104.152.52.34 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Rethem Hosting LLC

主机名(hostname): unknown

机构(organization): Rethem Hosting LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	May 7 03:58:00 *** sshd[3964]: Did not receive identification string from 104.152.52.34	2020-05-07 12:44:35
attack	tcp 0 0 103.6.144.10:10000 104.152.52.34:48127 ESTABLISHED 7830/perl unix 3 [ ] STREAM CONNECTED 15783 1/systemd /run/systemd/journal/stdout has some how infected my server with a python script	2019-08-24 18:49:51

类型

评论内容

时间

attack

May  7 03:58:00 *** sshd[3964]: Did not receive identification string from 104.152.52.34

2020-05-07 12:44:35

attack

tcp        0      0 103.6.144.10:10000      104.152.52.34:48127     ESTABLISHED 7830/perl
unix  3      [ ]         STREAM     CONNECTED     15783    1/systemd           /run/systemd/journal/stdout

has some how infected my server with a python script

2019-08-24 18:49:51

相同子网IP讨论:

IP	类型	评论内容	时间
104.152.52.231	botsattackproxy	Bot attacker IP	2025-03-25 13:44:38
104.152.52.145	botsattackproxy	Vulnerability Scanner	2025-03-20 13:41:36
104.152.52.100	spamattackproxy	VoIP blacklist IP	2025-03-14 22:09:59
104.152.52.139	attack	Brute-force attacker IP	2025-03-10 13:45:36
104.152.52.219	botsattackproxy	Bot attacker IP	2025-03-04 13:55:48
104.152.52.124	botsattackproxy	Vulnerability Scanner	2025-02-26 17:12:59
104.152.52.146	botsattackproxy	Bot attacker IP	2025-02-21 12:31:03
104.152.52.161	botsattackproxy	Vulnerability Scanner	2025-02-05 14:00:57
104.152.52.176	botsattackproxy	Botnet DB Scanner	2025-01-20 14:03:26
104.152.52.141	botsattack	Vulnerability Scanner	2025-01-09 22:45:15
104.152.52.165	botsattackproxy	Bot attacker IP	2024-09-24 16:44:08
104.152.52.226	botsattackproxy	Vulnerability Scanner	2024-08-28 12:46:53
104.152.52.142	spambotsattack	Vulnerability Scanner	2024-08-26 12:47:13
104.152.52.116	spamattack	Compromised IP	2024-07-06 14:07:26
104.152.52.204	attack	Bad IP	2024-07-01 12:36:27

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26143
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.34.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Tue Apr 02 19:38:12 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

34.52.152.104.in-addr.arpa domain name pointer internettl.org.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
34.52.152.104.in-addr.arpa	name = internettl.org.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
206.189.145.152	attackspambots	DATE:2019-07-02 09:04:37, IP:206.189.145.152, PORT:ssh brute force auth on SSH service (patata)	2019-07-02 15:05:45
160.20.15.41	attackbotsspam	445/tcp 445/tcp 445/tcp... [2019-05-06/07-02]7pkt,1pt.(tcp)	2019-07-02 15:39:57
192.157.230.122	attackspambots	445/tcp 445/tcp 445/tcp... [2019-06-10/07-02]5pkt,1pt.(tcp)	2019-07-02 15:14:56
87.103.204.149	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-02 02:28:22,585 INFO [amun_request_handler] PortScan Detected on Port: 445 (87.103.204.149)	2019-07-02 15:32:53
45.32.213.73	attackspam	Jul 2 05:43:48 localhost sshd\[13930\]: Invalid user 123456 from 45.32.213.73 port 38645 Jul 2 05:43:48 localhost sshd\[13930\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.32.213.73 ...	2019-07-02 15:29:02
78.111.97.4	attack	445/tcp 445/tcp 445/tcp... [2019-06-14/07-02]7pkt,1pt.(tcp)	2019-07-02 15:20:30
162.243.4.134	attackbots	Jul 2 06:17:06 localhost sshd\[16207\]: Invalid user dasusr1 from 162.243.4.134 port 53230 Jul 2 06:17:06 localhost sshd\[16207\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.4.134 ...	2019-07-02 15:42:26
27.72.100.119	attackbotsspam	445/tcp 445/tcp [2019-06-15/07-02]2pkt	2019-07-02 15:14:34
123.25.218.61	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-02 02:28:20,854 INFO [amun_request_handler] PortScan Detected on Port: 445 (123.25.218.61)	2019-07-02 15:41:01
112.85.42.180	attackbotsspam	Jul 1 22:32:07 sanyalnet-cloud-vps3 sshd[6079]: Connection from 112.85.42.180 port 32533 on 45.62.248.66 port 22 Jul 1 22:32:08 sanyalnet-cloud-vps3 sshd[6079]: User r.r from 112.85.42.180 not allowed because not listed in AllowUsers Jul 1 22:32:08 sanyalnet-cloud-vps3 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.180 user=r.r Jul 1 22:32:10 sanyalnet-cloud-vps3 sshd[6079]: Failed none for invalid user r.r from 112.85.42.180 port 32533 ssh2 Jul 1 22:32:12 sanyalnet-cloud-vps3 sshd[6079]: Failed password for invalid user r.r from 112.85.42.180 port 32533 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=112.85.42.180	2019-07-02 15:46:02
129.204.125.194	attackspambots	23/tcp 23/tcp 23/tcp... [2019-05-02/07-02]18pkt,1pt.(tcp)	2019-07-02 15:26:24
118.24.91.111	attackbotsspam	Mar 1 21:33:49 motanud sshd\[4771\]: Invalid user iv from 118.24.91.111 port 39418 Mar 1 21:33:49 motanud sshd\[4771\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.91.111 Mar 1 21:33:51 motanud sshd\[4771\]: Failed password for invalid user iv from 118.24.91.111 port 39418 ssh2	2019-07-02 15:24:28
189.188.89.61	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-02 00:08:06,864 INFO [shellcode_manager] (189.188.89.61) no match, writing hexdump (782fe271924b6c9fa243a7afb17f58ae :2323761) - MS17010 (EternalBlue)	2019-07-02 15:15:37
118.24.54.178	attack	Jan 12 05:28:33 motanud sshd\[32251\]: Invalid user csserver from 118.24.54.178 port 55330 Jan 12 05:28:33 motanud sshd\[32251\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.54.178 Jan 12 05:28:35 motanud sshd\[32251\]: Failed password for invalid user csserver from 118.24.54.178 port 55330 ssh2	2019-07-02 15:39:08
202.75.100.234	attack	$f2bV_matches	2019-07-02 15:51:22

最近上报的IP列表

14.177.215.204	78.85.138.22	164.77.52.227	154.180.179.11
217.107.198.146	23.224.112.2	91.202.222.45	45.40.194.24
42.236.78.10	193.112.0.62	5.188.210.17	87.106.34.39
190.144.79.102	179.97.168.36	177.103.220.193	217.182.72.60
159.253.47.219	5.108.40.205	106.13.46.114	59.32.37.108