104.152.52.5 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Rethem Hosting LLC

主机名(hostname): unknown

机构(organization): Rethem Hosting LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	[MultiHost/MultiPort scan (19)] tcp/106, tcp/110, tcp/111, tcp/113, tcp/119, tcp/135, tcp/139, tcp/1433, tcp/21, tcp/22, tcp/23, tcp/26, tcp/3306, tcp/37, tcp/445, tcp/5060, tcp/554, tcp/79, tcp/88 [scan/connect: 38 time(s)] *(RWIN=14600)(08041230)	2019-08-04 23:39:02

类型

评论内容

时间

attack

[MultiHost/MultiPort scan (19)] tcp/106, tcp/110, tcp/111, tcp/113, tcp/119, tcp/135, tcp/139, tcp/1433, tcp/21, tcp/22, tcp/23, tcp/26, tcp/3306, tcp/37, tcp/445, tcp/5060, tcp/554, tcp/79, tcp/88
[scan/connect: 38 time(s)]
*(RWIN=14600)(08041230)

2019-08-04 23:39:02

相同子网IP讨论:

IP	类型	评论内容	时间
104.152.52.231	botsattackproxy	Bot attacker IP	2025-03-25 13:44:38
104.152.52.145	botsattackproxy	Vulnerability Scanner	2025-03-20 13:41:36
104.152.52.100	spamattackproxy	VoIP blacklist IP	2025-03-14 22:09:59
104.152.52.139	attack	Brute-force attacker IP	2025-03-10 13:45:36
104.152.52.219	botsattackproxy	Bot attacker IP	2025-03-04 13:55:48
104.152.52.124	botsattackproxy	Vulnerability Scanner	2025-02-26 17:12:59
104.152.52.146	botsattackproxy	Bot attacker IP	2025-02-21 12:31:03
104.152.52.161	botsattackproxy	Vulnerability Scanner	2025-02-05 14:00:57
104.152.52.176	botsattackproxy	Botnet DB Scanner	2025-01-20 14:03:26
104.152.52.141	botsattack	Vulnerability Scanner	2025-01-09 22:45:15
104.152.52.165	botsattackproxy	Bot attacker IP	2024-09-24 16:44:08
104.152.52.226	botsattackproxy	Vulnerability Scanner	2024-08-28 12:46:53
104.152.52.142	spambotsattack	Vulnerability Scanner	2024-08-26 12:47:13
104.152.52.116	spamattack	Compromised IP	2024-07-06 14:07:26
104.152.52.204	attack	Bad IP	2024-07-01 12:36:27

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.152.52.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43116
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.152.52.5.			IN	A

;; AUTHORITY SECTION:
.			324	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061502 1800 900 604800 86400

;; Query time: 94 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jun 16 09:50:49 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

5.52.152.104.in-addr.arpa has no PTR record

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
*** Can't find 5.52.152.104.in-addr.arpa.: No answer

