49.49.45.237 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: Triple T Internet PCL

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Mar 10 10:07:38 pl3server sshd[32621]: Did not receive identification string from 49.49.45.237 Mar 10 10:07:45 pl3server sshd[352]: reveeclipse mapping checking getaddrinfo for mx-ll-49.49.45-237.dynamic.3bb.co.th [49.49.45.237] failed - POSSIBLE BREAK-IN ATTEMPT! Mar 10 10:07:45 pl3server sshd[352]: Invalid user nagesh from 49.49.45.237 Mar 10 10:07:45 pl3server sshd[352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.49.45.237 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=49.49.45.237	2020-03-10 22:19:08

Type

Details

Datetime

attackspambots

Mar 10 10:07:38 pl3server sshd[32621]: Did not receive identification string from 49.49.45.237
Mar 10 10:07:45 pl3server sshd[352]: reveeclipse mapping checking getaddrinfo for mx-ll-49.49.45-237.dynamic.3bb.co.th [49.49.45.237] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 10 10:07:45 pl3server sshd[352]: Invalid user nagesh from 49.49.45.237
Mar 10 10:07:45 pl3server sshd[352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.49.45.237


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=49.49.45.237

2020-03-10 22:19:08

Comments on same subnet:

IP	Type	Details	Datetime
49.49.45.28	attackbotsspam	Unauthorized connection attempt from IP address 49.49.45.28 on Port 445(SMB)	2020-08-31 23:32:50
49.49.45.89	attackbots	Unauthorised access (Aug 7) SRC=49.49.45.89 LEN=52 TOS=0x10 PREC=0x40 TTL=113 ID=10200 DF TCP DPT=445 WINDOW=8192 SYN	2020-08-07 14:50:50
49.49.45.220	attack	firewall-block, port(s): 26/tcp	2019-11-30 15:17:28

Type

Details

Datetime

49.49.45.28

attackbotsspam

Unauthorized connection attempt from IP address 49.49.45.28 on Port 445(SMB)

2020-08-31 23:32:50

49.49.45.89

attackbots

Unauthorised access (Aug  7) SRC=49.49.45.89 LEN=52 TOS=0x10 PREC=0x40 TTL=113 ID=10200 DF TCP DPT=445 WINDOW=8192 SYN

2020-08-07 14:50:50

49.49.45.220

attack

firewall-block, port(s): 26/tcp

2019-11-30 15:17:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.49.45.237
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2081
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.49.45.237.			IN	A

;; AUTHORITY SECTION:
.			540	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031000 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 10 22:18:58 CST 2020
;; MSG SIZE  rcvd: 116

Host info

237.45.49.49.in-addr.arpa domain name pointer mx-ll-49.49.45-237.dynamic.3bb.in.th.

Nslookup info:

