49.116.106.89 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Xinjiang Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorized connection attempt detected from IP address 49.116.106.89 to port 23 [T]	2020-03-24 22:42:06

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.116.106.89
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32896
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.116.106.89.			IN	A

;; AUTHORITY SECTION:
.			479	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032400 1800 900 604800 86400

;; Query time: 61 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 24 22:41:59 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 89.106.116.49.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 89.106.116.49.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
37.252.76.149	attack	DATE:2019-07-22 05:12:03, IP:37.252.76.149, PORT:5900 - VNC brute force auth on a honeypot server (epe-dc)	2019-07-22 12:41:48
18.206.201.179	attackbotsspam	Unauthorized SSH login attempts	2019-07-22 13:29:16
217.112.128.203	attack	Jul 22 04:45:51 srv1 postfix/smtpd[9190]: connect from prognoses.jamihydraulics.com[217.112.128.203] Jul x@x Jul 22 04:45:57 srv1 postfix/smtpd[9190]: disconnect from prognoses.jamihydraulics.com[217.112.128.203] Jul 22 04:47:28 srv1 postfix/smtpd[9190]: connect from prognoses.jamihydraulics.com[217.112.128.203] Jul x@x Jul 22 04:47:33 srv1 postfix/smtpd[9190]: disconnect from prognoses.jamihydraulics.com[217.112.128.203] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=217.112.128.203	2019-07-22 12:57:40
200.170.139.169	attack	Jul 22 00:29:43 vps200512 sshd\[13800\]: Invalid user webtool from 200.170.139.169 Jul 22 00:29:43 vps200512 sshd\[13800\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.170.139.169 Jul 22 00:29:45 vps200512 sshd\[13800\]: Failed password for invalid user webtool from 200.170.139.169 port 49447 ssh2 Jul 22 00:35:22 vps200512 sshd\[13914\]: Invalid user david from 200.170.139.169 Jul 22 00:35:22 vps200512 sshd\[13914\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.170.139.169	2019-07-22 12:47:10
79.183.96.124	attackbots	Brute force attempt	2019-07-22 13:19:54
82.147.149.42	attack	SMB Server BruteForce Attack	2019-07-22 13:27:52
167.114.141.213	attack	[Aegis] @ 2019-07-22 04:10:53 0100 -> Web Application Attack: SERVER-WEBAPP PHP xmlrpc.php post attempt	2019-07-22 13:18:59
193.32.163.74	attackbots	Unauthorized connection attempt from IP address 193.32.163.74 on Port 3306(MYSQL)	2019-07-22 13:25:54
206.189.137.113	attack	Invalid user admin from 206.189.137.113 port 36716	2019-07-22 13:15:27
119.176.90.236	attackspambots	Jul 21 21:41:52 localhost kernel: [15003906.159189] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=119.176.90.236 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=41090 PROTO=TCP SPT=38618 DPT=52869 WINDOW=47383 RES=0x00 SYN URGP=0 Jul 21 21:41:52 localhost kernel: [15003906.159197] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=119.176.90.236 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=41090 PROTO=TCP SPT=38618 DPT=52869 SEQ=758669438 ACK=0 WINDOW=47383 RES=0x00 SYN URGP=0 Jul 21 23:11:55 localhost kernel: [15009308.849269] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=119.176.90.236 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=38872 PROTO=TCP SPT=27098 DPT=52869 WINDOW=47383 RES=0x00 SYN URGP=0 Jul 21 23:11:55 localhost kernel: [15009308.849294] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=119.176.90.236 DST=[mungedIP2] LEN=40 TOS	2019-07-22 12:45:54
222.252.14.147	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-22 01:38:08,596 INFO [shellcode_manager] (222.252.14.147) no match, writing hexdump (27d4d289b25661067e0291ff55e6d475 :2044966) - MS17010 (EternalBlue)	2019-07-22 13:22:27
193.32.163.71	attack	firewall-block, port(s): 34567/tcp	2019-07-22 13:26:54
67.250.172.192	attack	Jul 22 03:17:43 * sshd[18257]: Invalid user search from 67.250.172.192 Jul 22 03:17:43 * sshd[18257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-67-250-172-192.nyc.res.rr.com Jul 22 03:17:46 * sshd[18257]: Failed password for invalid user search from 67.250.172.192 port 58386 ssh2 Jul 22 03:17:46 * sshd[18257]: Received disconnect from 67.250.172.192: 11: Bye Bye [preauth] Jul 22 04:30:18 * sshd[22236]: Invalid user lz from 67.250.172.192 Jul 22 04:30:18 * sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-67-250-172-192.nyc.res.rr.com Jul 22 04:30:20 * sshd[22236]: Failed password for invalid user lz from 67.250.172.192 port 39422 ssh2 Jul 22 04:30:20 * sshd[22236]: Received disconnect from 67.250.172.192: 11: Bye Bye [preauth] Jul 22 04:31:02 *** sshd[22238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe........ -------------------------------	2019-07-22 13:21:53
157.55.39.20	attackspam	Jul 22 03:12:11 TCP Attack: SRC=157.55.39.20 DST=[Masked] LEN=296 TOS=0x00 PREC=0x00 TTL=102 DF PROTO=TCP SPT=2893 DPT=80 WINDOW=64240 RES=0x00 ACK PSH URGP=0	2019-07-22 12:34:46
222.165.194.67	attack	Jul 22 02:00:27 fv15 postfix/smtpd[26846]: warning: hostname ip-67-194-static.velo.net.id does not resolve to address 222.165.194.67: Name or service not known Jul 22 02:00:27 fv15 postfix/smtpd[26846]: connect from unknown[222.165.194.67] Jul 22 02:00:28 fv15 postgrey[1068]: action=greylist, reason=new, client_name=unknown, client_address=222.165.194.67, sender=x@x recipient=x@x Jul 22 02:00:28 fv15 policyd-spf[7887]: Softfail; identhostnamey=mailfrom; client-ip=222.165.194.67; helo=ip-9-221-static.velo.net.id; envelope-from=x@x Jul x@x Jul 22 02:00:29 fv15 postfix/smtpd[26846]: lost connection after RCPT from unknown[222.165.194.67] Jul 22 02:00:29 fv15 postfix/smtpd[26846]: disconnect from unknown[222.165.194.67] Jul 22 04:42:29 fv15 postfix/smtpd[13245]: warning: hostname ip-67-194-static.velo.net.id does not resolve to address 222.165.194.67: Name or service not known Jul 22 04:42:29 fv15 postfix/smtpd[13245]: connect from unknown[222.165.194.67] Jul 22 04:42:30 fv........ -------------------------------	2019-07-22 12:46:35

最近上报的IP列表

14.212.14.215	1.69.75.197	1.54.88.85	223.71.167.171
223.10.174.132	222.241.132.49	222.90.103.78	221.229.173.64
221.122.120.249	218.90.37.133	218.77.12.166	212.112.107.174
202.101.234.86	197.232.13.77	185.202.2.116	183.81.121.40
182.218.122.243	182.217.245.44	180.180.237.128	175.6.228.219