.103.232 Dec 14 07:28:44 vpn01 sshd[12660]: Failed password for invalid user ftp from 157.39.103.232 port 63285 ssh2 ...	2019-12-14 15:49:41
154.8.138.184	attack	Dec 14 08:55:36 amit sshd\[4765\]: Invalid user tiptop from 154.8.138.184 Dec 14 08:55:36 amit sshd\[4765\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.8.138.184 Dec 14 08:55:38 amit sshd\[4765\]: Failed password for invalid user tiptop from 154.8.138.184 port 38110 ssh2 ...	2019-12-14 16:02:35

Recently Reported IPs

27.128.169.31	69.92.217.254	218.88.22.113	68.183.123.123
178.128.185.38	109.94.114.41	103.251.83.196	178.128.22.68
39.81.255.94	122.114.206.74	217.215.235.17	12.178.100.56
54.37.121.239	106.13.106.199	2002:3da0:dd49::3da0:dd49	72.219.179.63
85.243.1.45	35.187.3.173	89.238.154.37	123.134.251.25