74.120.14.17 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Default Route LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	" "	2020-10-10 07:43:15
attackbots	TCP (SYN) 74.120.14.17:33514 -> port 23, len 44	2020-10-10 00:05:21
attack	Hit honeypot r.	2020-10-09 15:51:50
attack	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-10-05 06:18:40
attack	TCP (SYN) 74.120.14.17:13080 -> port 81, len 44	2020-10-04 22:18:05
attack	ET CINS Active Threat Intelligence Poor Reputation IP group 63 - port: 587 proto: tcp cat: Misc Attackbytes: 60	2020-10-04 14:04:43
attackbots	TCP (SYN) 74.120.14.17:11686 -> port 4567, len 44	2020-10-03 05:45:00
attackspambots	firewall-block, port(s): 2082/tcp	2020-10-03 01:09:35
attack	TCP (SYN) 74.120.14.17:1125 -> port 587, len 44	2020-10-02 21:39:41
attackbots	TCP (SYN) 74.120.14.17:30995 -> port 110, len 44	2020-10-02 18:11:30
attackbotsspam	TCP (SYN) 74.120.14.17:16491 -> port 443, len 44	2020-10-01 07:46:28
attack	firewall-block, port(s): 8888/tcp	2020-10-01 00:15:40

Comments on same subnet:

IP	Type	Details	Datetime
74.120.14.29	attackbots	TCP (SYN) 74.120.14.29:49585 -> port 995, len 44	2020-10-14 06:47:10
74.120.14.18	attack	TCP (SYN) 74.120.14.18:63537 -> port 8080, len 44	2020-10-14 05:41:37
74.120.14.16	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 66 - port: 8089 proto: tcp cat: Misc Attackbytes: 60	2020-10-14 05:22:14
74.120.14.71	attackbotsspam	ET CINS Active Threat Intelligence Poor Reputation IP group 67 - port: 7070 proto: tcp cat: Misc Attackbytes: 60	2020-10-14 05:06:23
74.120.14.27	attackspambots	Port scan: Attack repeated for 24 hours	2020-10-14 03:44:00
74.120.14.74	attack	TCP (SYN) 74.120.14.74:36705 -> port 5495, len 44	2020-10-13 22:38:32
74.120.14.16	attack	TCP (SYN) 74.120.14.16:37330 -> port 25, len 44	2020-10-13 20:41:28
74.120.14.67	attackbots	9833/tcp 9718/tcp 18029/tcp... [2020-09-14/10-13]192pkt,176pt.(tcp)	2020-10-13 20:41:03
74.120.14.27	attackspam	TCP (SYN) 74.120.14.27:33289 -> port 2222, len 44	2020-10-13 19:03:33
74.120.14.74	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 65	2020-10-13 13:59:10
74.120.14.16	attack	spam	2020-10-13 12:13:05
74.120.14.67	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 65 - port: 8382 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 12:12:48
74.120.14.75	attackspam	TCP (SYN) 74.120.14.75:2675 -> port 3010, len 44	2020-10-13 12:12:15
74.120.14.74	attackbots	TCP (SYN) 74.120.14.74:24302 -> port 9845, len 44	2020-10-13 06:43:19
74.120.14.16	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 64 - port: 1194 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 05:02:43

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 74.120.14.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20820
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;74.120.14.17.			IN	A

;; AUTHORITY SECTION:
.			344	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020093000 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Sep 30 16:37:24 CST 2020
;; MSG SIZE  rcvd: 116

