65.49.20.71 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: The Shadow Server Foundation

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	1579006888 - 01/14/2020 14:01:28 Host: 65.49.20.71/65.49.20.71 Port: 443 UDP Blocked	2020-01-15 00:47:03
attackspambots	[portscan] tcp/22 [SSH] *(RWIN=65535)(12251243)	2019-12-25 21:41:44

Comments on same subnet:

IP	Type	Details	Datetime
65.49.20.78	botsattack	Compromised IP	2025-01-28 22:48:38
65.49.20.67	botsattackproxy	Redis bot	2024-04-23 21:05:33
65.49.20.118	attackproxy	VPN fraud	2023-06-12 13:45:52
65.49.20.110	proxy	VPN fraud	2023-06-06 12:43:08
65.49.20.101	proxy	VPN fraud	2023-06-01 16:00:58
65.49.20.107	proxy	VPN fraud	2023-05-29 12:59:34
65.49.20.100	proxy	VPN fraud	2023-05-22 12:53:45
65.49.20.114	proxy	VPN fraud	2023-04-07 13:32:29
65.49.20.124	proxy	VPN fraud	2023-04-03 13:08:01
65.49.20.105	proxy	VPN fraud	2023-03-16 13:52:13
65.49.20.123	proxy	VPN fraud	2023-03-09 14:09:02
65.49.20.90	proxy	VPN scan	2023-02-20 14:00:04
65.49.20.119	proxy	VPN fraud	2023-02-14 20:08:26
65.49.20.106	proxy	Brute force VPN	2023-02-08 14:01:13
65.49.20.77	proxy	VPN	2023-02-06 13:57:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 65.49.20.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41544
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;65.49.20.71.			IN	A

;; AUTHORITY SECTION:
.			173	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122500 1800 900 604800 86400

;; Query time: 37 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Dec 25 21:41:38 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 71.20.49.65.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 71.20.49.65.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
139.59.25.82	attack	Oct 5 19:03:48 host sshd[10598]: User r.r from 139.59.25.82 not allowed because none of user's groups are listed in AllowGroups Oct 5 19:03:48 host sshd[10598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.25.82 user=r.r Oct 5 19:03:50 host sshd[10598]: Failed password for invalid user r.r from 139.59.25.82 port 46410 ssh2 Oct 5 19:03:51 host sshd[10598]: Received disconnect from 139.59.25.82 port 46410:11: Bye Bye [preauth] Oct 5 19:03:51 host sshd[10598]: Disconnected from invalid user r.r 139.59.25.82 port 46410 [preauth] Oct 5 19:18:43 host sshd[11134]: User r.r from 139.59.25.82 not allowed because none of user's groups are listed in AllowGroups Oct 5 19:18:43 host sshd[11134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.25.82 user=r.r Oct 5 19:18:45 host sshd[11134]: Failed password for invalid user r.r from 139.59.25.82 port 45422 ssh2 Oct 5 19:18:46 ho........ -------------------------------	2020-10-06 22:09:45
50.28.1.193	attackbotsspam	tadpole.exacthosting.com - - [05/Oct/2020:16:37:16 -0400] "GET /wp-content/meta.php HTTP/1.1"	2020-10-06 22:26:30
112.85.42.112	attackbotsspam	Oct 6 16:10:43 sso sshd[11422]: Failed password for root from 112.85.42.112 port 57800 ssh2 Oct 6 16:10:54 sso sshd[11422]: Failed password for root from 112.85.42.112 port 57800 ssh2 ...	2020-10-06 22:22:40
112.85.42.173	attack	Oct 6 16:01:10 vpn01 sshd[29639]: Failed password for root from 112.85.42.173 port 30560 ssh2 Oct 6 16:01:22 vpn01 sshd[29639]: Failed password for root from 112.85.42.173 port 30560 ssh2 Oct 6 16:01:22 vpn01 sshd[29639]: error: maximum authentication attempts exceeded for root from 112.85.42.173 port 30560 ssh2 [preauth] ...	2020-10-06 22:15:51
165.227.181.118	attackspambots	Invalid user anand from 165.227.181.118 port 33312	2020-10-06 22:07:41
171.244.139.243	attack	SSH login attempts.	2020-10-06 22:38:57
128.106.210.171	attack	Automatic report - Port Scan Attack	2020-10-06 21:59:59
106.12.208.175	attackspam	"Remote Command Execution: Direct Unix Command Execution - Matched Data: echo found within ARGS:b4dboy: echo \x22xbshell\x22;"	2020-10-06 22:03:58
111.229.137.13	attack	Oct 6 11:49:23 cdc sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.137.13 user=root Oct 6 11:49:26 cdc sshd[27203]: Failed password for invalid user root from 111.229.137.13 port 36166 ssh2	2020-10-06 22:26:47
186.137.182.59	attack	DATE:2020-10-05 22:40:09, IP:186.137.182.59, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-10-06 22:23:04
51.254.38.156	attackbotsspam	Automatic report - Port Scan	2020-10-06 22:10:40
37.46.150.211	attackspam	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-10-06T11:57:05Z and 2020-10-06T12:00:22Z	2020-10-06 22:10:15
134.209.24.117	attackspam	Oct 6 11:07:31 shivevps sshd[16050]: Failed password for root from 134.209.24.117 port 43738 ssh2 Oct 6 11:11:05 shivevps sshd[16299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.24.117 user=root Oct 6 11:11:07 shivevps sshd[16299]: Failed password for root from 134.209.24.117 port 51220 ssh2 ...	2020-10-06 22:24:15
221.195.1.201	attackbots	sshd: Failed password for .... from 221.195.1.201 port 47402 ssh2	2020-10-06 22:03:28
113.142.58.155	attack	Automatic report - Banned IP Access	2020-10-06 22:33:36

Recently Reported IPs

121.122.108.227	87.11.192.69	111.88.246.121	77.237.177.210
36.122.111.37	63.81.87.116	150.120.221.207	34.92.123.255
4.191.154.38	218.31.161.253	29.68.118.24	136.80.78.103
15.51.39.78	217.183.241.17	132.162.120.74	128.0.129.192
94.221.143.52	3.135.235.115	150.228.85.202	112.242.158.240