49.49.2.132 - IPInfo

基本信息:

城市(city): Chiang Mai

省份(region): Chiang Mai

国家(country): Thailand

运营商(isp): Triple T Internet PCL

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Dec 16 18:59:25 debian-2gb-vpn-nbg1-1 kernel: [890334.116292] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=49.49.2.132 DST=78.46.192.101 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=56227 PROTO=TCP SPT=59431 DPT=9001 WINDOW=41191 RES=0x00 SYN URGP=0	2019-12-17 04:50:08

类型

评论内容

时间

attack

Dec 16 18:59:25 debian-2gb-vpn-nbg1-1 kernel: [890334.116292] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=49.49.2.132 DST=78.46.192.101 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=56227 PROTO=TCP SPT=59431 DPT=9001 WINDOW=41191 RES=0x00 SYN URGP=0

2019-12-17 04:50:08

相同子网IP讨论:

IP	类型	评论内容	时间
49.49.248.141	attack	Web scan/attack: detected 1 distinct attempts within a 12-hour window (Tomcat Vulnerability Scan)	2020-09-22 00:13:31
49.49.248.141	attackspam	Web scan/attack: detected 1 distinct attempts within a 12-hour window (Tomcat Vulnerability Scan)	2020-09-21 15:54:21
49.49.248.141	attackspambots	Web scan/attack: detected 1 distinct attempts within a 12-hour window (Tomcat Vulnerability Scan)	2020-09-21 07:48:45
49.49.242.15	attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-03 01:28:07
49.49.242.15	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-02 16:53:58
49.49.234.199	attackspambots	Unauthorized connection attempt from IP address 49.49.234.199 on Port 445(SMB)	2020-08-30 17:50:41
49.49.245.225	attackspambots	WordPress brute force	2020-08-25 05:37:17
49.49.239.206	attackbots	Unauthorized connection attempt from IP address 49.49.239.206 on Port 445(SMB)	2020-08-25 05:08:09
49.49.232.71	attackbots	firewall-block, port(s): 445/tcp	2020-08-23 16:53:01
49.49.245.40	attack	Unauthorized connection attempt from IP address 49.49.245.40 on Port 445(SMB)	2020-08-22 03:34:33
49.49.235.72	attackbots	WordPress wp-login brute force :: 49.49.235.72 0.096 - [21/Aug/2020:03:51:34 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2411 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-08-21 18:20:55
49.49.241.67	attackbots	Unauthorized connection attempt from IP address 49.49.241.67 on Port 445(SMB)	2020-07-22 03:46:05
49.49.248.168	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-07-20 14:16:59
49.49.233.61	attackbots	Unauthorised access (Jul 13) SRC=49.49.233.61 LEN=52 TTL=113 ID=3922 DF TCP DPT=445 WINDOW=8192 SYN	2020-07-13 17:26:07
49.49.246.146	attackbotsspam	Automatic report - XMLRPC Attack	2020-07-05 20:21:33

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.49.2.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51676
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.49.2.132.			IN	A

;; AUTHORITY SECTION:
.			402	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121602 1800 900 604800 86400

;; Query time: 118 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 17 04:50:05 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

