50.206.92.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Comcast Cable Communications LLC

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Unauthorized connection attempt from IP address 50.206.92.21 on Port 445(SMB)	2020-05-02 05:09:47

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 50.206.92.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51002
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;50.206.92.21.			IN	A

;; AUTHORITY SECTION:
.			413	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050102 1800 900 604800 86400

;; Query time: 108 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 02 05:09:43 CST 2020
;; MSG SIZE  rcvd: 116

Host info

21.92.206.50.in-addr.arpa domain name pointer 50-206-92-21-static.hfc.comcastbusiness.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
21.92.206.50.in-addr.arpa	name = 50-206-92-21-static.hfc.comcastbusiness.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
204.145.157.8	attackspam	Port Scan ...	2020-09-29 15:19:15
109.241.98.147	attack	Triggered by Fail2Ban at Ares web server	2020-09-29 14:52:55
173.180.162.171	attackbots	Automatic report - Port Scan Attack	2020-09-29 15:08:36
66.49.131.65	attackspam	<6 unauthorized SSH connections	2020-09-29 15:28:28
103.139.45.122	attack	MAIL: User Login Brute Force Attempt	2020-09-29 15:15:19
75.119.215.210	attack	75.119.215.210 - - [29/Sep/2020:05:50:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2307 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 75.119.215.210 - - [29/Sep/2020:05:50:57 +0100] "POST /wp-login.php HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 75.119.215.210 - - [29/Sep/2020:05:50:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2307 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 15:31:49
70.71.148.228	attackspambots	2020-09-29 02:24:27.625856-0500 localhost sshd[58264]: Failed password for invalid user ali from 70.71.148.228 port 44687 ssh2	2020-09-29 15:25:46
217.165.23.53	attack	$f2bV_matches	2020-09-29 14:51:07
103.138.108.188	attackbots	2020-09-28T20:37:58Z - RDP login failed multiple times. (103.138.108.188)	2020-09-29 15:15:35
5.39.76.105	attackbotsspam	Sep 29 07:36:51 ourumov-web sshd\[14616\]: Invalid user odoo from 5.39.76.105 port 38008 Sep 29 07:36:51 ourumov-web sshd\[14616\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.39.76.105 Sep 29 07:36:53 ourumov-web sshd\[14616\]: Failed password for invalid user odoo from 5.39.76.105 port 38008 ssh2 ...	2020-09-29 14:58:43
167.99.90.240	attackspambots	167.99.90.240 - - [29/Sep/2020:06:47:20 +0100] "POST /wp-login.php HTTP/1.1" 200 2348 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.99.90.240 - - [29/Sep/2020:06:47:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.99.90.240 - - [29/Sep/2020:06:47:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2349 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 15:29:10
196.201.20.182	attackbots	SP-Scan 64971:3389 detected 2020.09.28 23:37:18 blocked until 2020.11.17 15:40:05	2020-09-29 15:08:13
49.233.147.147	attackspambots	Sep 29 06:56:59 rush sshd[21542]: Failed password for root from 49.233.147.147 port 44970 ssh2 Sep 29 07:06:04 rush sshd[21842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.147.147 Sep 29 07:06:05 rush sshd[21842]: Failed password for invalid user diana from 49.233.147.147 port 59690 ssh2 ...	2020-09-29 15:12:34
142.93.238.233	attackspam	Port scan denied	2020-09-29 15:21:39
202.189.238.235	attack	srvr2: (mod_security) mod_security (id:920350) triggered by 202.189.238.235 (IN/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/28 22:38:08 [error] 890067#0: 830037 [client 202.189.238.235] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160132548810.733798"] [ref "o0,16v21,16"], client: 202.189.238.235, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-29 14:54:27

Recently Reported IPs

98.123.7.190	163.26.166.43	57.66.129.188	54.175.84.219
163.65.179.139	74.223.84.96	185.95.110.242	171.32.86.24
51.69.101.168	195.58.56.243	88.161.1.180	115.184.110.154
203.160.64.55	23.74.65.188	91.234.25.170	146.74.140.219
44.213.129.45	130.5.143.26	182.110.212.11	144.50.5.75