95.58.28.25 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Kazakhstan

Internet Service Provider: Ahmed Yasawi Kazakh - Turkish International University

Hostname: unknown

Organization: unknown

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Aug 23 11:20:40 mailman postfix/smtpd[22846]: NOQUEUE: reject: RCPT from unknown[95.58.28.25]: 554 5.7.1 Service unavailable; Client host [95.58.28.25] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[95.58.28.25]> Aug 23 11:20:54 mailman postfix/smtpd[22846]: NOQUEUE: reject: RCPT from unknown[95.58.28.25]: 554 5.7.1 Service unavailable; Client host [95.58.28.25] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[95.58.28.25]>	2019-08-24 02:48:07

Type

Details

Datetime

attackbots

Aug 23 11:20:40 mailman postfix/smtpd[22846]: NOQUEUE: reject: RCPT from unknown[95.58.28.25]: 554 5.7.1 Service unavailable; Client host [95.58.28.25] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[95.58.28.25]>
Aug 23 11:20:54 mailman postfix/smtpd[22846]: NOQUEUE: reject: RCPT from unknown[95.58.28.25]: 554 5.7.1 Service unavailable; Client host [95.58.28.25] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<[95.58.28.25]>

2019-08-24 02:48:07

Comments on same subnet:

IP	Type	Details	Datetime
95.58.28.28	attackspambots	$f2bV_matches	2019-11-19 21:33:13
95.58.28.28	attackbotsspam	Nov 7 23:33:57 xb0 sshd[32252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.28.28 user=r.r Nov 7 23:33:59 xb0 sshd[32252]: Failed password for r.r from 95.58.28.28 port 59101 ssh2 Nov 7 23:33:59 xb0 sshd[32252]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth] Nov 7 23:34:02 xb0 sshd[32277]: Failed password for invalid user admin from 95.58.28.28 port 59455 ssh2 Nov 7 23:34:03 xb0 sshd[32277]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth] Nov 7 23:34:05 xb0 sshd[643]: Failed password for invalid user adminixxxr from 95.58.28.28 port 59807 ssh2 Nov 7 23:34:05 xb0 sshd[643]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=95.58.28.28	2019-11-08 07:16:54

Type

Details

Datetime

95.58.28.28

attackspambots

$f2bV_matches

2019-11-19 21:33:13

95.58.28.28

attackbotsspam

Nov  7 23:33:57 xb0 sshd[32252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.58.28.28  user=r.r
Nov  7 23:33:59 xb0 sshd[32252]: Failed password for r.r from 95.58.28.28 port 59101 ssh2
Nov  7 23:33:59 xb0 sshd[32252]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth]
Nov  7 23:34:02 xb0 sshd[32277]: Failed password for invalid user admin from 95.58.28.28 port 59455 ssh2
Nov  7 23:34:03 xb0 sshd[32277]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth]
Nov  7 23:34:05 xb0 sshd[643]: Failed password for invalid user adminixxxr from 95.58.28.28 port 59807 ssh2
Nov  7 23:34:05 xb0 sshd[643]: Received disconnect from 95.58.28.28: 11: Client disconnecting normally [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=95.58.28.28

2019-11-08 07:16:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 95.58.28.25
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42161
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;95.58.28.25.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082301 1800 900 604800 86400

;; Query time: 8 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 24 02:48:01 CST 2019
;; MSG SIZE  rcvd: 115

