IP address: 194.26.69.106

Host rating:

2.0

out of 24 votes

Last update: 2020-04-02

Host details

Unknown
Netherlands
Unknown
Unknown
See comments

Reported breaches

  • Port scan
Report breach

Whois record

The publicly-available Whois record found at whois.ripe.net server.

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '194.26.69.0 - 194.26.69.255'

% Abuse contact for '194.26.69.0 - 194.26.69.255' is '[email protected]'

inetnum:        194.26.69.0 - 194.26.69.255
netname:        RU-MEDIA-LAND-2-20191120
country:        NL
org:            ORG-MLL14-RIPE
admin-c:        AV12030-RIPE
tech-c:         AV12030-RIPE
mnt-routes:     COGENT-ROUTE-MNT
status:         ALLOCATED PA
mnt-by:         mnt-ru-media-land-2-1
mnt-by:         RIPE-NCC-HM-MNT
created:        2019-11-20T12:50:21Z
last-modified:  2019-12-21T14:50:06Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.96 (ANGUS)


User comments

24 security incident(s) reported by users

BHD Honeypot
Port scan
2020-04-02

In the last 24h, the attacker (194.26.69.106) attempted to scan 99 ports.
The following ports have been scanned: 6689/tcp (Tofino Security Appliance), 48648/tcp, 3398/tcp (Mercantile), 33388/tcp, 3390/tcp (Distributed Service Coordinator), 3395/tcp (Dyna License Manager (Elam)), 13389/tcp, 9833/tcp, 3383/tcp (Enterprise Software Products License Manager), 5555/tcp (Personal Agent), 3387/tcp (Back Room Net), 62666/tcp, 6969/tcp (acmsoda), 4000/tcp (Terabase), 3385/tcp (qnxnetman), 33389/tcp, 33890/tcp, 3393/tcp (D2K Tapestry Client to Server), 3392/tcp (EFI License Management), 3394/tcp (D2K Tapestry Server to Server), 3391/tcp (SAVANT), 23389/tcp, 55555/tcp, 3331/tcp (MCS Messaging), 63389/tcp, 3381/tcp (Geneous), 43389/tcp, 7777/tcp (cbt), 33891/tcp, 3333/tcp (DEC Notes), 65000/tcp, 41011/tcp, 8888/tcp (NewsEDGE server TCP (TCP 1)), 33899/tcp, 33333/tcp (Digital Gaslight Service), 3380/tcp (SNS Channels), 3397/tcp (Cloanto License Manager), 53389/tcp, 3399/tcp (CSMS), 31026/tcp, 9999/tcp (distinct), 3382/tcp (Fujitsu Network Enhanced Antitheft function), 3388/tcp (CB Server), 55678/tcp.
      
BHD Honeypot
Port scan
2020-04-01

In the last 24h, the attacker (194.26.69.106) attempted to scan 61 ports.
The following ports have been scanned: 44389/tcp, 48648/tcp, 9654/tcp, 3368/tcp, 9000/tcp (CSlistener), 13389/tcp, 23/tcp (Telnet), 2647/tcp (SyncServer), 3387/tcp (Back Room Net), 3008/tcp (Midnight Technologies), 7089/tcp, 8027/tcp, 1990/tcp (cisco STUN Priority 1 port), 3608/tcp (Trendchip control protocol), 3373/tcp (Lavenir License Manager), 22039/tcp, 38888/tcp, 3434/tcp (OpenCM Server), 3386/tcp (GPRS Data), 3385/tcp (qnxnetman), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 89/tcp (SU/MIT Telnet Gateway), 2288/tcp (NETML), 3030/tcp (Arepa Cas), 3391/tcp (SAVANT), 23389/tcp, 3011/tcp (Trusted Web), 6050/tcp, 3400/tcp (CSMS2), 3331/tcp (MCS Messaging), 8899/tcp (ospf-lite), 9852/tcp, 7447/tcp, 9389/tcp (Active Directory Web Services), 3381/tcp (Geneous), 3102/tcp (SoftlinK Slave Mon Port), 7777/tcp (cbt), 3367/tcp (-3371  Satellite Video Data Link), 3333/tcp (DEC Notes), 8811/tcp, 34567/tcp (dhanalakshmi.org EDI Service), 8035/tcp, 10000/tcp (Network Data Management Protocol), 33333/tcp (Digital Gaslight Service), 4499/tcp, 3399/tcp (CSMS), 31026/tcp, 9991/tcp (OSM Event Server), 1063/tcp (KyoceraNetDev), 3382/tcp (Fujitsu Network Enhanced Antitheft function), 3388/tcp (CB Server), 8882/tcp, 2000/tcp (Cisco SCCP), 2019/tcp (whosockami), 55678/tcp, 2237/tcp (Optech Port1 License Manager), 2727/tcp (Media Gateway Control Protocol Call Agent).
      
