196.14.2.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: PCB

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DATE:2020-02-02 16:08:57, IP:196.14.2.21, PORT:1433 MSSQL brute force auth on honeypot server (honey-neo-dc)	2020-02-03 00:45:53

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 196.14.2.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9164
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;196.14.2.21.			IN	A

;; AUTHORITY SECTION:
.			557	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020200 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 03 00:45:46 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 21.2.14.196.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 100.100.2.136, trying next server
;; Got SERVFAIL reply from 100.100.2.138, trying next server
Server:		100.100.2.138
Address:	100.100.2.138#53

** server can't find 21.2.14.196.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
142.93.214.20	attackspambots	Jul 5 14:05:10 * sshd[25599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.214.20 Jul 5 14:05:12 * sshd[25599]: Failed password for invalid user manager from 142.93.214.20 port 49640 ssh2	2019-07-05 21:58:14
89.248.168.197	attackbots	39 2019-07-05 15:55:07 notice Firewall Match default rule, DROP 89.248.168.197:52553 192.168.3.108:2573 ACCESS BLOCK	2019-07-05 22:03:49
200.209.174.76	attackspam	Jul 5 07:03:25 gcems sshd\[8629\]: Invalid user sandeep from 200.209.174.76 port 53380 Jul 5 07:03:27 gcems sshd\[8629\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76 Jul 5 07:03:30 gcems sshd\[8629\]: Failed password for invalid user sandeep from 200.209.174.76 port 53380 ssh2 Jul 5 07:10:20 gcems sshd\[9044\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.209.174.76 user=root Jul 5 07:10:21 gcems sshd\[9044\]: Failed password for root from 200.209.174.76 port 49948 ssh2 ...	2019-07-05 21:53:48
198.108.67.34	attack	Port scan: Attack repeated for 24 hours	2019-07-05 22:17:38
217.112.128.189	attackbots	Postfix DNSBL listed. Trying to send SPAM.	2019-07-05 22:39:39
213.179.57.201	attackbotsspam	Scanning and Vuln Attempts	2019-07-05 22:01:16
95.130.61.74	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 18:48:37,007 INFO [shellcode_manager] (95.130.61.74) no match, writing hexdump (78e4c395d0956e5a1234f1cfdad90d0b :2557472) - MS17010 (EternalBlue)	2019-07-05 21:59:10
85.175.100.14	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 18:49:10,768 INFO [shellcode_manager] (85.175.100.14) no match, writing hexdump (7417504cc19cb0866fa9820e7ac6101d :2131160) - MS17010 (EternalBlue)	2019-07-05 22:26:44
161.0.153.101	attack	TCP port 993 (IMAP) attempt blocked by hMailServer IP-check. Abuse score 43%	2019-07-05 22:01:52
202.9.39.96	attackbotsspam	Scanning and Vuln Attempts	2019-07-05 22:20:52
115.47.153.120	attack	Jul 5 07:27:20 localhost sshd[9315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.47.153.120 Jul 5 07:27:22 localhost sshd[9315]: Failed password for invalid user swg from 115.47.153.120 port 55058 ssh2 Jul 5 07:38:15 localhost sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.47.153.120 Jul 5 07:38:17 localhost sshd[9359]: Failed password for invalid user ftpuser from 115.47.153.120 port 20384 ssh2 ...	2019-07-05 22:20:16
209.186.58.108	attackspam	3389BruteforceFW23	2019-07-05 22:15:01
221.229.162.169	attack	CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2019-07-05 22:32:41
177.17.167.41	attackspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 06:47:39,731 INFO [amun_request_handler] PortScan Detected on Port: 445 (177.17.167.41)	2019-07-05 22:13:33
216.219.81.2	attackspambots	Scanning and Vuln Attempts	2019-07-05 21:54:19

Recently Reported IPs

53.174.146.15	105.145.177.69	214.169.116.87	219.84.125.191
88.29.211.248	59.113.26.31	73.73.142.177	23.136.197.181
204.145.171.61	155.138.247.93	169.222.172.49	209.156.231.195
196.37.186.72	212.231.36.60	91.140.9.208	187.95.154.148
170.24.150.99	108.70.214.23	40.240.44.84	195.154.48.111