116.239.252.49

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
116.239.252.96	attackbotsspam	2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:59191 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:56762 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:56722 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-25 17:40:21
116.239.252.65	attack	Nov 29 09:54:18 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:19 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:19 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:19 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:21 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:21 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:21 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:22 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:22 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:25 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:26 eola postfix/sm........ -------------------------------	2019-11-30 01:48:36
116.239.252.40	attackbotsspam	Nov 24 09:50:25 web1 postfix/smtpd[27994]: warning: unknown[116.239.252.40]: SASL LOGIN authentication failed: authentication failure ...	2019-11-25 02:35:26
116.239.252.25	attack	SASL broute force	2019-10-13 00:44:28
116.239.252.57	attack	Sep 30 23:20:43 eola postfix/smtpd[23215]: connect from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23216]: connect from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23215]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23215]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:43 eola postfix/smtpd[23216]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23216]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:44 eola postfix/smtpd[23215]: connect from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23216]: connect from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23215]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23215]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:44 eola postfix/sm........ -------------------------------	2019-10-01 19:05:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.239.252.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12722
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.239.252.49.			IN	A

;; AUTHORITY SECTION:
.			361	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112700 1800 900 604800 86400

;; Query time: 391 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 27 19:06:49 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 49.252.239.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 49.252.239.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
220.195.3.57	attackbotsspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-01 03:22:32
34.70.217.179	attackbotsspam	Sep 30 21:46:37 ift sshd\[48824\]: Failed password for root from 34.70.217.179 port 12240 ssh2Sep 30 21:50:03 ift sshd\[49276\]: Invalid user globalflash from 34.70.217.179Sep 30 21:50:06 ift sshd\[49276\]: Failed password for invalid user globalflash from 34.70.217.179 port 12250 ssh2Sep 30 21:53:29 ift sshd\[49519\]: Invalid user user1 from 34.70.217.179Sep 30 21:53:31 ift sshd\[49519\]: Failed password for invalid user user1 from 34.70.217.179 port 12246 ssh2 ...	2020-10-01 02:58:10
240e:390:1040:22b9:246:5d23:4000:189c	attackbotsspam	Attempted Email Sync. Password Hacking/Probing.	2020-10-01 03:04:21
52.73.169.169	attack	UDP 52.73.169.169:36158 -> port 1900, len 125	2020-10-01 03:25:01
172.105.43.21	attack	proto=tcp . spt=51349 . dpt=110 . src=172.105.43.21 . dst=xx.xx.4.1 . Found on Alienvault (1653)	2020-10-01 03:08:44
2.229.49.192	attack	Attempted Email Sync. Password Hacking/Probing.	2020-10-01 03:00:50
187.72.177.131	attackbots	pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.72.177.131 Failed password for invalid user ubuntu from 187.72.177.131 port 60009 ssh2 pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.72.177.131	2020-10-01 03:30:49
240e:390:1040:22c3:246:5d8f:c000:189c	attackbotsspam	Attempted Email Sync. Password Hacking/Probing.	2020-10-01 03:02:54
125.166.183.190	attackbotsspam	Unauthorized connection attempt from IP address 125.166.183.190 on Port 445(SMB)	2020-10-01 03:22:04
51.79.142.79	attackbots	Port Scan ...	2020-10-01 03:19:00
117.50.8.230	attackspam	Sep 30 12:59:01 ws24vmsma01 sshd[188275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.8.230 Sep 30 12:59:02 ws24vmsma01 sshd[188275]: Failed password for invalid user leon from 117.50.8.230 port 39082 ssh2 ...	2020-10-01 03:26:00
45.55.145.31	attackspambots	SSH login attempts.	2020-10-01 03:19:15
142.93.18.203	attack	142.93.18.203 - - [30/Sep/2020:20:39:21 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.18.203 - - [30/Sep/2020:20:39:22 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.18.203 - - [30/Sep/2020:20:39:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-01 03:13:29
188.76.5.195	attackbotsspam	Sep 29 17:32:30 vps46666688 sshd[7011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.76.5.195 Sep 29 17:32:32 vps46666688 sshd[7011]: Failed password for invalid user 666666 from 188.76.5.195 port 27235 ssh2 ...	2020-10-01 03:08:30
118.200.26.72	attackbots	Unauthorized connection attempt from IP address 118.200.26.72 on Port 445(SMB)	2020-10-01 03:17:51

Recently Reported IPs

217.128.192.117	180.127.76.35	175.100.138.168	116.239.254.24
113.172.230.125	112.161.10.98	94.237.72.217	52.32.115.8
3.105.212.39	115.78.107.246	195.145.210.14	134.235.12.124
143.114.131.227	30.7.230.137	183.213.197.223	239.12.6.227
74.132.148.190	5.29.219.186	121.154.9.179	177.126.128.157