49.49.45.237 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: Triple T Internet PCL

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Mar 10 10:07:38 pl3server sshd[32621]: Did not receive identification string from 49.49.45.237 Mar 10 10:07:45 pl3server sshd[352]: reveeclipse mapping checking getaddrinfo for mx-ll-49.49.45-237.dynamic.3bb.co.th [49.49.45.237] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 10 10:07:45 pl3server sshd[352]: Invalid user nagesh from 49.49.45.237 Mar 10 10:07:45 pl3server sshd[352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.49.45.237 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=49.49.45.237	2020-03-10 22:19:08

Type

Details

Datetime

attackspambots

Mar 10 10:07:38 pl3server sshd[32621]: Did not receive identification string from 49.49.45.237
Mar 10 10:07:45 pl3server sshd[352]: reveeclipse mapping checking getaddrinfo for mx-ll-49.49.45-237.dynamic.3bb.co.th [49.49.45.237] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 10 10:07:45 pl3server sshd[352]: Invalid user nagesh from 49.49.45.237
Mar 10 10:07:45 pl3server sshd[352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.49.45.237


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=49.49.45.237

2020-03-10 22:19:08

Comments on same subnet:

IP	Type	Details	Datetime
49.49.45.28	attackbotsspam	Unauthorized connection attempt from IP address 49.49.45.28 on Port 445(SMB)	2020-08-31 23:32:50
49.49.45.89	attackbots	Unauthorised access (Aug 7) SRC=49.49.45.89 LEN=52 TOS=0x10 PREC=0x40 TTL=113 ID=10200 DF TCP DPT=445 WINDOW=8192 SYN	2020-08-07 14:50:50
49.49.45.220	attack	firewall-block, port(s): 26/tcp	2019-11-30 15:17:28

Type

Details

Datetime

49.49.45.28

attackbotsspam

Unauthorized connection attempt from IP address 49.49.45.28 on Port 445(SMB)

2020-08-31 23:32:50

49.49.45.89

attackbots

Unauthorised access (Aug  7) SRC=49.49.45.89 LEN=52 TOS=0x10 PREC=0x40 TTL=113 ID=10200 DF TCP DPT=445 WINDOW=8192 SYN

2020-08-07 14:50:50

49.49.45.220

attack

firewall-block, port(s): 26/tcp

2019-11-30 15:17:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.49.45.237
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2081
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.49.45.237.			IN	A

;; AUTHORITY SECTION:
.			540	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031000 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 10 22:18:58 CST 2020
;; MSG SIZE  rcvd: 116

Host info

237.45.49.49.in-addr.arpa domain name pointer mx-ll-49.49.45-237.dynamic.3bb.in.th.

Nslookup info:

