122.138.66.14 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Jilin Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	unauthorized connection attempt	2020-02-26 15:49:13

Comments on same subnet:

IP	Type	Details	Datetime
122.138.66.209	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-03-05 07:38:43
122.138.66.147	attack	Automatic report - Port Scan Attack	2019-11-24 02:39:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 122.138.66.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62217
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;122.138.66.14.			IN	A

;; AUTHORITY SECTION:
.			296	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020022601 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Feb 26 15:49:09 CST 2020
;; MSG SIZE  rcvd: 117

Host info

14.66.138.122.in-addr.arpa domain name pointer 14.66.138.122.adsl-pool.jlccptt.net.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
14.66.138.122.in-addr.arpa	name = 14.66.138.122.adsl-pool.jlccptt.net.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
46.3.96.68	attackspambots	25.06.2019 07:04:21 Connection to port 8107 blocked by firewall	2019-06-25 16:04:11
168.194.152.214	attackspambots	failed_logins	2019-06-25 15:46:49
203.124.42.58	attackbots	Unauthorized connection attempt from IP address 203.124.42.58 on Port 445(SMB)	2019-06-25 16:20:45
79.89.191.96	attackbots	Jun 25 07:03:54 thevastnessof sshd[31602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.89.191.96 ...	2019-06-25 16:24:20
213.32.252.120	attackbots	Sending SPAM email	2019-06-25 15:36:06
64.201.245.50	attackbotsspam	Jun 25 04:30:41 h1637304 sshd[1478]: reveeclipse mapping checking getaddrinfo for web.paxio.net [64.201.245.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 25 04:30:41 h1637304 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.201.245.50 Jun 25 04:30:43 h1637304 sshd[1478]: Failed password for invalid user mysql1 from 64.201.245.50 port 45980 ssh2 Jun 25 04:30:43 h1637304 sshd[1478]: Received disconnect from 64.201.245.50: 11: Bye Bye [preauth] Jun 25 04:33:26 h1637304 sshd[1490]: reveeclipse mapping checking getaddrinfo for web.paxio.net [64.201.245.50] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 25 04:33:26 h1637304 sshd[1490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.201.245.50 Jun 25 04:33:28 h1637304 sshd[1490]: Failed password for invalid user explohostname from 64.201.245.50 port 48824 ssh2 Jun 25 04:33:28 h1637304 sshd[1490]: Received disconnect from 64.201.245.50: 1........ -------------------------------	2019-06-25 15:52:41
222.94.195.139	attackspambots	[Tue Jun 25 14:05:05.216364 2019] [:error] [pid 9017:tid 139855241746176] [client 222.94.195.139:64934] [client 222.94.195.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.1.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "123.125.114.144"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "123.125.114.144"] [uri "/"] [unique_id "XRHHoZOPLvQnIgpRZDkRRAAAAAM"] ...	2019-06-25 15:40:01
204.110.219.173	attackbots	404 NOT FOUND	2019-06-25 15:38:05
119.224.53.230	attack	Jun 25 08:00:23 **** sshd[1574]: Invalid user ftpuser from 119.224.53.230 port 60999	2019-06-25 16:05:34
5.62.63.181	attackspambots	\[2019-06-25 02:59:17\] SECURITY\[1857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-06-25T02:59:17.899-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="60011972592277524",SessionID="0x7fc42430b1a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.63.181/59884",ACLName="no_extension_match" \[2019-06-25 03:02:20\] SECURITY\[1857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-06-25T03:02:20.120-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="70011972592277524",SessionID="0x7fc4242a2868",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.63.181/62261",ACLName="no_extension_match" \[2019-06-25 03:05:13\] SECURITY\[1857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-06-25T03:05:13.778-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="80011972592277524",SessionID="0x7fc42430b1a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.63.181/53447",ACLName="no_ext	2019-06-25 15:36:50
172.105.0.242	attackbots	DATE:2019-06-25_09:04:47, IP:172.105.0.242, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-06-25 15:51:11
114.34.41.218	attackbots	Unauthorized connection attempt from IP address 114.34.41.218 on Port 445(SMB)	2019-06-25 15:38:57
182.241.195.160	attackbotsspam	Bruteforce on SSH Honeypot	2019-06-25 15:45:49
165.227.69.188	attack	Automatic report	2019-06-25 16:25:21
187.57.42.187	attackbots	1561446247 - 06/25/2019 14:04:07 Host: 187-57-42-187.dsl.telesp.net.br/187.57.42.187 Port: 23 TCP Blocked ...	2019-06-25 16:12:19

Recently Reported IPs

161.12.202.238	237.8.159.134	115.75.176.236	50.212.178.131
115.15.161.215	27.46.50.29	30.148.148.104	127.235.76.240
114.34.179.63	98.199.86.111	243.189.10.58	65.215.77.74
11.112.201.146	61.40.139.213	212.23.182.35	216.212.168.155
32.231.95.53	140.200.12.118	94.190.15.14	18.243.107.226