125.164.11.198

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt detected from IP address 125.164.11.198 to port 445	2019-12-12 21:51:24

Comments on same subnet:

IP	Type	Details	Datetime
125.164.116.119	attack	Honeypot attack, port: 445, PTR: 119.subnet125-164-116.speedy.telkom.net.id.	2020-01-25 07:32:05
125.164.116.119	attackbotsspam	Honeypot attack, port: 445, PTR: 119.subnet125-164-116.speedy.telkom.net.id.	2020-01-20 02:12:26
125.164.112.186	attackbotsspam	Unauthorized connection attempt from IP address 125.164.112.186 on Port 445(SMB)	2020-01-07 23:28:09
125.164.11.92	attackspam	" "	2019-11-23 05:59:44
125.164.114.149	attackbotsspam	Unauthorized connection attempt from IP address 125.164.114.149 on Port 445(SMB)	2019-08-31 16:00:43
125.164.116.80	attackspam	Netgear DGN Device Remote Command Execution Vulnerability	2019-07-14 22:30:59

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.164.11.198
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8342
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.164.11.198.			IN	A

;; AUTHORITY SECTION:
.			495	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121200 1800 900 604800 86400

;; Query time: 48 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 12 21:51:19 CST 2019
;; MSG SIZE  rcvd: 118

Host info

198.11.164.125.in-addr.arpa domain name pointer 198.subnet125-164-11.speedy.telkom.net.id.

Nslookup info:

