49.87.44.102 - IPInfo

Basic Info

City: Huai'an

Region: Jiangsu

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: No.31,Jin-rong Street

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 16 06:43:37 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102] Jul 16 06:43:48 eola postfix/smtpd[31992]: NOQUEUE: reject: RCPT from unknown[49.87.44.102]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo= Jul 16 06:43:48 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4 Jul 16 06:43:49 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102] Jul 16 06:43:50 eola postfix/smtpd[31992]: lost connection after AUTH from unknown[49.87.44.102] Jul 16 06:43:50 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2 Jul 16 06:43:51 eola postfix/smtpd[32086]: connect from unknown[49.87.44.102] Jul 16 06:43:52 eola postfix/smtpd[32086]: lost connection after AUTH from unknown[49.87.44.102] Jul 16 06:43:52 eola postfix/smtpd[32086]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2 Jul 16 06:43:52 eola ........ -------------------------------	2019-07-16 23:44:51

Type

Details

Datetime

attack

Jul 16 06:43:37 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102]
Jul 16 06:43:48 eola postfix/smtpd[31992]: NOQUEUE: reject: RCPT from unknown[49.87.44.102]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo=
Jul 16 06:43:48 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4
Jul 16 06:43:49 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102]
Jul 16 06:43:50 eola postfix/smtpd[31992]: lost connection after AUTH from unknown[49.87.44.102]
Jul 16 06:43:50 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2
Jul 16 06:43:51 eola postfix/smtpd[32086]: connect from unknown[49.87.44.102]
Jul 16 06:43:52 eola postfix/smtpd[32086]: lost connection after AUTH from unknown[49.87.44.102]
Jul 16 06:43:52 eola postfix/smtpd[32086]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2
Jul 16 06:43:52 eola ........
-------------------------------