Server:		100.100.2.138
Address:	100.100.2.138#53

Non-authoritative answer:
237.45.49.49.in-addr.arpa	name = mx-ll-49.49.45-237.dynamic.3bb.in.th.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
151.54.160.215	attack	Nov 19 13:45:52 mxgate1 postfix/postscreen[7608]: CONNECT from [151.54.160.215]:16975 to [176.31.12.44]:25 Nov 19 13:45:52 mxgate1 postfix/dnsblog[7610]: addr 151.54.160.215 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 19 13:45:52 mxgate1 postfix/dnsblog[7610]: addr 151.54.160.215 listed by domain zen.spamhaus.org as 127.0.0.10 Nov 19 13:45:52 mxgate1 postfix/dnsblog[7610]: addr 151.54.160.215 listed by domain zen.spamhaus.org as 127.0.0.4 Nov 19 13:45:52 mxgate1 postfix/dnsblog[7629]: addr 151.54.160.215 listed by domain cbl.abuseat.org as 127.0.0.2 Nov 19 13:45:52 mxgate1 postfix/dnsblog[7612]: addr 151.54.160.215 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 19 13:45:58 mxgate1 postfix/postscreen[7608]: DNSBL rank 4 for [151.54.160.215]:16975 Nov x@x Nov 19 13:45:59 mxgate1 postfix/postscreen[7608]: HANGUP after 0.92 from [151.54.160.215]:16975 in tests after SMTP handshake Nov 19 13:45:59 mxgate1 postfix/postscreen[7608]: DISCONNECT [151.54.160.215]........ -------------------------------	2019-11-19 22:42:22
115.50.126.92	attackbots	port scan and connect, tcp 23 (telnet)	2019-11-19 22:58:50
93.43.51.124	attackbots	Fail2Ban Ban Triggered	2019-11-19 22:50:28
186.224.11.24	attack	Automatic report - Port Scan Attack	2019-11-19 23:13:40
138.68.53.163	attackbotsspam	Nov 19 11:08:12 firewall sshd[22424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.53.163 user=bin Nov 19 11:08:14 firewall sshd[22424]: Failed password for bin from 138.68.53.163 port 45642 ssh2 Nov 19 11:11:35 firewall sshd[22499]: Invalid user test from 138.68.53.163 ...	2019-11-19 23:11:49
46.153.81.72	attack	Nov 19 13:56:11 mxgate1 postfix/postscreen[7608]: CONNECT from [46.153.81.72]:20017 to [176.31.12.44]:25 Nov 19 13:56:11 mxgate1 postfix/dnsblog[7629]: addr 46.153.81.72 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 19 13:56:11 mxgate1 postfix/dnsblog[7629]: addr 46.153.81.72 listed by domain zen.spamhaus.org as 127.0.0.4 Nov 19 13:56:11 mxgate1 postfix/dnsblog[7629]: addr 46.153.81.72 listed by domain zen.spamhaus.org as 127.0.0.11 Nov 19 13:56:11 mxgate1 postfix/dnsblog[7610]: addr 46.153.81.72 listed by domain cbl.abuseat.org as 127.0.0.2 Nov 19 13:56:17 mxgate1 postfix/postscreen[7608]: DNSBL rank 3 for [46.153.81.72]:20017 Nov x@x Nov 19 13:56:19 mxgate1 postfix/postscreen[7608]: HANGUP after 1.9 from [46.153.81.72]:20017 in tests after SMTP handshake Nov 19 13:56:19 mxgate1 postfix/postscreen[7608]: DISCONNECT [46.153.81.72]:20017 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=46.153.81.72	2019-11-19 23:17:16
202.51.116.170	attackspam	postfix (unknown user, SPF fail or relay access denied)	2019-11-19 23:06:18
103.48.111.250	attack	Telnet Server BruteForce Attack	2019-11-19 22:59:32
102.171.140.33	attackspam	Nov 19 13:47:06 mxgate1 postfix/postscreen[7608]: CONNECT from [102.171.140.33]:21485 to [176.31.12.44]:25 Nov 19 13:47:06 mxgate1 postfix/dnsblog[7612]: addr 102.171.140.33 listed by domain cbl.abuseat.org as 127.0.0.2 Nov 19 13:47:06 mxgate1 postfix/dnsblog[7610]: addr 102.171.140.33 listed by domain zen.spamhaus.org as 127.0.0.4 Nov 19 13:47:06 mxgate1 postfix/dnsblog[7610]: addr 102.171.140.33 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 19 13:47:06 mxgate1 postfix/dnsblog[7610]: addr 102.171.140.33 listed by domain zen.spamhaus.org as 127.0.0.11 Nov 19 13:47:12 mxgate1 postfix/postscreen[7608]: DNSBL rank 3 for [102.171.140.33]:21485 Nov x@x Nov 19 13:47:13 mxgate1 postfix/postscreen[7608]: HANGUP after 0.57 from [102.171.140.33]:21485 in tests after SMTP handshake Nov 19 13:47:13 mxgate1 postfix/postscreen[7608]: DISCONNECT [102.171.140.33]:21485 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=102.171.140.33	2019-11-19 22:48:37