BHD Honeypot
Port scan
2020-03-31

In the last 24h, the attacker (194.26.69.106) attempted to scan 67 ports.
The following ports have been scanned: 1223/tcp (TrulyGlobal Protocol), 3368/tcp, 9047/tcp, 1357/tcp (Electronic PegBoard), 2222/tcp (EtherNet/IP I/O), 20202/tcp (IPD Tunneling Port), 9000/tcp (CSlistener), 3358/tcp (Mp Sys Rmsvr), 9006/tcp, 5678/tcp (Remote Replication Agent Connection), 4002/tcp (pxc-spvr-ft), 30000/tcp, 2011/tcp (raid), 1093/tcp (PROOFD), 82/tcp (XFER Utility), 8765/tcp (Ultraseek HTTP), 33289/tcp, 3008/tcp (Midnight Technologies), 3446/tcp (3Com FAX RPC port), 2080/tcp (Autodesk NLM (FLEXlm)), 60000/tcp, 4466/tcp, 1166/tcp (QSM RemoteExec), 4334/tcp, 3384/tcp (Cluster Management Services), 4324/tcp (Balour Game Server), 3666/tcp (IBM eServer PAP), 33898/tcp, 7779/tcp (VSTAT), 33814/tcp, 3394/tcp (D2K Tapestry Server to Server), 4789/tcp, 1089/tcp (FF Annunciation), 6060/tcp, 3300/tcp, 5189/tcp, 7042/tcp, 3340/tcp (OMF data m), 3355/tcp (Ordinox Dbase), 33099/tcp, 23232/tcp, 1151/tcp (Unizensus Login Server), 3304/tcp (OP Session Server), 1084/tcp (Anasoft License Manager), 43210/tcp, 1234/tcp (Infoseek Search Agent), 33892/tcp, 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 1235/tcp (mosaicsyssvc1), 1011/tcp, 33079/tcp, 3342/tcp (WebTIE), 2929/tcp (AMX-WEBADMIN), 30303/tcp, 85/tcp (MIT ML Device), 3380/tcp (SNS Channels), 11101/tcp, 3529/tcp (JBoss IIOP/SSL), 4005/tcp (pxc-pin), 2000/tcp (Cisco SCCP), 33894/tcp, 2021/tcp (servexec), 2727/tcp (Media Gateway Control Protocol Call Agent).
      
BHD Honeypot
Port scan
2020-03-30

In the last 24h, the attacker (194.26.69.106) attempted to scan 62 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 2589/tcp (quartus tcl), 9654/tcp, 6669/tcp, 9006/tcp, 4090/tcp (OMA BCAST Service Guide), 9696/tcp, 8041/tcp, 3012/tcp (Trusted Web Client), 13389/tcp, 30000/tcp, 3104/tcp (Autocue Logger Protocol), 5589/tcp, 3578/tcp (Data Port), 7011/tcp (Talon Discovery Port), 8027/tcp, 8031/tcp, 7799/tcp (Alternate BSDP Service), 3535/tcp (MS-LA), 8050/tcp, 11000/tcp (IRISA), 8083/tcp (Utilistor (Server)), 3080/tcp (stm_pproc), 2200/tcp (ICI), 33091/tcp, 3411/tcp (BioLink Authenteon server), 7198/tcp, 10100/tcp (VERITAS ITAP DDTP), 5544/tcp, 3300/tcp, 3313/tcp (Unify Object Broker), 7042/tcp, 3400/tcp (CSMS2), 33489/tcp, 3355/tcp (Ordinox Dbase), 9852/tcp, 3304/tcp (OP Session Server), 8084/tcp, 32323/tcp, 4341/tcp (LISP Data Packets), 2626/tcp (gbjd816), 3367/tcp (-3371  Satellite Video Data Link), 8811/tcp, 33079/tcp, 3970/tcp (LANrev Agent), 8035/tcp, 10000/tcp (Network Data Management Protocol), 5500/tcp (fcp-addr-srvr1), 9999/tcp (distinct), 54321/tcp, 3388/tcp (CB Server), 3504/tcp (IronStorm game server), 2010/tcp (search), 8882/tcp, 10002/tcp (EMC-Documentum Content Server Product), 3591/tcp (LOCANIS G-TRACK Server).
      
