202.134.2.17 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorized connection attempt from IP address 202.134.2.17 on Port 445(SMB)	2019-08-25 18:57:29

Comments on same subnet:

IP	Type	Details	Datetime
202.134.244.184	attack	2020-08-17T12:37:26+0000 Failed SSH Authentication/Brute Force Attack. (Server 6)	2020-08-17 23:10:04
202.134.244.184	attackspam	Aug 16 13:31:54 fwservlet sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.134.244.184 user=r.r Aug 16 13:31:56 fwservlet sshd[7410]: Failed password for r.r from 202.134.244.184 port 60186 ssh2 Aug 16 13:31:56 fwservlet sshd[7410]: Received disconnect from 202.134.244.184 port 60186:11: Bye Bye [preauth] Aug 16 13:31:56 fwservlet sshd[7410]: Disconnected from 202.134.244.184 port 60186 [preauth] Aug 16 13:45:39 fwservlet sshd[8073]: Invalid user user2 from 202.134.244.184 Aug 16 13:45:39 fwservlet sshd[8073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.134.244.184 Aug 16 13:45:40 fwservlet sshd[8073]: Failed password for invalid user user2 from 202.134.244.184 port 42006 ssh2 Aug 16 13:45:41 fwservlet sshd[8073]: Received disconnect from 202.134.244.184 port 42006:11: Bye Bye [preauth] Aug 16 13:45:41 fwservlet sshd[8073]: Disconnected from 202.134.244.184 port 42006........ -------------------------------	2020-08-16 23:25:30

Type

Details

Datetime

202.134.244.184

attack

2020-08-17T12:37:26+0000 Failed SSH Authentication/Brute Force Attack. (Server 6)

2020-08-17 23:10:04

202.134.244.184

attackspam

Aug 16 13:31:54 fwservlet sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.134.244.184  user=r.r
Aug 16 13:31:56 fwservlet sshd[7410]: Failed password for r.r from 202.134.244.184 port 60186 ssh2
Aug 16 13:31:56 fwservlet sshd[7410]: Received disconnect from 202.134.244.184 port 60186:11: Bye Bye [preauth]
Aug 16 13:31:56 fwservlet sshd[7410]: Disconnected from 202.134.244.184 port 60186 [preauth]
Aug 16 13:45:39 fwservlet sshd[8073]: Invalid user user2 from 202.134.244.184
Aug 16 13:45:39 fwservlet sshd[8073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.134.244.184
Aug 16 13:45:40 fwservlet sshd[8073]: Failed password for invalid user user2 from 202.134.244.184 port 42006 ssh2
Aug 16 13:45:41 fwservlet sshd[8073]: Received disconnect from 202.134.244.184 port 42006:11: Bye Bye [preauth]
Aug 16 13:45:41 fwservlet sshd[8073]: Disconnected from 202.134.244.184 port 42006........
-------------------------------

2020-08-16 23:25:30

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.134.2.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56305
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;202.134.2.17.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082500 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Aug 25 18:57:22 CST 2019
;; MSG SIZE  rcvd: 116

