94.102.49.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Incrediserve Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Sep 24 16:09:13 [host] kernel: [1288565.103610] [U Sep 24 16:15:41 [host] kernel: [1288952.633622] [U Sep 24 16:19:34 [host] kernel: [1289186.067227] [U Sep 24 16:22:48 [host] kernel: [1289379.507850] [U Sep 24 16:37:16 [host] kernel: [1290247.179542] [U Sep 24 16:42:54 [host] kernel: [1290585.125226] [U	2020-09-24 22:45:14
attackbotsspam	Port scan on 41 port(s): 28005 28029 28036 28040 28080 28129 28136 28177 28183 28188 28192 28284 28289 28371 28375 28377 28381 28395 28399 28414 28430 28456 28500 28551 28564 28587 28673 28679 28731 28758 28761 28762 28781 28821 28874 28884 28928 28959 28968 28981 28995	2020-09-24 14:36:02
attack	Port scan on 15 port(s): 28085 28205 28232 28321 28364 28387 28509 28554 28626 28629 28630 28802 28866 28892 28948	2020-09-24 06:03:36

Type

Details

Datetime

attackspambots

Sep 24 16:09:13 [host] kernel: [1288565.103610] [U
Sep 24 16:15:41 [host] kernel: [1288952.633622] [U
Sep 24 16:19:34 [host] kernel: [1289186.067227] [U
Sep 24 16:22:48 [host] kernel: [1289379.507850] [U
Sep 24 16:37:16 [host] kernel: [1290247.179542] [U
Sep 24 16:42:54 [host] kernel: [1290585.125226] [U

2020-09-24 22:45:14

attackbotsspam

Port scan on 41 port(s): 28005 28029 28036 28040 28080 28129 28136 28177 28183 28188 28192 28284 28289 28371 28375 28377 28381 28395 28399 28414 28430 28456 28500 28551 28564 28587 28673 28679 28731 28758 28761 28762 28781 28821 28874 28884 28928 28959 28968 28981 28995

2020-09-24 14:36:02

attack

Port scan on 15 port(s): 28085 28205 28232 28321 28364 28387 28509 28554 28626 28629 28630 28802 28866 28892 28948

2020-09-24 06:03:36

Comments on same subnet:

IP	Type	Details	Datetime
94.102.49.193	botsattackproxy	Bot	2024-04-11 12:03:13
94.102.49.190	proxy	VPN fraud	2023-05-29 12:52:27
94.102.49.191	attackspam	ET DROP Dshield Block Listed Source group 1 - port: 132 proto: tcp cat: Misc Attackbytes: 60	2020-10-14 05:37:55
94.102.49.191	attackspambots	Port-scan: detected 174 distinct ports within a 24-hour window.	2020-10-07 17:07:10
94.102.49.117	attack	massive Port Scan	2020-10-07 04:15:40
94.102.49.59	attack	port scan	2020-10-07 00:57:42
94.102.49.117	attackspambots	massive Port Scan	2020-10-06 20:19:06
94.102.49.59	attack	Hacker	2020-10-06 16:51:13
94.102.49.193	attackbots	TCP (SYN) 94.102.49.193:6707 -> port 502, len 44	2020-10-05 03:01:09
94.102.49.193	attackspambots	TCP (SYN) 94.102.49.193:6707 -> port 502, len 44	2020-10-04 18:45:20
94.102.49.93	attackbotsspam	Port-scan: detected 200 distinct ports within a 24-hour window.	2020-10-04 06:25:39
94.102.49.93	attackbotsspam	Port-scan: detected 200 distinct ports within a 24-hour window.	2020-10-03 22:30:11
94.102.49.93	attackspam	[Sun Sep 27 22:47:43 2020] - Syn Flood From IP: 94.102.49.93 Port: 59653	2020-10-03 14:13:26
94.102.49.137	attackspam	Fri, 2020-10-02 08:33:48 - TCP Packet - Source:94.102.49.137 Destination:xxx.xxx.xxx.xxx - [PORT SCAN]	2020-10-03 04:32:19
94.102.49.137	attack	Oct 2 15:35:22 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42330 PROTO=TCP SPT=45720 DPT=11117 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:22 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28079 PROTO=TCP SPT=45720 DPT=11218 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:25 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3153 PROTO=TCP SPT=45720 DPT=11222 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:25 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16947 PROTO=TCP SPT=45720 DPT=11215 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15: ...	2020-10-02 23:52:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.102.49.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21746
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.102.49.3.			IN	A

;; AUTHORITY SECTION:
.			427	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092301 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 24 06:03:32 CST 2020
;; MSG SIZE  rcvd: 115