BHD Honeypot
Port scan
2020-03-29

Port scan from IP: 194.26.69.106 detected by psad.
BHD Honeypot
Port scan
2020-03-29

In the last 24h, the attacker (194.26.69.106) attempted to scan 21 ports.
The following ports have been scanned: 2589/tcp (quartus tcl), 1022/tcp (RFC3692-style Experiment 2 (*)    [RFC4727]), 2011/tcp (raid), 3050/tcp (gds_db), 8900/tcp (JMB-CDS 1), 3080/tcp (stm_pproc), 3384/tcp (Cluster Management Services), 3411/tcp (BioLink Authenteon server), 6080/tcp, 8002/tcp (Teradata ORDBMS), 5110/tcp, 1992/tcp (IPsendmsg), 9389/tcp (Active Directory Web Services), 3360/tcp (KV Server), 3116/tcp (MCTET Gateway), 8000/tcp (iRDMI), 30303/tcp, 4499/tcp, 3399/tcp (CSMS).
      
BHD Honeypot
Port scan
2020-03-28

In the last 24h, the attacker (194.26.69.106) attempted to scan 31 ports.
The following ports have been scanned: 4010/tcp (Samsung Unidex), 6286/tcp, 4145/tcp (VVR Control), 4636/tcp, 8866/tcp, 7632/tcp, 6999/tcp (IATP-normalPri), 6073/tcp (DirectPlay8), 4001/tcp (NewOak), 4074/tcp (Cequint City ID UI trigger), 5398/tcp (Elektron Administration), 4599/tcp (A17 (AN-AN)), 8058/tcp (Senomix Timesheets Client [1 year assignment]), 2032/tcp (blackboard), 3675/tcp (CallTrax Data Port), 6919/tcp, 8080/tcp (HTTP Alternate (see port 80)), 7177/tcp, 5110/tcp, 3115/tcp (MCTET Master), 7960/tcp, 4299/tcp, 1992/tcp (IPsendmsg), 33891/tcp, 9496/tcp, 6218/tcp, 8505/tcp, 6885/tcp.
      
BHD Honeypot
Port scan
2020-03-27

In the last 24h, the attacker (194.26.69.106) attempted to scan 75 ports.
The following ports have been scanned: 3063/tcp (ncadg-ip-udp), 4591/tcp (HRPD L3T (AT-AN)), 8348/tcp, 7047/tcp, 8297/tcp, 5015/tcp (FileMaker, Inc. - Web publishing), 3746/tcp (LXPRO.COM LinkTest), 6073/tcp (DirectPlay8), 2577/tcp (Scriptics Lsrvr), 4074/tcp (Cequint City ID UI trigger), 9736/tcp, 5398/tcp (Elektron Administration), 4599/tcp (A17 (AN-AN)), 4933/tcp, 7394/tcp (File system export of backup images), 8058/tcp (Senomix Timesheets Client [1 year assignment]), 2032/tcp (blackboard), 5991/tcp (NUXSL), 3675/tcp (CallTrax Data Port), 6919/tcp, 3168/tcp (Now Up-to-Date Public Server), 6390/tcp (MetaEdit+ WebService API), 6726/tcp, 7745/tcp, 3295/tcp (Dynamic IP Lookup), 2590/tcp (idotdist), 7177/tcp, 3260/tcp (iSCSI port), 3751/tcp (CommLinx GPRS Cube), 4597/tcp (A21 (AN-1xBS)), 7318/tcp, 6707/tcp, 8695/tcp, 9496/tcp, 6328/tcp, 5222/tcp (XMPP Client Connection), 5163/tcp (Shadow Backup), 6218/tcp, 2026/tcp (scrabble), 8505/tcp, 8426/tcp, 6885/tcp.
      
