49.87.44.102 - IPInfo

Basic Info

City: Huai'an

Region: Jiangsu

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: No.31,Jin-rong Street

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 16 06:43:37 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102] Jul 16 06:43:48 eola postfix/smtpd[31992]: NOQUEUE: reject: RCPT from unknown[49.87.44.102]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo= Jul 16 06:43:48 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4 Jul 16 06:43:49 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102] Jul 16 06:43:50 eola postfix/smtpd[31992]: lost connection after AUTH from unknown[49.87.44.102] Jul 16 06:43:50 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2 Jul 16 06:43:51 eola postfix/smtpd[32086]: connect from unknown[49.87.44.102] Jul 16 06:43:52 eola postfix/smtpd[32086]: lost connection after AUTH from unknown[49.87.44.102] Jul 16 06:43:52 eola postfix/smtpd[32086]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2 Jul 16 06:43:52 eola ........ -------------------------------	2019-07-16 23:44:51

Type

Details

Datetime

attack

Jul 16 06:43:37 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102]
Jul 16 06:43:48 eola postfix/smtpd[31992]: NOQUEUE: reject: RCPT from unknown[49.87.44.102]: 504 5.5.2 : Helo command rejected: need fully-qualified hostname; from=x@x helo=
Jul 16 06:43:48 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 mail=1 rcpt=0/1 quhostname=1 commands=3/4
Jul 16 06:43:49 eola postfix/smtpd[31992]: connect from unknown[49.87.44.102]
Jul 16 06:43:50 eola postfix/smtpd[31992]: lost connection after AUTH from unknown[49.87.44.102]
Jul 16 06:43:50 eola postfix/smtpd[31992]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2
Jul 16 06:43:51 eola postfix/smtpd[32086]: connect from unknown[49.87.44.102]
Jul 16 06:43:52 eola postfix/smtpd[32086]: lost connection after AUTH from unknown[49.87.44.102]
Jul 16 06:43:52 eola postfix/smtpd[32086]: disconnect from unknown[49.87.44.102] ehlo=1 auth=0/1 commands=1/2
Jul 16 06:43:52 eola ........
-------------------------------

2019-07-16 23:44:51

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.87.44.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46124
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.87.44.102.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071600 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 16 23:44:40 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 102.44.87.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 102.44.87.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
68.183.227.252	attack	Bruteforce detected by fail2ban	2020-07-01 06:04:30
121.36.56.246	attack	Unauthorized connection attempt detected from IP address 121.36.56.246 to port 23	2020-07-01 05:07:43
103.104.119.173	attackspambots	Invalid user wangying from 103.104.119.173 port 44114	2020-07-01 05:08:37
181.65.190.13	attack	Unauthorized connection attempt from IP address 181.65.190.13 on Port 445(SMB)	2020-07-01 05:51:07
185.249.197.204	attackspambots	tried sql-injection	2020-07-01 05:56:58
213.230.108.249	attackbots	2020-06-29 14:15:21 Unauthorized connection attempt to IMAP/POP	2020-07-01 05:32:15
103.205.180.188	attack	Multiple SSH authentication failures from 103.205.180.188	2020-07-01 05:38:29
176.31.162.82	attackspam	Jun 30 12:44:44 ny01 sshd[3169]: Failed password for root from 176.31.162.82 port 37886 ssh2 Jun 30 12:47:43 ny01 sshd[3664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.82 Jun 30 12:47:45 ny01 sshd[3664]: Failed password for invalid user elasticsearch from 176.31.162.82 port 35732 ssh2	2020-07-01 05:40:38
80.82.77.33	attackspambots	TCP (SYN) 80.82.77.33:23320 -> port 5001, len 44	2020-07-01 05:45:42
82.118.236.186	attackbots	Jun 30 16:19:49 dev0-dcde-rnet sshd[12688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.118.236.186 Jun 30 16:19:50 dev0-dcde-rnet sshd[12688]: Failed password for invalid user soap from 82.118.236.186 port 44558 ssh2 Jun 30 16:23:37 dev0-dcde-rnet sshd[12722]: Failed password for root from 82.118.236.186 port 43660 ssh2	2020-07-01 05:17:04
45.92.126.74	attackbotsspam	Jun 30 18:52:11 debian-2gb-nbg1-2 kernel: \[15794568.751558\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.92.126.74 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=57491 PROTO=TCP SPT=40696 DPT=8040 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-01 05:36:14
208.68.39.220	attackbotsspam	Jun 30 15:17:07 *** sshd[24255]: Invalid user elena from 208.68.39.220	2020-07-01 05:32:29
185.74.4.110	attackspambots	Jun 30 11:04:28 *** sshd[23951]: Invalid user usuario from 185.74.4.110	2020-07-01 05:43:12
36.112.108.195	attackspam	Invalid user lwq from 36.112.108.195 port 16835	2020-07-01 05:46:32
218.92.0.204	attackbots	2020-06-30T12:24:30.237270xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:24:28.299869xentho-1 sshd[768267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204 user=root 2020-06-30T12:24:30.237270xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:24:34.097430xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:24:28.299869xentho-1 sshd[768267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204 user=root 2020-06-30T12:24:30.237270xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:24:34.097430xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:24:37.100919xentho-1 sshd[768267]: Failed password for root from 218.92.0.204 port 54251 ssh2 2020-06-30T12:26:39.281462xent ...	2020-07-01 05:18:33

Recently Reported IPs

81.131.62.232	60.176.238.40	109.209.88.63	99.4.159.191
93.171.61.183	106.12.225.241	129.204.78.134	133.223.20.123
150.143.19.236	87.6.17.48	93.171.61.186	113.222.43.117
4.246.50.184	82.110.13.242	92.50.249.92	74.122.225.151
156.26.155.219	35.199.5.70	124.56.23.39	139.162.6.61