Host info

3.49.102.94.in-addr.arpa domain name pointer no-reverse-dns-configured.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
3.49.102.94.in-addr.arpa	name = no-reverse-dns-configured.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
148.70.169.14	attackbots	Jun 12 16:16:54 webhost01 sshd[6178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.169.14 Jun 12 16:16:56 webhost01 sshd[6178]: Failed password for invalid user seng from 148.70.169.14 port 45384 ssh2 ...	2020-06-12 19:31:17
104.40.220.72	attackbotsspam	104.40.220.72 - - [11/Jun/2020:21:49:06 -0600] "GET /2020/wp-login.php HTTP/1.1" 301 472 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-12 19:41:36
37.187.12.126	attack	Jun 12 11:14:38 Ubuntu-1404-trusty-64-minimal sshd\[1260\]: Invalid user kt from 37.187.12.126 Jun 12 11:14:38 Ubuntu-1404-trusty-64-minimal sshd\[1260\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.12.126 Jun 12 11:14:40 Ubuntu-1404-trusty-64-minimal sshd\[1260\]: Failed password for invalid user kt from 37.187.12.126 port 42786 ssh2 Jun 12 11:25:36 Ubuntu-1404-trusty-64-minimal sshd\[7187\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.12.126 user=root Jun 12 11:25:37 Ubuntu-1404-trusty-64-minimal sshd\[7187\]: Failed password for root from 37.187.12.126 port 43152 ssh2	2020-06-12 19:38:53
111.235.222.99	attackbotsspam	Telnet Server BruteForce Attack	2020-06-12 19:13:03
184.105.139.67	attackspambots	Unauthorized connection attempt detected from IP address 184.105.139.67 to port 23	2020-06-12 19:33:44
138.219.129.150	attackspam	sshd jail - ssh hack attempt	2020-06-12 19:39:15
182.69.208.102	attackbotsspam	182.69.208.102 - - [12/Jun/2020:05:42:03 +0200] "POST /xmlrpc.php HTTP/1.1" 301 162 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 182.69.208.102 - - [12/Jun/2020:05:49:20 +0200] "POST /xmlrpc.php HTTP/1.1" 301 162 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ...	2020-06-12 19:30:40
192.241.155.88	attack	Jun 12 12:48:20 OPSO sshd\[28959\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.155.88 user=root Jun 12 12:48:22 OPSO sshd\[28959\]: Failed password for root from 192.241.155.88 port 39074 ssh2 Jun 12 12:52:53 OPSO sshd\[29642\]: Invalid user asik from 192.241.155.88 port 42432 Jun 12 12:52:53 OPSO sshd\[29642\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.155.88 Jun 12 12:52:56 OPSO sshd\[29642\]: Failed password for invalid user asik from 192.241.155.88 port 42432 ssh2	2020-06-12 19:03:58
107.170.20.247	attackbotsspam	Jun 12 12:48:48 ift sshd\[60756\]: Failed password for root from 107.170.20.247 port 45596 ssh2Jun 12 12:52:40 ift sshd\[61280\]: Invalid user aaa from 107.170.20.247Jun 12 12:52:42 ift sshd\[61280\]: Failed password for invalid user aaa from 107.170.20.247 port 46445 ssh2Jun 12 12:56:42 ift sshd\[61952\]: Invalid user dl_group5 from 107.170.20.247Jun 12 12:56:44 ift sshd\[61952\]: Failed password for invalid user dl_group5 from 107.170.20.247 port 47292 ssh2 ...	2020-06-12 19:10:24
130.61.118.231	attackbots	Jun 12 10:52:09 jumpserver sshd[57916]: Invalid user mysql from 130.61.118.231 port 58952 Jun 12 10:52:12 jumpserver sshd[57916]: Failed password for invalid user mysql from 130.61.118.231 port 58952 ssh2 Jun 12 10:55:18 jumpserver sshd[57950]: Invalid user bt from 130.61.118.231 port 33356 ...	2020-06-12 19:34:43
62.102.148.68	attackspam	Jun 12 11:23:22 web8 sshd\[25285\]: Invalid user USERID from 62.102.148.68 Jun 12 11:23:23 web8 sshd\[25285\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.102.148.68 Jun 12 11:23:25 web8 sshd\[25285\]: Failed password for invalid user USERID from 62.102.148.68 port 58782 ssh2 Jun 12 11:24:49 web8 sshd\[26065\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.102.148.68 user=root Jun 12 11:24:51 web8 sshd\[26065\]: Failed password for root from 62.102.148.68 port 39966 ssh2	2020-06-12 19:36:42
160.153.147.37	attackspambots	Automatic report - XMLRPC Attack	2020-06-12 19:11:06
111.250.142.235	attackbotsspam	port scan and connect, tcp 23 (telnet)	2020-06-12 19:29:24
203.178.148.19	attack	srv02 Mass scanning activity detected Target: - ..	2020-06-12 19:44:24
176.215.252.1	attackspam	Jun 12 13:07:53 debian-2gb-nbg1-2 kernel: \[14218795.069759\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=176.215.252.1 DST=195.201.40.59 LEN=40 TOS=0x10 PREC=0x60 TTL=246 ID=32660 PROTO=TCP SPT=54505 DPT=5048 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-12 19:21:44

Recently Reported IPs

42.234.232.43	140.115.221.23	34.102.176.152	103.13.66.42
74.112.136.155	15.207.110.208	103.211.179.118	165.22.113.209
82.199.45.188	40.118.43.195	66.214.190.212	195.60.126.122
190.26.43.74	165.90.241.239	120.239.196.93	113.173.179.240
186.139.123.33	114.4.110.189	201.242.187.71	113.172.120.73