202.149.89.70 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT. Satata Neka Tama

Hostname: unknown

Organization: Jl. Raya Pasar Minggu no 99D

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	445/tcp 445/tcp 445/tcp... [2019-04-28/06-26]7pkt,1pt.(tcp)	2019-06-27 00:10:28

Comments on same subnet:

IP	Type	Details	Datetime
202.149.89.84	attack	$f2bV_matches	2020-06-07 21:29:50
202.149.89.84	attack	May 29 07:39:43 tuxlinux sshd[56748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 user=root May 29 07:39:45 tuxlinux sshd[56748]: Failed password for root from 202.149.89.84 port 37739 ssh2 May 29 07:39:43 tuxlinux sshd[56748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 user=root May 29 07:39:45 tuxlinux sshd[56748]: Failed password for root from 202.149.89.84 port 37739 ssh2 May 29 07:50:12 tuxlinux sshd[56982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 user=root ...	2020-05-29 14:39:28
202.149.89.84	attackbotsspam	SSH login attempts.	2020-05-28 12:55:02
202.149.89.84	attack	May 24 14:10:40 melroy-server sshd[15746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 May 24 14:10:42 melroy-server sshd[15746]: Failed password for invalid user brayden from 202.149.89.84 port 35168 ssh2 ...	2020-05-25 01:03:35
202.149.89.84	attack	May 20 04:00:04 ny01 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 May 20 04:00:06 ny01 sshd[13073]: Failed password for invalid user par from 202.149.89.84 port 56824 ssh2 May 20 04:04:38 ny01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84	2020-05-20 19:52:56
202.149.89.84	attackbotsspam	May 20 02:10:15 server sshd[4868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 May 20 02:10:17 server sshd[4868]: Failed password for invalid user ndq from 202.149.89.84 port 42663 ssh2 May 20 02:14:11 server sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 ...	2020-05-20 08:28:25
202.149.89.84	attackspambots	$f2bV_matches	2020-05-12 00:29:38
202.149.89.84	attackbots	SSH Invalid Login	2020-05-10 06:13:38
202.149.89.84	attackspam	$f2bV_matches	2020-05-07 18:16:15
202.149.89.84	attack	May 3 22:57:00 eventyay sshd[31635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 May 3 22:57:01 eventyay sshd[31635]: Failed password for invalid user mark from 202.149.89.84 port 46843 ssh2 May 3 23:01:28 eventyay sshd[31887]: Failed password for root from 202.149.89.84 port 52483 ssh2 ...	2020-05-04 05:04:15
202.149.89.84	attackspambots	May 2 05:44:05 ip-172-31-61-156 sshd[4377]: Invalid user shyam from 202.149.89.84 May 2 05:44:07 ip-172-31-61-156 sshd[4377]: Failed password for invalid user shyam from 202.149.89.84 port 37678 ssh2 May 2 05:44:05 ip-172-31-61-156 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.149.89.84 May 2 05:44:05 ip-172-31-61-156 sshd[4377]: Invalid user shyam from 202.149.89.84 May 2 05:44:07 ip-172-31-61-156 sshd[4377]: Failed password for invalid user shyam from 202.149.89.84 port 37678 ssh2 ...	2020-05-02 14:40:46
202.149.89.84	attack	Invalid user loya from 202.149.89.84 port 43505	2020-05-01 13:25:48

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.149.89.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57932
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;202.149.89.70.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041800 1800 900 604800 86400

