112.140.160.254

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: Pemerintah Kota Surabaya

Hostname: unknown

Organization: Pemerintah Kota Surabaya

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
normal	Issue is fixed	2020-08-28 23:19:26
attack	WordPress (CMS) attack attempts. Date: 2019 Oct 14. 21:41:51 Source IP: 112.140.160.254 Portion of the log(s): 112.140.160.254 - [14/Oct/2019:21:41:49 +0200] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:43 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:40 +0200] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:38 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2019-10-15 07:09:20

Type

Details

Datetime

normal

Issue is fixed

2020-08-28 23:19:26

attack

WordPress (CMS) attack attempts.
Date: 2019 Oct 14. 21:41:51
Source IP: 112.140.160.254

Portion of the log(s):
112.140.160.254 - [14/Oct/2019:21:41:49 +0200] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:43 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:40 +0200] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:38 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....

2019-10-15 07:09:20

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.140.160.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13560
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.140.160.254.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019051000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat May 11 01:00:44 +08 2019
;; MSG SIZE  rcvd: 119

Host info

Host 254.160.140.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 254.160.140.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.32.217.60	attackspambots	Unauthorized connection attempt detected from IP address 118.32.217.60 to port 23	2020-05-10 23:39:02
217.138.76.66	attackbotsspam	May 10 12:12:39 *** sshd[24307]: Invalid user pg from 217.138.76.66	2020-05-10 23:32:21
113.170.253.213	attackbots	2020-05-10T05:12:56.256867suse-nuc sshd[5516]: Invalid user tech from 113.170.253.213 port 60487 ...	2020-05-10 23:22:31
176.92.165.64	attackspambots	Telnet Server BruteForce Attack	2020-05-10 23:13:36
213.217.0.134	attack	May 10 17:33:22 debian-2gb-nbg1-2 kernel: \[11383673.716655\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=213.217.0.134 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44560 PROTO=TCP SPT=56530 DPT=64862 WINDOW=1024 RES=0x00 SYN URGP=0	2020-05-10 23:42:46
159.203.111.100	attackbotsspam	2020-05-10T15:07:10.648762centos sshd[21263]: Invalid user antivirus from 159.203.111.100 port 53328 2020-05-10T15:07:12.470032centos sshd[21263]: Failed password for invalid user antivirus from 159.203.111.100 port 53328 ssh2 2020-05-10T15:15:35.519341centos sshd[21796]: Invalid user tobin from 159.203.111.100 port 58011 ...	2020-05-10 23:19:39
49.198.225.68	attackbotsspam	(sshd) Failed SSH login from 49.198.225.68 (AU/Australia/n49-198-225-68.mrk1.qld.optusnet.com.au): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 10 14:23:24 amsweb01 sshd[14219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.198.225.68 user=root May 10 14:23:26 amsweb01 sshd[14219]: Failed password for root from 49.198.225.68 port 50944 ssh2 May 10 14:29:42 amsweb01 sshd[16930]: Invalid user blewis from 49.198.225.68 port 47022 May 10 14:29:45 amsweb01 sshd[16930]: Failed password for invalid user blewis from 49.198.225.68 port 47022 ssh2 May 10 14:34:27 amsweb01 sshd[17637]: Invalid user ftpuser from 49.198.225.68 port 55972	2020-05-10 23:21:44
198.108.67.29	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-05-10 23:10:18
217.238.246.149	attackbotsspam	May 10 16:11:08 pi sshd[28939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.238.246.149 May 10 16:11:09 pi sshd[28939]: Failed password for invalid user leon from 217.238.246.149 port 57642 ssh2	2020-05-10 23:42:30
192.241.131.72	attackbotsspam	Telnet/23 MH Probe, Scan, BF, Hack -	2020-05-10 23:36:08
198.46.135.250	attack	[2020-05-10 11:09:56] NOTICE[1157][C-0000281f] chan_sip.c: Call from '' (198.46.135.250:53447) to extension '0+46812410073' rejected because extension not found in context 'public'. [2020-05-10 11:09:56] SECURITY[1173] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-05-10T11:09:56.765-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0+46812410073",SessionID="0x7f5f106f5588",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/198.46.135.250/53447",ACLName="no_extension_match" [2020-05-10 11:11:19] NOTICE[1157][C-00002823] chan_sip.c: Call from '' (198.46.135.250:50668) to extension '9+46812410073' rejected because extension not found in context 'public'. [2020-05-10 11:11:19] SECURITY[1173] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-05-10T11:11:19.397-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="9+46812410073",SessionID="0x7f5f10905838",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/198.4 ...	2020-05-10 23:19:56
155.94.184.154	attackspambots	Email rejected due to spam filtering	2020-05-10 23:39:55
118.69.71.182	attack	May 10 20:15:22 webhost01 sshd[4226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.69.71.182 May 10 20:15:24 webhost01 sshd[4226]: Failed password for invalid user ching from 118.69.71.182 port 52758 ssh2 ...	2020-05-10 23:47:02
180.76.246.38	attack	SSH Brute-Forcing (server1)	2020-05-10 23:23:01
222.186.190.2	attackspam	prod6 ...	2020-05-10 23:37:19

Recently Reported IPs

184.20.181.40	213.211.79.177	83.106.16.169	37.201.217.50
144.247.17.93	185.126.218.243	72.225.246.177	181.9.130.101
46.109.11.45	13.209.254.218	176.155.83.171	118.70.183.212
214.176.134.109	82.202.212.164	154.218.39.46	55.253.134.74
185.159.47.243	216.143.153.23	101.255.92.242	113.165.167.16