184.105.139.81

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Hurricane Electric LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	1 Attack(s) Detected [DoS Attack: TCP/UDP Chargen] from source: 184.105.139.81, port 37170, Saturday, September 19, 2020 22:05:56	2020-09-21 03:36:26
attack	srv02 Mass scanning activity detected Target: 19(chargen) ..	2020-09-20 19:45:33
attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2020-08-20 18:38:18
attack	GPL RPC xdmcp info query - port: 177 proto: udp cat: Attempted Information Leakbytes: 60	2020-08-01 00:23:44
attackbotsspam	07/14/2020-22:02:45.289214 184.105.139.81 Protocol: 17 GPL RPC xdmcp info query	2020-07-15 13:51:33
attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-07-04 23:05:33
attack	firewall-block, port(s): 177/udp	2020-04-16 16:57:37
attackspam	3389/tcp 873/tcp 50075/tcp... [2020-01-07/03-05]30pkt,6pt.(tcp),3pt.(udp)	2020-03-05 22:09:06
attack	Unauthorised access (Feb 21) SRC=184.105.139.81 LEN=40 TTL=242 ID=54321 TCP DPT=445 WINDOW=65535 SYN	2020-02-22 02:50:45
attackspam	Port probing on unauthorized port 5555	2020-02-15 02:44:28
attackspambots	scan r	2019-12-14 13:49:36
attackbots	8080/tcp 50075/tcp 548/tcp... [2019-10-07/12-07]34pkt,7pt.(tcp),3pt.(udp)	2019-12-07 21:45:06
attackspam	Port scan: Attack repeated for 24 hours	2019-11-04 16:26:03
attackbots	23/tcp 5900/tcp 21/tcp... [2019-06-02/08-02]63pkt,8pt.(tcp),3pt.(udp)	2019-08-03 20:55:48
attackbotsspam	" "	2019-07-29 19:36:29
attackbotsspam	firewall-block, port(s): 177/udp	2019-07-25 11:16:09
attackspam	23/tcp 5900/tcp 21/tcp... [2019-05-18/07-17]58pkt,10pt.(tcp),3pt.(udp)	2019-07-17 21:22:48
attack	1561612605 - 06/27/2019 12:16:45 Host: scan-03b.shadowserver.org/184.105.139.81 Port: 19 UDP Blocked ...	2019-06-29 00:55:28
attackbots	firewall-block, port(s): 1900/udp	2019-06-27 16:08:44

Comments on same subnet:

IP	Type	Details	Datetime
184.105.139.105	attackproxy	Compromised IP	2024-05-09 23:09:39
184.105.139.109	attackproxy	Vulnerability Scanner	2024-04-30 12:59:43
184.105.139.70	attack	Vulnerability Scanner	2024-04-20 00:30:49
184.105.139.90	botsattackproxy	Ddos bot	2024-04-20 00:26:45
184.105.139.68	attack	Vulnerability Scanner	2024-04-10 01:16:38
184.105.139.69	proxy	VPN fraud	2023-05-15 19:23:33
184.105.139.120	proxy	VPN fraud	2023-05-10 13:17:43
184.105.139.103	proxy	VPN fraud	2023-03-20 14:02:25
184.105.139.99	proxy	VPN fraud	2023-03-20 13:57:09
184.105.139.74	proxy	VPN	2023-01-30 14:03:54
184.105.139.86	proxy	VPN	2023-01-19 13:51:12
184.105.139.124	attackproxy	VPN	2022-12-29 20:40:24
184.105.139.124	attack	VPN	2022-12-29 20:40:21
184.105.139.126	proxy	Attack VPN	2022-12-09 13:59:02
184.105.139.70	attackbotsspam	TCP (SYN) 184.105.139.70:51140 -> port 5900, len 40	2020-10-14 04:24:47

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 184.105.139.81
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53117
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;184.105.139.81.			IN	A

;; AUTHORITY SECTION:
.			3589	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040101 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Tue Apr 02 11:28:49 +08 2019
;; MSG SIZE  rcvd: 118

