JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 211.194.14.110

211.194.14.110 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 38%: ?

38%

ISP	Korea Telecom
Usage Type	Fixed Line ISP
ASN	AS4766
Domain Name	kt.com
Country	🇰🇷 Korea (the Republic of)
City	Gwangju, Gwangju

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 211.194.14.110

Whois 211.194.14.110

IP Abuse Reports for 211.194.14.110:

This IP address has been reported a total of 28 times from 14 distinct sources. 211.194.14.110 was first reported on March 30th 2026, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 joe-abuse	2026-06-18 01:35:49 (19 hours ago)	Automated report from fail2ban on mail.fitzgerald.eu. Jail: postfix. First seen: 2026-06-16 11:25:48 ... show more Automated report from fail2ban on mail.fitzgerald.eu. Jail: postfix. First seen: 2026-06-16 11:25:48. Events: 18. Reported by ipdb-security/fitzgerald.eu show less	Email Spam
🇺🇸 xmission.com	2026-06-14 01:03:38 (4 days ago)	Blocked 19 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 19 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇱🇻 garmtech.com	2026-06-13 14:48:26 (5 days ago)	IP Address black-listed by anti-spam (blocked).	Email Spam
🇺🇸 xmission.com	2026-06-12 17:03:30 (6 days ago)	Blocked 24 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 24 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇺🇸 NXTwoThou	2026-06-12 16:12:56 (6 days ago)	Spam	Email Spam
🇺🇸 xmission.com	2026-06-12 13:37:45 (6 days ago)	Blocked 14 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 14 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇱🇻 garmtech.com	2026-06-12 12:38:46 (6 days ago)	IP Address black-listed by anti-spam (blocked).	Email Spam
🇷🇴 hostmaster.stream	2026-05-06 04:36:48 (1 month ago)	Reported from MailHold \| From: [email protected] \| Subject: *SPAM* Your Capital One Car ... show more Reported from MailHold \| From: [email protected] \| Subject: *SPAM* Your Capital One Card Purchase is Under Review. \| Date: Tue, 05 May 2026 14:18:39 GMT Headers: Return-Path: <[email protected]> Delivered-To: [email protected] Received: from amsngx344.inmotionhosting.com by amsngx344.inmotionhosting.com with LMTP id uGYvB8L8+WlqHzkAJKh/Hw (envelope-from <[email protected]>) for <[email protected]>; Tue, 05 May 2026 16:20:50 +0200 Return-path: <[email protected]> Envelope-to: [email protected] Delivery-date: Tue, 05 May 2026 16:20:50 +0200 Received: from [211.194.14.110] (port=32760 helo=yale.edu) by amsngx344.inmotionhosting.com with esmtp (Exim 4.99.2) (envelope-from <[email protected]>) id 1wKGdj-0000000Ft1J-12xe for [email protected]; Tue, 05 May 2026 16:20:50 +0200 From: "Capital One" <[email protected]> To: [email protected] Date: 05 May 2026 23:18:39 +0900 Message-ID: <20260505231839.0FC3A3B209635EC2@yale show less	Email Spam
🇺🇸 xmission.com	2026-05-05 21:24:16 (1 month ago)	Blocked 38 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 38 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇫🇷 phoenix1jl96	2026-05-05 21:10:36 (1 month ago)	May 5 23:10:24 box postfix/smtpd[729977]: NOQUEUE: reject: RCPT from unknown[211.194.14.110]: 554 5 ... show more May 5 23:10:24 box postfix/smtpd[729977]: NOQUEUE: reject: RCPT from unknown[211.194.14.110]: 554 5.7.1 Service unavailable; Client host [211.194.14.110] blocked using zen.spamhaus.org; Listed by PBL, see https://check.spamhaus.org/query/ip/211.194.14.110 / Listed by CSS, see https://check.spamhaus.org/query/ip/211.194.14.110; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<yale.edu> ... show less	DNS Compromise DNS Poisoning DDoS Attack Ping of Death Web Spam Email Spam Blog Spam Port Scan Hacking Brute-Force Bad Web Bot SSH Web App Attack
🇩🇪 psauxit	2026-05-05 20:58:45 (1 month ago)	Fail2Ban - POSTFIX DNSBL listed sender, DNSBL Rank \> 3	Email Spam Spoofing Brute-Force
🇺🇸 xmission.com	2026-05-05 17:08:05 (1 month ago)	Blocked 13 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 13 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇩🇪 DocNetzwerk	2026-05-05 14:45:42 (1 month ago)	(smtp-25-to-rcpt-from-2007-leak) Recipient address has been leaked in 2007 211.194.14.110 (KR/South ... show more (smtp-25-to-rcpt-from-2007-leak) Recipient address has been leaked in 2007 211.194.14.110 (KR/South Korea/-) show less	Hacking
🇺🇸 xmission.com	2026-05-05 13:06:07 (1 month ago)	Blocked 16 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 16 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇮🇹 MLO	2026-05-05 12:24:00 (1 month ago)	Attack Type: Phishing campaign with email domain spoofing Description: This IP (211.194.14.110) a ... show more Attack Type: Phishing campaign with email domain spoofing Description: This IP (211.194.14.110) actively sent phishing emails impersonating Capital One while spoofing the yale.edu domain in the From header. The email claims fraudulent card activity and directs victims to malicious site (nirmanroyals.promising.co.in/ink.html). Technical Details: Timestamp: 2026-05-05 12:26:50 UTC Protocol: SMTP (TCP connection completed - three-way handshake verified) Originating IP: 211.194.14.110 (actual mail server, NOT affiliated with yale.edu) Spoofed Domain: yale.edu (in From header: [email protected]) Authentication: SPF softfail, DMARC fail (policy=quarantine) Malicious Payload: HTML phishing template with credential harvesting link Note: This is NOT a spoofed packet attack. The TCP SMTP connection originated legitimately from this IP. The IP is the actual sender of malicious content, while yale.edu is a victim of domain spoofing. Same phishing campaign as reported IP 196.189.51.242. show less	Spoofing Exploited Host Phishing

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 116.73.240.74

🇺🇸 66.132.195.35

🇸🇬 45.197.12.65

🇸🇬 43.163.84.198

🇺🇸 3.130.168.2

🇧🇷 205.210.31.178

🇷🇺 185.46.49.49

🇻🇳 171.233.234.84

🇺🇸 147.185.132.88

🇯🇵 133.18.122.63

🇨🇳 115.60.61.49

🇧🇬 79.124.40.138

🇺🇸 66.132.195.33

🇺🇸 66.132.195.32

🇺🇸 66.132.195.31

🇺🇸 66.132.186.199

🇸🇬 47.128.61.205

🇻🇳 45.119.212.99

🇯🇵 8.216.17.164

🇰🇷 211.178.247.182