116.239.252.49

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
116.239.252.96	attackbotsspam	2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:59191 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:56762 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-25 00:25:45 H=(ylmf-pc) [116.239.252.96]:56722 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-25 17:40:21
116.239.252.65	attack	Nov 29 09:54:18 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:19 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:19 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:19 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:21 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:21 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:21 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:22 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.252.65] Nov 29 09:54:22 eola postfix/smtpd[17528]: disconnect from unknown[116.239.252.65] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:54:25 eola postfix/smtpd[17528]: connect from unknown[116.239.252.65] Nov 29 09:54:26 eola postfix/sm........ -------------------------------	2019-11-30 01:48:36
116.239.252.40	attackbotsspam	Nov 24 09:50:25 web1 postfix/smtpd[27994]: warning: unknown[116.239.252.40]: SASL LOGIN authentication failed: authentication failure ...	2019-11-25 02:35:26
116.239.252.25	attack	SASL broute force	2019-10-13 00:44:28
116.239.252.57	attack	Sep 30 23:20:43 eola postfix/smtpd[23215]: connect from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23216]: connect from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23215]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23215]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:43 eola postfix/smtpd[23216]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:43 eola postfix/smtpd[23216]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:44 eola postfix/smtpd[23215]: connect from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23216]: connect from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23215]: lost connection after AUTH from unknown[116.239.252.57] Sep 30 23:20:44 eola postfix/smtpd[23215]: disconnect from unknown[116.239.252.57] ehlo=1 auth=0/1 commands=1/2 Sep 30 23:20:44 eola postfix/sm........ -------------------------------	2019-10-01 19:05:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.239.252.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12722
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.239.252.49.			IN	A

;; AUTHORITY SECTION:
.			361	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112700 1800 900 604800 86400

