City: Pontianak
Region: West Kalimantan
Country: Indonesia
Internet Service Provider: Esia
Hostname: unknown
Organization: PT Telekomunikasi Indonesia
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 125.160.207.154 | attack | Unauthorized connection attempt from IP address 125.160.207.154 on Port 445(SMB) |
2019-12-07 06:01:33 |
| 125.160.207.186 | attackspambots | Unauthorized connection attempt from IP address 125.160.207.186 on Port 445(SMB) |
2019-11-20 22:51:27 |
| 125.160.207.249 | attack | Unauthorized connection attempt from IP address 125.160.207.249 on Port 445(SMB) |
2019-11-02 17:57:23 |
| 125.160.207.157 | attackbotsspam | Honeypot attack, port: 445, PTR: 157.subnet125-160-207.speedy.telkom.net.id. |
2019-10-31 16:00:55 |
| 125.160.207.36 | attack | Attempt to attack host OS, exploiting network vulnerabilities, on 28-10-2019 11:50:22. |
2019-10-29 00:29:58 |
| 125.160.207.82 | attackbots | [portscan] tcp/23 [TELNET] *(RWIN=14600)(09161116) |
2019-09-17 02:52:19 |
| 125.160.207.129 | attack | 445/tcp 445/tcp 445/tcp... [2019-09-08]6pkt,1pt.(tcp) |
2019-09-08 22:12:32 |
| 125.160.207.158 | attackbotsspam | Automatic report - Port Scan Attack |
2019-08-04 21:12:59 |
| 125.160.207.11 | attackbots | Invalid user UBNT from 125.160.207.11 port 60541 |
2019-07-27 23:34:57 |
| 125.160.207.31 | attack | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-18 09:06:36,963 INFO [amun_request_handler] PortScan Detected on Port: 445 (125.160.207.31) |
2019-07-18 23:19:59 |
| 125.160.207.213 | attackspam | Jun 30 16:22:52 lnxmail61 sshd[853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.207.213 Jun 30 16:22:54 lnxmail61 sshd[853]: Failed password for invalid user oracle from 125.160.207.213 port 18551 ssh2 Jun 30 16:29:33 lnxmail61 sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.207.213 |
2019-06-30 23:46:23 |
| 125.160.207.203 | attack | Jun 26 04:10:43 gitlab-ci sshd\[22141\]: Invalid user ts3user from 125.160.207.203Jun 26 04:14:29 gitlab-ci sshd\[22146\]: Invalid user ts3sleep from 125.160.207.203 ... |
2019-06-26 19:07:38 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.160.207.76
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30918
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.160.207.76. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019061201 1800 900 604800 86400
;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 13 12:16:21 CST 2019
;; MSG SIZE rcvd: 118
76.207.160.125.in-addr.arpa domain name pointer 76.subnet125-160-207.speedy.telkom.net.id.
Server: 67.207.67.2
Address: 67.207.67.2#53
Non-authoritative answer:
76.207.160.125.in-addr.arpa name = 76.subnet125-160-207.speedy.telkom.net.id.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 87.250.224.72 | attackspam | [Mon Mar 30 04:33:13.803041 2020] [:error] [pid 3444:tid 140228526335744] [client 87.250.224.72:48021] [client 87.250.224.72] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XoEUGd1ev-Yl28oiT69eZAAAATw"] ... |
2020-03-30 06:28:34 |
| 51.75.16.138 | attack | Invalid user gfd from 51.75.16.138 port 45901 |
2020-03-30 06:16:03 |
| 210.5.85.150 | attackbots | Mar 30 00:39:04 pkdns2 sshd\[31731\]: Invalid user lud from 210.5.85.150Mar 30 00:39:06 pkdns2 sshd\[31731\]: Failed password for invalid user lud from 210.5.85.150 port 33490 ssh2Mar 30 00:43:20 pkdns2 sshd\[31943\]: Invalid user lcq from 210.5.85.150Mar 30 00:43:22 pkdns2 sshd\[31943\]: Failed password for invalid user lcq from 210.5.85.150 port 45696 ssh2Mar 30 00:47:37 pkdns2 sshd\[32160\]: Invalid user epe from 210.5.85.150Mar 30 00:47:39 pkdns2 sshd\[32160\]: Failed password for invalid user epe from 210.5.85.150 port 57886 ssh2 ... |
2020-03-30 06:10:33 |
| 166.111.152.230 | attackbots | Mar 30 03:00:57 gw1 sshd[1504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.152.230 Mar 30 03:00:59 gw1 sshd[1504]: Failed password for invalid user nrt from 166.111.152.230 port 38938 ssh2 ... |
2020-03-30 06:10:47 |
| 190.128.150.46 | attackbotsspam | DATE:2020-03-29 23:40:13,IP:190.128.150.46,MATCHES:11,PORT:ssh |
2020-03-30 06:13:19 |
| 114.67.66.29 | attackspambots | Invalid user irena from 114.67.66.29 port 51744 |
2020-03-30 06:13:50 |
| 182.151.3.137 | attackspambots | Mar 29 23:59:54 * sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.3.137 Mar 29 23:59:56 * sshd[2354]: Failed password for invalid user bxh from 182.151.3.137 port 56844 ssh2 |
2020-03-30 06:18:26 |
| 132.232.132.103 | attack | Mar 29 23:33:32 santamaria sshd\[5200\]: Invalid user bop from 132.232.132.103 Mar 29 23:33:32 santamaria sshd\[5200\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.132.103 Mar 29 23:33:33 santamaria sshd\[5200\]: Failed password for invalid user bop from 132.232.132.103 port 58438 ssh2 ... |
2020-03-30 06:10:04 |
| 5.45.207.34 | attack | [Mon Mar 30 04:33:36.654411 2020] [:error] [pid 3483:tid 140228517943040] [client 5.45.207.34:59106] [client 5.45.207.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XoEUMJhrvS4MEWGwWoJsDQAAAcQ"] ... |
2020-03-30 06:09:33 |
| 222.186.30.57 | attackspambots | Mar 30 00:01:04 ucs sshd\[32572\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.57 user=root Mar 30 00:01:05 ucs sshd\[32570\]: error: PAM: User not known to the underlying authentication module for root from 222.186.30.57 Mar 30 00:01:06 ucs sshd\[32574\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.57 user=root ... |
2020-03-30 06:01:46 |
| 82.77.251.243 | attackbots | Automatic report - Port Scan Attack |
2020-03-30 06:03:19 |
| 72.93.255.245 | attackspam | SSH Login Bruteforce |
2020-03-30 06:19:08 |
| 116.196.90.254 | attackbotsspam | Mar 29 23:33:57 ArkNodeAT sshd\[26131\]: Invalid user vuu from 116.196.90.254 Mar 29 23:33:57 ArkNodeAT sshd\[26131\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.90.254 Mar 29 23:33:59 ArkNodeAT sshd\[26131\]: Failed password for invalid user vuu from 116.196.90.254 port 60948 ssh2 |
2020-03-30 05:53:56 |
| 62.38.107.242 | attack | Port probing on unauthorized port 81 |
2020-03-30 06:06:41 |
| 185.175.93.27 | attackspam | 03/29/2020-17:33:53.939203 185.175.93.27 Protocol: 6 ET DROP Dshield Block Listed Source group 1 |
2020-03-30 05:56:56 |