65.49.20.104 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: The Shadow Server Foundation

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	TCP (SYN) 65.49.20.104:34933 -> port 22, len 40	2020-06-20 18:30:21
attackbots	May 29 06:39:59 debian-2gb-nbg1-2 kernel: \[12985986.219890\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=65.49.20.104 DST=195.201.40.59 LEN=1258 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=58413 DPT=443 LEN=1238	2020-05-29 19:40:25
attackbotsspam	443/udp 22/tcp... [2019-12-12/2020-01-10]7pkt,1pt.(tcp),1pt.(udp)	2020-01-10 19:40:22

Type

Details

Datetime

attackbotsspam

 TCP (SYN) 65.49.20.104:34933 -> port 22, len 40

2020-06-20 18:30:21

attackbots

May 29 06:39:59 debian-2gb-nbg1-2 kernel: \[12985986.219890\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=65.49.20.104 DST=195.201.40.59 LEN=1258 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=58413 DPT=443 LEN=1238

2020-05-29 19:40:25

attackbotsspam

443/udp 22/tcp...
[2019-12-12/2020-01-10]7pkt,1pt.(tcp),1pt.(udp)

2020-01-10 19:40:22

Comments on same subnet:

IP	Type	Details	Datetime
65.49.20.78	botsattack	Compromised IP	2025-01-28 22:48:38
65.49.20.67	botsattackproxy	Redis bot	2024-04-23 21:05:33
65.49.20.118	attackproxy	VPN fraud	2023-06-12 13:45:52
65.49.20.110	proxy	VPN fraud	2023-06-06 12:43:08
65.49.20.101	proxy	VPN fraud	2023-06-01 16:00:58
65.49.20.107	proxy	VPN fraud	2023-05-29 12:59:34
65.49.20.100	proxy	VPN fraud	2023-05-22 12:53:45
65.49.20.114	proxy	VPN fraud	2023-04-07 13:32:29
65.49.20.124	proxy	VPN fraud	2023-04-03 13:08:01
65.49.20.105	proxy	VPN fraud	2023-03-16 13:52:13
65.49.20.123	proxy	VPN fraud	2023-03-09 14:09:02
65.49.20.90	proxy	VPN scan	2023-02-20 14:00:04
65.49.20.119	proxy	VPN fraud	2023-02-14 20:08:26
65.49.20.106	proxy	Brute force VPN	2023-02-08 14:01:13
65.49.20.77	proxy	VPN	2023-02-06 13:57:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 65.49.20.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23671
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;65.49.20.104.			IN	A

;; AUTHORITY SECTION:
.			133	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011000 1800 900 604800 86400

