49.69.209.142 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Scanning random ports - tries to find possible vulnerable services	2019-09-17 04:55:28
attackbotsspam	Sep 14 14:52:14 localhost sshd[18867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.69.209.142 user=root Sep 14 14:52:15 localhost sshd[18867]: Failed password for root from 49.69.209.142 port 17719 ssh2 Sep 14 14:52:37 localhost sshd[18867]: error: maximum authentication attempts exceeded for root from 49.69.209.142 port 17719 ssh2 [preauth] Sep 14 14:52:14 localhost sshd[18867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.69.209.142 user=root Sep 14 14:52:15 localhost sshd[18867]: Failed password for root from 49.69.209.142 port 17719 ssh2 Sep 14 14:52:37 localhost sshd[18867]: error: maximum authentication attempts exceeded for root from 49.69.209.142 port 17719 ssh2 [preauth] ...	2019-09-14 16:22:12

Type

Details

Datetime

attackspam

Scanning random ports - tries to find possible vulnerable services

2019-09-17 04:55:28

attackbotsspam

Sep 14 14:52:14 localhost sshd[18867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.69.209.142  user=root
Sep 14 14:52:15 localhost sshd[18867]: Failed password for root from 49.69.209.142 port 17719 ssh2
Sep 14 14:52:37 localhost sshd[18867]: error: maximum authentication attempts exceeded for root from 49.69.209.142 port 17719 ssh2 [preauth]
Sep 14 14:52:14 localhost sshd[18867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.69.209.142  user=root
Sep 14 14:52:15 localhost sshd[18867]: Failed password for root from 49.69.209.142 port 17719 ssh2
Sep 14 14:52:37 localhost sshd[18867]: error: maximum authentication attempts exceeded for root from 49.69.209.142 port 17719 ssh2 [preauth]
...

2019-09-14 16:22:12

Comments on same subnet:

IP	Type	Details	Datetime
49.69.209.178	attackspam	SSH Scan	2019-10-24 04:02:31
49.69.209.165	attackspambots	Sep 29 07:09:36 borg sshd[84082]: Failed unknown for root from 49.69.209.165 port 18402 ssh2 Sep 29 07:09:39 borg sshd[84082]: Failed unknown for root from 49.69.209.165 port 18402 ssh2 Sep 29 07:09:41 borg sshd[84082]: Failed unknown for root from 49.69.209.165 port 18402 ssh2 ...	2019-09-29 20:33:40
49.69.209.165	attack	$f2bV_matches	2019-09-26 18:03:23
49.69.209.59	attackspambots	$f2bV_matches	2019-09-26 04:04:28
49.69.209.16	attackspam	ssh brute force	2019-09-12 16:58:05

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.69.209.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47315
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.69.209.142.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091400 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 16:22:04 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 142.209.69.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 142.209.69.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
79.11.181.225	attack	Jun 22 06:35:56 giegler sshd[19332]: Invalid user app from 79.11.181.225 port 51745	2019-06-22 14:36:58
66.84.88.247	attackspambots	NAME : BLAZINGSEO-US-170 CIDR : 66.84.93.0/24 \| STATUS : 200 ROBOT {Looking for resource vulnerabilities} DDoS Attack USA - Nebraska - block certain countries :) IP: 66.84.88.247 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-06-22 13:55:26
218.92.0.161	attackspambots	Jun 22 06:36:18 piServer sshd\[23014\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.161 user=root Jun 22 06:36:20 piServer sshd\[23014\]: Failed password for root from 218.92.0.161 port 44862 ssh2 Jun 22 06:36:23 piServer sshd\[23014\]: Failed password for root from 218.92.0.161 port 44862 ssh2 Jun 22 06:36:26 piServer sshd\[23014\]: Failed password for root from 218.92.0.161 port 44862 ssh2 Jun 22 06:36:29 piServer sshd\[23014\]: Failed password for root from 218.92.0.161 port 44862 ssh2 ...	2019-06-22 14:27:43
217.115.10.132	attackbotsspam	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.115.10.132 user=root Failed password for root from 217.115.10.132 port 62518 ssh2 Failed password for root from 217.115.10.132 port 62518 ssh2 Failed password for root from 217.115.10.132 port 62518 ssh2 Failed password for root from 217.115.10.132 port 62518 ssh2	2019-06-22 14:11:31
193.112.93.173	attackspam	Automatic report - Multiple web server 400 error code	2019-06-22 14:36:31
18.85.192.253	attackspam	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.85.192.253 user=root Failed password for root from 18.85.192.253 port 54560 ssh2 Failed password for root from 18.85.192.253 port 54560 ssh2 Failed password for root from 18.85.192.253 port 54560 ssh2 Failed password for root from 18.85.192.253 port 54560 ssh2	2019-06-22 14:39:04
188.84.189.235	attack	Jun 22 07:47:36 core01 sshd\[1414\]: Invalid user du from 188.84.189.235 port 36120 Jun 22 07:47:36 core01 sshd\[1414\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.84.189.235 ...	2019-06-22 14:08:15
73.200.19.122	attackbots	Attempts to probe for or exploit a Drupal site on url: /wp-login.php. Reported by the module https://www.drupal.org/project/abuseipdb.	2019-06-22 14:18:39
23.236.221.46	attackspambots	NAME : PROXY-N-VPN CIDR : 23.236.247.0/25 \| STATUS : 200 ROBOT {Looking for resource vulnerabilities} DDoS Attack USA - California - block certain countries :) IP: 23.236.221.46 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-06-22 13:56:55
104.160.29.28	attackbots	NAME : ROUTER-NETWORKS CIDR : 104.160.20.0/24 \| STATUS : 200 ROBOT {Looking for resource vulnerabilities} DDoS Attack USA - Delaware - block certain countries :) IP: 104.160.29.28 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-06-22 14:35:42
115.144.244.116	attack	3389BruteforceFW23	2019-06-22 14:17:31
185.220.101.29	attackbotsspam	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.29 user=root Failed password for root from 185.220.101.29 port 33872 ssh2 Failed password for root from 185.220.101.29 port 33872 ssh2 Failed password for root from 185.220.101.29 port 33872 ssh2 Failed password for root from 185.220.101.29 port 33872 ssh2	2019-06-22 14:32:14
46.10.194.238	attack	Automatic report - Web App Attack	2019-06-22 13:59:44
201.170.246.166	attackbotsspam	Automatic report generated by Wazuh	2019-06-22 14:02:40
199.249.230.78	attackspam	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.249.230.78 user=root Failed password for root from 199.249.230.78 port 34347 ssh2 Failed password for root from 199.249.230.78 port 34347 ssh2 Failed password for root from 199.249.230.78 port 34347 ssh2 Failed password for root from 199.249.230.78 port 34347 ssh2	2019-06-22 14:06:13

Recently Reported IPs

158.69.210.117	180.126.237.147	199.255.35.59	104.40.3.249
151.172.85.222	184.82.186.113	186.2.179.206	197.239.235.92
61.132.116.202	45.82.34.126	106.75.132.200	76.47.138.70
180.254.118.205	159.203.168.128	212.92.122.106	177.103.231.86
36.79.212.97	173.249.34.215	200.52.60.241	109.236.102.104