125.161.128.254

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-29 18:51:07,394 INFO [amun_request_handler] PortScan Detected on Port: 445 (125.161.128.254)	2019-06-30 06:44:29

Comments on same subnet:

IP	Type	Details	Datetime
125.161.128.223	attackbots	IP 125.161.128.223 attacked honeypot on port: 1433 at 8/23/2020 8:55:05 PM	2020-08-24 13:43:08
125.161.128.42	attackspam	Port probing on unauthorized port 23	2020-08-02 05:54:02
125.161.128.232	attackspambots	Invalid user administrator from 125.161.128.232 port 28984	2020-05-23 12:17:11
125.161.128.204	attackspam	Honeypot attack, port: 445, PTR: 204.subnet125-161-128.speedy.telkom.net.id.	2020-05-21 05:19:13
125.161.128.53	attackspambots	Honeypot attack, port: 445, PTR: 53.subnet125-161-128.speedy.telkom.net.id.	2020-05-11 03:58:35
125.161.128.206	attackbots	20/5/5@05:15:21: FAIL: Alarm-Network address from=125.161.128.206 ...	2020-05-06 00:37:33
125.161.128.69	attack	Automatic report - Port Scan Attack	2020-05-02 16:28:49
125.161.128.134	attackspam	RDP Brute-Force (honeypot 7)	2020-04-21 05:42:19
125.161.128.79	attackspam	Unauthorized connection attempt from IP address 125.161.128.79 on Port 445(SMB)	2020-03-07 00:08:16
125.161.128.76	attack	Unauthorized connection attempt detected from IP address 125.161.128.76 to port 80 [J]	2020-03-02 18:33:37
125.161.128.14	attackspam	Honeypot attack, port: 445, PTR: 14.subnet125-161-128.speedy.telkom.net.id.	2020-02-27 14:44:35
125.161.128.66	attackbots	1582519610 - 02/24/2020 05:46:50 Host: 125.161.128.66/125.161.128.66 Port: 445 TCP Blocked	2020-02-24 18:41:12
125.161.128.155	attackspam	22/tcp 8291/tcp [2020-02-19]2pkt	2020-02-20 00:35:28
125.161.128.192	attack	(sshd) Failed SSH login from 125.161.128.192 (ID/Indonesia/192.subnet125-161-128.speedy.telkom.net.id): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Feb 6 05:49:34 ubnt-55d23 sshd[28758]: Invalid user admin from 125.161.128.192 port 53626 Feb 6 05:49:36 ubnt-55d23 sshd[28758]: Failed password for invalid user admin from 125.161.128.192 port 53626 ssh2	2020-02-06 21:19:42
125.161.128.120	attackbots	Honeypot attack, port: 445, PTR: 120.subnet125-161-128.speedy.telkom.net.id.	2020-02-06 18:22:42

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.161.128.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32972
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.161.128.254.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062901 1800 900 604800 86400

;; Query time: 138 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jun 30 06:44:22 CST 2019
;; MSG SIZE  rcvd: 119

Host info

254.128.161.125.in-addr.arpa has no PTR record

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
254.128.161.125.in-addr.arpa	name = 254.subnet125-161-128.speedy.telkom.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
54.91.111.155	attackspam	Port Scan detected from 54.91.111.155 (US/United States/ec2-54-91-111-155.compute-1.amazonaws.com). 7 hits in the last 152 seconds	2019-11-16 00:59:53
139.59.249.255	attackspambots	Nov 15 06:21:39 tdfoods sshd\[1765\]: Invalid user home from 139.59.249.255 Nov 15 06:21:39 tdfoods sshd\[1765\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=blog.jungleland.co.id Nov 15 06:21:41 tdfoods sshd\[1765\]: Failed password for invalid user home from 139.59.249.255 port 19779 ssh2 Nov 15 06:25:53 tdfoods sshd\[3024\]: Invalid user taffy from 139.59.249.255 Nov 15 06:25:53 tdfoods sshd\[3024\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=blog.jungleland.co.id	2019-11-16 00:30:40
209.17.96.138	attack	Automatic report - Banned IP Access	2019-11-16 00:49:47
217.249.52.162	attack	Scanning	2019-11-16 00:30:09
81.22.45.51	attack	Nov 15 17:31:57 mc1 kernel: \[5121785.887262\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.51 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=11135 PROTO=TCP SPT=40354 DPT=6929 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 17:37:07 mc1 kernel: \[5122095.354184\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.51 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=62179 PROTO=TCP SPT=40354 DPT=6229 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 15 17:37:45 mc1 kernel: \[5122133.023677\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.51 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17502 PROTO=TCP SPT=40354 DPT=6844 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-11-16 00:54:18
222.186.52.78	attack	Nov 15 11:54:05 ny01 sshd[31438]: Failed password for root from 222.186.52.78 port 34921 ssh2 Nov 15 11:54:46 ny01 sshd[31513]: Failed password for root from 222.186.52.78 port 61031 ssh2	2019-11-16 00:58:12
106.75.4.19	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-16 00:38:18
124.40.83.118	attackspam	port scan and connect, tcp 23 (telnet)	2019-11-16 00:28:47
84.118.168.95	attackbots	Scanning	2019-11-16 00:18:24
182.72.178.114	attack	2019-11-15T17:42:06.545571scmdmz1 sshd\[4963\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.72.178.114 user=root 2019-11-15T17:42:08.326382scmdmz1 sshd\[4963\]: Failed password for root from 182.72.178.114 port 28750 ssh2 2019-11-15T17:46:03.330907scmdmz1 sshd\[5276\]: Invalid user uucp from 182.72.178.114 port 33031 ...	2019-11-16 00:56:40
106.2.193.74	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-16 00:55:43
202.111.174.150	attackbotsspam	Port 1433 Scan	2019-11-16 00:28:22
185.247.140.245	attackbots	Nov 15 17:11:17 vps666546 sshd\[29190\]: Invalid user test123 from 185.247.140.245 port 49614 Nov 15 17:11:17 vps666546 sshd\[29190\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.140.245 Nov 15 17:11:19 vps666546 sshd\[29190\]: Failed password for invalid user test123 from 185.247.140.245 port 49614 ssh2 Nov 15 17:16:08 vps666546 sshd\[29404\]: Invalid user lowen from 185.247.140.245 port 58542 Nov 15 17:16:08 vps666546 sshd\[29404\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.140.245 ...	2019-11-16 00:39:56
91.134.169.67	attack	SIPVicious Scanner Detection	2019-11-16 00:33:54
203.163.233.182	attackspambots	" "	2019-11-16 00:38:35

Recently Reported IPs

117.86.35.30	89.102.21.25	191.53.252.88	208.95.184.162
201.26.70.179	200.84.146.107	144.48.82.80	2001:4801:7818:6:26c8:45b8:ff10:2bab
118.89.107.108	117.207.21.21	115.238.251.163	77.172.202.250
108.62.202.210	92.119.160.150	92.50.248.124	104.248.66.103
104.248.66.31	104.248.66.234	104.248.144.223	104.248.144.195