202.138.242.47

Basic Info

City: Cimahi

Region: West Java

Country: Indonesia

Internet Service Provider: PT Melvar Lintasnusa

Hostname: unknown

Organization: Melsa-i-net AS

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized SSH connection attempt	2019-11-08 21:20:11

Comments on same subnet:

IP	Type	Details	Datetime
202.138.242.111	attack	Telnetd brute force attack detected by fail2ban	2020-06-01 07:18:38
202.138.242.37	attack	1588363984 - 05/01/2020 22:13:04 Host: 202.138.242.37/202.138.242.37 Port: 445 TCP Blocked	2020-05-02 06:50:18
202.138.242.21	attack	2020-04-05T02:01:49.009163struts4.enskede.local sshd\[27803\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.21 user=root 2020-04-05T02:01:51.378143struts4.enskede.local sshd\[27803\]: Failed password for root from 202.138.242.21 port 39604 ssh2 2020-04-05T02:04:48.606620struts4.enskede.local sshd\[27872\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.21 user=root 2020-04-05T02:04:51.540384struts4.enskede.local sshd\[27872\]: Failed password for root from 202.138.242.21 port 51584 ssh2 2020-04-05T02:06:27.282474struts4.enskede.local sshd\[27914\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.21 user=root ...	2020-04-05 08:23:26
202.138.242.22	attackbots	IP: 202.138.242.22 ASN: AS9657 Melsa-i-net AS Port: Simple Mail Transfer 25 Found in one or more Blacklists Date: 12/10/2019 6:06:23 AM UTC	2019-10-12 19:27:31
202.138.242.22	attackspam	proto=tcp . spt=55919 . dpt=25 . (Found on Blocklist de Oct 03) (497)	2019-10-05 02:03:34
202.138.242.101	attack	postfix (unknown user, SPF fail or relay access denied)	2019-10-02 07:18:29
202.138.242.6	attackspambots	Mail sent to address hacked/leaked from atari.st	2019-09-16 01:53:53
202.138.242.121	attackbots	Aug 22 22:27:14 dedicated sshd[10267]: Invalid user rso from 202.138.242.121 port 44700	2019-08-23 09:45:45
202.138.242.121	attack	Aug 18 14:14:56 XXX sshd[12187]: Invalid user testphp from 202.138.242.121 port 35348	2019-08-19 02:23:21
202.138.242.121	attackspambots	Aug 15 02:09:59 web9 sshd\[26350\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.121 user=mysql Aug 15 02:10:00 web9 sshd\[26350\]: Failed password for mysql from 202.138.242.121 port 43046 ssh2 Aug 15 02:15:44 web9 sshd\[27399\]: Invalid user omsagent from 202.138.242.121 Aug 15 02:15:44 web9 sshd\[27399\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.121 Aug 15 02:15:46 web9 sshd\[27399\]: Failed password for invalid user omsagent from 202.138.242.121 port 36398 ssh2	2019-08-15 20:22:52
202.138.242.121	attackspam	$f2bV_matches	2019-08-14 18:07:42
202.138.242.6	attack	Unauthorized connection attempt from IP address 202.138.242.6 on Port 25(SMTP)	2019-08-12 10:43:30
202.138.242.121	attackbots	2019-07-15T08:23:28.942435lon01.zurich-datacenter.net sshd\[22264\]: Invalid user odbc from 202.138.242.121 port 46070 2019-07-15T08:23:28.946718lon01.zurich-datacenter.net sshd\[22264\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.121 2019-07-15T08:23:30.935706lon01.zurich-datacenter.net sshd\[22264\]: Failed password for invalid user odbc from 202.138.242.121 port 46070 ssh2 2019-07-15T08:29:17.459106lon01.zurich-datacenter.net sshd\[22360\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.242.121 user=root 2019-07-15T08:29:19.693844lon01.zurich-datacenter.net sshd\[22360\]: Failed password for root from 202.138.242.121 port 45104 ssh2 ...	2019-07-15 15:06:34
202.138.242.121	attackspam	2019-07-13T16:49:51.179215abusebot-4.cloudsearch.cf sshd\[9858\]: Invalid user oracle from 202.138.242.121 port 44994	2019-07-14 01:06:26

