49.89.250.166 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
49.89.250.23	attackspam	49.89.250.23 - - [08/Aug/2020:15:45:14 +0200] "POST /inc/md5.asp HTTP/1.1" 404 17548 "https://nfsec.pl/inc/md5.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 49.89.250.23 - - [08/Aug/2020:15:45:16 +0200] "POST /inc/md5.asp HTTP/1.1" 404 11780 "https://nfsec.pl/inc/md5.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 49.89.250.23 - - [08/Aug/2020:15:45:25 +0200] "POST /inc/md5.asp HTTP/1.1" 404 17341 "https://nfsec.pl/inc/md5.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 49.89.250.23 - - [08/Aug/2020:15:45:27 +0200] "POST /inc/md5.asp HTTP/1.1" 404 11923 "https://nfsec.pl/inc/md5.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 49.89.250.23 - - [08/Aug/2020:15:45:28 +0200] "POST /inc/md5.asp HTTP/1.1" 404 11926 "https://nfsec.pl/inc/md5.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" ...	2020-08-08 22:59:22
49.89.250.39	attackspambots	Too many 404s, searching for vulnerabilities	2020-04-10 22:34:08
49.89.250.196	attackspam	Attempts to exploit ASP and PHP vulnerabilities.	2020-04-07 06:19:37
49.89.250.113	attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 541112527934e50e \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: POST \| Host: ip.skk.moe \| User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 02:28:03
49.89.250.1	attackbots	/config/AspCms_Config.asp	2019-10-31 08:31:01

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.89.250.166
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22091
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;49.89.250.166.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025020400 1800 900 604800 86400

;; Query time: 13 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 04 20:23:18 CST 2025
;; MSG SIZE  rcvd: 106

Host info

Host 166.250.89.49.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 166.250.89.49.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
198.245.62.53	attackspam	198.245.62.53 - - [04/Sep/2020:20:19:16 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4953 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.926 198.245.62.53 - - [04/Sep/2020:20:19:19 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 473 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 2.749 198.245.62.53 - - [05/Sep/2020:03:04:09 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4947 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 1.012 198.245.62.53 - - [05/Sep/2020:03:04:15 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 473 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 5.022 198.245.62.53 - - [05/Sep/2020:04:29:05 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4947 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 0.814 ...	2020-09-05 13:57:24
122.51.166.84	attackspam	Invalid user oficina from 122.51.166.84 port 42726	2020-09-05 14:04:45
188.218.10.32	attack	Honeypot attack, port: 5555, PTR: net-188-218-10-32.cust.vodafonedsl.it.	2020-09-05 13:52:28
5.135.177.5	attack	WordPress login Brute force / Web App Attack on client site.	2020-09-05 13:42:00
189.253.67.214	attack	Honeypot attack, port: 445, PTR: dsl-189-253-67-214-dyn.prod-infinitum.com.mx.	2020-09-05 13:33:55
67.207.82.47	attackbotsspam	TCP (SYN) 67.207.82.47:32767 -> port 8545, len 44	2020-09-05 13:47:46
79.46.191.8	attack	Automatic report - Port Scan Attack	2020-09-05 13:46:11
139.59.40.233	attackbotsspam	Trolling for resource vulnerabilities	2020-09-05 13:43:12
188.165.138.11	attackbots	Dovecot Invalid User Login Attempt.	2020-09-05 13:42:18
103.63.215.38	attackspambots	Honeypot attack, port: 445, PTR: static-ptr.ehost.vn.	2020-09-05 13:41:29
179.56.28.64	attackbots	Honeypot attack, port: 445, PTR: PTR record not found	2020-09-05 13:49:48
106.12.38.70	attackspam	Sep 4 23:48:22 sip sshd[1510667]: Invalid user test11 from 106.12.38.70 port 51416 Sep 4 23:48:24 sip sshd[1510667]: Failed password for invalid user test11 from 106.12.38.70 port 51416 ssh2 Sep 4 23:51:52 sip sshd[1510681]: Invalid user test3 from 106.12.38.70 port 49156 ...	2020-09-05 13:47:23
182.254.243.182	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-09-05 13:43:57
118.36.192.110	attackbotsspam	Honeypot attack, port: 81, PTR: PTR record not found	2020-09-05 13:34:55
197.51.216.156	attack	1599238270 - 09/04/2020 18:51:10 Host: 197.51.216.156/197.51.216.156 Port: 445 TCP Blocked	2020-09-05 14:05:19

Recently Reported IPs

83.198.168.18	216.87.9.62	201.38.208.240	33.219.11.150
214.216.194.144	209.61.82.182	4.12.163.2	149.53.199.252
210.154.187.122	35.156.241.139	210.182.226.106	235.166.156.25
117.0.43.51	217.29.97.119	236.235.195.42	34.146.1.40
107.55.170.9	107.206.39.97	4.119.106.44	182.226.129.111