94.102.56.216 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Incrediserve Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	UDP 94.102.56.216:58033 -> port 9136, len 57	2020-10-04 06:42:37
attackbots	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-03 22:50:19
attackspambots	UDP 94.102.56.216:37116 -> port 8700, len 57	2020-10-03 14:33:58
attackspam	94.102.56.216 was recorded 6 times by 4 hosts attempting to connect to the following ports: 7659,7748. Incident counter (4h, 24h, all-time): 6, 26, 2934	2020-10-01 07:09:24
attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 82 - port: 7000 proto: udp cat: Misc Attackbytes: 71	2020-09-30 23:35:35
attackbots	Port Scan: UDP/49209	2020-09-26 01:33:52
attackbots	Found on CINS badguys / proto=17 . srcport=60487 . dstport=49155 . (486)	2020-09-25 17:11:54
attackspambots	UDP 94.102.56.216:48986 -> port 27016, len 57	2020-09-19 22:44:26
attackbots	UDP 94.102.56.216:48692 -> port 16991, len 57	2020-09-19 14:34:09
attackbotsspam	ET CINS Active Threat Intelligence Poor Reputation IP group 75 - port: 10633 proto: udp cat: Misc Attackbytes: 71	2020-09-19 06:11:09
attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 84 - port: 48128 proto: udp cat: Misc Attackbytes: 71	2020-09-09 03:05:14
attackspambots	UDP ports : 9136 / 9216 / 9221 / 9251 / 9500 / 9527 / 9728 / 9993 / 10009 / 10285 / 10633 / 11211 / 16464 / 16889 / 16991 / 18011 / 21234 / 24265 / 24292 / 27016 / 28007 / 28008 / 28025 / 28070 / 34096 / 36748 / 37087 / 37917 / 40515 / 40663 / 40673 / 40692 / 40738 / 40741 / 40748 / 40751 / 40752 / 40779 / 40783 / 40801 / 40803 / 40807 / 40816 / 40817 / 40826 / 40830 / 40832 / 40833 / 40836 / 40849 / 40860 / 40867 / 40870 / 40873 / 40874 / 40890 / 40906 / 40914 / 40927 / 40931 / 40947 / 40954 / 41007 / 41046 / 41047 / 41057 / 41083 / 41086 / 41087 / 41111 / 41114 / 41117 / 41119 / 41123 / 41141 / 41143 / 41151 / 41156 / 41157 / 41180 / 41181 / 41190 / 41197 / 41217	2020-09-08 18:38:50
attack	Fail2Ban Ban Triggered	2020-08-30 08:38:37
attackspambots	SmallBizIT.US 3 packets to udp(1080,1083,1285)	2020-08-27 12:57:23
attackbots	94.102.56.216 was recorded 6 times by 4 hosts attempting to connect to the following ports: 1065,1080. Incident counter (4h, 24h, all-time): 6, 30, 1863	2020-08-27 08:15:32
attackspam	94.102.56.216 was recorded 6 times by 4 hosts attempting to connect to the following ports: 1049,1056. Incident counter (4h, 24h, all-time): 6, 27, 1852	2020-08-27 00:34:55
attackspambots	94.102.56.216 was recorded 5 times by 4 hosts attempting to connect to the following ports: 56243,57057. Incident counter (4h, 24h, all-time): 5, 33, 1815	2020-08-25 17:09:16
attackspambots	UDP 94.102.56.216:46851 -> port 49155, len 166	2020-08-23 23:47:16
attackbotsspam	firewall-block, port(s): 28007/udp	2020-08-18 02:47:54
attackbotsspam	SmallBizIT.US 4 packets to udp(8108,8118,8182,8200)	2020-08-15 12:15:13
attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 91 - port: 1285 proto: udp cat: Misc Attackbytes: 71	2020-08-11 08:02:56
attackbotsspam	94.102.56.216 was recorded 8 times by 4 hosts attempting to connect to the following ports: 55080,55333,55050. Incident counter (4h, 24h, all-time): 8, 37, 1316	2020-08-09 05:18:00
attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 92 - port: 49209 proto: udp cat: Misc Attackbytes: 71	2020-08-08 06:55:20
attack	SmallBizIT.US 4 packets to udp(41141,41143,41151,41156)	2020-08-06 18:11:39
attack	Persistent port scanning [13 denied]	2020-08-03 13:55:48
attackbots	SmallBizIT.US 4 packets to udp(28008,28025,28070,34096)	2020-08-02 06:22:08
attackbotsspam	Jul 26 00:57:49 debian-2gb-nbg1-2 kernel: \[17976382.073475\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=94.102.56.216 DST=195.201.40.59 LEN=57 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=UDP SPT=54905 DPT=1543 LEN=37	2020-07-26 07:01:02
attackbotsspam	[Fri Jul 24 02:19:15 2020] - DDoS Attack From IP: 94.102.56.216 Port: 42831	2020-07-25 14:15:51
attackspambots	SmallBizIT.US 3 packets to udp(59999,60001,61000)	2020-07-24 12:06:05
attackbotsspam	ET CINS Active Threat Intelligence Poor Reputation IP group 85 - port: 50696 proto: udp cat: Misc Attackbytes: 71	2020-07-23 13:45:03