Host info

25.28.58.95.in-addr.arpa domain name pointer mktu.turkestan.kz.
25.28.58.95.in-addr.arpa domain name pointer yesevi.edu.kz.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
25.28.58.95.in-addr.arpa	name = mktu.turkestan.kz.
25.28.58.95.in-addr.arpa	name = yesevi.edu.kz.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
140.115.22.94	attackspam	5x Failed Password	2019-10-30 17:53:44
45.82.153.132	attackspam	2019-10-30T10:54:59.208947mail01 postfix/smtpd[4780]: warning: unknown[45.82.153.132]: SASL PLAIN authentication failed: 2019-10-30T10:55:06.164729mail01 postfix/smtpd[22186]: warning: unknown[45.82.153.132]: SASL PLAIN authentication failed: 2019-10-30T10:56:33.187271mail01 postfix/smtpd[3952]: warning: unknown[45.82.153.132]: SASL PLAIN authentication failed:	2019-10-30 17:57:13
223.71.213.216	attackbots	port scan and connect, tcp 22 (ssh)	2019-10-30 17:51:47
203.177.70.171	attackbotsspam	Oct 30 16:26:21 webhost01 sshd[16812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.177.70.171 Oct 30 16:26:23 webhost01 sshd[16812]: Failed password for invalid user temp from 203.177.70.171 port 51898 ssh2 ...	2019-10-30 18:17:34
31.19.17.165	attack	23/tcp [2019-10-30]1pkt	2019-10-30 18:08:51
81.22.45.190	attackbotsspam	10/30/2019-10:43:43.087122 81.22.45.190 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-30 17:51:00
193.124.117.200	attackspambots	2019-10-30T10:38:38.715405scmdmz1 sshd\[10605\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.124.117.200 user=root 2019-10-30T10:38:40.643687scmdmz1 sshd\[10605\]: Failed password for root from 193.124.117.200 port 53071 ssh2 2019-10-30T10:42:36.947063scmdmz1 sshd\[10945\]: Invalid user artemio from 193.124.117.200 port 44585 ...	2019-10-30 18:07:34
51.75.254.196	attackbotsspam	Oct 30 06:07:08 server sshd\[27441\]: Invalid user slam from 51.75.254.196 port 25375 Oct 30 06:07:08 server sshd\[27441\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.254.196 Oct 30 06:07:10 server sshd\[27441\]: Failed password for invalid user slam from 51.75.254.196 port 25375 ssh2 Oct 30 06:10:50 server sshd\[3562\]: Invalid user Pa55word from 51.75.254.196 port 63827 Oct 30 06:10:50 server sshd\[3562\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.254.196	2019-10-30 18:19:31
106.13.15.153	attackbots	Oct 30 05:48:45 bouncer sshd\[24259\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.15.153 user=root Oct 30 05:48:48 bouncer sshd\[24259\]: Failed password for root from 106.13.15.153 port 38658 ssh2 Oct 30 05:54:16 bouncer sshd\[24334\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.15.153 user=root ...	2019-10-30 18:21:08
213.92.186.31	attack	SSH bruteforce (Triggered fail2ban)	2019-10-30 17:59:22
45.6.93.222	attack	Oct 30 09:34:21 ArkNodeAT sshd\[20369\]: Invalid user Million123 from 45.6.93.222 Oct 30 09:34:21 ArkNodeAT sshd\[20369\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.93.222 Oct 30 09:34:23 ArkNodeAT sshd\[20369\]: Failed password for invalid user Million123 from 45.6.93.222 port 53546 ssh2	2019-10-30 18:00:32
103.6.196.189	attack	fail2ban honeypot	2019-10-30 18:24:23
182.232.194.6	attackbots	445/tcp [2019-10-30]1pkt	2019-10-30 17:45:14
200.89.178.2	attack	Oct 29 23:49:08 web1 postfix/smtpd[18227]: warning: 2-178-89-200.fibertel.com.ar[200.89.178.2]: SASL PLAIN authentication failed: authentication failure ...	2019-10-30 17:52:46
222.186.175.202	attackspam	Oct 30 11:10:20 nextcloud sshd\[28285\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.202 user=root Oct 30 11:10:22 nextcloud sshd\[28285\]: Failed password for root from 222.186.175.202 port 58700 ssh2 Oct 30 11:10:26 nextcloud sshd\[28285\]: Failed password for root from 222.186.175.202 port 58700 ssh2 ...	2019-10-30 18:13:08

Recently Reported IPs

152.235.190.175	187.217.207.27	111.67.207.51	34.193.44.185
192.228.100.29	54.36.203.88	106.52.164.184	118.221.41.82
172.200.33.206	156.54.173.85	15.106.100.12	222.95.134.180
231.96.183.25	110.163.133.43	100.65.140.4	36.97.200.119
191.103.116.144	193.169.252.74	202.175.126.186	155.213.141.55