125.166.119.28

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
normal	Test	2021-02-01 12:55:42
attackbots	445/tcp [2019-06-22]1pkt	2019-06-22 12:49:14

Comments on same subnet:

IP	Type	Details	Datetime
125.166.119.252	attackbotsspam	1590810906 - 05/30/2020 05:55:06 Host: 125.166.119.252/125.166.119.252 Port: 445 TCP Blocked	2020-05-30 12:05:01
125.166.119.213	attack	Unauthorized connection attempt from IP address 125.166.119.213 on Port 445(SMB)	2020-04-03 20:11:50
125.166.119.30	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-03 18:39:32
125.166.119.156	attackspam	Feb 27 23:46:06 h2177944 kernel: \[6041313.244224\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=125.166.119.156 DST=85.214.117.9 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=27179 PROTO=TCP SPT=22391 DPT=23 WINDOW=59870 RES=0x00 SYN URGP=0 Feb 27 23:46:06 h2177944 kernel: \[6041313.244241\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=125.166.119.156 DST=85.214.117.9 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=27179 PROTO=TCP SPT=22391 DPT=23 WINDOW=59870 RES=0x00 SYN URGP=0 Feb 27 23:46:22 h2177944 kernel: \[6041329.215531\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=125.166.119.156 DST=85.214.117.9 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=27179 PROTO=TCP SPT=22391 DPT=23 WINDOW=59870 RES=0x00 SYN URGP=0 Feb 27 23:46:22 h2177944 kernel: \[6041329.215546\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=125.166.119.156 DST=85.214.117.9 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=27179 PROTO=TCP SPT=22391 DPT=23 WINDOW=59870 RES=0x00 SYN URGP=0 Feb 27 23:46:23 h2177944 kernel: \[6041329.928379\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=125.166.119.156 DST=85.214.117	2020-02-28 08:16:42
125.166.119.214	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-02-02 05:02:30
125.166.119.192	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 10-10-2019 12:55:17.	2019-10-10 23:22:58
125.166.119.92	attackbots	Unauthorized connection attempt from IP address 125.166.119.92 on Port 445(SMB)	2019-07-22 18:11:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.166.119.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59772
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.166.119.28.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062200 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 22 12:49:03 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 28.119.166.125.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 67.207.67.2, trying next server
Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 28.119.166.125.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
217.182.68.93	attackbots	sshd jail - ssh hack attempt	2020-09-21 12:53:04
27.113.68.229	attackbotsspam	TCP (SYN) 27.113.68.229:54130 -> port 23, len 44	2020-09-21 12:18:45
51.161.119.98	attack	48022/tcp 12022/tcp 30222/tcp... [2020-08-17/09-20]19pkt,17pt.(tcp)	2020-09-21 12:39:32
77.47.193.83	attackbotsspam	2020-09-20T20:10:56.410788suse-nuc sshd[14950]: User root from 77.47.193.83 not allowed because listed in DenyUsers ...	2020-09-21 12:44:40
51.116.189.135	attack	CMS (WordPress or Joomla) login attempt.	2020-09-21 12:47:46
203.170.58.241	attack	Sep 21 04:28:15 rush sshd[27202]: Failed password for root from 203.170.58.241 port 48753 ssh2 Sep 21 04:32:10 rush sshd[27321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.170.58.241 Sep 21 04:32:12 rush sshd[27321]: Failed password for invalid user cactiuser from 203.170.58.241 port 46428 ssh2 ...	2020-09-21 12:41:16
2.57.122.214	attackbotsspam	SP-Scan 53551:23 detected 2020.09.20 01:41:02 blocked until 2020.11.08 17:43:49	2020-09-21 12:24:16
159.203.111.100	attackspambots	2020-09-20T23:26:32.225557afi-git.jinr.ru sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.111.100 2020-09-20T23:26:32.222301afi-git.jinr.ru sshd[9422]: Invalid user samba from 159.203.111.100 port 50376 2020-09-20T23:26:33.698110afi-git.jinr.ru sshd[9422]: Failed password for invalid user samba from 159.203.111.100 port 50376 ssh2 2020-09-20T23:31:24.068964afi-git.jinr.ru sshd[10400]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.111.100 user=test 2020-09-20T23:31:25.491142afi-git.jinr.ru sshd[10400]: Failed password for test from 159.203.111.100 port 43100 ssh2 ...	2020-09-21 12:40:28
64.227.37.93	attack	Sep 21 01:39:46 firewall sshd[13229]: Failed password for root from 64.227.37.93 port 37580 ssh2 Sep 21 01:43:44 firewall sshd[13375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.37.93 user=root Sep 21 01:43:45 firewall sshd[13375]: Failed password for root from 64.227.37.93 port 49994 ssh2 ...	2020-09-21 12:43:52
221.238.182.3	attackbotsspam	[ssh] SSH attack	2020-09-21 12:21:50
222.186.190.2	attackbots	Sep 21 04:44:58 IngegnereFirenze sshd[17269]: User root from 222.186.190.2 not allowed because not listed in AllowUsers ...	2020-09-21 12:46:57
222.186.175.216	attackspambots	Sep 20 18:21:01 hanapaa sshd\[1404\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.216 user=root Sep 20 18:21:03 hanapaa sshd\[1404\]: Failed password for root from 222.186.175.216 port 44942 ssh2 Sep 20 18:21:06 hanapaa sshd\[1404\]: Failed password for root from 222.186.175.216 port 44942 ssh2 Sep 20 18:21:09 hanapaa sshd\[1404\]: Failed password for root from 222.186.175.216 port 44942 ssh2 Sep 20 18:21:13 hanapaa sshd\[1404\]: Failed password for root from 222.186.175.216 port 44942 ssh2	2020-09-21 12:25:21
51.38.186.180	attack	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-09-21T03:35:27Z and 2020-09-21T03:43:30Z	2020-09-21 12:50:36
114.42.22.41	attack	Found on CINS badguys / proto=6 . srcport=12025 . dstport=23 . (2349)	2020-09-21 12:19:57
89.248.172.140	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 5566 proto: tcp cat: Misc Attackbytes: 60	2020-09-21 12:30:09

Recently Reported IPs

118.160.100.63	47.105.71.189	72.214.97.246	103.227.119.237
111.242.138.147	201.182.66.19	61.94.103.123	220.141.71.166
43.249.192.65	51.158.175.162	51.89.163.168	109.200.204.11
253.193.74.1	200.56.91.209	189.87.163.158	187.109.55.4
87.5.203.34	113.236.79.107	185.244.25.96	1.172.190.54