125.161.138.200

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
125.161.138.219	attackspam	Unauthorized connection attempt from IP address 125.161.138.219 on Port 445(SMB)	2020-08-19 20:28:25
125.161.138.123	attackspambots	Unauthorized connection attempt from IP address 125.161.138.123 on Port 445(SMB)	2020-07-25 02:26:04
125.161.138.239	attackspam	Unauthorized connection attempt from IP address 125.161.138.239 on Port 445(SMB)	2020-04-01 19:57:24
125.161.138.184	attackbotsspam	20/2/2@23:54:59: FAIL: Alarm-Network address from=125.161.138.184 20/2/2@23:54:59: FAIL: Alarm-Network address from=125.161.138.184 ...	2020-02-03 13:17:28
125.161.138.24	attackbotsspam	Honeypot attack, port: 445, PTR: 24.subnet125-161-138.speedy.telkom.net.id.	2020-01-28 19:07:37
125.161.138.47	attack	unauthorized connection attempt	2020-01-22 20:42:58
125.161.138.4	attackspam	Unauthorised access (Dec 26) SRC=125.161.138.4 LEN=52 TTL=117 ID=19472 DF TCP DPT=445 WINDOW=8192 SYN	2019-12-26 18:35:13
125.161.138.86	attackspambots	1576909573 - 12/21/2019 07:26:13 Host: 125.161.138.86/125.161.138.86 Port: 445 TCP Blocked	2019-12-21 18:38:20
125.161.138.119	attackbotsspam	$f2bV_matches	2019-11-28 17:23:16
125.161.138.50	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 19-09-2019 11:51:21.	2019-09-20 00:16:07
125.161.138.50	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-22 03:01:12,439 INFO [amun_request_handler] PortScan Detected on Port: 445 (125.161.138.50)	2019-07-22 15:33:37
125.161.138.190	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-18 08:48:30,794 INFO [amun_request_handler] PortScan Detected on Port: 445 (125.161.138.190)	2019-07-19 05:03:44
125.161.138.188	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 09:04:06,699 INFO [shellcode_manager] (125.161.138.188) no match, writing hexdump (4d0d6cea53e8cad65547464990b8562c :2116803) - MS17010 (EternalBlue)	2019-07-04 19:56:54
125.161.138.102	attackbots	Jun 24 12:59:26 * sshd[22400]: reveeclipse mapping checking getaddrinfo for 102.subnet125-161-138.speedy.telkom.net.id [125.161.138.102] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 24 12:59:26 * sshd[22400]: Invalid user 2 from 125.161.138.102 Jun 24 12:59:26 * sshd[22400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.138.102 Jun 24 12:59:28 * sshd[22400]: Failed password for invalid user 2 from 125.161.138.102 port 42626 ssh2 Jun 24 12:59:28 * sshd[22400]: Received disconnect from 125.161.138.102: 11: Bye Bye [preauth] Jun 24 13:03:57 * sshd[22481]: reveeclipse mapping checking getaddrinfo for 102.subnet125-161-138.speedy.telkom.net.id [125.161.138.102] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 24 13:03:57 * sshd[22481]: Invalid user terraria from 125.161.138.102 Jun 24 13:03:57 * sshd[22481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.138.102 ........ ------------------------------------------	2019-06-27 11:03:33
125.161.138.102	attackbotsspam	Jun 24 12:59:26 * sshd[22400]: reveeclipse mapping checking getaddrinfo for 102.subnet125-161-138.speedy.telkom.net.id [125.161.138.102] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 24 12:59:26 * sshd[22400]: Invalid user 2 from 125.161.138.102 Jun 24 12:59:26 * sshd[22400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.138.102 Jun 24 12:59:28 * sshd[22400]: Failed password for invalid user 2 from 125.161.138.102 port 42626 ssh2 Jun 24 12:59:28 * sshd[22400]: Received disconnect from 125.161.138.102: 11: Bye Bye [preauth] Jun 24 13:03:57 * sshd[22481]: reveeclipse mapping checking getaddrinfo for 102.subnet125-161-138.speedy.telkom.net.id [125.161.138.102] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 24 13:03:57 * sshd[22481]: Invalid user terraria from 125.161.138.102 Jun 24 13:03:57 * sshd[22481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.161.138.102 ........ ------------------------------------------	2019-06-26 01:52:15

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.161.138.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22842
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.161.138.200.		IN	A

;; AUTHORITY SECTION:
.			386	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020070100 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jul 01 12:08:35 CST 2020
;; MSG SIZE  rcvd: 119

