116.49.142.70 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Hong Kong Telecommunications (HKT) Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	May 28 14:01:06 fhem-rasp sshd[8838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.49.142.70 May 28 14:01:08 fhem-rasp sshd[8838]: Failed password for invalid user admin from 116.49.142.70 port 41861 ssh2 ...	2020-05-28 23:30:56

Type

Details

Datetime

attackbotsspam

May 28 14:01:06 fhem-rasp sshd[8838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.49.142.70 
May 28 14:01:08 fhem-rasp sshd[8838]: Failed password for invalid user admin from 116.49.142.70 port 41861 ssh2
...

2020-05-28 23:30:56

Comments on same subnet:

IP	Type	Details	Datetime
116.49.142.48	attackspam	Honeypot attack, port: 5555, PTR: n11649142048.netvigator.com.	2020-03-01 23:22:25
116.49.142.48	attackbotsspam	5555/tcp [2020-02-25]1pkt	2020-02-26 05:22:22
116.49.142.137	attack	Unauthorized connection attempt detected from IP address 116.49.142.137 to port 5555 [J]	2020-01-31 00:43:51
116.49.142.137	attackbots	Unauthorized connection attempt detected from IP address 116.49.142.137 to port 5555 [J]	2020-01-14 23:07:12

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.49.142.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15777
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.49.142.70.			IN	A

;; AUTHORITY SECTION:
.			553	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020052800 1800 900 604800 86400

;; Query time: 96 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 28 23:30:41 CST 2020
;; MSG SIZE  rcvd: 117