Host info

17.2.134.202.in-addr.arpa has no PTR record

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 17.2.134.202.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
62.112.11.79	attackbotsspam	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-08-24T03:22:59Z and 2020-08-24T03:52:56Z	2020-08-24 15:18:35
139.99.192.189	attack	[2020-08-24 02:08:33] NOTICE[1185] chan_sip.c: Registration from '"322"' failed for '139.99.192.189:23369' - Wrong password [2020-08-24 02:08:33] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-24T02:08:33.794-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="322",SessionID="0x7f10c4239d98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/139.99.192.189/23369",Challenge="11cf6f0a",ReceivedChallenge="11cf6f0a",ReceivedHash="265c52b28983f18d23133d93ab72aca2" [2020-08-24 02:10:46] NOTICE[1185] chan_sip.c: Registration from '"323"' failed for '139.99.192.189:33802' - Wrong password [2020-08-24 02:10:46] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-24T02:10:46.457-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="323",SessionID="0x7f10c405a408",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/139. ...	2020-08-24 14:57:28
51.178.51.36	attack	Aug 24 06:04:34 OPSO sshd\[1140\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.51.36 user=root Aug 24 06:04:36 OPSO sshd\[1140\]: Failed password for root from 51.178.51.36 port 45790 ssh2 Aug 24 06:08:29 OPSO sshd\[2366\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.51.36 user=admin Aug 24 06:08:31 OPSO sshd\[2366\]: Failed password for admin from 51.178.51.36 port 54990 ssh2 Aug 24 06:12:18 OPSO sshd\[3221\]: Invalid user bdm from 51.178.51.36 port 35962 Aug 24 06:12:18 OPSO sshd\[3221\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.51.36	2020-08-24 15:19:37
81.68.81.222	attackbotsspam	Aug 24 09:11:04 home sshd[4106115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.81.222 Aug 24 09:11:04 home sshd[4106115]: Invalid user siteadmin from 81.68.81.222 port 50904 Aug 24 09:11:06 home sshd[4106115]: Failed password for invalid user siteadmin from 81.68.81.222 port 50904 ssh2 Aug 24 09:13:58 home sshd[4106941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.81.222 user=root Aug 24 09:14:00 home sshd[4106941]: Failed password for root from 81.68.81.222 port 58276 ssh2 ...	2020-08-24 15:22:05
86.61.66.59	attackbotsspam	Aug 24 09:00:17 funkybot sshd[23130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.61.66.59 Aug 24 09:00:19 funkybot sshd[23130]: Failed password for invalid user abhijith from 86.61.66.59 port 59600 ssh2 ...	2020-08-24 15:05:03
35.193.14.0	attack	Aug 24 07:49:05 Invalid user gmodserver from 35.193.14.0 port 37994	2020-08-24 15:28:56
218.92.0.206	attack	Aug 24 09:01:49 santamaria sshd\[13212\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206 user=root Aug 24 09:01:51 santamaria sshd\[13212\]: Failed password for root from 218.92.0.206 port 35782 ssh2 Aug 24 09:04:41 santamaria sshd\[13271\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206 user=root ...	2020-08-24 15:06:19
218.22.36.135	attackbotsspam	web-1 [ssh_2] SSH Attack	2020-08-24 14:55:05
122.226.155.61	attackbotsspam	Port probing on unauthorized port 445	2020-08-24 15:25:42
178.209.110.78	attackspambots	Port Scan detected! ...	2020-08-24 15:18:19
106.13.131.132	attackbots	Aug 24 07:58:52 prod4 sshd\[9180\]: Invalid user tecmint from 106.13.131.132 Aug 24 07:58:55 prod4 sshd\[9180\]: Failed password for invalid user tecmint from 106.13.131.132 port 33278 ssh2 Aug 24 08:07:32 prod4 sshd\[13463\]: Invalid user felix from 106.13.131.132 ...	2020-08-24 15:15:06
159.65.15.86	attack	Failed password for invalid user user from 159.65.15.86 port 33914 ssh2	2020-08-24 15:25:04
213.150.206.88	attack	$f2bV_matches	2020-08-24 14:53:21
51.77.150.203	attackspambots	2020-08-24T09:14:02.998997vps751288.ovh.net sshd\[13437\]: Invalid user zs from 51.77.150.203 port 52054 2020-08-24T09:14:03.007847vps751288.ovh.net sshd\[13437\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.ip-51-77-150.eu 2020-08-24T09:14:05.025845vps751288.ovh.net sshd\[13437\]: Failed password for invalid user zs from 51.77.150.203 port 52054 ssh2 2020-08-24T09:17:35.771364vps751288.ovh.net sshd\[13476\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.ip-51-77-150.eu user=root 2020-08-24T09:17:38.224817vps751288.ovh.net sshd\[13476\]: Failed password for root from 51.77.150.203 port 58330 ssh2	2020-08-24 15:18:58
222.186.42.7	attack	24.08.2020 07:29:06 SSH access blocked by firewall	2020-08-24 15:32:06

Recently Reported IPs

222.81.247.192	164.139.173.171	17.150.102.203	120.1.64.23
144.69.138.60	4.60.182.133	100.48.243.183	176.10.215.71
223.40.228.132	192.137.185.145	73.201.54.81	244.110.145.184
80.70.101.94	174.219.82.209	115.78.72.198	217.74.164.226
142.93.213.144	27.79.181.196	220.137.41.30	14.187.254.244