IP address

Search at other sites:
.977143.20.49.38ip-38.49.20.143.in-addr.arpa
Shodan(more info)
Passive DNS
Tags: IP in hostname
IP blacklists
Spamhaus XBL CBL
143.20.49.38 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-20 03:38:51.277000
Was present on blacklist at: 2026-06-06 03:38, 2026-06-13 03:38, 2026-06-20 03:38
blocklist.de SSH
143.20.49.38 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 16:05:00.315000
Was present on blacklist at: 2026-06-06 22:05, 2026-06-07 04:05, 2026-06-07 10:05, 2026-06-07 16:05, 2026-06-07 22:05, 2026-06-08 04:05, 2026-06-08 10:05, 2026-06-08 16:05, 2026-06-08 22:05, 2026-06-09 04:05, 2026-06-10 04:05, 2026-06-10 10:05, 2026-06-10 16:05, 2026-06-10 22:05, 2026-06-11 04:05, 2026-06-11 10:05, 2026-06-11 16:05, 2026-06-12 10:05, 2026-06-12 16:05, 2026-06-12 22:05, 2026-06-13 04:05, 2026-06-14 04:05, 2026-06-14 10:05, 2026-06-14 16:05, 2026-06-14 22:05, 2026-06-15 04:05, 2026-06-15 10:05, 2026-06-15 16:05, 2026-06-15 22:05, 2026-06-16 22:05, 2026-06-17 04:05, 2026-06-17 10:05, 2026-06-17 16:05, 2026-06-17 22:05, 2026-06-18 04:05, 2026-06-18 10:05, 2026-06-18 16:05, 2026-06-18 22:05, 2026-06-19 04:05, 2026-06-19 10:05, 2026-06-19 16:05, 2026-06-19 22:05, 2026-06-20 10:05, 2026-06-20 16:05
CI Army
143.20.49.38 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-06-18 02:50:00.816000
Was present on blacklist at: 2026-06-07 02:50, 2026-06-08 02:50, 2026-06-09 02:50, 2026-06-10 02:50, 2026-06-11 02:50, 2026-06-12 02:50, 2026-06-13 02:50, 2026-06-14 02:50, 2026-06-15 02:50, 2026-06-17 02:50, 2026-06-18 02:50
AbuseIPDB
143.20.49.38 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 04:00:00.625000
Was present on blacklist at: 2026-06-07 04:00, 2026-06-08 04:00, 2026-06-09 04:00, 2026-06-10 04:00, 2026-06-11 04:00, 2026-06-12 04:00, 2026-06-13 04:00, 2026-06-14 04:00, 2026-06-15 04:00, 2026-06-17 04:00, 2026-06-18 04:00, 2026-06-19 04:00, 2026-06-20 04:00
Echelon CMS enumeration
143.20.49.38 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:05:04.180000
Was present on blacklist at: 2026-06-08 09:05, 2026-06-09 09:05, 2026-06-10 09:05, 2026-06-11 09:05, 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05, 2026-06-18 09:05, 2026-06-19 09:05, 2026-06-20 09:05
Echelon admin panel hunt
143.20.49.38 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:05:00.880000
Was present on blacklist at: 2026-06-08 09:05, 2026-06-09 09:05, 2026-06-10 09:05, 2026-06-11 09:05, 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05, 2026-06-18 09:05, 2026-06-19 09:05, 2026-06-20 09:05
Echelon database admin hunt
143.20.49.38 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:10:00.333000
Was present on blacklist at: 2026-06-08 09:10, 2026-06-09 09:10, 2026-06-10 09:10, 2026-06-11 09:10, 2026-06-12 09:10, 2026-06-13 09:10, 2026-06-14 09:10, 2026-06-15 09:10, 2026-06-16 09:10, 2026-06-17 09:10, 2026-06-18 09:10, 2026-06-19 09:10, 2026-06-20 09:10
Echelon directory traversal
143.20.49.38 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:15:00.276000
Was present on blacklist at: 2026-06-08 09:15, 2026-06-09 09:15, 2026-06-10 09:15, 2026-06-11 09:15, 2026-06-12 09:15, 2026-06-13 09:15, 2026-06-14 09:15, 2026-06-15 09:15, 2026-06-16 09:15, 2026-06-17 09:15, 2026-06-18 09:15, 2026-06-19 09:15, 2026-06-20 09:15
Echelon TLS/SSL crawler
143.20.49.38 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:40:00.407000
Was present on blacklist at: 2026-06-08 09:40, 2026-06-09 09:40, 2026-06-10 09:40, 2026-06-11 09:40, 2026-06-12 09:40, 2026-06-14 09:40, 2026-06-15 09:40, 2026-06-16 09:40, 2026-06-17 09:40, 2026-06-18 09:40, 2026-06-19 09:40, 2026-06-20 09:40
Echelon web crawler
143.20.49.38 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:50:00.408000
Was present on blacklist at: 2026-06-08 09:50, 2026-06-09 09:50, 2026-06-10 09:50, 2026-06-11 09:50, 2026-06-12 09:50, 2026-06-15 09:50, 2026-06-16 09:50, 2026-06-17 09:50, 2026-06-18 09:50, 2026-06-19 09:50, 2026-06-20 09:50
Echelon SSH bruteforce
143.20.49.38 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-06-09 09:35:00.318000
Was present on blacklist at: 2026-06-09 09:35
blocklist.de bots
143.20.49.38 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 04:05:00.181000
Was present on blacklist at: 2026-06-09 10:05, 2026-06-09 16:05, 2026-06-09 22:05, 2026-06-11 22:05, 2026-06-12 04:05, 2026-06-13 16:05, 2026-06-13 22:05, 2026-06-16 10:05, 2026-06-16 16:05, 2026-06-20 04:05
blocklist.de FTP
143.20.49.38 is listed on the blocklist.de FTP blacklist.

