125.161.130.5 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Honeypot attack, port: 445, PTR: 5.subnet125-161-130.speedy.telkom.net.id.	2019-11-27 19:36:53
attackspam	Unauthorized connection attempt from IP address 125.161.130.5 on Port 445(SMB)	2019-11-05 01:36:31

Comments on same subnet:

IP	Type	Details	Datetime
125.161.130.6	attackbotsspam	Attempted connection to port 23.	2020-08-14 05:56:21
125.161.130.217	attack	Unauthorized IMAP connection attempt	2020-06-17 01:28:41
125.161.130.64	attack	Honeypot attack, port: 445, PTR: 64.subnet125-161-130.speedy.telkom.net.id.	2020-05-06 01:42:56
125.161.130.18	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 01-04-2020 04:55:09.	2020-04-01 13:18:17
125.161.130.17	attackspam	RDP Bruteforce	2020-03-02 04:33:01
125.161.130.201	attack	Lines containing failures of 125.161.130.201 Feb 29 06:23:23 shared11 sshd[8547]: Invalid user admin from 125.161.130.201 port 11578 Feb 29 06:23:23 shared11 sshd[8547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.130.201 Feb 29 06:23:25 shared11 sshd[8547]: Failed password for invalid user admin from 125.161.130.201 port 11578 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=125.161.130.201	2020-02-29 18:29:04
125.161.130.175	attackbots	Unauthorized connection attempt from IP address 125.161.130.175 on Port 445(SMB)	2020-02-13 00:24:06
125.161.130.70	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 08-02-2020 04:50:10.	2020-02-08 20:10:22
125.161.130.200	attackbots	Unauthorized connection attempt detected from IP address 125.161.130.200 to port 80 [J]	2020-02-05 19:33:41
125.161.130.227	attackbotsspam	(sshd) Failed SSH login from 125.161.130.227 (ID/Indonesia/227.subnet125-161-130.speedy.telkom.net.id): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Feb 1 07:01:37 ubnt-55d23 sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.130.227 user=root Feb 1 07:01:39 ubnt-55d23 sshd[29308]: Failed password for root from 125.161.130.227 port 15320 ssh2	2020-02-01 16:29:03
125.161.130.48	attackbotsspam	Unauthorized connection attempt detected from IP address 125.161.130.48 to port 8080 [J]	2020-01-31 05:32:43
125.161.130.218	attackbots	1580360145 - 01/30/2020 05:55:45 Host: 125.161.130.218/125.161.130.218 Port: 445 TCP Blocked	2020-01-30 20:59:57
125.161.130.157	attackbotsspam	Automatic report - SSH Brute-Force Attack	2020-01-16 17:53:22
125.161.130.7	attack	Honeypot attack, port: 81, PTR: 7.subnet125-161-130.speedy.telkom.net.id.	2020-01-14 02:22:02
125.161.130.125	attackspambots	Automatic report - Port Scan Attack	2020-01-02 05:25:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.161.130.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64192
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.161.130.5.			IN	A

;; AUTHORITY SECTION:
.			350	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110401 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 05 01:36:27 CST 2019
;; MSG SIZE  rcvd: 117

