89.252.16.130 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Ukraine

Internet Service Provider: Freenet Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	ENG,WP GET /wp-login.php	2020-05-04 19:27:28
attack	WordPress wp-login brute force :: 89.252.16.130 0.068 BYPASS [08/Jul/2019:18:24:46 1000] www.[censored_4] "POST /wp-login.php HTTP/1.1" 200 3538 "https://[censored_4]/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"	2019-07-08 19:17:45

Type

Details

Datetime

attack

ENG,WP GET /wp-login.php

2020-05-04 19:27:28

attack

WordPress wp-login brute force :: 89.252.16.130 0.068 BYPASS [08/Jul/2019:18:24:46  1000] www.[censored_4] "POST /wp-login.php HTTP/1.1" 200 3538 "https://[censored_4]/wp-login.php" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

2019-07-08 19:17:45

Comments on same subnet:

IP	Type	Details	Datetime
89.252.160.125	attack	Jun 10 00:46:33 debian kernel: [641749.498785] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=89.252.160.125 DST=89.252.131.35 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=25628 DF PROTO=TCP SPT=64792 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2020-06-10 06:21:14
89.252.160.125	attack	Jun 9 08:29:36 debian kernel: [583133.177289] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=89.252.160.125 DST=89.252.131.35 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24578 DF PROTO=TCP SPT=54353 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2020-06-09 13:46:12
89.252.165.62	attack	C2,WP GET /wp-login.php	2020-04-30 16:25:10
89.252.161.15	attackspam	WordPress wp-login brute force :: 89.252.161.15 0.160 - [26/Dec/2019:14:51:50 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2019-12-27 02:31:54
89.252.165.44	attack	Nov 29 01:08:57 aragorn sshd[32333]: User postgres from jm3m5gxj.ni.net.tr not allowed because not listed in AllowUsers Nov 29 01:23:14 aragorn sshd[3171]: Invalid user deploy from 89.252.165.44 Nov 29 01:23:15 aragorn sshd[3172]: Invalid user deploy from 89.252.165.44 Nov 29 01:23:15 aragorn sshd[3170]: Invalid user deploy from 89.252.165.44 ...	2019-11-29 18:53:22
89.252.167.70	attackbotsspam	" "	2019-10-19 16:19:10
89.252.164.2	attackspam	Automatic report - XMLRPC Attack	2019-10-14 01:24:12
89.252.161.15	attackbotsspam	Brute forcing Wordpress login	2019-08-13 15:15:49
89.252.161.15	attack	hello ip address remove spam from this issue was caused by bulk mail I would appreciate it if you help	2019-08-01 09:34:33
89.252.161.15	attackspambots	Sql/code injection probe	2019-07-23 17:58:28
89.252.166.163	attackspambots	Jul 10 01:21:12 vps34202 postfix/smtpd[8116]: connect from 20mzc5lj.ni.net.tr[89.252.166.163] Jul x@x Jul x@x Jul 10 01:21:13 vps34202 postfix/smtpd[8116]: disconnect from 20mzc5lj.ni.net.tr[89.252.166.163] Jul 10 01:24:38 vps34202 postfix/smtpd[8246]: connect from 20mzc5lj.ni.net.tr[89.252.166.163] Jul x@x Jul x@x Jul 10 01:24:39 vps34202 postfix/smtpd[8246]: disconnect from 20mzc5lj.ni.net.tr[89.252.166.163] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=89.252.166.163	2019-07-10 10:02:43
89.252.161.15	attackspam	kidness.family 89.252.161.15 \[25/Jun/2019:04:39:05 +0200\] "POST /wp-login.php HTTP/1.1" 200 5615 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" kidness.family 89.252.161.15 \[25/Jun/2019:04:39:10 +0200\] "POST /wp-login.php HTTP/1.1" 200 5569 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-06-25 13:42:31

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.252.16.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4744
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.252.16.130.			IN	A

;; AUTHORITY SECTION:
.			2259	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070800 1800 900 604800 86400

