192.241.214.165

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Found on CINS badguys / proto=6 . srcport=52605 . dstport=49152 . (1011)	2020-10-02 02:18:43
attack	8140/tcp 58836/tcp 179/tcp... [2020-09-18/10-01]13pkt,11pt.(tcp),1pt.(udp)	2020-10-01 18:27:01

Comments on same subnet:

IP	Type	Details	Datetime
192.241.214.48	attack	firewall-block, port(s): 6379/tcp	2020-10-08 06:39:57
192.241.214.142	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-08 01:02:48
192.241.214.48	attackbotsspam	scans once in preceeding hours on the ports (in chronological order) 9042 resulting in total of 71 scans from 192.241.128.0/17 block.	2020-10-07 23:00:58
192.241.214.142	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-10-07 17:11:35
192.241.214.48	attack	Metasploit VxWorks WDB Agent Scanner Detection	2020-10-07 15:06:12
192.241.214.46	attackbotsspam	192.241.214.46 - - - [06/Oct/2020:19:51:34 +0200] "GET /portal/redlion HTTP/1.1" 404 162 "-" "Mozilla/5.0 zgrab/0.x" "-" "-"	2020-10-07 03:06:02
192.241.214.46	attack	389/tcp 5903/tcp 3306/tcp... [2020-09-16/10-06]21pkt,19pt.(tcp),1pt.(udp)	2020-10-06 19:05:49
192.241.214.172	attack	TCP port : 5984	2020-10-05 21:39:21
192.241.214.172	attack	Port scan: Attack repeated for 24 hours	2020-10-05 13:33:03
192.241.214.172	attack	Port Scan ...	2020-10-04 05:41:00
192.241.214.172	attack	TCP (SYN) 192.241.214.172:46488 -> port 58950, len 44	2020-10-03 13:22:37
192.241.214.210	attackbotsspam	Threat Management Alert 3: Detection of a Network Scan. Signature ET SCAN Zmap User-Agent (Inbound). From: 192.241.214.210:57630, to: 192.168.x.x:80, protocol: TCP	2020-10-01 04:32:56
192.241.214.210	attack	Threat Management Alert 3: Detection of a Network Scan. Signature ET SCAN Zmap User-Agent (Inbound). From: 192.241.214.210:57630, to: 192.168.x.x:80, protocol: TCP	2020-09-30 20:45:18
192.241.214.210	attack	" "	2020-09-30 13:13:33
192.241.214.210	attack	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-09-29 06:49:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 192.241.214.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48960
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.241.214.165.		IN	A

;; AUTHORITY SECTION:
.			317	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020093002 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 01 18:26:58 CST 2020
;; MSG SIZE  rcvd: 119

Host info

165.214.241.192.in-addr.arpa domain name pointer zg-0915a-59.stretchoid.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
165.214.241.192.in-addr.arpa	name = zg-0915a-59.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
62.210.9.67	attack	WordPress wp-login brute force :: 62.210.9.67 0.056 BYPASS [23/Jul/2019:19:48:50 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-07-23 23:16:27
137.74.175.67	attackspambots	Jul 23 15:42:19 tux-35-217 sshd\[22893\]: Invalid user test1 from 137.74.175.67 port 54810 Jul 23 15:42:19 tux-35-217 sshd\[22893\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.175.67 Jul 23 15:42:21 tux-35-217 sshd\[22893\]: Failed password for invalid user test1 from 137.74.175.67 port 54810 ssh2 Jul 23 15:46:41 tux-35-217 sshd\[22906\]: Invalid user nie from 137.74.175.67 port 49744 Jul 23 15:46:41 tux-35-217 sshd\[22906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.175.67 ...	2019-07-23 22:18:27
124.204.54.61	attack	Jul 23 09:29:04 vps200512 sshd\[32488\]: Invalid user gaetan from 124.204.54.61 Jul 23 09:29:04 vps200512 sshd\[32488\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.204.54.61 Jul 23 09:29:06 vps200512 sshd\[32488\]: Failed password for invalid user gaetan from 124.204.54.61 port 52424 ssh2 Jul 23 09:33:57 vps200512 sshd\[32605\]: Invalid user nicolas from 124.204.54.61 Jul 23 09:33:57 vps200512 sshd\[32605\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.204.54.61	2019-07-23 23:04:17
103.114.48.4	attackspambots	Jul 23 14:09:26 ip-172-31-1-72 sshd\[8302\]: Invalid user ts3bot from 103.114.48.4 Jul 23 14:09:26 ip-172-31-1-72 sshd\[8302\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.114.48.4 Jul 23 14:09:27 ip-172-31-1-72 sshd\[8302\]: Failed password for invalid user ts3bot from 103.114.48.4 port 43873 ssh2 Jul 23 14:16:47 ip-172-31-1-72 sshd\[8438\]: Invalid user www from 103.114.48.4 Jul 23 14:16:47 ip-172-31-1-72 sshd\[8438\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.114.48.4	2019-07-23 22:40:03
187.109.52.241	attackspambots	failed_logins	2019-07-23 23:03:55
218.253.193.2	attackspam	Invalid user ding from 218.253.193.2 port 45974 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.253.193.2 Failed password for invalid user ding from 218.253.193.2 port 45974 ssh2 Invalid user jerome from 218.253.193.2 port 41704 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.253.193.2	2019-07-23 22:44:03
121.190.197.205	attack	Invalid user postgres from 121.190.197.205 port 51415	2019-07-23 22:53:46
185.234.217.41	attackspambots	This IP address was blacklisted for the following reason: / @ 2019-07-23T10:52:08+02:00.	2019-07-23 22:45:08
103.10.30.224	attackspam	Jul 23 13:57:08 localhost sshd\[838\]: Invalid user teamspeak3 from 103.10.30.224 port 52788 Jul 23 13:57:08 localhost sshd\[838\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.30.224 ...	2019-07-23 22:16:42
81.22.45.148	attackspambots	23.07.2019 14:21:09 Connection to port 9764 blocked by firewall	2019-07-23 22:41:16
201.69.169.193	attackspambots	Invalid user cacti from 201.69.169.193 port 55414	2019-07-23 22:50:17
185.207.136.33	attackspambots	www.goldgier.de 185.207.136.33 \[23/Jul/2019:11:15:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 8724 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.goldgier.de 185.207.136.33 \[23/Jul/2019:11:15:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 8724 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-07-23 22:24:18
154.72.168.71	attack	TCP Port: 25 _ invalid blocked dnsbl-sorbs abuseat-org _ _ _ _ (405)	2019-07-23 22:23:02
37.49.230.26	attackspambots	" "	2019-07-23 22:10:44
185.199.8.69	attack	This IP address was blacklisted for the following reason: /de/jobs/kfz-mechatroniker-m-w-d-kfz-mechaniker-m-w-d/&%20or%20(1,2)=(select*from(select%20name_const(CHAR(121,108,122,108,110,74,84,121,100),1),name_const(CHAR(121,108,122,108,110,74,84,121,100),1))a)%20--%20and%201%3D1 @ 2019-03-07T12:08:37+01:00.	2019-07-23 22:43:06

Recently Reported IPs

31.174.132.189	42.119.247.172	25.82.248.183	100.183.219.76
68.5.243.25	235.21.73.75	93.176.220.245	100.102.168.85
162.96.52.157	125.9.170.159	121.34.156.99	241.252.130.64
128.199.106.230	82.77.18.151	68.183.186.65	180.179.197.37
221.253.220.74	70.158.51.137	121.32.48.30	187.190.109.201