Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:
Type Details Datetime
attackspam
Jul 26 05:04:52 localhost kernel: [15376085.763519] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=110.138.149.64 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=30448 DF PROTO=TCP SPT=36484 DPT=8291 WINDOW=8192 RES=0x00 SYN URGP=0 
Jul 26 05:04:52 localhost kernel: [15376085.763548] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=110.138.149.64 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=30448 DF PROTO=TCP SPT=36484 DPT=8291 SEQ=3730170656 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405840103030201010402) 
Jul 26 05:05:04 localhost kernel: [15376097.645252] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=110.138.149.64 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=25118 DF PROTO=TCP SPT=29298 DPT=8728 WINDOW=8192 RES=0x00 SYN URGP=0 
Jul 26 05:05:04 localhost kernel: [15376097.645283] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=110
2019-07-26 19:25:42
Comments on same subnet:
IP Type Details Datetime
110.138.149.29 attack
SMB Server BruteForce Attack
2020-05-08 18:16:48
110.138.149.130 attackspam
[Aegis] @ 2019-07-03 05:17:10  0100 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack
2020-04-29 18:45:11
110.138.149.232 attackspambots
Brute force SMTP login attempted.
...
2020-04-01 09:28:35
110.138.149.241 attackbotsspam
Attempt to attack host OS, exploiting network vulnerabilities, on 28-03-2020 03:55:08.
2020-03-28 12:31:48
110.138.149.68 attackspam
Honeypot attack, port: 445, PTR: 68.subnet110-138-149.speedy.telkom.net.id.
2020-03-23 06:02:09
110.138.149.222 attackspam
Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:14.
2020-02-24 15:09:44
110.138.149.182 attackspambots
firewall-block, port(s): 8291/tcp
2020-02-11 16:15:55
110.138.149.1 attack
1580446649 - 01/31/2020 05:57:29 Host: 110.138.149.1/110.138.149.1 Port: 445 TCP Blocked
2020-01-31 14:43:14
110.138.149.79 attackspambots
Dec 16 09:28:01 amit sshd\[1262\]: Invalid user user from 110.138.149.79
Dec 16 09:28:02 amit sshd\[1262\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.138.149.79
Dec 16 09:28:03 amit sshd\[1262\]: Failed password for invalid user user from 110.138.149.79 port 6833 ssh2
...
2019-12-16 20:55:33
110.138.149.204 attackspambots
Unauthorized connection attempt from IP address 110.138.149.204 on Port 445(SMB)
2019-11-17 05:47:41
110.138.149.176 attackbotsspam
Unauthorized connection attempt from IP address 110.138.149.176 on Port 445(SMB)
2019-11-16 22:54:33
110.138.149.76 attackbotsspam
Unauthorized connection attempt from IP address 110.138.149.76 on Port 445(SMB)
2019-11-09 06:17:58
110.138.149.34 attack
Honeypot attack, port: 445, PTR: 34.subnet110-138-149.speedy.telkom.net.id.
2019-11-08 17:30:31
110.138.149.182 attackbotsspam
Honeypot attack, port: 445, PTR: 182.subnet110-138-149.speedy.telkom.net.id.
2019-10-17 17:05:10
110.138.149.108 attack
Port Scan: TCP/34567
2019-09-20 23:05:12
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 110.138.149.64
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7737
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;110.138.149.64.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072600 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jul 26 19:25:32 CST 2019
;; MSG SIZE  rcvd: 118
Host info
64.149.138.110.in-addr.arpa domain name pointer 64.subnet110-138-149.speedy.telkom.net.id.
Nslookup info:
Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
64.149.138.110.in-addr.arpa	name = 64.subnet110-138-149.speedy.telkom.net.id.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
92.53.65.200 attackbotsspam
firewall-block, port(s): 6561/tcp
2019-10-16 09:07:48
187.189.65.79 attackspam
Oct 15 05:05:20 XXX sshd[29319]: Invalid user admin from 187.189.65.79 port 7440
2019-10-16 08:40:27
198.20.99.130 attack
Port scan: Attack repeated for 24 hours
2019-10-16 08:51:13
27.50.162.82 attackspam
Oct 15 20:35:59 sshgateway sshd\[29759\]: Invalid user pupaza from 27.50.162.82
Oct 15 20:35:59 sshgateway sshd\[29759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.50.162.82
Oct 15 20:36:01 sshgateway sshd\[29759\]: Failed password for invalid user pupaza from 27.50.162.82 port 58562 ssh2
2019-10-16 08:56:44
115.220.5.13 attack
Oct 15 20:06:34 web1 postfix/smtpd[5620]: warning: unknown[115.220.5.13]: SASL LOGIN authentication failed: authentication failure
...
