49.85.243.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SASL broute force	2019-11-28 18:59:21

Comments on same subnet:

IP	Type	Details	Datetime
49.85.243.218	attack	Nov 23 23:23:54 mx1 postfix/smtpd\[9791\]: warning: unknown\[49.85.243.218\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6Nov 23 23:24:31 mx1 postfix/smtpd\[9791\]: warning: unknown\[49.85.243.218\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6Nov 23 23:24:48 mx1 postfix/smtpd\[9803\]: warning: unknown\[49.85.243.218\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-11-24 01:21:04
49.85.243.188	attackspam	SASL broute force	2019-11-23 20:46:23
49.85.243.23	attackspam	2019-08-27 07:58:24 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:2241: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:58:32 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:2749: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:58:45 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:3405: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:59:00 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:1407: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:59:03 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:4541: 535 Incorrect authentication data 2019-08-27 07:59:08 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:1574: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:59:19 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.23]:2101: 535 Incorrect authentication data (set_id=liepaja) 2019-08-27 07:5........ ------------------------------	2019-08-28 16:11:50
49.85.243.249	attackspam	2019-08-21 13:52:09 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:1108: 535 Incorrect authentication data (set_id=info) 2019-08-21 13:52:16 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:1528: 535 Incorrect authentication data (set_id=info) 2019-08-21 13:52:27 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:2068: 535 Incorrect authentication data (set_id=info) 2019-08-21 13:52:45 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:2808: 535 Incorrect authentication data 2019-08-21 13:52:56 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:3506: 535 Incorrect authentication data 2019-08-21 13:53:08 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:4091: 535 Incorrect authentication data 2019-08-21 13:53:19 dovecot_login authenticator failed for (ylmf-pc) [49.85.243.249]:4640: 535 Incorrect authentication data 2019-08-21 13:53:30 dovecot_login authenticator failed for (ylmf-pc)........ ------------------------------	2019-08-22 02:46:15
49.85.243.248	attackbotsspam	SSH invalid-user multiple login try	2019-08-19 07:50:12
49.85.243.46	attackbotsspam	ylmf-pc	2019-08-19 03:50:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.85.243.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47044
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.85.243.55.			IN	A

;; AUTHORITY SECTION:
.			237	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112800 1800 900 604800 86400

;; Query time: 113 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Nov 28 18:59:15 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 55.243.85.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