BHD Honeypot
Port scan
2020-03-26

In the last 24h, the attacker (194.26.69.106) attempted to scan 77 ports.
The following ports have been scanned: 1993/tcp (cisco SNMP TCP port), 5060/tcp (SIP), 2005/tcp (berknet), 1991/tcp (cisco STUN Priority 2 port), 2012/tcp (ttyinfo), 4123/tcp (Zensys Z-Wave Control Protocol), 4090/tcp (OMA BCAST Service Guide), 5698/tcp, 5896/tcp, 2013/tcp (raid-am), 2001/tcp (dc), 8410/tcp, 2002/tcp (globe), 2011/tcp (raid), 1995/tcp (cisco perf port), 8090/tcp, 4030/tcp (Accell/JSP Daemon Port), 1190/tcp (CommLinx GPS / AVL System), 5590/tcp, 1020/tcp, 1990/tcp (cisco STUN Priority 1 port), 2009/tcp (news), 8876/tcp, 9987/tcp (DSM/SCM Target Interface), 6654/tcp, 7080/tcp (EmpowerID Communication), 7765/tcp, 4789/tcp, 9856/tcp, 5030/tcp (SurfPass), 2015/tcp (cypress), 8523/tcp, 4020/tcp (TRAP Port), 6690/tcp, 9510/tcp, 1992/tcp (IPsendmsg), 2014/tcp (troff), 2004/tcp (mailbox), 3089/tcp (ParaTek Agent Linking), 6070/tcp (Messageasap), 3090/tcp (Senforce Session Services), 3201/tcp (CPQ-TaskSmart), 8547/tcp, 5632/tcp (pcANYWHEREstat), 1996/tcp (cisco Remote SRB port), 2018/tcp (terminaldb), 2003/tcp (Brutus Server), 2210/tcp (NOAAPORT Broadcast Network), 2006/tcp (invokator), 4490/tcp, 2019/tcp (whosockami).
      
BHD Honeypot
Port scan
2020-03-25

In the last 24h, the attacker (194.26.69.106) attempted to scan 136 ports.
The following ports have been scanned: 5060/tcp (SIP), 1999/tcp (cisco identification port), 2005/tcp (berknet), 1991/tcp (cisco STUN Priority 2 port), 4123/tcp (Zensys Z-Wave Control Protocol), 3321/tcp (VNSSTR), 5698/tcp, 5896/tcp, 2013/tcp (raid-am), 2290/tcp (Sonus Logging Services), 2001/tcp (dc), 8410/tcp, 2030/tcp (device2), 2002/tcp (globe), 1994/tcp (cisco serial tunnel port), 5020/tcp (zenginkyo-1), 1995/tcp (cisco perf port), 8090/tcp, 4030/tcp (Accell/JSP Daemon Port), 1190/tcp (CommLinx GPS / AVL System), 5590/tcp, 3214/tcp (JMQ Daemon Port 1), 1998/tcp (cisco X.25 service (XOT)), 1997/tcp (cisco Gateway Discovery Protocol), 5478/tcp, 1020/tcp, 1030/tcp (BBN IAD), 8876/tcp, 5090/tcp, 9987/tcp (DSM/SCM Target Interface), 2017/tcp (cypress-stat), 6654/tcp, 7080/tcp (EmpowerID Communication), 4563/tcp, 7765/tcp, 2016/tcp (bootserver), 4789/tcp, 5089/tcp, 5543/tcp, 9856/tcp, 5030/tcp (SurfPass), 2015/tcp (cypress), 8523/tcp, 4020/tcp (TRAP Port), 6690/tcp, 9510/tcp, 3020/tcp (CIFS), 1992/tcp (IPsendmsg), 2014/tcp (troff), 2008/tcp (conf), 3089/tcp (ParaTek Agent Linking), 6070/tcp (Messageasap), 3090/tcp (Senforce Session Services), 3201/tcp (CPQ-TaskSmart), 4089/tcp (OpenCORE Remote Control Service), 8547/tcp, 3258/tcp (Ivecon Server Port), 1996/tcp (cisco Remote SRB port), 2018/tcp (terminaldb), 2020/tcp (xinupageserver), 4432/tcp, 2003/tcp (Brutus Server), 3698/tcp (SAGECTLPANEL), 2210/tcp (NOAAPORT Broadcast Network), 2006/tcp (invokator), 4490/tcp, 2010/tcp (search), 2000/tcp (Cisco SCCP), 3654/tcp (VAP RealTime Messenger).
      