Description: Blocklist.de feed is a free and voluntary service<br>provided by a Fraud/Abuse-specialist. IPs performing attacks<br>on the Service FTP.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-13 10:05:00.116000
Was present on blacklist at: 2026-06-13 10:05
Echelon SSH connection attempt
143.20.49.38 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:35:00.419000
Was present on blacklist at: 2026-06-16 09:35, 2026-06-17 09:35, 2026-06-18 09:35, 2026-06-19 09:35, 2026-06-20 09:35
UCEPROTECT L1
143.20.49.38 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 15:45:00.461000
Was present on blacklist at: 2026-06-17 07:45, 2026-06-17 15:45, 2026-06-17 23:45, 2026-06-18 15:45, 2026-06-18 23:45, 2026-06-19 07:45, 2026-06-19 15:45, 2026-06-19 23:45, 2026-06-20 07:45, 2026-06-20 15:45
Echelon IoT default credentials
143.20.49.38 is listed on the Echelon IoT default credentials blacklist.

Description: None
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:20:00.263000
Was present on blacklist at: 2026-06-18 09:20, 2026-06-19 09:20, 2026-06-20 09:20
Echelon path traversal
143.20.49.38 is listed on the Echelon path traversal blacklist.

Description: Path traversal via encoded sequences
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:25:00.241000
Was present on blacklist at: 2026-06-19 09:25, 2026-06-20 09:25
Echelon URI parsing exploit
143.20.49.38 is listed on the Echelon URI parsing exploit blacklist.

Description: Exploiting URI parsing vulnerabilities
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:45:00.499000
Was present on blacklist at: 2026-06-20 09:45