** server can't find 55.243.85.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
5.135.66.184	attackspam	Nov 9 10:55:03 sd-53420 sshd\[32509\]: Invalid user csgo from 5.135.66.184 Nov 9 10:55:03 sd-53420 sshd\[32509\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.66.184 Nov 9 10:55:05 sd-53420 sshd\[32509\]: Failed password for invalid user csgo from 5.135.66.184 port 45926 ssh2 Nov 9 10:57:20 sd-53420 sshd\[726\]: Invalid user csgo from 5.135.66.184 Nov 9 10:57:20 sd-53420 sshd\[726\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.66.184 ...	2019-11-09 18:13:34
35.240.182.126	attack	35.240.182.126 - - \[09/Nov/2019:07:21:35 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 35.240.182.126 - - \[09/Nov/2019:07:21:36 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-11-09 18:24:26
103.249.100.196	attackbotsspam	Automatic report - XMLRPC Attack	2019-11-09 17:58:35
51.91.48.22	attack	Nov 9 REMOVED sshd\[1768\]: Invalid user root123 from 51.91.48.22 Nov 9 REMOVED sshd\[1794\]: Invalid user root1 from 51.91.48.22 Nov 9 REMOVED sshd\[1797\]: Invalid user root2 from 51.91.48.22	2019-11-09 18:13:18
50.62.177.206	attackspambots	Automatic report - XMLRPC Attack	2019-11-09 17:54:48
61.12.38.162	attackspam	Nov 8 21:41:47 eddieflores sshd\[388\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.12.38.162 user=root Nov 8 21:41:48 eddieflores sshd\[388\]: Failed password for root from 61.12.38.162 port 51258 ssh2 Nov 8 21:47:11 eddieflores sshd\[851\]: Invalid user day from 61.12.38.162 Nov 8 21:47:11 eddieflores sshd\[851\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.12.38.162 Nov 8 21:47:13 eddieflores sshd\[851\]: Failed password for invalid user day from 61.12.38.162 port 59518 ssh2	2019-11-09 18:00:10
114.99.0.221	attackspambots	Nov 9 01:05:41 eola postfix/smtpd[31453]: connect from unknown[114.99.0.221] Nov 9 01:05:41 eola postfix/smtpd[31453]: NOQUEUE: reject: RCPT from unknown[114.99.0.221]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo=<36hp89k> Nov 9 01:05:41 eola postfix/smtpd[31453]: disconnect from unknown[114.99.0.221] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4 Nov 9 01:05:42 eola postfix/smtpd[31453]: connect from unknown[114.99.0.221] Nov 9 01:05:43 eola postfix/smtpd[31453]: lost connection after AUTH from unknown[114.99.0.221] Nov 9 01:05:43 eola postfix/smtpd[31453]: disconnect from unknown[114.99.0.221] ehlo=1 auth=0/1 commands=1/2 Nov 9 01:05:43 eola postfix/smtpd[31453]: connect from unknown[114.99.0.221] Nov 9 01:05:44 eola postfix/smtpd[31453]: lost connection after AUTH from unknown[114.99.0.221] Nov 9 01:05:44 eola postfix/smtpd[31453]: disconnect from unknown[114.99.0.221] ehlo=1 auth=0/1 commands=1/2 Nov 9 01:05:44 eola........ -------------------------------	2019-11-09 17:59:40
186.130.83.2	attackspam	2019-11-09T06:24:46.381831micro sshd\[12756\]: error: maximum authentication attempts exceeded for root from 186.130.83.2 port 52955 ssh2 \[preauth\] 2019-11-09T06:24:53.064520micro sshd\[12758\]: error: maximum authentication attempts exceeded for root from 186.130.83.2 port 52959 ssh2 \[preauth\] 2019-11-09T06:25:02.755173micro sshd\[12762\]: Invalid user admin from 186.130.83.2 port 52967 2019-11-09T06:25:03.650142micro sshd\[12762\]: error: maximum authentication attempts exceeded for invalid user admin from 186.130.83.2 port 52967 ssh2 \[preauth\] 2019-11-09T06:25:08.921590micro sshd\[12764\]: Invalid user admin from 186.130.83.2 port 52971 ...	2019-11-09 17:59:22
172.245.74.179	attack	Nov 9 07:24:20 MK-Soft-Root2 sshd[11367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.74.179 Nov 9 07:24:22 MK-Soft-Root2 sshd[11367]: Failed password for invalid user user from 172.245.74.179 port 36088 ssh2 ...	2019-11-09 18:28:13
118.24.213.107	attack	Nov 9 10:47:53 vps647732 sshd[18815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.213.107 Nov 9 10:47:55 vps647732 sshd[18815]: Failed password for invalid user zz from 118.24.213.107 port 48370 ssh2 ...	2019-11-09 17:50:12
69.7.43.74	attack	Automatic report - XMLRPC Attack	2019-11-09 17:59:05
178.128.81.60	attack	Nov 9 11:09:37 server sshd\[23992\]: Invalid user neel from 178.128.81.60 Nov 9 11:09:37 server sshd\[23992\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.81.60 Nov 9 11:09:39 server sshd\[23992\]: Failed password for invalid user neel from 178.128.81.60 port 34692 ssh2 Nov 9 11:16:26 server sshd\[26119\]: Invalid user vftp from 178.128.81.60 Nov 9 11:16:26 server sshd\[26119\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.81.60 ...	2019-11-09 18:30:05
78.128.113.121	attack	2019-11-09T10:15:48.359619mail01 postfix/smtpd[30974]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed: 2019-11-09T10:15:55.436776mail01 postfix/smtpd[19756]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed: 2019-11-09T10:21:35.127265mail01 postfix/smtpd[5343]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed:	2019-11-09 17:51:12
212.30.52.243	attackbots	Nov 9 07:21:19 sticky sshd\[416\]: Invalid user 123 from 212.30.52.243 port 36351 Nov 9 07:21:19 sticky sshd\[416\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.30.52.243 Nov 9 07:21:21 sticky sshd\[416\]: Failed password for invalid user 123 from 212.30.52.243 port 36351 ssh2 Nov 9 07:25:06 sticky sshd\[466\]: Invalid user csgo-server from 212.30.52.243 port 54779 Nov 9 07:25:06 sticky sshd\[466\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.30.52.243 ...	2019-11-09 18:00:45
59.126.69.60	attackbots	2019-11-09T10:57:42.919641scmdmz1 sshd\[652\]: Invalid user 123456 from 59.126.69.60 port 43442 2019-11-09T10:57:42.922567scmdmz1 sshd\[652\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-126-69-60.hinet-ip.hinet.net 2019-11-09T10:57:45.387446scmdmz1 sshd\[652\]: Failed password for invalid user 123456 from 59.126.69.60 port 43442 ssh2 ...	2019-11-09 18:11:38

Recently Reported IPs

171.216.88.88	89.42.216.10	118.70.183.231	89.221.213.42
43.134.148.5	101.71.130.180	79.9.32.50	18.192.108.64
114.219.85.81	125.160.67.234	114.219.84.39	151.80.157.158
117.10.54.156	5.143.44.211	23.247.118.91	124.205.151.122
120.29.77.238	49.206.223.100	85.43.41.197	188.81.4.207