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.138.242.47
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61367
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;202.138.242.47.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041201 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Apr 13 07:52:45 +08 2019
;; MSG SIZE  rcvd: 118

Host info

Host 47.242.138.202.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 47.242.138.202.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
223.72.94.140	attack	Unauthorized connection attempt detected from IP address 223.72.94.140 to port 3389	2019-12-31 22:37:13
202.10.79.181	attackspam	Unauthorized connection attempt detected from IP address 202.10.79.181 to port 1433	2019-12-31 22:38:38
60.170.10.219	attackspambots	Unauthorized connection attempt detected from IP address 60.170.10.219 to port 23	2019-12-31 22:29:48
81.192.44.66	proxy	www.iam.ma	2019-12-31 22:40:41
192.3.4.106	attackbotsspam	(From eric@talkwithcustomer.com) Hello naturalhealthdcs.com, People ask, “why does TalkWithCustomer work so well?” It’s simple. TalkWithCustomer enables you to connect with a prospective customer at EXACTLY the Perfect Time. - NOT one week, two weeks, three weeks after they’ve checked out your website naturalhealthdcs.com. - NOT with a form letter style email that looks like it was written by a bot. - NOT with a robocall that could come at any time out of the blue. TalkWithCustomer connects you to that person within seconds of THEM asking to hear from YOU. They kick off the conversation. They take that first step. They ask to hear from you regarding what you have to offer and how it can make their life better. And it happens almost immediately. In real time. While they’re still looking over your website naturalhealthdcs.com, trying to make up their mind whether you are right for them. When you connect with them at that very moment it’s the ultimate in Perfect Timing – as one f	2019-12-31 22:58:20
120.244.115.148	attackbots	Unauthorized connection attempt detected from IP address 120.244.115.148 to port 3389	2019-12-31 22:47:42
120.244.116.163	attack	Unauthorized connection attempt detected from IP address 120.244.116.163 to port 3389	2019-12-31 22:46:22
118.69.54.75	attackspam	Unauthorized connection attempt detected from IP address 118.69.54.75 to port 445	2019-12-31 22:51:28
60.168.96.141	attack	Unauthorized connection attempt detected from IP address 60.168.96.141 to port 23	2019-12-31 22:30:22
139.201.37.4	attack	Unauthorized connection attempt detected from IP address 139.201.37.4 to port 1433	2019-12-31 22:42:08
193.169.118.13	attackbotsspam	Unauthorised access (Dec 31) SRC=193.169.118.13 LEN=40 TTL=239 ID=7289 TCP DPT=1433 WINDOW=1024 SYN	2019-12-31 23:07:52
222.186.190.2	attack	Dec 31 15:54:11 sd-53420 sshd\[13450\]: User root from 222.186.190.2 not allowed because none of user's groups are listed in AllowGroups Dec 31 15:54:12 sd-53420 sshd\[13450\]: Failed none for invalid user root from 222.186.190.2 port 15266 ssh2 Dec 31 15:54:12 sd-53420 sshd\[13450\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.190.2 user=root Dec 31 15:54:14 sd-53420 sshd\[13450\]: Failed password for invalid user root from 222.186.190.2 port 15266 ssh2 Dec 31 15:54:25 sd-53420 sshd\[13450\]: Failed password for invalid user root from 222.186.190.2 port 15266 ssh2 ...	2019-12-31 22:59:59
58.216.184.242	attack	Unauthorized connection attempt detected from IP address 58.216.184.242 to port 1433	2019-12-31 22:31:57
129.28.193.220	attackspam	Dec 31 15:54:13 lnxded64 sshd[8833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.193.220 Dec 31 15:54:13 lnxded64 sshd[8833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.193.220	2019-12-31 23:09:53
110.137.101.3	attack	Unauthorized connection attempt detected from IP address 110.137.101.3 to port 445	2019-12-31 22:55:10

Recently Reported IPs

178.128.59.14	167.99.174.121	45.77.174.37	37.220.177.25
162.243.125.84	5.140.243.247	202.166.44.205	94.191.28.158
68.183.230.71	167.99.8.158	191.252.224.86	164.163.145.20
95.102.142.163	49.76.205.97	81.9.230.126	177.206.87.206
91.225.163.191	58.242.82.5	87.228.190.114	185.222.209.66