BHD Honeypot
Port scan
2020-03-24

In the last 24h, the attacker (194.26.69.106) attempted to scan 99 ports.
The following ports have been scanned: 1993/tcp (cisco SNMP TCP port), 5060/tcp (SIP), 1999/tcp (cisco identification port), 1991/tcp (cisco STUN Priority 2 port), 2012/tcp (ttyinfo), 5858/tcp, 3321/tcp (VNSSTR), 2290/tcp (Sonus Logging Services), 2001/tcp (dc), 8410/tcp, 2030/tcp (device2), 2002/tcp (globe), 2011/tcp (raid), 7775/tcp, 1994/tcp (cisco serial tunnel port), 5020/tcp (zenginkyo-1), 8090/tcp, 4030/tcp (Accell/JSP Daemon Port), 8745/tcp, 3214/tcp (JMQ Daemon Port 1), 1998/tcp (cisco X.25 service (XOT)), 1997/tcp (cisco Gateway Discovery Protocol), 1020/tcp, 1990/tcp (cisco STUN Priority 1 port), 2009/tcp (news), 1030/tcp (BBN IAD), 5090/tcp, 9987/tcp (DSM/SCM Target Interface), 2017/tcp (cypress-stat), 1101/tcp (PT2-DISCOVER), 7080/tcp (EmpowerID Communication), 4563/tcp, 7765/tcp, 2016/tcp (bootserver), 5089/tcp, 9856/tcp, 2015/tcp (cypress), 2007/tcp (dectalk), 9510/tcp, 3020/tcp (CIFS), 1992/tcp (IPsendmsg), 2014/tcp (troff), 2004/tcp (mailbox), 5515/tcp, 2008/tcp (conf), 3089/tcp (ParaTek Agent Linking), 3090/tcp (Senforce Session Services), 3201/tcp (CPQ-TaskSmart), 4089/tcp (OpenCORE Remote Control Service), 1996/tcp (cisco Remote SRB port), 2018/tcp (terminaldb), 2020/tcp (xinupageserver), 2003/tcp (Brutus Server), 2210/tcp (NOAAPORT Broadcast Network), 3388/tcp (CB Server), 2000/tcp (Cisco SCCP), 2019/tcp (whosockami), 3654/tcp (VAP RealTime Messenger).
      
BHD Honeypot
Port scan
2020-03-24

Port scan from IP: 194.26.69.106 detected by psad.
BHD Honeypot
Port scan
2020-03-23

In the last 24h, the attacker (194.26.69.106) attempted to scan 78 ports.
The following ports have been scanned: 2227/tcp (DI Messaging Service), 9292/tcp (ArmTech Daemon), 9009/tcp (Pichat Server), 7676/tcp (iMQ Broker Rendezvous), 9000/tcp (CSlistener), 5353/tcp (Multicast DNS), 1114/tcp (Mini SQL), 2221/tcp (Rockwell CSP1), 3663/tcp (DIRECWAY Tunnel Protocol), 2262/tcp (CoMotion Backup Server), 5599/tcp (Enterprise Security Remote Install), 3383/tcp (Enterprise Software Products License Manager), 8448/tcp, 5555/tcp (Personal Agent), 3363/tcp (NATI Vi Server), 6660/tcp, 7117/tcp, 8866/tcp, 6616/tcp, 4747/tcp, 3555/tcp (Vipul's Razor), 3636/tcp (SerVistaITSM), 5888/tcp, 5777/tcp (DALI Port), 6767/tcp (BMC PERFORM AGENT), 4949/tcp (Munin Graphing Framework), 5445/tcp, 6662/tcp, 7171/tcp (Discovery and Retention Mgt Production), 9979/tcp, 4114/tcp (JomaMQMonitor), 3131/tcp (Net Book Mark), 1441/tcp (Cadis License Management), 6556/tcp, 1188/tcp (HP Web Admin), 5585/tcp (BeInSync-sync), 2888/tcp (SPCSDLOBBY), 8848/tcp, 1001/tcp, 2828/tcp (ITM License Manager), 3353/tcp (FATPIPE), 6656/tcp (Emergency Message Control Service), 2882/tcp (NDTP), 5959/tcp, 5566/tcp (Westec Connect), 3553/tcp (Red Box Recorder ADP), 4004/tcp (pxc-roid), 5335/tcp, 8881/tcp, 7770/tcp, 7007/tcp (basic overseer process), 8889/tcp (Desktop Data TCP 1), 4554/tcp (MS FRS Replication), 6668/tcp, 7000/tcp (file server itself), 8822/tcp, 8888/tcp (NewsEDGE server TCP (TCP 1)), 8282/tcp, 6363/tcp, 5775/tcp, 3999/tcp (Norman distributes scanning service), 2929/tcp (AMX-WEBADMIN), 9779/tcp, 5444/tcp, 4555/tcp (RSIP Port), 5533/tcp, 3322/tcp (-3325  Active Networks).
      
