14.183.117.137

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: Vietnam Posts and Telecommunications Group

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Honeypot attack, port: 445, PTR: static.vnpt.vn.	2020-07-04 09:16:59

Comments on same subnet:

IP	Type	Details	Datetime
14.183.117.174	attackspam	Host Scan	2020-08-06 13:28:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 14.183.117.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47232
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;14.183.117.137.			IN	A

;; AUTHORITY SECTION:
.			418	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020070301 1800 900 604800 86400

;; Query time: 53 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jul 04 09:16:56 CST 2020
;; MSG SIZE  rcvd: 118

Host info

137.117.183.14.in-addr.arpa domain name pointer static.vnpt.vn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
137.117.183.14.in-addr.arpa	name = static.vnpt.vn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
152.136.231.89	attackspam	20 attempts against mh-ssh on cloud	2020-07-19 19:49:53
45.134.179.57	attackspambots	Jul 19 13:22:15 debian-2gb-nbg1-2 kernel: \[17416280.707888\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.134.179.57 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8134 PROTO=TCP SPT=47958 DPT=3487 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-19 19:35:56
87.226.165.143	attack	Jul 19 09:51:59 vmd17057 sshd[12085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.226.165.143 Jul 19 09:52:01 vmd17057 sshd[12085]: Failed password for invalid user deploy from 87.226.165.143 port 37348 ssh2 ...	2020-07-19 19:30:07
152.136.131.171	attackbots	Tried to acess firewall on several ports.	2020-07-19 19:43:51
77.40.3.214	attackbots	(smtpauth) Failed SMTP AUTH login from 77.40.3.214 (RU/Russia/214.3.dialup.mari-el.ru): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-19 12:21:47 plain authenticator failed for (localhost) [77.40.3.214]: 535 Incorrect authentication data (set_id=production@safanicu.com)	2020-07-19 19:41:46
80.82.64.98	attackbots	Jul 19 13:08:49 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.64.98, lip=185.118.197.126, session= Jul 19 13:09:44 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.64.98, lip=185.118.197.126, session= Jul 19 13:11:05 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.64.98, lip=185.118.197.126, session= Jul 19 13:12:47 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=80.82.64.98, lip=185.118.197.126, session= Jul 19 13:13:52 mail.srvfarm.net dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=	2020-07-19 19:47:11
134.209.155.186	attack	Jul 19 12:13:44 dev0-dcde-rnet sshd[29093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.155.186 Jul 19 12:13:46 dev0-dcde-rnet sshd[29093]: Failed password for invalid user ti from 134.209.155.186 port 53778 ssh2 Jul 19 12:16:28 dev0-dcde-rnet sshd[29328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.155.186	2020-07-19 19:33:35
202.172.28.20	attack	secondhandhall.d-a-n-i-e-l.de 202.172.28.20 [19/Jul/2020:09:52:18 +0200] "POST /wp-login.php HTTP/1.1" 200 2304 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" secondhandhall.d-a-n-i-e-l.de 202.172.28.20 [19/Jul/2020:09:52:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-19 19:17:40
34.86.47.218	attack	Jul 17 23:32:58 cumulus sshd[14304]: Invalid user wuwu from 34.86.47.218 port 46712 Jul 17 23:32:58 cumulus sshd[14304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.47.218 Jul 17 23:33:01 cumulus sshd[14304]: Failed password for invalid user wuwu from 34.86.47.218 port 46712 ssh2 Jul 17 23:33:01 cumulus sshd[14304]: Received disconnect from 34.86.47.218 port 46712:11: Bye Bye [preauth] Jul 17 23:33:01 cumulus sshd[14304]: Disconnected from 34.86.47.218 port 46712 [preauth] Jul 17 23:40:16 cumulus sshd[15259]: Invalid user adda from 34.86.47.218 port 38086 Jul 17 23:40:16 cumulus sshd[15259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.86.47.218 Jul 17 23:40:19 cumulus sshd[15259]: Failed password for invalid user adda from 34.86.47.218 port 38086 ssh2 Jul 17 23:40:19 cumulus sshd[15259]: Received disconnect from 34.86.47.218 port 38086:11: Bye Bye [preauth] Jul 17 23:40:19 c........ -------------------------------	2020-07-19 19:26:56
221.2.144.39	attack	Jul 19 13:41:28 debian-2gb-nbg1-2 kernel: \[17417433.312148\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=221.2.144.39 DST=195.201.40.59 LEN=52 TOS=0x00 PREC=0x00 TTL=104 ID=1592 DF PROTO=TCP SPT=55215 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2020-07-19 19:46:20
157.230.24.24	attack	2020-07-19T04:25:11.767799linuxbox-skyline sshd[75154]: Invalid user roo from 157.230.24.24 port 55630 ...	2020-07-19 19:25:09
52.14.25.251	attackbots	mue-Direct access to plugin not allowed	2020-07-19 19:45:50
212.85.69.14	attackspam	212.85.69.14 - - [19/Jul/2020:09:52:15 +0200] "GET /wp-login.php HTTP/1.1" 200 5738 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 212.85.69.14 - - [19/Jul/2020:09:52:16 +0200] "POST /wp-login.php HTTP/1.1" 200 5989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 212.85.69.14 - - [19/Jul/2020:09:52:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-19 19:18:28
124.158.164.146	attackspam	Jul 19 00:42:16 dignus sshd[25310]: Failed password for invalid user utl from 124.158.164.146 port 33186 ssh2 Jul 19 00:47:04 dignus sshd[25791]: Invalid user mysql from 124.158.164.146 port 51070 Jul 19 00:47:04 dignus sshd[25791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.158.164.146 Jul 19 00:47:06 dignus sshd[25791]: Failed password for invalid user mysql from 124.158.164.146 port 51070 ssh2 Jul 19 00:52:02 dignus sshd[26348]: Invalid user huawei from 124.158.164.146 port 45286 ...	2020-07-19 19:28:54
50.62.176.247	attackspam	Automatic report - XMLRPC Attack	2020-07-19 19:34:38

Recently Reported IPs

193.142.146.202	192.186.173.10	23.59.206.211	125.26.111.153
158.134.65.208	148.197.150.186	10.65.116.96	31.192.120.91
55.112.142.209	224.117.38.77	199.113.34.84	202.152.27.10
117.228.119.211	4.7.55.33	217.4.25.9	250.160.44.36
131.247.83.68	233.84.28.215	103.44.53.125	237.105.36.160