2019-10-16 08:34:35
106.12.108.32 attack
Oct 15 01:37:02 newdogma sshd[13147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.108.32  user=r.r
Oct 15 01:37:04 newdogma sshd[13147]: Failed password for r.r from 106.12.108.32 port 40304 ssh2
Oct 15 01:37:05 newdogma sshd[13147]: Received disconnect from 106.12.108.32 port 40304:11: Bye Bye [preauth]
Oct 15 01:37:05 newdogma sshd[13147]: Disconnected from 106.12.108.32 port 40304 [preauth]
Oct 15 01:44:59 newdogma sshd[13276]: Invalid user oswald from 106.12.108.32 port 33336
Oct 15 01:44:59 newdogma sshd[13276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.108.32
Oct 15 01:45:01 newdogma sshd[13276]: Failed password for invalid user oswald from 106.12.108.32 port 33336 ssh2
Oct 15 01:45:01 newdogma sshd[13276]: Received disconnect from 106.12.108.32 port 33336:11: Bye Bye [preauth]
Oct 15 01:45:01 newdogma sshd[13276]: Disconnected from 106.12.108.32 port 33336 [pre........
-------------------------------
2019-10-16 08:48:03
2400:6180:100:d0::8da:a001 attackbotsspam
Wordpress attack
2019-10-16 08:59:45
173.15.98.210 attackspambots
firewall-block, port(s): 2223/tcp
2019-10-16 08:54:49
51.83.77.224 attack
Oct 15 11:15:22 tdfoods sshd\[11704\]: Invalid user divya from 51.83.77.224
Oct 15 11:15:22 tdfoods sshd\[11704\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=224.ip-51-83-77.eu
Oct 15 11:15:24 tdfoods sshd\[11704\]: Failed password for invalid user divya from 51.83.77.224 port 48580 ssh2
Oct 15 11:19:18 tdfoods sshd\[12028\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=224.ip-51-83-77.eu  user=root
Oct 15 11:19:20 tdfoods sshd\[12028\]: Failed password for root from 51.83.77.224 port 59394 ssh2
2019-10-16 08:50:24
188.166.34.129 attackspambots
Oct 15 22:22:17 venus sshd\[30724\]: Invalid user pass from 188.166.34.129 port 49752
Oct 15 22:22:17 venus sshd\[30724\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.34.129
Oct 15 22:22:20 venus sshd\[30724\]: Failed password for invalid user pass from 188.166.34.129 port 49752 ssh2
...
2019-10-16 08:58:21
193.112.74.3 attack
Oct 15 12:25:31 eddieflores sshd\[16964\]: Invalid user Senha_123 from 193.112.74.3
Oct 15 12:25:31 eddieflores sshd\[16964\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.74.3
Oct 15 12:25:34 eddieflores sshd\[16964\]: Failed password for invalid user Senha_123 from 193.112.74.3 port 34561 ssh2
Oct 15 12:31:04 eddieflores sshd\[17407\]: Invalid user under from 193.112.74.3
Oct 15 12:31:04 eddieflores sshd\[17407\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.74.3
2019-10-16 08:52:59
52.38.153.120 attackspam
python-requests/2.21.0
2019-10-16 08:36:56
222.186.175.161 attackspambots
Oct 16 02:52:23 nextcloud sshd\[29580\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.161  user=root
Oct 16 02:52:25 nextcloud sshd\[29580\]: Failed password for root from 222.186.175.161 port 34430 ssh2
Oct 16 02:52:51 nextcloud sshd\[30250\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.161  user=root
...
2019-10-16 08:57:29
185.197.74.200 attack
Oct 15 22:01:50 firewall sshd[29597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.197.74.200
Oct 15 22:01:50 firewall sshd[29597]: Invalid user support from 185.197.74.200
Oct 15 22:01:53 firewall sshd[29597]: Failed password for invalid user support from 185.197.74.200 port 10166 ssh2
...
2019-10-16 09:05:09
111.67.205.55 attack
Oct 16 02:07:56 MK-Soft-VM4 sshd[31395]: Failed password for root from 111.67.205.55 port 38212 ssh2
...
2019-10-16 09:11:49

Recently Reported IPs

2a01:598:8087:a02e:850c:414a:4236:d0c6 233.34.201.158 190.61.45.178 110.40.237.162
155.158.214.158 200.164.74.162 120.170.218.168 103.82.130.171
48.42.113.23 148.112.94.174 180.247.43.43 222.119.19.200
7.213.141.15 143.208.138.156 238.220.42.133 129.163.217.83
110.115.114.172 36.200.193.5 117.11.82.68 217.15.118.38