Host info

17.14.120.74.in-addr.arpa domain name pointer scanner-02.ch1.censys-scanner.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
17.14.120.74.in-addr.arpa	name = scanner-02.ch1.censys-scanner.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.62.227.247	attackbotsspam	prod8 ...	2020-09-19 06:38:01
178.137.168.177	attackspambots	Sep 18 17:00:56 ssh2 sshd[28650]: Connection from 178.137.168.177 port 35068 on 192.240.101.3 port 22 Sep 18 17:00:58 ssh2 sshd[28650]: Invalid user pi from 178.137.168.177 port 35068 Sep 18 17:00:58 ssh2 sshd[28650]: Failed password for invalid user pi from 178.137.168.177 port 35068 ssh2 ...	2020-09-19 06:54:41
61.227.91.130	attackspam	Unauthorized connection attempt from IP address 61.227.91.130 on Port 445(SMB)	2020-09-19 06:18:43
121.66.252.158	attackbots	2 SSH login attempts.	2020-09-19 06:31:10
176.235.176.194	attackbotsspam	Unauthorized connection attempt from IP address 176.235.176.194 on Port 445(SMB)	2020-09-19 06:26:38
120.42.145.30	attackspam	120.42.145.30 - - [18/Sep/2020:18:00:37 +0100] "POST /wp-login.php HTTP/1.1" 200 1967 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 120.42.145.30 - - [18/Sep/2020:18:01:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 120.42.145.30 - - [18/Sep/2020:18:01:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-19 06:39:02
78.128.113.120	attackbots	2020-09-19 00:33:27 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:33:36 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:33:41 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:33:52 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:33:57 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:34:02 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-09-19 00:34:07 dovecot_login authenticator failed for $ip-113-120.4vendeta.com.$ \[78.128.113.120\]: 535 Incorrect authentication data 2020-0 ...	2020-09-19 06:53:47
190.39.54.157	attack	Unauthorized connection attempt from IP address 190.39.54.157 on Port 445(SMB)	2020-09-19 06:26:20
167.71.146.237	attackbots	2020-09-18T22:51:34+0200 Failed SSH Authentication/Brute Force Attack. (Server 4)	2020-09-19 06:31:56
114.228.96.199	attack	srvr2: (mod_security) mod_security (id:920350) triggered by 114.228.96.199 (CN/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/18 19:01:03 [error] 22734#0: 99767 [client 114.228.96.199] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/phpmyadmin/"] [unique_id "160044846384.253432"] [ref "o0,15v155,15"], client: 114.228.96.199, [redacted] request: "GET /phpmyadmin/ HTTP/1.1" [redacted]	2020-09-19 06:43:41
195.95.223.62	attackspambots	1600448486 - 09/18/2020 19:01:26 Host: 195.95.223.62/195.95.223.62 Port: 445 TCP Blocked	2020-09-19 06:21:15
111.229.163.149	attackspam	Sep 18 21:12:46 ovpn sshd\[9454\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.163.149 user=root Sep 18 21:12:48 ovpn sshd\[9454\]: Failed password for root from 111.229.163.149 port 58868 ssh2 Sep 18 21:21:05 ovpn sshd\[11586\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.163.149 user=root Sep 18 21:21:06 ovpn sshd\[11586\]: Failed password for root from 111.229.163.149 port 57858 ssh2 Sep 18 21:24:13 ovpn sshd\[12425\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.163.149 user=root	2020-09-19 06:36:38
183.80.17.230	attackspambots	Unauthorized connection attempt from IP address 183.80.17.230 on Port 445(SMB)	2020-09-19 06:42:55
192.241.237.220	attack	port scan and connect, tcp 3050 (firebird)	2020-09-19 06:46:10
164.68.111.62	attack	Sep 18 23:03:21 wordpress wordpress(www.ruhnke.cloud)[22252]: Blocked authentication attempt for admin from 164.68.111.62	2020-09-19 06:25:13

Recently Reported IPs

209.50.143.177	102.33.10.57	168.61.48.38	206.189.121.234
186.121.200.114	167.114.52.16	87.182.217.77	115.56.182.221
104.248.131.113	177.41.186.19	31.140.142.53	135.185.99.152
37.49.230.173	49.234.126.83	211.233.134.49	133.106.34.30
125.19.30.200	40.204.111.201	232.91.61.217	109.237.97.128