Host info

5.130.161.125.in-addr.arpa domain name pointer 5.subnet125-161-130.speedy.telkom.net.id.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
5.130.161.125.in-addr.arpa	name = 5.subnet125-161-130.speedy.telkom.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.95.168.150	attackbotsspam	trying to access non-authorized port	2020-08-04 05:31:45
211.239.124.243	attackbotsspam	Aug 3 23:04:32 OPSO sshd\[17925\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.124.243 user=root Aug 3 23:04:34 OPSO sshd\[17925\]: Failed password for root from 211.239.124.243 port 48939 ssh2 Aug 3 23:07:20 OPSO sshd\[18576\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.124.243 user=root Aug 3 23:07:21 OPSO sshd\[18576\]: Failed password for root from 211.239.124.243 port 40461 ssh2 Aug 3 23:10:06 OPSO sshd\[19132\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.239.124.243 user=root	2020-08-04 05:24:15
176.97.254.58	attack	(smtpauth) Failed SMTP AUTH login from 176.97.254.58 (PL/Poland/176-97-254-58.tonetic.pl): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-08-04 01:07:14 plain authenticator failed for ([176.97.254.58]) [176.97.254.58]: 535 Incorrect authentication data (set_id=rd@toliddaru.ir)	2020-08-04 05:14:28
77.247.181.162	attackbots	2020-08-03T15:36:37.954440morrigan.ad5gb.com sshd[2118271]: Invalid user admin from 77.247.181.162 port 44284 2020-08-03T15:36:40.212832morrigan.ad5gb.com sshd[2118271]: Failed password for invalid user admin from 77.247.181.162 port 44284 ssh2	2020-08-04 05:38:54
218.92.0.219	attackspambots	Aug 3 23:16:15 v22018053744266470 sshd[7280]: Failed password for root from 218.92.0.219 port 43963 ssh2 Aug 3 23:16:25 v22018053744266470 sshd[7293]: Failed password for root from 218.92.0.219 port 39389 ssh2 ...	2020-08-04 05:17:01
156.96.128.240	attack	[2020-08-03 16:49:32] NOTICE[1248][C-000037a9] chan_sip.c: Call from '' (156.96.128.240:65495) to extension '101146192777644' rejected because extension not found in context 'public'. [2020-08-03 16:49:32] SECURITY[1275] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-03T16:49:32.407-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="101146192777644",SessionID="0x7f27200c9798",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/156.96.128.240/65495",ACLName="no_extension_match" [2020-08-03 16:55:32] NOTICE[1248][C-000037b3] chan_sip.c: Call from '' (156.96.128.240:55547) to extension '101046192777644' rejected because extension not found in context 'public'. [2020-08-03 16:55:32] SECURITY[1275] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-08-03T16:55:32.852-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="101046192777644",SessionID="0x7f27205a5c28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/U ...	2020-08-04 05:07:00
158.69.35.227	attackspambots	Aug 4 01:37:37 gw1 sshd[22890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.35.227 Aug 4 01:37:38 gw1 sshd[22890]: Failed password for invalid user admin from 158.69.35.227 port 44291 ssh2 ...	2020-08-04 04:59:57
82.65.27.68	attackspambots	Brute-force attempt banned	2020-08-04 05:09:26
51.15.171.31	attackbotsspam	Aug 4 03:46:35 itv-usvr-01 sshd[22252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.171.31 user=root Aug 4 03:46:37 itv-usvr-01 sshd[22252]: Failed password for root from 51.15.171.31 port 43673 ssh2 Aug 4 03:55:23 itv-usvr-01 sshd[22614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.171.31 user=root Aug 4 03:55:25 itv-usvr-01 sshd[22614]: Failed password for root from 51.15.171.31 port 41087 ssh2	2020-08-04 05:31:22
129.28.187.169	attackspambots	Aug 3 23:27:46 buvik sshd[8156]: Invalid user ~#$%^&(),.; from 129.28.187.169 Aug 3 23:27:46 buvik sshd[8156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.187.169 Aug 3 23:27:48 buvik sshd[8156]: Failed password for invalid user ~#$%^&(),.; from 129.28.187.169 port 55794 ssh2 ...	2020-08-04 05:33:19
170.130.45.38	attack	Spam	2020-08-04 05:15:43
111.231.145.104	attackspam	Aug 3 22:24:57 server sshd[46858]: Failed password for root from 111.231.145.104 port 42970 ssh2 Aug 3 22:33:37 server sshd[49621]: Failed password for root from 111.231.145.104 port 56356 ssh2 Aug 3 22:37:24 server sshd[50944]: Failed password for root from 111.231.145.104 port 39304 ssh2	2020-08-04 05:10:25
52.143.154.147	attackbots	Brute forcing email accounts	2020-08-04 05:14:10
119.45.34.52	attack	Aug 3 22:26:45 havingfunrightnow sshd[6887]: Failed password for root from 119.45.34.52 port 59266 ssh2 Aug 3 22:32:47 havingfunrightnow sshd[7047]: Failed password for root from 119.45.34.52 port 35922 ssh2 ...	2020-08-04 05:30:36
80.89.234.147	attack	Port scan	2020-08-04 05:22:23

Recently Reported IPs

103.81.12.42	180.191.90.203	212.64.71.225	77.234.68.2
103.255.235.38	1.172.231.130	114.143.210.139	12.35.22.210
46.149.81.118	187.226.34.255	177.91.232.51	129.28.31.102
95.154.88.70	125.213.135.202	167.71.166.36	46.45.129.16
5.53.124.247	152.32.101.26	185.45.103.189	183.146.189.244