BHD Honeypot
Port scan
2020-03-22

In the last 24h, the attacker (194.26.69.106) attempted to scan 97 ports.
The following ports have been scanned: 4474/tcp, 2227/tcp (DI Messaging Service), 1999/tcp (cisco identification port), 9009/tcp (Pichat Server), 2222/tcp (EtherNet/IP I/O), 4646/tcp, 5858/tcp, 9000/tcp (CSlistener), 1444/tcp (Marcam  License Management), 5575/tcp (Oracle Access Protocol), 3663/tcp (DIRECWAY Tunnel Protocol), 4448/tcp (ASC Licence Manager), 5555/tcp (Personal Agent), 5565/tcp, 7272/tcp (WatchMe Monitoring 7272), 7117/tcp, 8866/tcp, 4884/tcp (HiveStor Distributed File System), 7727/tcp (Trident Systems Data), 6616/tcp, 4747/tcp, 3555/tcp (Vipul's Razor), 4777/tcp, 5888/tcp, 3535/tcp (MS-LA), 7557/tcp, 4441/tcp, 8886/tcp, 5995/tcp, 6606/tcp, 5445/tcp, 1313/tcp (BMC_PATROLDB), 1181/tcp (3Com Net Management), 2200/tcp (ICI), 3337/tcp (Direct TV Data Catalog), 4114/tcp (JomaMQMonitor), 1717/tcp (fj-hdnet), 5552/tcp, 1661/tcp (netview-aix-1), 6556/tcp, 9339/tcp, 4445/tcp (UPNOTIFYP), 2888/tcp (SPCSDLOBBY), 8848/tcp, 3353/tcp (FATPIPE), 9494/tcp, 5544/tcp, 6656/tcp (Emergency Message Control Service), 3888/tcp (Ciphire Services), 5558/tcp, 5566/tcp (Westec Connect), 6665/tcp (-6669/udp  IRCU), 5757/tcp (OpenMail X.500 Directory Server), 3232/tcp (MDT port), 3553/tcp (Red Box Recorder ADP), 2323/tcp (3d-nfsd), 3355/tcp (Ordinox Dbase), 5335/tcp, 3338/tcp (OMF data b), 4242/tcp, 4554/tcp (MS FRS Replication), 7979/tcp (Micromuse-ncps), 5515/tcp, 2333/tcp (SNAPP), 9393/tcp, 6699/tcp, 8000/tcp (iRDMI), 3443/tcp (OpenView Network Node Manager WEB Server), 4414/tcp, 3777/tcp (Jibe EdgeBurst), 4411/tcp, 8868/tcp, 4499/tcp, 6161/tcp (PATROL Internet Srv Mgr), 6661/tcp, 9779/tcp, 2226/tcp (Digital Instinct DRM), 5444/tcp, 5533/tcp, 2727/tcp (Media Gateway Control Protocol Call Agent).
      
BHD Honeypot
Port scan
2020-03-21

In the last 24h, the attacker (194.26.69.106) attempted to scan 80 ports.
The following ports have been scanned: 4474/tcp, 2222/tcp (EtherNet/IP I/O), 8777/tcp, 5545/tcp, 1444/tcp (Marcam  License Management), 3303/tcp (OP Session Client), 1114/tcp (Mini SQL), 1881/tcp (IBM WebSphere MQ Everyplace), 7775/tcp, 6111/tcp (HP SoftBench Sub-Process Control), 4448/tcp (ASC Licence Manager), 8808/tcp, 5565/tcp, 6666/tcp, 4222/tcp, 4884/tcp (HiveStor Distributed File System), 8844/tcp, 6616/tcp, 9998/tcp (Distinct32), 4747/tcp, 3535/tcp (MS-LA), 8884/tcp, 1166/tcp (QSM RemoteExec), 5777/tcp (DALI Port), 8800/tcp (Sun Web Server Admin Service), 5995/tcp, 5050/tcp (multimedia conference control tool), 7227/tcp (Registry A & M Protocol), 6606/tcp, 7171/tcp (Discovery and Retention Mgt Production), 2200/tcp (ICI), 3131/tcp (Net Book Mark), 8787/tcp (Message Server), 8080/tcp (HTTP Alternate (see port 80)), 4224/tcp, 1661/tcp (netview-aix-1), 6556/tcp, 9339/tcp, 2888/tcp (SPCSDLOBBY), 1001/tcp, 1100/tcp (MCTP), 5544/tcp, 2882/tcp (NDTP), 5959/tcp, 3232/tcp (MDT port), 8881/tcp, 8889/tcp (Desktop Data TCP 1), 7979/tcp (Micromuse-ncps), 1111/tcp (LM Social Server), 8118/tcp (Privoxy HTTP proxy), 2333/tcp (SNAPP), 6446/tcp (MySQL Proxy), 6611/tcp, 8822/tcp, 4411/tcp, 8868/tcp, 6161/tcp (PATROL Internet Srv Mgr), 8383/tcp (M2m Services), 9559/tcp, 1222/tcp (SNI R&D network), 1141/tcp (User Message Service), 1112/tcp (Intelligent Communication Protocol), 8333/tcp, 9955/tcp, 8833/tcp.
      