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
209.85.208.47	attack	Attempt to login to email server on SMTP service on 05-09-2019 09:45:34.	2019-09-05 22:36:29
209.85.166.54	attack	Attempt to login to email server on SMTP service on 05-09-2019 09:45:33.	2019-09-05 22:38:45
115.148.72.167	attackspambots	Sep 5 04:25:37 eola postfix/smtpd[25422]: connect from unknown[115.148.72.167] Sep 5 04:25:38 eola postfix/smtpd[25422]: lost connection after AUTH from unknown[115.148.72.167] Sep 5 04:25:38 eola postfix/smtpd[25422]: disconnect from unknown[115.148.72.167] ehlo=1 auth=0/1 commands=1/2 Sep 5 04:25:39 eola postfix/smtpd[25422]: connect from unknown[115.148.72.167] Sep 5 04:25:41 eola postfix/smtpd[25422]: lost connection after AUTH from unknown[115.148.72.167] Sep 5 04:25:41 eola postfix/smtpd[25422]: disconnect from unknown[115.148.72.167] ehlo=1 auth=0/1 commands=1/2 Sep 5 04:25:42 eola postfix/smtpd[25422]: connect from unknown[115.148.72.167] Sep 5 04:25:43 eola postfix/smtpd[25422]: lost connection after AUTH from unknown[115.148.72.167] Sep 5 04:25:43 eola postfix/smtpd[25422]: disconnect from unknown[115.148.72.167] ehlo=1 auth=0/1 commands=1/2 Sep 5 04:25:44 eola postfix/smtpd[25422]: connect from unknown[115.148.72.167] Sep 5 04:25:44 eola postfix/sm........ -------------------------------	2019-09-05 22:29:33
68.183.124.53	attackbots	Sep 5 04:44:24 hcbb sshd\[28841\]: Invalid user support from 68.183.124.53 Sep 5 04:44:24 hcbb sshd\[28841\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.124.53 Sep 5 04:44:26 hcbb sshd\[28841\]: Failed password for invalid user support from 68.183.124.53 port 50960 ssh2 Sep 5 04:49:00 hcbb sshd\[29284\]: Invalid user temp from 68.183.124.53 Sep 5 04:49:00 hcbb sshd\[29284\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.124.53	2019-09-05 22:50:05
167.71.208.88	attack	Sep 5 12:34:40 [host] sshd[15017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.208.88 user=www-data Sep 5 12:34:42 [host] sshd[15017]: Failed password for www-data from 167.71.208.88 port 41200 ssh2 Sep 5 12:39:14 [host] sshd[15196]: Invalid user test from 167.71.208.88 Sep 5 12:39:14 [host] sshd[15196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.208.88	2019-09-05 23:44:52
118.69.77.91	attackbots	SpamReport	2019-09-05 23:06:31
103.225.58.46	attackbotsspam	Sep 5 04:47:26 hiderm sshd\[30673\]: Invalid user teamspeak3 from 103.225.58.46 Sep 5 04:47:26 hiderm sshd\[30673\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.225.58.46 Sep 5 04:47:29 hiderm sshd\[30673\]: Failed password for invalid user teamspeak3 from 103.225.58.46 port 60306 ssh2 Sep 5 04:52:21 hiderm sshd\[31104\]: Invalid user admin1 from 103.225.58.46 Sep 5 04:52:21 hiderm sshd\[31104\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.225.58.46	2019-09-05 22:58:56
185.246.75.146	attackbots	Sep 5 08:52:14 raspberrypi sshd\[11073\]: Invalid user admin from 185.246.75.146Sep 5 08:52:17 raspberrypi sshd\[11073\]: Failed password for invalid user admin from 185.246.75.146 port 52544 ssh2Sep 5 09:06:38 raspberrypi sshd\[21616\]: Invalid user user01 from 185.246.75.146Sep 5 09:06:40 raspberrypi sshd\[21616\]: Failed password for invalid user user01 from 185.246.75.146 port 59778 ssh2Sep 5 09:12:32 raspberrypi sshd\[25956\]: Invalid user admin from 185.246.75.146Sep 5 09:12:35 raspberrypi sshd\[25956\]: Failed password for invalid user admin from 185.246.75.146 port 47336 ssh2Sep 5 09:18:08 raspberrypi sshd\[29910\]: Invalid user git from 185.246.75.146Sep 5 09:18:10 raspberrypi sshd\[29910\]: Failed password for invalid user git from 185.246.75.146 port 34878 ssh2Sep 5 09:23:35 raspberrypi sshd\[1460\]: Invalid user cactiuser from 185.246.75.146Sep 5 09:23:37 raspberrypi sshd\[1460\]: Failed password for invalid user cactiuser from 185.246.75.146 port 50628 ssh2Sep 5 09:29:11 raspberrypi ss	2019-09-05 22:41:37
209.85.160.178	attack	Attempt to login to email server on SMTP service on 05-09-2019 09:45:32.	2019-09-05 22:41:13
61.184.223.114	attackbotsspam	Time: Thu Sep 5 05:19:32 2019 -0300 IP: 61.184.223.114 (CN/China/-) Failures: 15 (ftpd) Interval: 3600 seconds Blocked: Permanent Block	2019-09-05 22:44:44
183.136.213.97	attack	CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2019-09-05 23:38:32
209.85.214.169	attack	Attempt to login to email server on SMTP service on 05-09-2019 09:45:36.	2019-09-05 22:29:01
212.64.44.246	attack	Sep 5 13:21:10 mail sshd\[16107\]: Invalid user admin1234 from 212.64.44.246 port 44842 Sep 5 13:21:10 mail sshd\[16107\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.44.246 Sep 5 13:21:12 mail sshd\[16107\]: Failed password for invalid user admin1234 from 212.64.44.246 port 44842 ssh2 Sep 5 13:27:04 mail sshd\[16891\]: Invalid user 123456 from 212.64.44.246 port 59824 Sep 5 13:27:04 mail sshd\[16891\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.64.44.246	2019-09-05 23:20:18
68.183.234.12	attack	Sep 5 04:28:28 php1 sshd\[2249\]: Invalid user demouser from 68.183.234.12 Sep 5 04:28:28 php1 sshd\[2249\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.234.12 Sep 5 04:28:30 php1 sshd\[2249\]: Failed password for invalid user demouser from 68.183.234.12 port 33900 ssh2 Sep 5 04:34:05 php1 sshd\[2761\]: Invalid user ftpuser1 from 68.183.234.12 Sep 5 04:34:05 php1 sshd\[2761\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.234.12	2019-09-05 22:43:27
186.179.100.145	attack	Sep 5 08:29:56 *** sshd[7848]: Invalid user admin from 186.179.100.145	2019-09-05 23:02:35

最近上报的IP列表

85.209.0.155	4.172.175.168	185.234.17.62	5.34.240.179
59.175.158.203	43.226.124.208	5.195.196.164	14.0.61.240
142.147.111.47	202.62.53.95	203.170.84.161	103.10.125.165
34.234.93.89	157.240.8.54	79.100.200.15	82.137.13.47
185.181.164.122	115.22.157.242	34.87.16.239	189.135.25.229