Server:		100.100.2.138
Address:	100.100.2.138#53

Non-authoritative answer:
237.45.49.49.in-addr.arpa	name = mx-ll-49.49.45-237.dynamic.3bb.in.th.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
122.51.41.44	attackspam	Nov 27 11:42:20 [host] sshd[595]: Invalid user ubnt from 122.51.41.44 Nov 27 11:42:20 [host] sshd[595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.41.44 Nov 27 11:42:22 [host] sshd[595]: Failed password for invalid user ubnt from 122.51.41.44 port 58612 ssh2	2019-11-27 18:52:01
182.61.176.53	attack	Nov 27 09:38:14 mail sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.176.53 Nov 27 09:38:16 mail sshd[28172]: Failed password for invalid user mckibbon from 182.61.176.53 port 48746 ssh2 Nov 27 09:45:17 mail sshd[31467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.176.53	2019-11-27 19:15:07
202.137.155.171	attackspambots	Postfix RBL failed	2019-11-27 19:19:28
125.64.94.211	attackbots	27.11.2019 08:49:11 Connection to port 9200 blocked by firewall	2019-11-27 19:23:03
217.128.192.117	attackspambots	serveres are UTC -0500 Lines containing failures of 217.128.192.117 Nov 27 02:50:13 tux2 sshd[20911]: Failed password for news from 217.128.192.117 port 42985 ssh2 Nov 27 02:50:13 tux2 sshd[20911]: Received disconnect from 217.128.192.117 port 42985:11: Bye Bye [preauth] Nov 27 02:50:13 tux2 sshd[20911]: Disconnected from authenticating user news 217.128.192.117 port 42985 [preauth] Nov 27 02:56:08 tux2 sshd[21227]: Invalid user cath from 217.128.192.117 port 33334 Nov 27 02:56:08 tux2 sshd[21227]: Failed password for invalid user cath from 217.128.192.117 port 33334 ssh2 Nov 27 02:56:08 tux2 sshd[21227]: Received disconnect from 217.128.192.117 port 33334:11: Bye Bye [preauth] Nov 27 02:56:08 tux2 sshd[21227]: Disconnected from invalid user cath 217.128.192.117 port 33334 [preauth] Nov 27 02:59:29 tux2 sshd[21411]: Invalid user lisa from 217.128.192.117 port 32696 Nov 27 02:59:29 tux2 sshd[21411]: Failed password for invalid user lisa from 217.128.192.117 port 32696 ssh........ ------------------------------	2019-11-27 19:22:37
27.254.194.99	attack	Tried sshing with brute force.	2019-11-27 19:18:54
223.71.167.155	attack	[portscan] udp/500 [isakmp] *(RWIN=-)(11271302)	2019-11-27 19:19:07
1.52.104.158	attackbotsspam	7spam	2019-11-27 19:15:59
175.126.38.143	attackspam	Nov 27 07:20:39 tux postfix/smtpd[11798]: connect from wnbcorp.com[175.126.38.143] Nov 27 07:20:40 tux postfix/smtpd[11798]: Anonymous TLS connection established from wnbcorp.com[175.126.38.143]: TLSv1.2 whostnameh cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bhostnames) Nov x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=175.126.38.143	2019-11-27 18:46:18
159.192.99.3	attack	Nov 27 06:25:11 l02a sshd[19071]: Invalid user backup from 159.192.99.3 Nov 27 06:25:11 l02a sshd[19071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.192.99.3 Nov 27 06:25:11 l02a sshd[19071]: Invalid user backup from 159.192.99.3 Nov 27 06:25:13 l02a sshd[19071]: Failed password for invalid user backup from 159.192.99.3 port 37788 ssh2	2019-11-27 18:48:34
159.65.148.115	attack	Nov 27 00:43:32 web1 sshd\[12495\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.148.115 user=root Nov 27 00:43:35 web1 sshd\[12495\]: Failed password for root from 159.65.148.115 port 45146 ssh2 Nov 27 00:50:46 web1 sshd\[13118\]: Invalid user lisa from 159.65.148.115 Nov 27 00:50:46 web1 sshd\[13118\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.148.115 Nov 27 00:50:48 web1 sshd\[13118\]: Failed password for invalid user lisa from 159.65.148.115 port 52660 ssh2	2019-11-27 19:03:16
209.141.48.68	attackbots	Nov 27 08:29:43 MK-Soft-Root2 sshd[5673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.48.68 Nov 27 08:29:46 MK-Soft-Root2 sshd[5673]: Failed password for invalid user mukund from 209.141.48.68 port 40850 ssh2 ...	2019-11-27 19:15:19
171.110.228.190	attackbots	Telnet Server BruteForce Attack	2019-11-27 19:05:54
1.2.229.200	attackspam	Honeypot attack, port: 23, PTR: node-k3s.pool-1-2.dynamic.totinternet.net.	2019-11-27 19:14:00
185.140.132.19	attackbots	[portscan] Port scan	2019-11-27 18:53:13

Recently Reported IPs

14.172.175.197	51.91.218.48	124.43.10.63	14.244.50.205
202.51.110.158	115.72.16.174	74.69.205.233	110.139.127.165
159.192.202.193	204.95.9.136	183.82.118.111	198.251.173.201
113.160.57.62	36.75.107.112	217.148.219.185	101.255.95.69
14.186.210.214	182.185.123.243	3.16.111.225	117.2.230.33