171.235.58.32	attack	Nov 19 22:20:17 bacztwo sshd[467]: Invalid user support from 171.235.58.32 port 59438 Nov 19 22:20:31 bacztwo sshd[2583]: Invalid user guest from 171.235.58.32 port 48084 Nov 19 22:20:47 bacztwo sshd[5334]: Invalid user cisco from 171.235.58.32 port 7812 Nov 19 22:20:52 bacztwo sshd[6598]: Invalid user admin from 171.235.58.32 port 42260 Nov 19 22:21:03 bacztwo sshd[8053]: Invalid user system from 171.235.58.32 port 36440 Nov 19 22:21:08 bacztwo sshd[8707]: Invalid user admin from 171.235.58.32 port 63418 Nov 19 22:21:15 bacztwo sshd[9367]: Invalid user user from 171.235.58.32 port 9564 Nov 19 22:21:38 bacztwo sshd[13610]: Invalid user ubnt from 171.235.58.32 port 47540 Nov 19 22:21:39 bacztwo sshd[13817]: Invalid user test from 171.235.58.32 port 35634 Nov 19 22:21:48 bacztwo sshd[15145]: Invalid user support from 171.235.58.32 port 61192 Nov 19 22:22:17 bacztwo sshd[18774]: Invalid user admin from 171.235.58.32 port 22526 Nov 19 22:23:18 bacztwo sshd[25731]: Invalid user test from 17 ...	2019-11-19 22:47:14
62.234.124.196	attackbotsspam	Nov 19 16:31:54 server sshd\[7803\]: Invalid user ssh from 62.234.124.196 port 36803 Nov 19 16:31:54 server sshd\[7803\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.124.196 Nov 19 16:31:56 server sshd\[7803\]: Failed password for invalid user ssh from 62.234.124.196 port 36803 ssh2 Nov 19 16:37:21 server sshd\[30509\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.124.196 user=mysql Nov 19 16:37:24 server sshd\[30509\]: Failed password for mysql from 62.234.124.196 port 53783 ssh2	2019-11-19 22:52:17
106.13.144.164	attack	Lines containing failures of 106.13.144.164 Nov 19 13:20:57 install sshd[2345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.144.164 user=r.r Nov 19 13:20:58 install sshd[2345]: Failed password for r.r from 106.13.144.164 port 43940 ssh2 Nov 19 13:20:58 install sshd[2345]: Received disconnect from 106.13.144.164 port 43940:11: Bye Bye [preauth] Nov 19 13:20:58 install sshd[2345]: Disconnected from authenticating user r.r 106.13.144.164 port 43940 [preauth] Nov 19 13:48:33 install sshd[6523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.144.164 user=r.r Nov 19 13:48:35 install sshd[6523]: Failed password for r.r from 106.13.144.164 port 37936 ssh2 Nov 19 13:48:35 install sshd[6523]: Received disconnect from 106.13.144.164 port 37936:11: Bye Bye [preauth] Nov 19 13:48:35 install sshd[6523]: Disconnected from authenticating user r.r 106.13.144.164 port 37936 [preauth] Nov 1........ ------------------------------	2019-11-19 23:07:03
151.80.75.127	attack	Nov 19 14:19:44 postfix/smtpd: warning: unknown[151.80.75.127]: SASL LOGIN authentication failed	2019-11-19 22:44:56
118.24.221.190	attackbots	Nov 19 15:43:00 sauna sshd[95462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.221.190 Nov 19 15:43:02 sauna sshd[95462]: Failed password for invalid user info from 118.24.221.190 port 3665 ssh2 ...	2019-11-19 23:13:20
117.196.6.39	attack	Nov 19 13:03:34 netserv300 sshd[16305]: Connection from 117.196.6.39 port 61543 on 178.63.236.21 port 22 Nov 19 13:03:34 netserv300 sshd[16306]: Connection from 117.196.6.39 port 61541 on 178.63.236.19 port 22 Nov 19 13:03:34 netserv300 sshd[16307]: Connection from 117.196.6.39 port 61542 on 178.63.236.20 port 22 Nov 19 13:03:34 netserv300 sshd[16308]: Connection from 117.196.6.39 port 61544 on 178.63.236.22 port 22 Nov 19 13:03:34 netserv300 sshd[16309]: Connection from 117.196.6.39 port 61539 on 178.63.236.17 port 22 Nov 19 13:03:34 netserv300 sshd[16310]: Connection from 117.196.6.39 port 61538 on 178.63.236.16 port 22 Nov 19 13:03:48 netserv300 sshd[16311]: Connection from 117.196.6.39 port 49242 on 178.63.236.22 port 22 Nov 19 13:03:48 netserv300 sshd[16312]: Connection from 117.196.6.39 port 49250 on 178.63.236.20 port 22 Nov 19 13:03:48 netserv300 sshd[16313]: Connection from 117.196.6.39 port 49252 on 178.63.236.16 port 22 Nov 19 13:03:51 netserv300 sshd[16314]: ........ ------------------------------	2019-11-19 22:54:32

Recently Reported IPs

14.172.175.197	51.91.218.48	124.43.10.63	14.244.50.205
202.51.110.158	115.72.16.174	74.69.205.233	110.139.127.165
159.192.202.193	204.95.9.136	183.82.118.111	198.251.173.201
113.160.57.62	36.75.107.112	217.148.219.185	101.255.95.69
14.186.210.214	182.185.123.243	3.16.111.225	117.2.230.33