132.2.49.49.in-addr.arpa domain name pointer mx-ll-49.49.2-132.dynamic.3bb.in.th.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
132.2.49.49.in-addr.arpa	name = mx-ll-49.49.2-132.dynamic.3bb.co.th.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
187.151.250.22	attack	Honeypot attack, port: 445, PTR: dsl-187-151-250-22-dyn.prod-infinitum.com.mx.	2020-09-05 04:26:31
23.129.64.197	attackspam	Unauthorised connection attempt detected at AUO NODE 4. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-09-05 04:40:29
59.145.221.103	attackspam	2020-09-04T15:35:01.327010upcloud.m0sh1x2.com sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.145.221.103 user=root 2020-09-04T15:35:03.482671upcloud.m0sh1x2.com sshd[1651]: Failed password for root from 59.145.221.103 port 55424 ssh2	2020-09-05 04:33:25
27.153.182.147	attack	Invalid user students from 27.153.182.147 port 48920	2020-09-05 04:27:18
139.199.23.233	attack	(sshd) Failed SSH login from 139.199.23.233 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 4 15:07:53 server sshd[22114]: Invalid user tom from 139.199.23.233 port 54698 Sep 4 15:07:55 server sshd[22114]: Failed password for invalid user tom from 139.199.23.233 port 54698 ssh2 Sep 4 15:13:05 server sshd[23634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.23.233 user=root Sep 4 15:13:07 server sshd[23634]: Failed password for root from 139.199.23.233 port 50300 ssh2 Sep 4 15:17:38 server sshd[24814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.23.233 user=root	2020-09-05 04:24:10
179.25.144.212	attackbotsspam	Sep 4 18:53:44 mellenthin postfix/smtpd[30191]: NOQUEUE: reject: RCPT from r179-25-144-212.dialup.adsl.anteldata.net.uy[179.25.144.212]: 554 5.7.1 Service unavailable; Client host [179.25.144.212] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/179.25.144.212; from= to= proto=ESMTP helo=	2020-09-05 04:52:13
49.228.155.241	attackspambots	Honeypot attack, port: 445, PTR: 49-228-155-0.24.nat.tls1b-cgn03.myaisfibre.com.	2020-09-05 04:29:05
118.70.67.23	attack	1599238433 - 09/04/2020 18:53:53 Host: 118.70.67.23/118.70.67.23 Port: 445 TCP Blocked	2020-09-05 04:45:28
87.241.163.224	attack	DATE:2020-09-03 18:41:00, IP:87.241.163.224, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-09-05 04:37:00
222.186.175.216	attackspambots	Sep 4 22:48:04 server sshd[20196]: Failed none for root from 222.186.175.216 port 55924 ssh2 Sep 4 22:48:06 server sshd[20196]: Failed password for root from 222.186.175.216 port 55924 ssh2 Sep 4 22:48:11 server sshd[20196]: Failed password for root from 222.186.175.216 port 55924 ssh2	2020-09-05 04:49:50
198.251.83.248	attack	Sep 4 11:13:08 mockhub sshd[10161]: Failed password for root from 198.251.83.248 port 38852 ssh2 Sep 4 11:13:10 mockhub sshd[10161]: Failed password for root from 198.251.83.248 port 38852 ssh2 ...	2020-09-05 04:42:34
201.16.246.71	attackbotsspam	Bruteforce detected by fail2ban	2020-09-05 04:31:38
185.220.102.243	attack	Sep 4 21:00:56 piServer sshd[9341]: Failed password for root from 185.220.102.243 port 31742 ssh2 Sep 4 21:00:58 piServer sshd[9341]: Failed password for root from 185.220.102.243 port 31742 ssh2 Sep 4 21:01:01 piServer sshd[9341]: Failed password for root from 185.220.102.243 port 31742 ssh2 Sep 4 21:01:05 piServer sshd[9341]: Failed password for root from 185.220.102.243 port 31742 ssh2 ...	2020-09-05 04:25:44
111.229.39.146	attack	2020-08-13 04:06:55,512 fail2ban.actions [1312]: NOTICE [sshd] Ban 111.229.39.146 2020-08-13 04:36:25,244 fail2ban.actions [1312]: NOTICE [sshd] Ban 111.229.39.146 2020-08-13 05:05:59,161 fail2ban.actions [1312]: NOTICE [sshd] Ban 111.229.39.146 2020-08-13 05:23:33,364 fail2ban.actions [1312]: NOTICE [sshd] Ban 111.229.39.146 2020-08-13 05:40:52,421 fail2ban.actions [1312]: NOTICE [sshd] Ban 111.229.39.146 ...	2020-09-05 04:27:52
207.180.196.207	attackbots	[portscan] tcp/22 [SSH] in blocklist.de:'listed [ssh]' *(RWIN=65535)(09040932)	2020-09-05 04:36:05

最近上报的IP列表

45.167.81.48	198.84.129.244	27.13.118.89	186.23.203.11
160.12.238.227	171.116.128.101	105.167.69.204	83.195.83.18
102.49.32.44	68.242.203.231	40.92.4.88	166.192.219.2
40.92.40.30	109.135.107.26	34.76.16.221	189.202.242.182
191.211.95.48	97.30.198.208	32.221.137.181	89.85.213.255