Comments on same subnet:

IP	Type	Details	Datetime
94.102.56.238	attackspam	Too many connections or unauthorized access detected from Yankee banned ip	2020-10-12 03:37:21
94.102.56.238	attack	2020-10-11 14:30:32 dovecot_login authenticator failed for (User) [94.102.56.238]: 535 Incorrect authentication data (set_id=office@usmancity.ru) 2020-10-11 14:30:38 dovecot_login authenticator failed for (User) [94.102.56.238]: 535 Incorrect authentication data (set_id=office@usmancity.ru) 2020-10-11 14:30:48 dovecot_login authenticator failed for (User) [94.102.56.238]: 535 Incorrect authentication data (set_id=office@usmancity.ru) ...	2020-10-11 19:32:44
94.102.56.238	attackspam	Oct 10 14:08:39 mail postfix/smtpd[102206]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: generic failure Oct 10 14:08:39 mail postfix/smtpd[102206]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: generic failure Oct 10 14:08:39 mail postfix/smtpd[102206]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: generic failure Oct 10 14:08:39 mail postfix/smtpd[102206]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: generic failure Oct 10 14:08:39 mail postfix/smtpd[102206]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: generic failure ...	2020-10-10 22:16:54
94.102.56.238	attackbotsspam	Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure Oct 10 06:36:11 ns308116 postfix/smtpd[8160]: warning: unknown[94.102.56.238]: SASL LOGIN authentication failed: authentication failure ...	2020-10-10 14:10:32
94.102.56.238	attackspambots	2020-10-10 02:08:19 auth_plain authenticator failed for (User) [94.102.56.238]: 535 Incorrect authentication data (set_id=test@lavrinenko.info,) 2020-10-10 02:08:19 SMTP call from (User) [94.102.56.238] dropped: too many nonmail commands (last was "RSET") ...	2020-10-10 07:48:07
94.102.56.238	attackbotsspam	Oct 9 18:07:38 srv3 postfix/smtpd\[26675\]: warning: unknown\[94.102.56.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 9 18:07:44 srv3 postfix/smtpd\[26675\]: warning: unknown\[94.102.56.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 9 18:07:54 srv3 postfix/smtpd\[26675\]: warning: unknown\[94.102.56.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-10-10 00:10:00
94.102.56.238	attackspam	SMTP AUTH break-in attempt.	2020-10-09 15:55:55
94.102.56.151	attackbots	Persistent port scanning [69 denied]	2020-10-06 02:03:26
94.102.56.238	attack	warning: unknown[94.102.56.238]: SASL LOGIN authentication failed	2020-10-06 01:30:36
94.102.56.151	attackbots	Persistent port scanning [69 denied]	2020-10-05 17:51:34
94.102.56.238	attackspam	SASL LOGIN authentication failed: authentication failure	2020-10-05 17:22:19
94.102.56.238	attackspambots	Port probe and connect to SMTP:25. Auth intiated but dropped.	2020-10-04 03:59:49
94.102.56.238	attackbots	2020-10-03 13:06:53 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:06:59 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:07:09 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:07:26 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:07:43 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:08:00 dovecot_login authenticator failed for \(User\) \[94.102.56.238\]: 535 Incorrect authentication data \(set_id=info@no-server.de\) 2020-10-03 13:08:00 SMTP call from \(User\) \[94.102.56.238\] dropped: too many nonmail commands \(l ...	2020-10-03 20:01:35
94.102.56.238	attackspam	scans once in preceeding hours on the ports (in chronological order) 5900 resulting in total of 44 scans from 94.102.48.0/20 block.	2020-10-01 06:44:49
94.102.56.238	attackspam	TCP port : 5900	2020-09-30 23:08:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.102.56.216
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30252
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.102.56.216.			IN	A

