221.13.12.14 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Guizhou Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Fail2Ban Ban Triggered	2019-08-12 06:59:30

Comments on same subnet:

IP	Type	Details	Datetime
221.13.12.79	attack	Unauthorized connection attempt detected from IP address 221.13.12.79 to port 123	2020-06-13 06:05:18
221.13.12.19	attack	Web Server Scan. RayID: 592aa77abd9b0256, UA: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729), Country: CN	2020-05-21 03:47:26
221.13.12.222	attackspam	China's GFW probe	2020-05-15 17:35:44
221.13.12.235	attack	Unauthorized connection attempt detected from IP address 221.13.12.235 to port 992 [T]	2020-04-15 02:25:36
221.13.12.179	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.179 to port 3389 [J]	2020-03-03 02:05:51
221.13.12.142	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.142 to port 8899 [J]	2020-03-02 20:47:11
221.13.12.187	attack	Unauthorized connection attempt detected from IP address 221.13.12.187 to port 22 [J]	2020-03-02 19:21:12
221.13.12.104	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.104 to port 22 [J]	2020-03-02 17:29:07
221.13.12.65	attack	Unauthorized connection attempt detected from IP address 221.13.12.65 to port 8081 [J]	2020-03-02 16:58:59
221.13.12.133	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.133 to port 8082 [J]	2020-03-02 16:29:37
221.13.12.98	attack	Unauthorized connection attempt detected from IP address 221.13.12.98 to port 8118 [J]	2020-03-02 14:47:39
221.13.12.91	attack	Unauthorized connection attempt detected from IP address 221.13.12.91 to port 8000 [J]	2020-03-02 14:14:42
221.13.12.97	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.97 to port 8443 [J]	2020-02-05 09:04:55
221.13.12.118	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.118 to port 443 [J]	2020-01-31 22:42:35
221.13.12.224	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.224 to port 9011 [T]	2020-01-29 10:16:31

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 221.13.12.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21501
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;221.13.12.14.			IN	A

;; AUTHORITY SECTION:
.			2122	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081101 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 12 06:59:24 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 14.12.13.221.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

Server:		183.60.82.98
Address:	183.60.82.98#53

Non-authoritative answer:
*** Can't find 14.12.13.221.in-addr.arpa.: No answer

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
186.225.80.194	attackbots	Apr 27 21:03:58 olgosrv01 sshd[28454]: Address 186.225.80.194 maps to *.provedorarenanet.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Apr 27 21:03:58 olgosrv01 sshd[28454]: Invalid user lyj from 186.225.80.194 Apr 27 21:03:58 olgosrv01 sshd[28454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.225.80.194 Apr 27 21:04:00 olgosrv01 sshd[28454]: Failed password for invalid user lyj from 186.225.80.194 port 35142 ssh2 Apr 27 21:04:00 olgosrv01 sshd[28454]: Received disconnect from 186.225.80.194: 11: Bye Bye [preauth] Apr 27 21:22:31 olgosrv01 sshd[30735]: Address 186.225.80.194 maps to *.provedorarenanet.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Apr 27 21:22:31 olgosrv01 sshd[30735]: Invalid user adolph from 186.225.80.194 Apr 27 21:22:31 olgosrv01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.2........ -------------------------------	2020-04-29 00:40:35
60.250.23.233	attack	21 attempts against mh-ssh on echoip	2020-04-29 00:41:10
83.14.199.49	attackspambots	Apr 28 15:26:33 scw-6657dc sshd[2108]: Failed password for root from 83.14.199.49 port 40354 ssh2 Apr 28 15:26:33 scw-6657dc sshd[2108]: Failed password for root from 83.14.199.49 port 40354 ssh2 Apr 28 15:30:00 scw-6657dc sshd[2224]: Invalid user user1 from 83.14.199.49 port 34152 ...	2020-04-29 00:13:31
50.36.64.93	attack	Automatic report - Port Scan Attack	2020-04-29 00:18:49
112.197.142.117	attack	Honeypot attack, port: 5555, PTR: PTR record not found	2020-04-29 00:16:54
179.27.92.27	attackbotsspam	SMB Server BruteForce Attack	2020-04-29 00:00:07
198.199.114.226	attackspam	198.199.114.226 - - \[28/Apr/2020:17:52:00 +0200\] "POST /wp-login.php HTTP/1.0" 200 7005 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 198.199.114.226 - - \[28/Apr/2020:17:52:03 +0200\] "POST /wp-login.php HTTP/1.0" 200 6819 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 198.199.114.226 - - \[28/Apr/2020:17:52:05 +0200\] "POST /wp-login.php HTTP/1.0" 200 6828 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-29 00:29:39
104.248.156.231	attack	2020-04-28T12:07:09.919272shield sshd\[12595\]: Invalid user spark from 104.248.156.231 port 60788 2020-04-28T12:07:09.922976shield sshd\[12595\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.156.231 2020-04-28T12:07:12.462529shield sshd\[12595\]: Failed password for invalid user spark from 104.248.156.231 port 60788 ssh2 2020-04-28T12:11:46.332861shield sshd\[13183\]: Invalid user customer from 104.248.156.231 port 42150 2020-04-28T12:11:46.336688shield sshd\[13183\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.156.231	2020-04-29 00:03:56
123.20.39.71	attackspam	Apr 28 12:11:50 localhost sshd\[17459\]: Invalid user admin from 123.20.39.71 port 58265 Apr 28 12:11:50 localhost sshd\[17459\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.20.39.71 Apr 28 12:11:52 localhost sshd\[17459\]: Failed password for invalid user admin from 123.20.39.71 port 58265 ssh2 ...	2020-04-28 23:58:37
107.170.149.126	attackspambots	Apr 28 18:06:25 vpn01 sshd[5336]: Failed password for root from 107.170.149.126 port 45034 ssh2 ...	2020-04-29 00:20:09
104.248.126.170	attackspambots	Apr 28 16:13:10 ns381471 sshd[17678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.126.170 Apr 28 16:13:12 ns381471 sshd[17678]: Failed password for invalid user build from 104.248.126.170 port 35520 ssh2	2020-04-28 23:56:06
185.232.65.216	attackbotsspam	[Tue Apr 28 19:11:34.814444 2020] [:error] [pid 15134:tid 140575009466112] [client 185.232.65.216:62642] [client 185.232.65.216] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XqgddkYCcGInluRmZWCZWgAAATs"] ...	2020-04-29 00:15:39
128.199.69.206	attack	Apr 28 11:11:43 vps46666688 sshd[26964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.69.206 Apr 28 11:11:45 vps46666688 sshd[26964]: Failed password for invalid user ipadmin from 128.199.69.206 port 2019 ssh2 ...	2020-04-29 00:39:33
122.116.3.108	attackspambots	Telnet Server BruteForce Attack	2020-04-29 00:18:24
103.89.90.97	attackspam	TCP src-port=60704 dst-port=25 Listed on dnsbl-sorbs barracuda spam-sorbs (265)	2020-04-29 00:27:23

Recently Reported IPs

111.224.248.219	125.69.67.24	217.58.65.83	223.166.32.241
12.178.187.9	5.56.133.249	119.252.172.58	183.82.34.31
60.14.191.237	116.71.133.117	178.54.69.58	134.139.104.154
113.76.38.167	85.34.23.118	227.213.72.110	84.39.36.187
119.12.40.244	103.136.110.8	106.162.151.109	235.214.95.12