89.252.143.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Turkey

Internet Service Provider: NetInternet Bilisim Teknolojileri AS

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	89.252.143.4 was recorded 11 times by 11 hosts attempting to connect to the following ports: 123. Incident counter (4h, 24h, all-time): 11, 15, 15	2019-12-08 23:31:12

Comments on same subnet:

IP	Type	Details	Datetime
89.252.143.11	attack	TCP (SYN) 89.252.143.11:57391 -> port 8888, len 44	2020-07-08 01:09:35
89.252.143.42	attackspam	89.252.143.42 - - [27/Jun/2020:07:47:06 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 89.252.143.42 - - [27/Jun/2020:07:47:07 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 89.252.143.42 - - [27/Jun/2020:07:47:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-27 14:11:37
89.252.143.42	attackspambots	xmlrpc attack	2020-06-20 02:57:30
89.252.143.11	attackbots	scans 2 times in preceeding hours on the ports (in chronological order) 5933 5933	2020-05-22 00:07:27
89.252.143.11	attackspambots	5930/tcp 5921/tcp 5920/tcp... [2020-04-22/05-09]9pkt,4pt.(tcp)	2020-05-09 13:59:25
89.252.143.58	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2020-04-27 22:20:25
89.252.143.11	attackbotsspam	" "	2020-03-07 02:45:30
89.252.143.7	attackspambots	firewall-block, port(s): 5963/tcp	2020-02-25 21:53:23
89.252.143.7	attackspam	Scanning random ports - tries to find possible vulnerable services	2020-02-12 06:19:05

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.252.143.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19885
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.252.143.4.			IN	A

;; AUTHORITY SECTION:
.			493	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120800 1800 900 604800 86400

;; Query time: 78 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 23:31:06 CST 2019
;; MSG SIZE  rcvd: 116

Host info

4.143.252.89.in-addr.arpa domain name pointer www.cenuta.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
4.143.252.89.in-addr.arpa	name = www.cenuta.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
104.206.128.78	attackspambots	05.08.2019 15:19:07 Connection to port 5432 blocked by firewall	2019-08-05 23:37:03
50.38.52.15	attackspambots	Aug 5 08:33:25 ks10 sshd[29340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.38.52.15 Aug 5 08:33:27 ks10 sshd[29340]: Failed password for invalid user teste from 50.38.52.15 port 44706 ssh2 ...	2019-08-05 23:50:09
122.154.178.174	attackbots	445/tcp 445/tcp 445/tcp... [2019-06-04/08-05]8pkt,1pt.(tcp)	2019-08-05 23:34:37
178.216.49.108	attackspambots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-05 23:56:21
170.130.187.34	attackbotsspam	firewall-block, port(s): 161/udp	2019-08-05 23:56:59
113.215.57.223	attackspam	[portscan] tcp/22 [SSH] [scan/connect: 2 time(s)] *(RWIN=54744,17087)(08050931)	2019-08-06 00:23:59
179.186.89.40	attackspambots	[portscan] tcp/23 [TELNET] *(RWIN=19833)(08050931)	2019-08-05 23:46:29
115.186.139.143	attackspambots	firewall-block, port(s): 445/tcp	2019-08-06 00:22:28
123.5.39.96	attackbots	[portscan] tcp/23 [TELNET] *(RWIN=49712)(08050931)	2019-08-06 00:20:03
116.204.187.95	attackbots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-05 23:57:33
1.6.156.237	attackbots	[portscan] tcp/139 [NetBIOS Session Service] *(RWIN=1024)(08050931)	2019-08-05 23:44:36
24.168.122.30	attackspambots	[portscan] tcp/88 [Kerberos] *(RWIN=1460)(08050931)	2019-08-06 00:05:01
104.140.188.6	attack	[portscan] tcp/23 [TELNET] *(RWIN=1024)(08050931)	2019-08-05 23:58:35
96.87.122.123	attackbotsspam	[portscan] tcp/23 [TELNET] *(RWIN=11879)(08050931)	2019-08-05 23:37:34
194.58.71.207	attackbotsspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-05 23:53:48

Recently Reported IPs

66.152.104.176	216.174.123.93	170.239.101.4	211.115.133.209
186.223.185.112	216.43.200.198	253.63.223.89	64.248.108.11
114.5.121.96	153.178.182.82	176.183.253.115	39.29.232.9
149.153.184.57	57.179.98.232	26.37.38.215	180.14.129.65
223.109.201.32	104.70.131.53	161.45.239.42	194.147.255.163