Server:		100.100.2.136
Address:	100.100.2.136#53

Non-authoritative answer:
198.11.164.125.in-addr.arpa	name = 198.subnet125-164-11.speedy.telkom.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
39.50.234.78	attackbotsspam	Jun 4 14:02:49 mxgate1 sshd[23358]: Did not receive identification string from 39.50.234.78 port 59232 Jun 4 14:02:53 mxgate1 sshd[23368]: Invalid user admin2 from 39.50.234.78 port 59586 Jun 4 14:02:53 mxgate1 sshd[23368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.50.234.78 Jun 4 14:02:54 mxgate1 sshd[23368]: Failed password for invalid user admin2 from 39.50.234.78 port 59586 ssh2 Jun 4 14:02:54 mxgate1 sshd[23368]: Connection closed by 39.50.234.78 port 59586 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=39.50.234.78	2020-06-04 22:20:31
85.104.111.215	attackbotsspam	Automatic report - XMLRPC Attack	2020-06-04 22:35:58
89.248.171.187	attack	Brute forcing email accounts	2020-06-04 21:54:12
45.232.201.131	attackbotsspam	1591272491 - 06/04/2020 14:08:11 Host: 45.232.201.131/45.232.201.131 Port: 445 TCP Blocked	2020-06-04 21:54:46
180.76.168.54	attackbots	Jun 4 12:02:45 ns3033917 sshd[13200]: Failed password for root from 180.76.168.54 port 60946 ssh2 Jun 4 12:07:25 ns3033917 sshd[13225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.168.54 user=root Jun 4 12:07:27 ns3033917 sshd[13225]: Failed password for root from 180.76.168.54 port 58252 ssh2 ...	2020-06-04 22:37:25
130.61.118.231	attackbotsspam	130.61.118.231 (DE/Germany/-), 12 distributed sshd attacks on account [root] in the last 3600 secs	2020-06-04 22:29:34
123.24.104.155	attackbots	1591272455 - 06/04/2020 14:07:35 Host: 123.24.104.155/123.24.104.155 Port: 445 TCP Blocked	2020-06-04 22:29:01
121.229.14.191	attackbots	Jun 4 09:29:14 dns1 sshd[24494]: Failed password for root from 121.229.14.191 port 38818 ssh2 Jun 4 09:33:21 dns1 sshd[24760]: Failed password for root from 121.229.14.191 port 35063 ssh2	2020-06-04 22:22:36
87.241.105.71	attack	SE_ALLTELE-SE-MNT_<177>1591272454 [1:2403462:57764] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 [Classification: Misc Attack] [Priority: 2]: {TCP} 87.241.105.71:18082	2020-06-04 22:30:16
24.220.0.105	attackbotsspam	https://www.google.com/url?sa=t&url=http%3A%2F%2Fladarope.ru%2F	2020-06-04 22:33:21
200.98.139.219	attackbotsspam	2020-06-04T11:59:08.110726shield sshd\[10845\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200-98-139-219.clouduol.com.br user=root 2020-06-04T11:59:10.586853shield sshd\[10845\]: Failed password for root from 200.98.139.219 port 56082 ssh2 2020-06-04T12:03:30.945418shield sshd\[12416\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200-98-139-219.clouduol.com.br user=root 2020-06-04T12:03:33.055293shield sshd\[12416\]: Failed password for root from 200.98.139.219 port 56276 ssh2 2020-06-04T12:08:00.101713shield sshd\[13868\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200-98-139-219.clouduol.com.br user=root	2020-06-04 22:04:06
186.64.120.71	attackspam	Lines containing failures of 186.64.120.71 Jun 4 08:06:44 newdogma sshd[26283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.71 user=r.r Jun 4 08:06:46 newdogma sshd[26283]: Failed password for r.r from 186.64.120.71 port 38178 ssh2 Jun 4 08:06:47 newdogma sshd[26283]: Received disconnect from 186.64.120.71 port 38178:11: Bye Bye [preauth] Jun 4 08:06:47 newdogma sshd[26283]: Disconnected from authenticating user r.r 186.64.120.71 port 38178 [preauth] Jun 4 08:11:58 newdogma sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.71 user=r.r Jun 4 08:12:00 newdogma sshd[26394]: Failed password for r.r from 186.64.120.71 port 40788 ssh2 Jun 4 08:12:01 newdogma sshd[26394]: Received disconnect from 186.64.120.71 port 40788:11: Bye Bye [preauth] Jun 4 08:12:01 newdogma sshd[26394]: Disconnected from authenticating user r.r 186.64.120.71 port 40788 [preauth........ ------------------------------	2020-06-04 22:24:27
185.86.106.149	attack	Icarus honeypot on github	2020-06-04 22:03:24
122.51.39.232	attackspambots	Jun 4 13:40:31 game-panel sshd[19107]: Failed password for root from 122.51.39.232 port 56660 ssh2 Jun 4 13:44:08 game-panel sshd[19225]: Failed password for root from 122.51.39.232 port 42258 ssh2	2020-06-04 22:26:43
209.141.40.12	attackspam	E BREAK-IN ATTEMPT! Jun 4 13:21:12 tecnica2019 sshd[21578]: Invalid user hadoop from 209.141.40.12 port 47606 Jun 4 13:21:12 tecnica2019 sshd[21578]: input_userauth_request: invalid user hadoop [preauth] Jun 4 13:21:13 tecnica2019 sshd[21574]: reverse mapping checking getaddrinfo for equality.biyondhorizzon.com [209.141.40.12] failed - POSSIBL E BREAK-IN ATTEMPT! Jun 4 13:21:13 tecnica2019 sshd[21574]: Invalid user ec2-user from 209.141.40.12 port 47586 Jun 4 13:21:13 tecnica2019 sshd[21574]: input_userauth_request: invalid user ec2-user [preauth] Jun 4 13:21:13 tecnica2019 sshd[21566]: reverse mapping checking getaddrinfo for equality.biyondhorizzon.com [209.141.40.12] failed - POSSIBL E BREAK-IN ATTEMPT! Jun 4 13:21:13 tecnica2019 sshd[21566]: Invalid user test from 209.141.40.12 port 47596	2020-06-04 21:59:51

Recently Reported IPs

200.195.171.74	171.242.175.84	95.9.248.2	5.197.60.123
158.134.214.34	84.241.32.172	177.179.16.51	103.94.56.152
98.156.168.181	101.108.76.0	228.188.90.53	201.122.102.140
176.194.21.217	102.159.248.217	32.254.213.218	74.188.137.138
32.84.19.85	238.147.52.222	187.232.201.118	30.203.56.94