Host info

81.139.105.184.in-addr.arpa is an alias for 81.64-26.139.105.184.in-addr.arpa.
81.64-26.139.105.184.in-addr.arpa domain name pointer scan-03b.shadowserver.org.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
81.139.105.184.in-addr.arpa	canonical name = 81.64-26.139.105.184.in-addr.arpa.
81.64-26.139.105.184.in-addr.arpa	name = scan-03b.shadowserver.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.252.16.140	attackbots	Dec 13 23:35:45 srv206 sshd[1936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.252.16.140 user=root Dec 13 23:35:48 srv206 sshd[1936]: Failed password for root from 222.252.16.140 port 45984 ssh2 ...	2019-12-14 06:47:42
95.241.44.156	attack	Dec 13 07:11:11 web1 sshd\[1649\]: Invalid user baloran from 95.241.44.156 Dec 13 07:11:11 web1 sshd\[1649\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.241.44.156 Dec 13 07:11:13 web1 sshd\[1649\]: Failed password for invalid user baloran from 95.241.44.156 port 60957 ssh2 Dec 13 07:20:47 web1 sshd\[2563\]: Invalid user amano from 95.241.44.156 Dec 13 07:20:47 web1 sshd\[2563\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.241.44.156	2019-12-14 06:43:47
165.22.61.82	attack	2019-12-13T23:01:30.983267vps751288.ovh.net sshd\[24220\]: Invalid user server from 165.22.61.82 port 35668 2019-12-13T23:01:30.992381vps751288.ovh.net sshd\[24220\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.61.82 2019-12-13T23:01:33.016527vps751288.ovh.net sshd\[24220\]: Failed password for invalid user server from 165.22.61.82 port 35668 ssh2 2019-12-13T23:07:24.664229vps751288.ovh.net sshd\[24286\]: Invalid user alijae from 165.22.61.82 port 43350 2019-12-13T23:07:24.674063vps751288.ovh.net sshd\[24286\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.61.82	2019-12-14 06:44:47
217.127.133.214	attackspam	23/tcp 23/tcp [2019-10-20/12-13]2pkt	2019-12-14 06:41:22
118.24.23.196	attackspambots	Dec 13 23:06:27 tux-35-217 sshd\[32411\]: Invalid user guest from 118.24.23.196 port 56496 Dec 13 23:06:27 tux-35-217 sshd\[32411\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.23.196 Dec 13 23:06:29 tux-35-217 sshd\[32411\]: Failed password for invalid user guest from 118.24.23.196 port 56496 ssh2 Dec 13 23:10:55 tux-35-217 sshd\[32459\]: Invalid user guest from 118.24.23.196 port 48850 Dec 13 23:10:55 tux-35-217 sshd\[32459\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.23.196 ...	2019-12-14 06:52:50
85.13.163.1	attackbotsspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/85.13.163.1/ DE - 1H : (21) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : DE NAME ASN : ASN34788 IP : 85.13.163.1 CIDR : 85.13.163.0/24 PREFIX COUNT : 78 UNIQUE IP COUNT : 20736 ATTACKS DETECTED ASN34788 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 2 DateTime : 2019-12-13 16:53:28 INFO : HACK ! - Looking for resource vulnerabilities Scan Detected and Blocked by ADMIN - data recovery	2019-12-14 06:46:46
203.162.13.242	attackspam	Unauthorized connection attempt detected from IP address 203.162.13.242 to port 3389	2019-12-14 06:54:15
190.107.233.130	attackbotsspam	Unauthorized IMAP connection attempt	2019-12-14 07:05:30
218.92.0.175	attack	Dec 13 23:34:09 MK-Soft-Root2 sshd[28354]: Failed password for root from 218.92.0.175 port 29787 ssh2 Dec 13 23:34:14 MK-Soft-Root2 sshd[28354]: Failed password for root from 218.92.0.175 port 29787 ssh2 ...	2019-12-14 06:46:32
177.20.230.18	attack	1576252405 - 12/13/2019 16:53:25 Host: 177.20.230.18/177.20.230.18 Port: 445 TCP Blocked	2019-12-14 06:50:51
186.212.157.29	attack	port scan and connect, tcp 23 (telnet)	2019-12-14 06:59:08
150.95.140.160	attackspam	fraudulent SSH attempt	2019-12-14 07:00:51
23.94.187.130	attack	23.94.187.130 - - [13/Dec/2019:15:53:11 +0000] "POST /wp/wp-login.php HTTP/1.1" 200 6040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 23.94.187.130 - - [13/Dec/2019:15:53:12 +0000] "POST /wp/wp-login.php HTTP/1.1" 200 5770 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-14 07:01:46
223.204.14.94	attack	Unauthorized connection attempt detected from IP address 223.204.14.94 to port 445	2019-12-14 06:58:27
36.91.44.243	attackspam	xmlrpc attack	2019-12-14 07:01:22

Recently Reported IPs

24.220.73.91	162.243.144.186	113.130.212.8	184.105.247.234
113.160.172.120	103.99.196.55	206.189.88.75	201.217.4.220
212.156.221.177	192.169.139.161	179.107.84.18	111.231.78.82
195.91.139.243	180.76.107.186	196.52.43.102	202.83.168.195
159.226.169.53	181.40.122.2	106.12.206.53	219.150.245.253