94.180.25.139 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: JSC ER-Telecom Holding

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Port probing on unauthorized port 23	2020-10-06 06:26:51
attackbotsspam	Port probing on unauthorized port 23	2020-10-05 22:33:51
attack	Port scan denied	2020-10-05 14:28:29

Comments on same subnet:

IP	Type	Details	Datetime
94.180.25.152	attackbots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-10-07 00:42:34
94.180.25.152	attack	TCP (SYN) 94.180.25.152:52445 -> port 23, len 40	2020-10-06 16:33:38
94.180.25.15	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-05 07:22:42
94.180.25.213	attackspambots	firewall-block, port(s): 23/tcp	2020-10-05 06:28:25
94.180.25.15	attackspam	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-04 23:36:23
94.180.25.213	attack	firewall-block, port(s): 23/tcp	2020-10-04 22:29:50
94.180.25.15	attackbots	23/tcp [2020-10-03]1pkt	2020-10-04 15:20:14
94.180.25.213	attackbotsspam	firewall-block, port(s): 23/tcp	2020-10-04 14:15:43
94.180.25.5	attack	" "	2020-10-04 03:34:14
94.180.25.152	attackspam	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-04 03:25:39
94.180.25.5	attackspam	" "	2020-10-03 19:32:03
94.180.25.152	attackbotsspam	Telnet/23 MH Probe, Scan, BF, Hack -	2020-10-03 19:20:48
94.180.250.158	attackspambots	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-06-21 06:43:31
94.180.250.158	attackspambots	[18/Feb/2020:11:13:35 -0500] - [18/Feb/2020:11:13:37 -0500] Think php probe script	2020-02-20 01:34:43
94.180.250.158	attackbotsspam	Unauthorized connection attempt detected from IP address 94.180.250.158 to port 8088 [J]	2020-01-06 05:39:40

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.180.25.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44382
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.180.25.139.			IN	A

;; AUTHORITY SECTION:
.			410	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020100500 1800 900 604800 86400

;; Query time: 63 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Oct 05 14:28:21 CST 2020
;; MSG SIZE  rcvd: 117

Host info

139.25.180.94.in-addr.arpa domain name pointer dynamicip-94-180-25-139.pppoe.nsk.ertelecom.ru.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
139.25.180.94.in-addr.arpa	name = dynamicip-94-180-25-139.pppoe.nsk.ertelecom.ru.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
193.169.252.140	attack	Jul 7 06:28:40 mail postfix/smtpd\[32565\]: warning: unknown\[193.169.252.140\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Jul 7 06:46:42 mail postfix/smtpd\[741\]: warning: unknown\[193.169.252.140\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Jul 7 07:04:43 mail postfix/smtpd\[1025\]: warning: unknown\[193.169.252.140\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Jul 7 07:40:56 mail postfix/smtpd\[1805\]: warning: unknown\[193.169.252.140\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\	2019-07-07 14:54:24
45.76.175.175	attackspam	[SunJul0705:51:24.4961952019][:error][pid20580:tid47152576050944][client45.76.175.175:51888][client45.76.175.175]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"391"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"foreveryoungonline.ch"][uri"/wp-content/plugins/sirv/sirv/readme.txt"][unique_id"XSFsPGBwXJFKeduN9LHUrAAAAEA"][SunJul0705:51:29.4332952019][:error][pid20579:tid47152586557184][client45.76.175.175:58130][client45.76.175.175]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"391"][id"397989"][rev"1"][msg"Ato	2019-07-07 14:48:17
27.214.107.175	attackspam	Telnet Server BruteForce Attack	2019-07-07 14:50:34
31.214.144.16	attackspam	Jul 7 08:06:54 s64-1 sshd[29893]: Failed password for root from 31.214.144.16 port 52128 ssh2 Jul 7 08:11:34 s64-1 sshd[29946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.214.144.16 Jul 7 08:11:37 s64-1 sshd[29946]: Failed password for invalid user lee from 31.214.144.16 port 49808 ssh2 ...	2019-07-07 14:35:44
2a02:a445:72af:1:b3f5:67b1:be76:17a4	attackbots	Wordpress attack	2019-07-07 14:40:13
222.233.53.132	attack	Jul 6 23:59:12 server sshd\[26020\]: Invalid user rachid from 222.233.53.132 Jul 6 23:59:12 server sshd\[26020\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.233.53.132 Jul 6 23:59:13 server sshd\[26020\]: Failed password for invalid user rachid from 222.233.53.132 port 38308 ssh2 ...	2019-07-07 14:34:08
23.247.2.43	attackbotsspam	Attempted to connect 2 times to port 389 UDP	2019-07-07 14:23:34
191.53.198.59	attackspam	failed_logins	2019-07-07 15:09:34
190.143.39.211	attack	Jul 7 05:51:49 www sshd\[3327\]: Invalid user fa from 190.143.39.211 port 59266 ...	2019-07-07 14:37:54
41.72.219.102	attackspambots	Jul 7 06:52:21 srv-4 sshd\[4487\]: Invalid user cola from 41.72.219.102 Jul 7 06:52:21 srv-4 sshd\[4487\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.72.219.102 Jul 7 06:52:23 srv-4 sshd\[4487\]: Failed password for invalid user cola from 41.72.219.102 port 34684 ssh2 ...	2019-07-07 14:21:16
5.133.66.221	attack	Postfix DNSBL listed. Trying to send SPAM.	2019-07-07 14:38:49
177.130.137.11	attackspam	SMTP-sasl brute force ...	2019-07-07 14:37:20
129.150.112.159	attackbotsspam	Triggered by Fail2Ban	2019-07-07 15:08:08
154.120.242.70	attackspam	Jul 7 05:50:37 ns3367391 sshd\[8026\]: Invalid user musikbot from 154.120.242.70 port 54518 Jul 7 05:50:37 ns3367391 sshd\[8026\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.120.242.70 ...	2019-07-07 15:17:42
78.128.113.66	attack	Jul 7 09:01:12 mail postfix/smtpd\[18574\]: warning: unknown\[78.128.113.66\]: SASL PLAIN authentication failed: Jul 7 09:01:21 mail postfix/smtpd\[21531\]: warning: unknown\[78.128.113.66\]: SASL PLAIN authentication failed: Jul 7 09:01:37 mail postfix/smtpd\[18574\]: warning: unknown\[78.128.113.66\]: SASL PLAIN authentication failed:	2019-07-07 15:10:32

Recently Reported IPs

20.83.167.38	182.112.50.135	139.59.102.170	129.213.25.213
201.159.114.203	177.155.139.16	220.86.37.149	78.36.191.108
82.64.118.56	178.164.190.69	140.5.14.169	112.35.149.86
37.145.106.184	194.5.176.47	172.93.45.222	154.126.36.108
35.142.163.228	111.240.120.49	43.226.150.51	138.99.188.144