2019-07-16 23:44:51

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.87.44.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46124
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.87.44.102.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071600 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 16 23:44:40 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 102.44.87.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 102.44.87.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
217.61.17.7	attack	Dec 18 05:36:02 tdfoods sshd\[8134\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.61.17.7 user=mysql Dec 18 05:36:05 tdfoods sshd\[8134\]: Failed password for mysql from 217.61.17.7 port 58412 ssh2 Dec 18 05:41:10 tdfoods sshd\[8664\]: Invalid user test from 217.61.17.7 Dec 18 05:41:10 tdfoods sshd\[8664\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.61.17.7 Dec 18 05:41:13 tdfoods sshd\[8664\]: Failed password for invalid user test from 217.61.17.7 port 40304 ssh2	2019-12-18 23:50:02
149.56.131.73	attackbots	Dec 18 16:34:17 localhost sshd\[3130\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.131.73 user=root Dec 18 16:34:19 localhost sshd\[3130\]: Failed password for root from 149.56.131.73 port 40018 ssh2 Dec 18 16:39:36 localhost sshd\[9461\]: Invalid user yg from 149.56.131.73 port 47242	2019-12-18 23:47:13
203.143.12.26	attackspam	Dec 18 04:29:36 php1 sshd\[2938\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.143.12.26 user=root Dec 18 04:29:38 php1 sshd\[2938\]: Failed password for root from 203.143.12.26 port 63872 ssh2 Dec 18 04:36:46 php1 sshd\[3656\]: Invalid user ragnhildstveit from 203.143.12.26 Dec 18 04:36:47 php1 sshd\[3656\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.143.12.26 Dec 18 04:36:49 php1 sshd\[3656\]: Failed password for invalid user ragnhildstveit from 203.143.12.26 port 47262 ssh2	2019-12-18 23:59:47
41.138.88.3	attackspambots	Dec 18 15:54:45 sip sshd[32204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.88.3 Dec 18 15:54:48 sip sshd[32204]: Failed password for invalid user marketing from 41.138.88.3 port 43988 ssh2 Dec 18 16:03:20 sip sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.88.3	2019-12-18 23:50:42
209.105.243.145	attackspambots	Dec 18 16:35:05 loxhost sshd\[26046\]: Invalid user andes from 209.105.243.145 port 34954 Dec 18 16:35:05 loxhost sshd\[26046\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.105.243.145 Dec 18 16:35:07 loxhost sshd\[26046\]: Failed password for invalid user andes from 209.105.243.145 port 34954 ssh2 Dec 18 16:40:32 loxhost sshd\[26237\]: Invalid user ielectronics from 209.105.243.145 port 38748 Dec 18 16:40:32 loxhost sshd\[26237\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.105.243.145 ...	2019-12-18 23:41:28
94.23.212.137	attackbots	Dec 18 14:36:47 *** sshd[31055]: Invalid user cage from 94.23.212.137	2019-12-19 00:02:35
177.67.83.139	attackspam	Dec 18 15:37:16 pornomens sshd\[2147\]: Invalid user test from 177.67.83.139 port 35272 Dec 18 15:37:16 pornomens sshd\[2147\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.67.83.139 Dec 18 15:37:18 pornomens sshd\[2147\]: Failed password for invalid user test from 177.67.83.139 port 35272 ssh2 ...	2019-12-18 23:31:31
169.149.255.198	attack	1576679821 - 12/18/2019 15:37:01 Host: 169.149.255.198/169.149.255.198 Port: 445 TCP Blocked	2019-12-18 23:48:19
218.92.0.135	attackbotsspam	Dec 18 16:37:54 icinga sshd[22343]: Failed password for root from 218.92.0.135 port 43916 ssh2 Dec 18 16:37:58 icinga sshd[22343]: Failed password for root from 218.92.0.135 port 43916 ssh2 Dec 18 16:38:03 icinga sshd[22343]: Failed password for root from 218.92.0.135 port 43916 ssh2 Dec 18 16:38:06 icinga sshd[22343]: Failed password for root from 218.92.0.135 port 43916 ssh2 ...	2019-12-18 23:53:44
109.116.196.174	attack	Dec 18 16:30:41 ArkNodeAT sshd\[25803\]: Invalid user server from 109.116.196.174 Dec 18 16:30:41 ArkNodeAT sshd\[25803\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.116.196.174 Dec 18 16:30:42 ArkNodeAT sshd\[25803\]: Failed password for invalid user server from 109.116.196.174 port 59426 ssh2	2019-12-18 23:44:46
40.92.75.78	attackspam	Dec 18 17:36:47 debian-2gb-vpn-nbg1-1 kernel: [1058171.850367] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=40.92.75.78 DST=78.46.192.101 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=3168 DF PROTO=TCP SPT=63495 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0	2019-12-19 00:01:47
46.166.187.159	attack	\[2019-12-18 10:08:22\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-18T10:08:22.898-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="20512132674411",SessionID="0x7f0fb4a5a908",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.187.159/56110",ACLName="no_extension_match" \[2019-12-18 10:11:40\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-18T10:11:40.389-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="20612132674411",SessionID="0x7f0fb4a5a908",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.187.159/57100",ACLName="no_extension_match" \[2019-12-18 10:15:31\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-18T10:15:31.791-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="20712132674411",SessionID="0x7f0fb4a5a908",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.187.159/63992",ACLName="no_ext	2019-12-18 23:59:03
206.189.194.163	attackspam	Dec 18 05:17:03 eddieflores sshd\[26845\]: Invalid user ws from 206.189.194.163 Dec 18 05:17:03 eddieflores sshd\[26845\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.194.163 Dec 18 05:17:05 eddieflores sshd\[26845\]: Failed password for invalid user ws from 206.189.194.163 port 33586 ssh2 Dec 18 05:26:22 eddieflores sshd\[27657\]: Invalid user slawski from 206.189.194.163 Dec 18 05:26:22 eddieflores sshd\[27657\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.194.163	2019-12-18 23:30:36
172.110.30.125	attack	Dec 13 01:45:02 vtv3 sshd[31299]: Failed password for invalid user cicora from 172.110.30.125 port 60476 ssh2 Dec 13 01:53:40 vtv3 sshd[3129]: Failed password for root from 172.110.30.125 port 55846 ssh2 Dec 13 02:09:01 vtv3 sshd[10093]: Failed password for root from 172.110.30.125 port 54216 ssh2 Dec 13 02:14:19 vtv3 sshd[12459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.110.30.125 Dec 13 02:14:21 vtv3 sshd[12459]: Failed password for invalid user shewey from 172.110.30.125 port 35132 ssh2 Dec 13 02:24:48 vtv3 sshd[17250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.110.30.125 Dec 13 02:24:50 vtv3 sshd[17250]: Failed password for invalid user ciesielski from 172.110.30.125 port 52998 ssh2 Dec 13 02:30:04 vtv3 sshd[19629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.110.30.125 Dec 13 02:40:34 vtv3 sshd[25036]: pam_unix(sshd:auth): authentication failure; logname=	2019-12-19 00:02:12
61.221.213.23	attack	Invalid user admin from 61.221.213.23 port 43468 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.221.213.23 Failed password for invalid user admin from 61.221.213.23 port 43468 ssh2 Invalid user test from 61.221.213.23 port 46393 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.221.213.23	2019-12-18 23:39:05

Recently Reported IPs

81.131.62.232	60.176.238.40	109.209.88.63	99.4.159.191
93.171.61.183	106.12.225.241	129.204.78.134	133.223.20.123
150.143.19.236	87.6.17.48	93.171.61.186	113.222.43.117
4.246.50.184	82.110.13.242	92.50.249.92	74.122.225.151
156.26.155.219	35.199.5.70	124.56.23.39	139.162.6.61