125.160.201.242

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	[Tue Mar 17 06:39:38.053375 2020] [:error] [pid 20853:tid 140439655249664] [client 125.160.201.242:35608] [client 125.160.201.242] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "XnAOOaEzxiYbKEFqAfoYhwAAAAE"] ...	2020-03-17 08:03:06

Type

Details

Datetime

attackbots

[Tue Mar 17 06:39:38.053375 2020] [:error] [pid 20853:tid 140439655249664] [client 125.160.201.242:35608] [client 125.160.201.242] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "XnAOOaEzxiYbKEFqAfoYhwAAAAE"]
...

2020-03-17 08:03:06

Comments on same subnet:

IP	Type	Details	Datetime
125.160.201.46	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 25-10-2019 04:55:16.	2019-10-25 13:51:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.160.201.242
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31825
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.160.201.242.		IN	A

;; AUTHORITY SECTION:
.			500	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031602 1800 900 604800 86400

;; Query time: 90 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 17 08:03:03 CST 2020
;; MSG SIZE  rcvd: 119

Host info

242.201.160.125.in-addr.arpa domain name pointer 242.subnet125-160-201.speedy.telkom.net.id.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
242.201.160.125.in-addr.arpa	name = 242.subnet125-160-201.speedy.telkom.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
71.174.61.38	attackbotsspam	Invalid user tester from 71.174.61.38 port 15292	2020-02-17 04:23:37
167.71.9.180	attack	Feb 16 20:39:31 pi sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.9.180 Feb 16 20:39:34 pi sshd[17481]: Failed password for invalid user robyn from 167.71.9.180 port 56260 ssh2	2020-02-17 04:40:02
45.70.125.19	attackspam	1581860647 - 02/16/2020 14:44:07 Host: 45.70.125.19/45.70.125.19 Port: 445 TCP Blocked	2020-02-17 04:39:17
195.176.3.23	attackspambots	02/16/2020-14:44:26.855265 195.176.3.23 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 43	2020-02-17 04:23:50
82.200.65.218	attackbots	Feb 16 12:57:42 askasleikir sshd[332259]: Failed password for invalid user baby from 82.200.65.218 port 43348 ssh2 Feb 16 13:10:19 askasleikir sshd[333271]: Failed password for invalid user sdtdserver from 82.200.65.218 port 37368 ssh2 Feb 16 13:01:26 askasleikir sshd[332620]: Failed password for invalid user cesar from 82.200.65.218 port 37612 ssh2	2020-02-17 04:20:40
66.249.66.82	attackspambots	Automatic report - Banned IP Access	2020-02-17 04:33:01
157.55.39.234	attackspambots	Automatic report - Banned IP Access	2020-02-17 04:49:03
45.148.10.99	attackspambots	Feb 16 21:40:43 mail sshd\[14411\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.99 user=root Feb 16 21:40:45 mail sshd\[14411\]: Failed password for root from 45.148.10.99 port 45996 ssh2 Feb 16 21:40:58 mail sshd\[14462\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.148.10.99 user=root ...	2020-02-17 04:50:23
40.126.229.102	attack	(sshd) Failed SSH login from 40.126.229.102 (AU/Australia/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Feb 16 14:43:54 ubnt-55d23 sshd[31999]: Invalid user test from 40.126.229.102 port 58732 Feb 16 14:43:55 ubnt-55d23 sshd[31999]: Failed password for invalid user test from 40.126.229.102 port 58732 ssh2	2020-02-17 04:44:49
74.82.47.41	attackbotsspam	Fail2Ban Ban Triggered	2020-02-17 04:26:14
184.82.9.252	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-17 04:32:45
39.100.231.144	attackspambots	port scan and connect, tcp 8080 (http-proxy)	2020-02-17 04:29:24
185.10.129.235	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-17 04:14:46
165.227.194.107	attack	Brute-force attempt banned	2020-02-17 04:38:41
139.162.113.204	attackspam	Port scan (443/tcp)	2020-02-17 04:14:15

Recently Reported IPs

154.205.123.73	186.81.125.27	203.78.204.194	144.20.38.247
185.220.87.196	198.63.50.28	3.31.228.242	180.247.140.35
176.58.224.119	64.81.113.129	222.94.39.220	104.129.4.186
162.243.128.4	111.231.1.108	134.122.52.69	182.18.220.236
175.136.45.173	13.67.62.199	129.204.154.62	182.61.175.219