Host info

70.142.49.116.in-addr.arpa domain name pointer n11649142070.netvigator.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
70.142.49.116.in-addr.arpa	name = n11649142070.netvigator.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
212.129.143.156	attack	Nov 3 00:25:46 server sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.143.156 user=r.r Nov 3 00:25:48 server sshd[2216]: Failed password for r.r from 212.129.143.156 port 40107 ssh2 Nov 3 00:25:48 server sshd[2216]: Received disconnect from 212.129.143.156: 11: Bye Bye [preauth] Nov 3 00:41:59 server sshd[2525]: Failed password for invalid user 123 from 212.129.143.156 port 59766 ssh2 Nov 3 00:42:01 server sshd[2525]: Received disconnect from 212.129.143.156: 11: Bye Bye [preauth] Nov 3 00:46:54 server sshd[2617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.143.156 user=r.r Nov 3 00:46:56 server sshd[2617]: Failed password for r.r from 212.129.143.156 port 50729 ssh2 Nov 3 00:46:57 server sshd[2617]: Received disconnect from 212.129.143.156: 11: Bye Bye [preauth] Nov 3 00:51:31 server sshd[2722]: pam_unix(sshd:auth): authentication failure; logname=........ -------------------------------	2019-11-03 12:46:35
159.203.69.54	attack	st-nyc1-01 recorded 3 login violations from 159.203.69.54 and was blocked at 2019-11-03 03:58:48. 159.203.69.54 has been blocked on 0 previous occasions. 159.203.69.54's first attempt was recorded at 2019-11-03 03:58:48	2019-11-03 12:21:59
14.248.63.141	attackbotsspam	Nov 3 04:50:33 mxgate1 postfix/postscreen[32036]: CONNECT from [14.248.63.141]:27471 to [176.31.12.44]:25 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32040]: addr 14.248.63.141 listed by domain cbl.abuseat.org as 127.0.0.2 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32039]: addr 14.248.63.141 listed by domain zen.spamhaus.org as 127.0.0.4 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32039]: addr 14.248.63.141 listed by domain zen.spamhaus.org as 127.0.0.11 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32041]: addr 14.248.63.141 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32038]: addr 14.248.63.141 listed by domain bl.spamcop.net as 127.0.0.2 Nov 3 04:50:34 mxgate1 postfix/dnsblog[32037]: addr 14.248.63.141 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 3 04:50:39 mxgate1 postfix/postscreen[32036]: DNSBL rank 6 for [14.248.63.141]:27471 Nov x@x Nov 3 04:50:39 mxgate1 postfix/postscreen[32036]: HANGUP after 0.87 from [14.248.63.141........ -------------------------------	2019-11-03 12:40:46
89.248.174.193	attackspam	firewall-block, port(s): 6379/tcp	2019-11-03 12:24:52
124.160.83.138	attack	2019-11-03T04:38:53.552278abusebot-4.cloudsearch.cf sshd\[16094\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.83.138 user=root	2019-11-03 12:51:47
222.189.191.101	attackspambots	SASL broute force	2019-11-03 12:27:21
59.148.173.231	attack	Nov 3 03:57:41 ms-srv sshd[13030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.148.173.231 user=root Nov 3 03:57:44 ms-srv sshd[13030]: Failed password for invalid user root from 59.148.173.231 port 46654 ssh2	2019-11-03 12:59:29
60.220.230.21	attack	Nov 3 05:24:56 sd-53420 sshd\[26557\]: Invalid user jewel from 60.220.230.21 Nov 3 05:24:56 sd-53420 sshd\[26557\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.220.230.21 Nov 3 05:24:58 sd-53420 sshd\[26557\]: Failed password for invalid user jewel from 60.220.230.21 port 58414 ssh2 Nov 3 05:30:11 sd-53420 sshd\[26967\]: Invalid user zantis from 60.220.230.21 Nov 3 05:30:11 sd-53420 sshd\[26967\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.220.230.21 ...	2019-11-03 12:33:22
219.94.95.83	attack	2019-11-03T03:52:44.420804micro sshd\[14813\]: Invalid user user from 219.94.95.83 port 38542 2019-11-03T03:52:44.751531micro sshd\[14813\]: Received disconnect from 219.94.95.83 port 38542:11: Bye Bye \[preauth\] 2019-11-03T03:55:22.155288micro sshd\[14929\]: Invalid user guest from 219.94.95.83 port 50832 2019-11-03T03:55:22.477242micro sshd\[14929\]: Received disconnect from 219.94.95.83 port 50832:11: Bye Bye \[preauth\] 2019-11-03T03:58:37.947414micro sshd\[15064\]: Invalid user oracle from 219.94.95.83 port 37380 ...	2019-11-03 12:30:42
