107.170.245.14

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	ET SCAN Zmap User-Agent (Inbound) alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN Zmap User-Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"Mozilla/5.0 zgrab/0.x"; depth:21; endswith; classtype:network-scan; sid:2029054; rev:2; metadata:created_at 2019_11_26, former_category SCAN, updated_at 2020_10_23;)	2022-12-31 05:30:23

Type

Details

Datetime

attack

ET SCAN Zmap User-Agent (Inbound)
alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN Zmap User-Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"Mozilla/5.0 zgrab/0.x"; depth:21; endswith; classtype:network-scan; sid:2029054; rev:2; metadata:created_at 2019_11_26, former_category SCAN, updated_at 2020_10_23;)

2022-12-31 05:30:23

Comments on same subnet:

IP	Type	Details	Datetime
107.170.245.41	attackspam	1 attack on Zyxel CVE-2017-18368 URLs like: 107.170.245.41 - - [06/Jun/2020:00:36:59 +0100] "POST /cgi-bin/ViewLog.asp HTTP/1.1" 403 9	2020-06-06 19:07:26

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.170.245.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19908
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;107.170.245.14.			IN	A

;; AUTHORITY SECTION:
.			449	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022123001 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Dec 31 05:30:22 CST 2022
;; MSG SIZE  rcvd: 107

Host info

14.245.170.107.in-addr.arpa domain name pointer zg-1220e-129.stretchoid.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
14.245.170.107.in-addr.arpa	name = zg-1220e-129.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.156.39.50	attackspambots	port scan and connect, tcp 80 (http)	2020-04-12 19:54:32
223.171.32.66	attackbotsspam	2020-04-12T12:04:41.596183dmca.cloudsearch.cf sshd[19805]: Invalid user ZXC from 223.171.32.66 port 45143 2020-04-12T12:04:41.603320dmca.cloudsearch.cf sshd[19805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.171.32.66 2020-04-12T12:04:41.596183dmca.cloudsearch.cf sshd[19805]: Invalid user ZXC from 223.171.32.66 port 45143 2020-04-12T12:04:43.379376dmca.cloudsearch.cf sshd[19805]: Failed password for invalid user ZXC from 223.171.32.66 port 45143 ssh2 2020-04-12T12:09:46.949529dmca.cloudsearch.cf sshd[20221]: Invalid user beaubere1 from 223.171.32.66 port 45143 2020-04-12T12:09:46.955399dmca.cloudsearch.cf sshd[20221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.171.32.66 2020-04-12T12:09:46.949529dmca.cloudsearch.cf sshd[20221]: Invalid user beaubere1 from 223.171.32.66 port 45143 2020-04-12T12:09:48.936998dmca.cloudsearch.cf sshd[20221]: Failed password for invalid user beaubere1 from 223. ...	2020-04-12 20:31:50
35.194.64.202	attackspam	[ssh] SSH attack	2020-04-12 19:49:50
114.27.6.134	attack	1586663235 - 04/12/2020 05:47:15 Host: 114.27.6.134/114.27.6.134 Port: 445 TCP Blocked	2020-04-12 20:04:02
113.20.100.73	attack	1586663256 - 04/12/2020 05:47:36 Host: 113.20.100.73/113.20.100.73 Port: 445 TCP Blocked	2020-04-12 19:48:54
113.109.79.250	attackbotsspam	1586663237 - 04/12/2020 05:47:17 Host: 113.109.79.250/113.109.79.250 Port: 445 TCP Blocked	2020-04-12 20:03:21
206.81.12.209	attackspambots	2020-04-12T12:02:42.225385shield sshd\[6787\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.12.209 user=root 2020-04-12T12:02:44.332407shield sshd\[6787\]: Failed password for root from 206.81.12.209 port 44084 ssh2 2020-04-12T12:06:20.286581shield sshd\[7131\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.12.209 user=root 2020-04-12T12:06:22.654572shield sshd\[7131\]: Failed password for root from 206.81.12.209 port 52272 ssh2 2020-04-12T12:09:55.047308shield sshd\[7469\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.12.209 user=root	2020-04-12 20:22:46
113.190.253.45	attackbots	Disconnected $auth failed, 1 attempts in 5 secs$:	2020-04-12 20:01:32
221.133.18.119	attack	Apr 12 05:47:11 host5 sshd[16219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.133.18.119 user=root Apr 12 05:47:14 host5 sshd[16219]: Failed password for root from 221.133.18.119 port 54562 ssh2 ...	2020-04-12 20:04:15
111.231.81.129	attack	2020-04-12T14:00:42.300499struts4.enskede.local sshd\[7356\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.81.129 user=root 2020-04-12T14:00:45.250254struts4.enskede.local sshd\[7356\]: Failed password for root from 111.231.81.129 port 52990 ssh2 2020-04-12T14:10:01.503606struts4.enskede.local sshd\[7689\]: Invalid user user from 111.231.81.129 port 58378 2020-04-12T14:10:01.510876struts4.enskede.local sshd\[7689\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.81.129 2020-04-12T14:10:04.573241struts4.enskede.local sshd\[7689\]: Failed password for invalid user user from 111.231.81.129 port 58378 ssh2 ...	2020-04-12 20:13:32
95.229.149.107	attack	Unauthorized connection attempt detected from IP address 95.229.149.107 to port 5555	2020-04-12 20:11:28
191.7.145.246	attackbotsspam	Apr 12 13:11:03 tuxlinux sshd[64924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.145.246 user=root Apr 12 13:11:05 tuxlinux sshd[64924]: Failed password for root from 191.7.145.246 port 53940 ssh2 Apr 12 13:11:03 tuxlinux sshd[64924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.145.246 user=root Apr 12 13:11:05 tuxlinux sshd[64924]: Failed password for root from 191.7.145.246 port 53940 ssh2 Apr 12 13:28:27 tuxlinux sshd[65255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.145.246 user=root ...	2020-04-12 20:10:26
117.117.165.131	attack	Apr 12 07:42:22 sshd[14788]: Failed password for invalid user redis from 117.117.165.131 port 52377 ssh2	2020-04-12 20:08:29
103.145.12.41	attackspambots	[2020-04-12 08:12:36] NOTICE[12114] chan_sip.c: Registration from '"600" ' failed for '103.145.12.41:5921' - Wrong password [2020-04-12 08:12:36] SECURITY[12128] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-04-12T08:12:36.467-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="600",SessionID="0x7f020c06be08",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.41/5921",Challenge="013362d4",ReceivedChallenge="013362d4",ReceivedHash="4f3b8e01417ba377fe4c57806249162b" [2020-04-12 08:12:36] NOTICE[12114] chan_sip.c: Registration from '"600" ' failed for '103.145.12.41:5921' - Wrong password [2020-04-12 08:12:36] SECURITY[12128] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-04-12T08:12:36.642-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="600",SessionID="0x7f020c1957e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103. ...	2020-04-12 20:22:28
209.141.58.248	attackspambots	$f2bV_matches	2020-04-12 20:32:13

Recently Reported IPs

85.150.171.62	80.217.227.180	75.181.248.152	65.214.130.42
4.24.68.17	102.214.11.79	2a02:1210:36a1:2e00:4c73:1991:bca1:3da6	76.197.193.193
76.11.155.132	76.117.195.169	76.120.77.73	74.19.22.93
74.10.57.171	73.45.60.70	73.111.150.215	72.86.110.7
72.241.52.28	71.235.64.250	71.71.69.136	71.59.254.231