;; Query time: 391 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 27 19:06:49 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 49.252.239.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 49.252.239.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.32.98.127	attack	37.32.98.127 - - [11/Jul/2020:11:19:17 +0000] "GET /wp_asx.php.suspected HTTP/1.1" 404 29944 "http://site.ru" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4"	2020-07-11 23:22:30
182.84.124.248	attack	Unauthorized connection attempt detected from IP address 182.84.124.248 to port 22	2020-07-11 23:38:22
141.98.81.42	attackbotsspam	Jul 11 14:58:57 scw-tender-jepsen sshd[26860]: Failed password for root from 141.98.81.42 port 14733 ssh2 Jul 11 14:59:09 scw-tender-jepsen sshd[26901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.81.42	2020-07-11 23:13:15
114.67.77.148	attack	Jul 11 14:57:47 mout sshd[19482]: Invalid user ashirley from 114.67.77.148 port 37334	2020-07-11 23:26:13
122.51.130.21	attackspambots	Unauthorized access to SSH at 11/Jul/2020:14:48:38 +0000.	2020-07-11 23:35:26
104.248.225.14	attackbots	Jul 11 00:44:02 CT728 sshd[14421]: reveeclipse mapping checking getaddrinfo for atua.ag-2019 [104.248.225.14] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 11 00:44:02 CT728 sshd[14421]: User r.r from 104.248.225.14 not allowed because not listed in AllowUsers Jul 11 00:44:02 CT728 sshd[14421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.225.14 user=r.r Jul 11 00:44:04 CT728 sshd[14421]: Failed password for invalid user r.r from 104.248.225.14 port 55024 ssh2 Jul 11 00:44:04 CT728 sshd[14421]: Connection closed by 104.248.225.14 [preauth] Jul 11 00:45:56 CT728 sshd[14424]: reveeclipse mapping checking getaddrinfo for atua.ag-2019 [104.248.225.14] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 11 00:45:56 CT728 sshd[14424]: User r.r from 104.248.225.14 not allowed because not listed in AllowUsers Jul 11 00:45:56 CT728 sshd[14424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.225.14........ -------------------------------	2020-07-11 23:47:31
68.183.148.159	attack	Jul 11 21:34:17 itv-usvr-02 sshd[32577]: Invalid user ldx from 68.183.148.159 port 41605 Jul 11 21:34:17 itv-usvr-02 sshd[32577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.148.159 Jul 11 21:34:17 itv-usvr-02 sshd[32577]: Invalid user ldx from 68.183.148.159 port 41605 Jul 11 21:34:19 itv-usvr-02 sshd[32577]: Failed password for invalid user ldx from 68.183.148.159 port 41605 ssh2	2020-07-11 23:33:01
178.62.33.138	attackspam	5x Failed Password	2020-07-11 23:53:20
106.13.86.54	attackbotsspam	2020-07-11T11:59:17.193535abusebot-5.cloudsearch.cf sshd[14934]: Invalid user deployer from 106.13.86.54 port 33910 2020-07-11T11:59:17.199114abusebot-5.cloudsearch.cf sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.86.54 2020-07-11T11:59:17.193535abusebot-5.cloudsearch.cf sshd[14934]: Invalid user deployer from 106.13.86.54 port 33910 2020-07-11T11:59:18.529099abusebot-5.cloudsearch.cf sshd[14934]: Failed password for invalid user deployer from 106.13.86.54 port 33910 ssh2 2020-07-11T12:06:11.487327abusebot-5.cloudsearch.cf sshd[15150]: Invalid user www from 106.13.86.54 port 51916 2020-07-11T12:06:11.492976abusebot-5.cloudsearch.cf sshd[15150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.86.54 2020-07-11T12:06:11.487327abusebot-5.cloudsearch.cf sshd[15150]: Invalid user www from 106.13.86.54 port 51916 2020-07-11T12:06:13.660558abusebot-5.cloudsearch.cf sshd[15150]: Failed p ...	2020-07-11 23:24:33
192.35.168.36	attackspam	Auto Detect Rule! proto TCP (SYN), 192.35.168.36:53632->gjan.info:110, len 40	2020-07-11 23:12:25
13.68.158.99	attackbots	2020-07-11T14:36:08.585082mail.broermann.family sshd[17241]: Invalid user trips from 13.68.158.99 port 51974 2020-07-11T14:36:08.591732mail.broermann.family sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.68.158.99 2020-07-11T14:36:08.585082mail.broermann.family sshd[17241]: Invalid user trips from 13.68.158.99 port 51974 2020-07-11T14:36:10.122144mail.broermann.family sshd[17241]: Failed password for invalid user trips from 13.68.158.99 port 51974 ssh2 2020-07-11T14:38:56.627913mail.broermann.family sshd[17321]: Invalid user tianxin from 13.68.158.99 port 40594 ...	2020-07-11 23:52:06
51.38.57.78	attackbotsspam	Jul 11 11:06:35 XXX sshd[33617]: Invalid user baidu from 51.38.57.78 port 39904	2020-07-11 23:21:58
165.227.135.34	attackspambots	2020-07-11T14:12:45+0000 Failed SSH Authentication/Brute Force Attack. (Server 6)	2020-07-11 23:54:30
218.92.0.224	attackspambots	Jul 11 11:08:15 ny01 sshd[14585]: Failed password for root from 218.92.0.224 port 40928 ssh2 Jul 11 11:08:20 ny01 sshd[14585]: Failed password for root from 218.92.0.224 port 40928 ssh2 Jul 11 11:08:30 ny01 sshd[14585]: error: maximum authentication attempts exceeded for root from 218.92.0.224 port 40928 ssh2 [preauth]	2020-07-11 23:26:47
192.162.99.242	attack	Jul 11 13:53:53 xeon postfix/smtpd[14512]: warning: unknown[192.162.99.242]: SASL PLAIN authentication failed: authentication failure	2020-07-11 23:11:59

Recently Reported IPs

217.128.192.117	180.127.76.35	175.100.138.168	116.239.254.24
113.172.230.125	112.161.10.98	94.237.72.217	52.32.115.8
3.105.212.39	115.78.107.246	195.145.210.14	134.235.12.124
143.114.131.227	30.7.230.137	183.213.197.223	239.12.6.227
74.132.148.190	5.29.219.186	121.154.9.179	177.126.128.157