BHD Honeypot
Port scan
2020-03-20

In the last 24h, the attacker (194.26.69.106) attempted to scan 91 ports.
The following ports have been scanned: 1999/tcp (cisco identification port), 9292/tcp (ArmTech Daemon), 9009/tcp (Pichat Server), 2222/tcp (EtherNet/IP I/O), 2224/tcp (Easy Flexible Internet/Multiplayer Games), 4646/tcp, 8668/tcp, 5353/tcp (Multicast DNS), 1131/tcp (CAC App Service Protocol Encripted), 1114/tcp (Mini SQL), 1881/tcp (IBM WebSphere MQ Everyplace), 5575/tcp (Oracle Access Protocol), 8885/tcp, 7775/tcp, 8448/tcp, 7778/tcp (Interwise), 8808/tcp, 7272/tcp (WatchMe Monitoring 7272), 6666/tcp, 6660/tcp, 7117/tcp, 4884/tcp (HiveStor Distributed File System), 8844/tcp, 3636/tcp (SerVistaITSM), 4777/tcp, 8884/tcp, 2777/tcp (Ridgeway Systems & Software), 6767/tcp (BMC PERFORM AGENT), 8886/tcp, 8800/tcp (Sun Web Server Admin Service), 4949/tcp (Munin Graphing Framework), 7111/tcp, 6662/tcp, 1101/tcp (PT2-DISCOVER), 9979/tcp, 4114/tcp (JomaMQMonitor), 9888/tcp (CYBORG Systems), 4224/tcp, 1441/tcp (Cadis License Management), 6556/tcp, 9339/tcp, 1188/tcp (HP Web Admin), 8848/tcp, 9889/tcp (Port for Cable network related data proxy or repeater), 9949/tcp, 1010/tcp (surf), 9494/tcp, 1100/tcp (MCTP), 6656/tcp (Emergency Message Control Service), 3888/tcp (Ciphire Services), 4004/tcp (pxc-roid), 3355/tcp (Ordinox Dbase), 8111/tcp, 8881/tcp, 7774/tcp, 8889/tcp (Desktop Data TCP 1), 7979/tcp (Micromuse-ncps), 6668/tcp, 7000/tcp (file server itself), 2333/tcp (SNAPP), 6446/tcp (MySQL Proxy), 8811/tcp, 5222/tcp (XMPP Client Connection), 8282/tcp, 4411/tcp, 3999/tcp (Norman distributes scanning service), 6661/tcp, 9991/tcp (OSM Event Server), 9779/tcp, 2226/tcp (Digital Instinct DRM), 7707/tcp (EM7 Dynamic Updates), 2244/tcp (NMS Server), 1222/tcp (SNI R&D network), 1141/tcp (User Message Service), 9955/tcp, 3322/tcp (-3325  Active Networks).
      
BHD Honeypot
Port scan
2020-03-19

In the last 24h, the attacker (194.26.69.106) attempted to scan 110 ports.
The following ports have been scanned: 1999/tcp (cisco identification port), 9292/tcp (ArmTech Daemon), 8558/tcp, 7676/tcp (iMQ Broker Rendezvous), 9000/tcp (CSlistener), 3323/tcp, 1444/tcp (Marcam  License Management), 3303/tcp (OP Session Client), 7997/tcp, 1881/tcp (IBM WebSphere MQ Everyplace), 2221/tcp (Rockwell CSP1), 3663/tcp (DIRECWAY Tunnel Protocol), 2262/tcp (CoMotion Backup Server), 2332/tcp (RCC Host), 6111/tcp (HP SoftBench Sub-Process Control), 3383/tcp (Enterprise Software Products License Manager), 4448/tcp (ASC Licence Manager), 6600/tcp (Microsoft Hyper-V Live Migration), 7778/tcp (Interwise), 3363/tcp (NATI Vi Server), 2666/tcp (extensis), 8844/tcp, 9998/tcp (Distinct32), 3636/tcp (SerVistaITSM), 4777/tcp, 1331/tcp (intersan), 5888/tcp, 3535/tcp (MS-LA), 8884/tcp, 7557/tcp, 6622/tcp (Multicast FTP), 4441/tcp, 7111/tcp, 9444/tcp (WSO2 ESB Administration Console HTTPS), 3939/tcp (Anti-virus Application Management Port), 6606/tcp, 6662/tcp, 1313/tcp (BMC_PATROLDB), 3337/tcp (Direct TV Data Catalog), 3393/tcp (D2K Tapestry Client to Server), 2442/tcp (Netangel), 8787/tcp (Message Server), 8080/tcp (HTTP Alternate (see port 80)), 1717/tcp (fj-hdnet), 5552/tcp, 9888/tcp (CYBORG Systems), 4224/tcp, 5885/tcp, 1441/tcp (Cadis License Management), 8686/tcp (Sun App Server - JMX/RMI), 9339/tcp, 4445/tcp (UPNOTIFYP), 8848/tcp, 3353/tcp (FATPIPE), 5544/tcp, 2882/tcp (NDTP), 5959/tcp, 3553/tcp (Red Box Recorder ADP), 2323/tcp (3d-nfsd), 3355/tcp (Ordinox Dbase), 8111/tcp, 3338/tcp (OMF data b), 7774/tcp, 7007/tcp (basic overseer process), 8889/tcp (Desktop Data TCP 1), 6336/tcp, 1111/tcp (LM Social Server), 8118/tcp (Privoxy HTTP proxy), 8811/tcp, 3443/tcp (OpenView Network Node Manager WEB Server), 8282/tcp, 6363/tcp, 4411/tcp, 6161/tcp (PATROL Internet Srv Mgr), 8383/tcp (M2m Services), 3388/tcp (CB Server), 4555/tcp (RSIP Port), 1222/tcp (SNI R&D network), 1141/tcp (User Message Service), 9955/tcp, 8833/tcp, 3322/tcp (-3325  Active Networks), 2727/tcp (Media Gateway Control Protocol Call Agent).
      