5.101.88.16	attack	Oct 31 22:22:45 xm3 sshd[8596]: reveeclipse mapping checking getaddrinfo for h1.local [5.101.88.16] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 31 22:22:47 xm3 sshd[8596]: Failed password for invalid user xin from 5.101.88.16 port 50012 ssh2 Oct 31 22:22:47 xm3 sshd[8596]: Received disconnect from 5.101.88.16: 11: Bye Bye [preauth] Oct 31 22:36:08 xm3 sshd[7059]: reveeclipse mapping checking getaddrinfo for h1.local [5.101.88.16] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 31 22:36:08 xm3 sshd[7059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.101.88.16 user=r.r Oct 31 22:36:11 xm3 sshd[7059]: Failed password for r.r from 5.101.88.16 port 55148 ssh2 Oct 31 22:36:11 xm3 sshd[7059]: Received disconnect from 5.101.88.16: 11: Bye Bye [preauth] Oct 31 22:39:54 xm3 sshd[11028]: reveeclipse mapping checking getaddrinfo for h1.local [5.101.88.16] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 31 22:39:54 xm3 sshd[11028]: pam_unix(sshd:auth): auth........ -------------------------------	2019-11-03 12:25:25
206.189.156.111	attackspambots	Nov 1 08:30:31 nbi-636 sshd[22654]: User nagios from 206.189.156.111 not allowed because not listed in AllowUsers Nov 1 08:30:31 nbi-636 sshd[22654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.156.111 user=nagios Nov 1 08:30:33 nbi-636 sshd[22654]: Failed password for invalid user nagios from 206.189.156.111 port 38938 ssh2 Nov 1 08:30:33 nbi-636 sshd[22654]: Received disconnect from 206.189.156.111 port 38938:11: Bye Bye [preauth] Nov 1 08:30:33 nbi-636 sshd[22654]: Disconnected from 206.189.156.111 port 38938 [preauth] Nov 1 08:41:01 nbi-636 sshd[23631]: Invalid user user2 from 206.189.156.111 port 54070 Nov 1 08:41:03 nbi-636 sshd[23631]: Failed password for invalid user user2 from 206.189.156.111 port 54070 ssh2 Nov 1 08:41:03 nbi-636 sshd[23631]: Received disconnect from 206.189.156.111 port 54070:11: Bye Bye [preauth] Nov 1 08:41:03 nbi-636 sshd[23631]: Disconnected from 206.189.156.111 port 54070 [pre........ -------------------------------	2019-11-03 12:20:57
222.186.180.8	attackbots	Nov 3 11:51:56 webhost01 sshd[532]: Failed password for root from 222.186.180.8 port 7836 ssh2 Nov 3 11:52:12 webhost01 sshd[532]: error: maximum authentication attempts exceeded for root from 222.186.180.8 port 7836 ssh2 [preauth] ...	2019-11-03 12:56:47
69.70.65.118	attack	Nov 2 18:12:18 eddieflores sshd\[29801\]: Invalid user a from 69.70.65.118 Nov 2 18:12:18 eddieflores sshd\[29801\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=modemcable118.65-70-69.static.videotron.ca Nov 2 18:12:20 eddieflores sshd\[29801\]: Failed password for invalid user a from 69.70.65.118 port 52603 ssh2 Nov 2 18:16:43 eddieflores sshd\[30176\]: Invalid user Qwer!234 from 69.70.65.118 Nov 2 18:16:43 eddieflores sshd\[30176\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=modemcable118.65-70-69.static.videotron.ca	2019-11-03 12:29:22
159.203.7.81	attackbotsspam	Nov 3 05:39:12 sd-53420 sshd\[27627\]: Invalid user simulation from 159.203.7.81 Nov 3 05:39:12 sd-53420 sshd\[27627\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.7.81 Nov 3 05:39:15 sd-53420 sshd\[27627\]: Failed password for invalid user simulation from 159.203.7.81 port 53705 ssh2 Nov 3 05:42:58 sd-53420 sshd\[27922\]: Invalid user ey from 159.203.7.81 Nov 3 05:42:58 sd-53420 sshd\[27922\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.7.81 ...	2019-11-03 12:53:59
81.22.45.190	attack	Nov 3 04:52:12 h2177944 kernel: \[5628818.863483\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=81.22.45.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=15332 PROTO=TCP SPT=47950 DPT=44729 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 3 04:54:37 h2177944 kernel: \[5628964.332349\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=81.22.45.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=811 PROTO=TCP SPT=47950 DPT=45499 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 3 04:56:53 h2177944 kernel: \[5629099.826391\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=81.22.45.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33339 PROTO=TCP SPT=47950 DPT=44850 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 3 04:57:03 h2177944 kernel: \[5629110.211651\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=81.22.45.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27097 PROTO=TCP SPT=47950 DPT=45484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 3 04:59:37 h2177944 kernel: \[5629264.006881\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=81.22.45.190 DST=85.214.117.9 LE	2019-11-03 12:33:55

Recently Reported IPs

115.16.216.180	221.165.96.133	57.101.155.97	236.248.236.112
79.242.142.241	47.158.221.53	247.220.2.205	134.141.178.78
103.58.152.97	213.215.221.174	36.56.3.169	52.111.191.212
139.65.221.3	150.134.169.234	246.24.217.240	36.79.87.155
5.140.202.125	72.53.98.26	22.126.2.108	223.112.168.162