;; Query time: 61 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jan 10 19:40:17 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 104.20.49.65.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 104.20.49.65.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.236.10.170	attack	Jul 25 00:27:01 lnxmysql61 sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.236.10.170	2020-07-25 06:43:33
189.128.72.38	attackspam	Unauthorized connection attempt from IP address 189.128.72.38 on Port 445(SMB)	2020-07-25 06:15:21
101.224.27.153	attackspambots	Email rejected due to spam filtering	2020-07-25 06:27:15
185.166.74.78	attackbots	Unauthorized connection attempt from IP address 185.166.74.78 on Port 445(SMB)	2020-07-25 06:34:55
103.81.1.94	attackspambots	Unauthorized connection attempt from IP address 103.81.1.94 on Port 445(SMB)	2020-07-25 06:46:38
165.22.56.115	attackbotsspam	Jul 25 00:14:22 meumeu sshd[45565]: Invalid user local from 165.22.56.115 port 38456 Jul 25 00:14:22 meumeu sshd[45565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.56.115 Jul 25 00:14:22 meumeu sshd[45565]: Invalid user local from 165.22.56.115 port 38456 Jul 25 00:14:24 meumeu sshd[45565]: Failed password for invalid user local from 165.22.56.115 port 38456 ssh2 Jul 25 00:18:38 meumeu sshd[45832]: Invalid user student from 165.22.56.115 port 52420 Jul 25 00:18:38 meumeu sshd[45832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.56.115 Jul 25 00:18:38 meumeu sshd[45832]: Invalid user student from 165.22.56.115 port 52420 Jul 25 00:18:40 meumeu sshd[45832]: Failed password for invalid user student from 165.22.56.115 port 52420 ssh2 Jul 25 00:22:54 meumeu sshd[46030]: Invalid user weixin from 165.22.56.115 port 38152 ...	2020-07-25 06:41:52
159.203.219.38	attackspambots	$f2bV_matches	2020-07-25 06:52:33
222.186.175.23	attackspam	Jul 25 00:22:17 minden010 sshd[28894]: Failed password for root from 222.186.175.23 port 52533 ssh2 Jul 25 00:22:35 minden010 sshd[28987]: Failed password for root from 222.186.175.23 port 20059 ssh2 Jul 25 00:22:38 minden010 sshd[28987]: Failed password for root from 222.186.175.23 port 20059 ssh2 ...	2020-07-25 06:31:14
49.88.112.111	attackbotsspam	Jul 24 15:23:24 dignus sshd[17953]: Failed password for root from 49.88.112.111 port 55721 ssh2 Jul 24 15:23:58 dignus sshd[18038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.111 user=root Jul 24 15:24:00 dignus sshd[18038]: Failed password for root from 49.88.112.111 port 39409 ssh2 Jul 24 15:24:36 dignus sshd[18104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.111 user=root Jul 24 15:24:37 dignus sshd[18104]: Failed password for root from 49.88.112.111 port 16335 ssh2 ...	2020-07-25 06:41:10
103.129.97.70	attackbotsspam	Jul 24 22:09:19 vps-51d81928 sshd[107038]: Invalid user centos from 103.129.97.70 port 51150 Jul 24 22:09:19 vps-51d81928 sshd[107038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.129.97.70 Jul 24 22:09:19 vps-51d81928 sshd[107038]: Invalid user centos from 103.129.97.70 port 51150 Jul 24 22:09:22 vps-51d81928 sshd[107038]: Failed password for invalid user centos from 103.129.97.70 port 51150 ssh2 Jul 24 22:12:50 vps-51d81928 sshd[107138]: Invalid user hqy from 103.129.97.70 port 50622 ...	2020-07-25 06:16:21
170.130.212.46	attackspam	Postfix RBL failed	2020-07-25 06:18:59
198.71.238.18	attackbots	blocked by real-time IP blacklist /wp-login.php /oldsite/wp-includes/wlwmanifest.xml /newsite/wp-includes/wlwmanifest.xml /shop/wp-includes/wlwmanifest.xml /news/wp-includes/wlwmanifest.xml /wp-includes/wlwmanifest.xml /wp-includes/wlwmanifest.xml /web/wp-includes/wlwmanifest.xml /demo/wp-includes/wlwmanifest.xml /wp-includes/wlwmanifest.xml /old/wp-includes/wlwmanifest.xml /blog/wp-includes/wlwmanifest.xml /wp/wp-includes/wlwmanifest.xml	2020-07-25 06:21:59
45.55.128.109	attack	Automatic Fail2ban report - Trying login SSH	2020-07-25 06:32:26
134.175.130.52	attack	Jul 25 05:32:33 webhost01 sshd[13317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.130.52 Jul 25 05:32:35 webhost01 sshd[13317]: Failed password for invalid user satou from 134.175.130.52 port 38978 ssh2 ...	2020-07-25 06:40:20
104.248.24.208	attack	k+ssh-bruteforce	2020-07-25 06:28:50

Recently Reported IPs

56.248.56.181	46.12.114.113	246.77.176.236	167.209.249.25
71.6.233.242	89.64.30.29	51.15.87.34	170.106.81.221
198.108.66.147	193.251.189.244	114.7.2.17	23.40.128.236
224.129.146.219	175.147.195.74	171.4.123.100	81.227.17.83
226.238.49.181	114.46.178.214	46.166.142.186	190.214.9.150