;; AUTHORITY SECTION:
.			449	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071400 1800 900 604800 86400

;; Query time: 139 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jul 14 18:01:50 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 216.56.102.94.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 216.56.102.94.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
5.101.0.209	attackbotsspam	Unauthorized connection attempt detected from IP address 5.101.0.209 to port 80 [T]	2020-05-05 04:58:30
165.22.112.45	attackspambots	May 4 22:49:16 haigwepa sshd[24890]: Failed password for root from 165.22.112.45 port 36936 ssh2 ...	2020-05-05 04:58:10
106.51.138.234	attack	Automatic report - Banned IP Access	2020-05-05 04:43:58
198.108.66.208	attack	Connection by 198.108.66.208 on port: 82 got caught by honeypot at 5/4/2020 9:27:06 PM	2020-05-05 04:51:31
190.195.167.75	attack	Unauthorized connection attempt detected from IP address 190.195.167.75 to port 23	2020-05-05 04:25:03
80.211.245.103	attackspambots	2020-05-04T20:22:49.944944shield sshd\[6192\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.245.103 user=root 2020-05-04T20:22:51.559258shield sshd\[6192\]: Failed password for root from 80.211.245.103 port 46180 ssh2 2020-05-04T20:27:37.097174shield sshd\[7614\]: Invalid user johanna from 80.211.245.103 port 55622 2020-05-04T20:27:37.101601shield sshd\[7614\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.245.103 2020-05-04T20:27:39.252972shield sshd\[7614\]: Failed password for invalid user johanna from 80.211.245.103 port 55622 ssh2	2020-05-05 04:27:43
198.108.67.28	attackspambots	firewall-block, port(s): 4567/tcp	2020-05-05 04:36:29
198.108.67.126	attackspam	05/04/2020-16:27:39.072766 198.108.67.126 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-05-05 04:28:19
106.75.174.87	attackspam	DATE:2020-05-04 22:29:46, IP:106.75.174.87, PORT:ssh SSH brute force auth (docker-dc)	2020-05-05 04:39:22
190.12.30.2	attackspambots	3x Failed Password	2020-05-05 04:30:37
60.251.149.158	attack	Brute force SMTP login attempted. ...	2020-05-05 04:37:16
186.92.7.223	attackspam	Unauthorized connection attempt detected from IP address 186.92.7.223 to port 80	2020-05-05 04:26:49
220.133.97.20	attackbots	May 4 22:22:54 sso sshd[27202]: Failed password for root from 220.133.97.20 port 56772 ssh2 ...	2020-05-05 04:53:52
222.186.15.158	attackspam	May 4 20:51:03 localhost sshd[101849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.158 user=root May 4 20:51:05 localhost sshd[101849]: Failed password for root from 222.186.15.158 port 19104 ssh2 May 4 20:51:09 localhost sshd[101849]: Failed password for root from 222.186.15.158 port 19104 ssh2 May 4 20:51:03 localhost sshd[101849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.158 user=root May 4 20:51:05 localhost sshd[101849]: Failed password for root from 222.186.15.158 port 19104 ssh2 May 4 20:51:09 localhost sshd[101849]: Failed password for root from 222.186.15.158 port 19104 ssh2 May 4 20:51:03 localhost sshd[101849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.158 user=root May 4 20:51:05 localhost sshd[101849]: Failed password for root from 222.186.15.158 port 19104 ssh2 May 4 20:51:09 localhost sshd[10 ...	2020-05-05 04:57:33
111.231.77.115	attackbots	May 4 22:23:32 v22019038103785759 sshd\[9988\]: Invalid user www from 111.231.77.115 port 49236 May 4 22:23:32 v22019038103785759 sshd\[9988\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.77.115 May 4 22:23:34 v22019038103785759 sshd\[9988\]: Failed password for invalid user www from 111.231.77.115 port 49236 ssh2 May 4 22:27:33 v22019038103785759 sshd\[10270\]: Invalid user zanni from 111.231.77.115 port 50236 May 4 22:27:33 v22019038103785759 sshd\[10270\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.77.115 ...	2020-05-05 04:32:37

Recently Reported IPs

202.83.36.38	185.33.201.253	165.231.130.231	110.78.149.219
13.232.101.122	129.204.248.191	144.64.128.43	180.4.197.243
176.149.136.104	39.59.58.172	58.26.87.94	114.40.157.8
162.38.65.49	113.162.184.214	27.115.127.210	35.229.138.243
165.22.115.81	61.69.79.170	147.135.208.33	112.30.194.160