Threat categories

TLRoleCategoryDetails
84 src scan port: 22, 23, 80, 443, 2222, 2375
75 src login protocol: ssh, telnet
port: 22, 23, 2222
44 src
29 src exploit protocol: http
25 src botnet_drone malware_family: win.echelon, win.oni
Warden events (364658)
2026-06-20
IntrusionUserCompromise (node.cfb4f7): 30996
ReconScanning (node.ce2b59): 49
ReconScanning (node.9c1411): 51
AttemptLogin (node.ce2b59): 4
2026-06-19
ReconScanning (node.ce2b59): 78
ReconScanning (node.9c1411): 62
IntrusionUserCompromise (node.cfb4f7): 15890
AttemptLogin (node.ce2b59): 10
2026-06-18
ReconScanning (node.ce2b59): 78
ReconScanning (node.9c1411): 58
IntrusionUserCompromise (node.cfb4f7): 11150
AttemptLogin (node.ce2b59): 3
AttemptLogin (node.03e7a9): 2
IntrusionUserCompromise (node.03e7a9): 1
2026-06-17
IntrusionUserCompromise (node.cfb4f7): 23095
ReconScanning (node.ce2b59): 79
ReconScanning (node.9c1411): 55
AttemptLogin (node.ce2b59): 13
2026-06-16
IntrusionUserCompromise (node.cfb4f7): 20781
ReconScanning (node.9c1411): 62
AttemptLogin (node.ce2b59): 6
ReconScanning (node.ce2b59): 71
IntrusionUserCompromise (node.70e749): 1
AttemptLogin (node.70e749): 1
2026-06-15
IntrusionUserCompromise (node.cfb4f7): 30800
ReconScanning (node.ce2b59): 32
ReconScanning (node.9c1411): 61
AttemptLogin (node.ce2b59): 5
2026-06-14
IntrusionUserCompromise (node.cfb4f7): 22574
ReconScanning (node.9c1411): 53
ReconScanning (node.ce2b59): 32
2026-06-13
IntrusionUserCompromise (node.cfb4f7): 19120
ReconScanning (node.9c1411): 55
AttemptLogin (node.ce2b59): 6
ReconScanning (node.ce2b59): 31
AttemptLogin (node.03e7a9): 4
IntrusionUserCompromise (node.03e7a9): 1
2026-06-12
ReconScanning (node.9c1411): 62
ReconScanning (node.ce2b59): 32
IntrusionUserCompromise (node.cfb4f7): 24000
AttemptLogin (node.ce2b59): 5
2026-06-11
IntrusionUserCompromise (node.cfb4f7): 23976
ReconScanning (node.9c1411): 70
ReconScanning (node.ce2b59): 31
2026-06-10
ReconScanning (node.9c1411): 66
ReconScanning (node.ce2b59): 31
ReconScanning (node.4dc198): 1
IntrusionUserCompromise (node.cfb4f7): 25234
2026-06-09
IntrusionUserCompromise (node.cfb4f7): 27507
ReconScanning (node.ce2b59): 41
AttemptLogin (node.ce2b59): 3
ReconScanning (node.9c1411): 62
AttemptLogin (node.9c160c): 2
IntrusionUserCompromise (node.9c160c): 1
2026-06-08
IntrusionUserCompromise (node.cfb4f7): 53615
ReconScanning (node.ce2b59): 79
ReconScanning (node.9c1411): 72
AttemptLogin (node.ce2b59): 34
2026-06-07
IntrusionUserCompromise (node.cfb4f7): 29308
ReconScanning (node.9c1411): 65
ReconScanning (node.ce2b59): 79
AttemptLogin (node.ce2b59): 9
2026-06-06
ReconScanning (node.ce2b59): 35
ReconScanning (node.9c1411): 16
IntrusionUserCompromise (node.cfb4f7): 4846
AttemptLogin (node.ce2b59): 5
IntrusionUserCompromise (node.40929a): 1
DShield reports (IP summary, reports)
2026-06-06
Number of reports: 117
Distinct targets: 17
2026-06-07
Number of reports: 117
Distinct targets: 17
2026-06-08
Number of reports: 346
Distinct targets: 43
2026-06-09
Number of reports: 168
Distinct targets: 35
2026-06-10
Number of reports: 168
Distinct targets: 35
2026-06-12
Number of reports: 400
Distinct targets: 28
2026-06-13
Number of reports: 400
Distinct targets: 28
2026-06-14
Number of reports: 986
Distinct targets: 38
2026-06-16
Number of reports: 173
Distinct targets: 30
2026-06-17
Number of reports: 464
Distinct targets: 46
2026-06-18
Number of reports: 338
Distinct targets: 38
2026-06-19
Number of reports: 172
Distinct targets: 28
Origin AS
AS150249 - IDNIC-ATHARVA-AS-ID IDNIC-ATHARVA-AS-ID
BGP Prefix
143.20.49.0/24
geo
Indonesia, Jakarta
🕑 Asia/Jakarta
hostname
ip-38.49.20.143.in-addr.arpa
hostname_class
['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database)
143.20.0.0 - 143.20.255.255
last_activity
2026-06-20 21:32:24
last_warden_event
2026-06-20 21:32:24
rep
0.9765833042786439
reserved_range
0
ts_added
2026-06-06 03:38:44.270000
ts_last_update
2026-06-20 21:49:43.631000

Warden event timeline

DShield event timeline

Presence on blacklists