Host info

200.138.161.125.in-addr.arpa domain name pointer 200.subnet125-161-138.speedy.telkom.net.id.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
200.138.161.125.in-addr.arpa	name = 200.subnet125-161-138.speedy.telkom.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.102.72.187	attackbots	DATE:2020-07-09 14:07:42, IP:103.102.72.187, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-07-09 22:48:27
185.143.73.175	attack	Jul 9 16:38:07 srv01 postfix/smtpd\[8718\]: warning: unknown\[185.143.73.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 16:38:44 srv01 postfix/smtpd\[8718\]: warning: unknown\[185.143.73.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 16:39:22 srv01 postfix/smtpd\[10691\]: warning: unknown\[185.143.73.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 16:40:00 srv01 postfix/smtpd\[12598\]: warning: unknown\[185.143.73.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 16:40:34 srv01 postfix/smtpd\[23243\]: warning: unknown\[185.143.73.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-09 22:43:03
180.182.47.132	attackspambots	Automatic Fail2ban report - Trying login SSH	2020-07-09 23:07:44
188.167.251.171	attackspam	postfix (unknown user, SPF fail or relay access denied)	2020-07-09 23:12:36
38.92.156.192	attackbots	Automatically reported by fail2ban report script (powermetal_old)	2020-07-09 22:46:42
218.92.0.138	attackbots	Jul 9 16:11:17 * sshd[21236]: Failed password for root from 218.92.0.138 port 59325 ssh2 Jul 9 16:11:31 * sshd[21236]: error: maximum authentication attempts exceeded for root from 218.92.0.138 port 59325 ssh2 [preauth]	2020-07-09 22:34:51
104.248.237.70	attack	2020-07-09T16:10:03.359579ks3355764 sshd[24700]: Invalid user geoffrey from 104.248.237.70 port 32271 2020-07-09T16:10:05.397789ks3355764 sshd[24700]: Failed password for invalid user geoffrey from 104.248.237.70 port 32271 ssh2 ...	2020-07-09 22:36:02
192.144.204.6	attackspam	web-1 [ssh_2] SSH Attack	2020-07-09 23:10:01
54.36.98.129	attack	2020-07-09T14:20:49.616336mail.csmailer.org sshd[1124]: Invalid user shiranami from 54.36.98.129 port 32806 2020-07-09T14:20:49.620108mail.csmailer.org sshd[1124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.ip-54-36-98.eu 2020-07-09T14:20:49.616336mail.csmailer.org sshd[1124]: Invalid user shiranami from 54.36.98.129 port 32806 2020-07-09T14:20:51.660570mail.csmailer.org sshd[1124]: Failed password for invalid user shiranami from 54.36.98.129 port 32806 ssh2 2020-07-09T14:24:15.721817mail.csmailer.org sshd[1252]: Invalid user lotta from 54.36.98.129 port 58652 ...	2020-07-09 22:42:33
180.76.238.183	attackspambots	Jul 9 19:07:27 itv-usvr-01 sshd[20718]: Invalid user kirankumar from 180.76.238.183	2020-07-09 23:11:06
198.20.103.246	attackbots	trying to access non-authorized port	2020-07-09 22:32:06
139.59.84.29	attack	2020-07-09T17:06:45.269056mail.standpoint.com.ua sshd[24788]: Invalid user maruei from 139.59.84.29 port 46030 2020-07-09T17:06:45.271799mail.standpoint.com.ua sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.84.29 2020-07-09T17:06:45.269056mail.standpoint.com.ua sshd[24788]: Invalid user maruei from 139.59.84.29 port 46030 2020-07-09T17:06:47.444822mail.standpoint.com.ua sshd[24788]: Failed password for invalid user maruei from 139.59.84.29 port 46030 ssh2 2020-07-09T17:10:23.680995mail.standpoint.com.ua sshd[25265]: Invalid user lant from 139.59.84.29 port 42856 ...	2020-07-09 22:54:59
139.59.57.2	attackspam	Jul 9 16:16:00 minden010 sshd[24932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.57.2 Jul 9 16:16:01 minden010 sshd[24932]: Failed password for invalid user maxuefeng from 139.59.57.2 port 56508 ssh2 Jul 9 16:19:55 minden010 sshd[25680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.57.2 ...	2020-07-09 22:43:59
180.112.191.47	attack	Web application attack detected by fail2ban	2020-07-09 22:58:53
91.134.248.230	attack	91.134.248.230 - - [09/Jul/2020:14:08:03 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [09/Jul/2020:14:08:04 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [09/Jul/2020:14:08:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-09 22:29:29

Recently Reported IPs

202.216.177.1	141.168.13.215	111.96.143.196	204.97.26.234
94.79.21.212	144.33.247.46	177.41.1.194	117.196.68.76
123.178.231.107	111.196.50.115	67.118.126.223	51.133.129.33
83.206.44.32	76.220.211.218	139.74.168.99	51.159.238.242
126.34.168.184	202.87.4.250	87.223.198.201	84.197.19.29