BHD Honeypot
Port scan
2020-03-19

Port scan from IP: 194.26.69.106 detected by psad.
BHD Honeypot
Port scan
2020-03-18

In the last 24h, the attacker (194.26.69.106) attempted to scan 43 ports.
The following ports have been scanned: 9009/tcp (Pichat Server), 1991/tcp (cisco STUN Priority 2 port), 2222/tcp (EtherNet/IP I/O), 8777/tcp, 8668/tcp, 1333/tcp (Password Policy), 5999/tcp (CVSup), 7775/tcp, 6111/tcp (HP SoftBench Sub-Process Control), 7778/tcp (Interwise), 3535/tcp (MS-LA), 5995/tcp, 3939/tcp (Anti-virus Application Management Port), 7227/tcp (Registry A & M Protocol), 1122/tcp (availant-mgr), 1181/tcp (3Com Net Management), 2200/tcp (ICI), 3131/tcp (Net Book Mark), 1717/tcp (fj-hdnet), 5552/tcp, 9888/tcp (CYBORG Systems), 5585/tcp (BeInSync-sync), 2888/tcp (SPCSDLOBBY), 2828/tcp (ITM License Manager), 1100/tcp (MCTP), 5558/tcp, 4004/tcp (pxc-roid), 7979/tcp (Micromuse-ncps), 6668/tcp, 5515/tcp, 7000/tcp (file server itself), 8383/tcp (M2m Services), 2244/tcp (NMS Server), 1222/tcp (SNI R&D network), 8333/tcp.
      
BHD Honeypot
Port scan
2020-03-17

In the last 24h, the attacker (194.26.69.106) attempted to scan 44 ports.
The following ports have been scanned: 3323/tcp, 1333/tcp (Password Policy), 3303/tcp (OP Session Client), 5555/tcp (Personal Agent), 6666/tcp, 4222/tcp, 8866/tcp, 7727/tcp (Trident Systems Data), 2232/tcp (IVS Video default), 1818/tcp (Enhanced Trivial File Transfer Protocol), 8800/tcp (Sun Web Server Admin Service), 4949/tcp (Munin Graphing Framework), 7171/tcp (Discovery and Retention Mgt Production), 2200/tcp (ICI), 3337/tcp (Direct TV Data Catalog), 1717/tcp (fj-hdnet), 1441/tcp (Cadis License Management), 9922/tcp, 2888/tcp (SPCSDLOBBY), 2828/tcp (ITM License Manager), 9949/tcp, 1100/tcp (MCTP), 2882/tcp (NDTP), 3888/tcp (Ciphire Services), 8881/tcp, 3338/tcp (OMF data b), 6336/tcp, 8118/tcp (Privoxy HTTP proxy), 6699/tcp, 8000/tcp (iRDMI), 8888/tcp (NewsEDGE server TCP (TCP 1)), 8282/tcp, 4499/tcp, 8383/tcp (M2m Services), 1112/tcp (Intelligent Communication Protocol), 8833/tcp, 2727/tcp (Media Gateway Control Protocol Call Agent).
      

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Report breach!

Rate host 194.26.69.106