;; Query time: 148 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 19 01:30:27 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 70.89.149.202.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 70.89.149.202.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.27.37.223	attackspam	Mar 18 08:50:41 server sshd\[18818\]: Invalid user jmiller from 118.27.37.223 Mar 18 08:50:41 server sshd\[18818\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=v118-27-37-223.0jtl.static.cnode.io Mar 18 08:50:44 server sshd\[18818\]: Failed password for invalid user jmiller from 118.27.37.223 port 46800 ssh2 Mar 18 08:59:20 server sshd\[20558\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=v118-27-37-223.0jtl.static.cnode.io user=root Mar 18 08:59:22 server sshd\[20558\]: Failed password for root from 118.27.37.223 port 57022 ssh2 ...	2020-03-18 15:31:56
5.45.207.74	attackbotsspam	[Wed Mar 18 11:56:23.095711 2020] [:error] [pid 7194:tid 139937944954624] [client 5.45.207.74:40273] [client 5.45.207.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XnGp9yDR2vdY1fmOmBU-ZQAAADg"] ...	2020-03-18 15:28:22
185.22.142.132	attackspambots	Mar 18 07:56:46 relay dovecot: imap-login: Disconnected: Inactivity $auth failed, 1 attempts in 180 secs$: user=\, method=PLAIN, rip=185.22.142.132, lip=176.9.177.164, session=\ Mar 18 07:56:48 relay dovecot: imap-login: Disconnected: Inactivity $auth failed, 1 attempts in 180 secs$: user=\, method=PLAIN, rip=185.22.142.132, lip=176.9.177.164, session=\ Mar 18 07:57:11 relay dovecot: imap-login: Disconnected: Inactivity $auth failed, 1 attempts in 180 secs$: user=\, method=PLAIN, rip=185.22.142.132, lip=176.9.177.164, session=\ Mar 18 08:02:22 relay dovecot: imap-login: Disconnected: Inactivity $auth failed, 1 attempts in 180 secs$: user=\, method=PLAIN, rip=185.22.142.132, lip=176.9.177.164, session=\ Mar 18 08:02:24 relay dovecot: imap-login: Disconnected: Inactivity \(auth failed, 1 attempts in 180 ...	2020-03-18 15:16:57
122.202.48.251	attackspam	$f2bV_matches	2020-03-18 15:57:53
177.92.66.226	attackbots	$f2bV_matches_ltvn	2020-03-18 15:22:23
58.152.43.8	attackbots	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-03-18 15:58:46
218.92.0.210	attack	Mar 18 07:55:13 OPSO sshd\[17624\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root Mar 18 07:55:15 OPSO sshd\[17624\]: Failed password for root from 218.92.0.210 port 64928 ssh2 Mar 18 07:55:18 OPSO sshd\[17624\]: Failed password for root from 218.92.0.210 port 64928 ssh2 Mar 18 07:55:20 OPSO sshd\[17624\]: Failed password for root from 218.92.0.210 port 64928 ssh2 Mar 18 07:56:03 OPSO sshd\[17696\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root	2020-03-18 15:16:27
185.143.221.46	attackspam	firewall-block, port(s): 2121/tcp, 2224/tcp, 9693/tcp	2020-03-18 15:31:05
122.160.31.101	attackspam	Mar 17 21:10:24 mockhub sshd[32603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.160.31.101 Mar 17 21:10:26 mockhub sshd[32603]: Failed password for invalid user meteor from 122.160.31.101 port 42680 ssh2 ...	2020-03-18 15:46:34
112.217.225.59	attack	Invalid user xiaoshengchang from 112.217.225.59 port 37111	2020-03-18 15:42:58
106.12.83.146	attackspam	2020-03-18T08:16:01.510059scmdmz1 sshd[17976]: Failed password for root from 106.12.83.146 port 42770 ssh2 2020-03-18T08:18:45.760433scmdmz1 sshd[18292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.83.146 user=root 2020-03-18T08:18:47.938406scmdmz1 sshd[18292]: Failed password for root from 106.12.83.146 port 47510 ssh2 ...	2020-03-18 15:40:01
101.254.175.245	attackbotsspam	Mar 18 10:51:16 lcl-usvr-01 sshd[20962]: refused connect from 101.254.175.245 (101.254.175.245)	2020-03-18 15:38:26
134.209.228.241	attack	$f2bV_matches	2020-03-18 15:29:14
149.28.8.137	attack	CMS (WordPress or Joomla) login attempt.	2020-03-18 15:50:31
218.4.163.146	attackbotsspam	Mar 18 04:51:32 odroid64 sshd\[12635\]: User root from 218.4.163.146 not allowed because not listed in AllowUsers Mar 18 04:51:32 odroid64 sshd\[12635\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.163.146 user=root ...	2020-03-18 15:25:33

Recently Reported IPs

36.91.183.202	183.39.152.238	212.129.36.127	111.206.52.81
198.108.66.32	185.149.233.76	176.63.79.10	129.204.121.60
118.24.58.170	112.245.40.76	78.171.98.199	74.208.253.231
70.24.191.57	69.136.137.30	39.37.185.112	189.206.136.85
78.142.209.30	163.172.17.51	180.109.32.71	175.158.201.32