49.149.104.148

Basic Info

City: unknown

Region: unknown

Country: Philippines

Internet Service Provider: DSL

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Honeypot attack, port: 445, PTR: dsl.49.149.104.148.pldt.net.	2019-09-27 04:29:34

Comments on same subnet:

IP	Type	Details	Datetime
49.149.104.209	attack	Brute-force general attack.	2020-03-06 16:34:06
49.149.104.98	attackspambots	1582119329 - 02/19/2020 14:35:29 Host: 49.149.104.98/49.149.104.98 Port: 445 TCP Blocked	2020-02-20 01:02:06
49.149.104.184	attackspambots	firewall-block, port(s): 22/tcp, 8728/tcp	2020-02-12 19:51:06

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.149.104.148
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16765
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.149.104.148.			IN	A

;; AUTHORITY SECTION:
.			168	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092601 1800 900 604800 86400

;; Query time: 98 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 27 04:29:31 CST 2019
;; MSG SIZE  rcvd: 118

Host info

148.104.149.49.in-addr.arpa domain name pointer dsl.49.149.104.148.pldt.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
148.104.149.49.in-addr.arpa	name = dsl.49.149.104.148.pldt.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
89.132.193.21	attackspam	SSH/22 MH Probe, BF, Hack -	2019-08-05 15:21:43
114.45.90.144	attack	port 23 attempt blocked	2019-08-05 15:01:30
85.25.203.19	attackbotsspam	Lines containing failures of 85.25.203.19 Aug 5 08:41:13 srv02 sshd[5267]: Invalid user best from 85.25.203.19 port 48514 Aug 5 08:41:13 srv02 sshd[5267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.25.203.19 Aug 5 08:41:16 srv02 sshd[5267]: Failed password for invalid user best from 85.25.203.19 port 48514 ssh2 Aug 5 08:41:16 srv02 sshd[5267]: Received disconnect from 85.25.203.19 port 48514:11: Bye Bye [preauth] Aug 5 08:41:16 srv02 sshd[5267]: Disconnected from invalid user best 85.25.203.19 port 48514 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=85.25.203.19	2019-08-05 14:44:57
87.101.141.110	attackbotsspam	port 23 attempt blocked	2019-08-05 15:24:09
221.162.255.86	attackbotsspam	Aug 5 08:36:02 nextcloud sshd\[30840\]: Invalid user sales from 221.162.255.86 Aug 5 08:36:02 nextcloud sshd\[30840\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.162.255.86 Aug 5 08:36:04 nextcloud sshd\[30840\]: Failed password for invalid user sales from 221.162.255.86 port 44316 ssh2 ...	2019-08-05 15:24:55
178.159.249.66	attack	Aug 5 08:36:30 lnxweb61 sshd[12821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.249.66	2019-08-05 15:12:46
113.234.149.155	attackspam	port 23 attempt blocked	2019-08-05 15:08:27
144.217.255.89	attackbotsspam	20 attempts against mh-misbehave-ban on ice.magehost.pro	2019-08-05 15:16:40
80.76.231.106	attackbots	[portscan] Port scan	2019-08-05 15:28:16
64.202.187.152	attack	Aug 5 08:37:14 localhost sshd\[15896\]: Invalid user staffc from 64.202.187.152 port 39920 Aug 5 08:37:14 localhost sshd\[15896\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.202.187.152 Aug 5 08:37:15 localhost sshd\[15896\]: Failed password for invalid user staffc from 64.202.187.152 port 39920 ssh2	2019-08-05 14:46:48
76.112.247.75	attack	...	2019-08-05 14:54:33
5.62.41.134	attackbots	\[2019-08-05 02:35:52\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '5.62.41.134:12262' - Wrong password \[2019-08-05 02:35:52\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-05T02:35:52.904-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="97011",SessionID="0x7ff4d00c8708",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.41.134/59104",Challenge="197f40cf",ReceivedChallenge="197f40cf",ReceivedHash="8fbb9e1972f622a4189420f1c7072314" \[2019-08-05 02:36:43\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '5.62.41.134:12308' - Wrong password \[2019-08-05 02:36:43\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-05T02:36:43.417-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="34934",SessionID="0x7ff4d00c8708",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.41.134	2019-08-05 15:04:07
134.209.114.240	attackspambots	port 23 attempt blocked	2019-08-05 14:39:21
203.213.67.30	attackbotsspam	Aug 5 07:53:21 mail sshd\[9499\]: Invalid user tsadmin from 203.213.67.30 port 58953 Aug 5 07:53:21 mail sshd\[9499\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.213.67.30 ...	2019-08-05 14:56:06
124.123.110.11	attackspam	Unauthorised access (Aug 5) SRC=124.123.110.11 LEN=52 PREC=0x20 TTL=113 ID=1717 DF TCP DPT=445 WINDOW=8192 SYN	2019-08-05 15:13:13

Recently Reported IPs

230.191.82.155	38.0.46.13	173.165.166.141	178.128.39.92
103.109.37.36	1.20.251.53	113.162.180.4	49.148.197.250
198.1.102.117	171.6.246.2	123.189.157.176	81.28.100.74
191.14.191.79	31.146.135.230	27.23.118.245	47.149.98.132
59.164.67.174	137.70.218.93	49.146.46.219	175.42.112.141