;; Query time: 5 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jul 08 19:17:34 CST 2019
;; MSG SIZE  rcvd: 117

Host info

130.16.252.89.in-addr.arpa domain name pointer post.nasha-apteka.com.ua.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
130.16.252.89.in-addr.arpa	name = post.nasha-apteka.com.ua.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.232.166.229	attack	SSH Bruteforce	2019-11-17 21:10:28
62.234.79.230	attackbots	Automatic report - Banned IP Access	2019-11-17 21:12:13
37.59.107.100	attackbots	SSH Bruteforce	2019-11-17 21:39:58
47.40.252.186	attackbots	RDP Bruteforce	2019-11-17 21:07:28
181.112.221.66	attackspambots	Nov 17 13:21:58 ns37 sshd[20984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.112.221.66	2019-11-17 21:29:13
212.47.246.150	attackbotsspam	$f2bV_matches	2019-11-17 21:08:02
51.75.204.92	attackspambots	Nov 17 07:47:52 vps01 sshd[2622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.204.92 Nov 17 07:47:54 vps01 sshd[2622]: Failed password for invalid user berangere from 51.75.204.92 port 39288 ssh2	2019-11-17 21:24:41
104.31.74.222	attack	Nov 17 06:20:30 DDOS Attack: SRC=104.31.74.222 DST=[Masked] LEN=52 TOS=0x00 PREC=0x00 TTL=58 DF PROTO=TCP SPT=443 DPT=45972 WINDOW=29200 RES=0x00 ACK SYN URGP=0	2019-11-17 21:02:25
71.105.113.251	attack	Nov 17 14:16:13 ns382633 sshd\[11410\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.105.113.251 user=root Nov 17 14:16:15 ns382633 sshd\[11410\]: Failed password for root from 71.105.113.251 port 43922 ssh2 Nov 17 14:30:49 ns382633 sshd\[14518\]: Invalid user raymonde from 71.105.113.251 port 53760 Nov 17 14:30:49 ns382633 sshd\[14518\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.105.113.251 Nov 17 14:30:51 ns382633 sshd\[14518\]: Failed password for invalid user raymonde from 71.105.113.251 port 53760 ssh2	2019-11-17 21:45:06
223.243.29.102	attackspambots	Automatic report - Banned IP Access	2019-11-17 21:34:15
47.88.168.222	attackspambots	Nov 17 18:23:42 itv-usvr-02 sshd[21205]: Invalid user dir from 47.88.168.222 port 37116 Nov 17 18:23:42 itv-usvr-02 sshd[21205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.88.168.222 Nov 17 18:23:42 itv-usvr-02 sshd[21205]: Invalid user dir from 47.88.168.222 port 37116 Nov 17 18:23:43 itv-usvr-02 sshd[21205]: Failed password for invalid user dir from 47.88.168.222 port 37116 ssh2 Nov 17 18:30:34 itv-usvr-02 sshd[21230]: Invalid user ssssssssss from 47.88.168.222 port 40016	2019-11-17 21:16:28
46.4.107.187	attackspam	SSH Bruteforce	2019-11-17 21:16:46
223.71.167.61	attackspam	17.11.2019 13:15:57 Connection to port 37 blocked by firewall	2019-11-17 21:23:28
41.33.119.67	attack	SSH Bruteforce	2019-11-17 21:35:24
95.58.194.148	attackbots	Nov 17 14:13:39 MK-Soft-VM4 sshd[15245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.194.148 Nov 17 14:13:42 MK-Soft-VM4 sshd[15245]: Failed password for invalid user ksw from 95.58.194.148 port 34948 ssh2 ...	2019-11-17 21:17:36

Recently Reported IPs

152.242.67.71	131.100.79.134	93.115.27.142	180.78.1.150
45.98.98.103	81.214.12.249	220.182.30.209	131.100.132.4
38.0.84.112	21.241.140.49	210.157.24.172	138.66.205.47
95.50.27.126	131.0.122.19	131.67.21.78	133.119.39.128
5.213.211.250	145.10.82.178	106.12.192.146	234.118.241.106