138.185.166.252

Basic Info

City: unknown

Region: unknown

Country: unknown

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.185.166.218	attack	spam	2020-04-15 16:02:51
138.185.166.133	attackspam	email spam	2020-03-01 19:46:06
138.185.166.254	attack	Sending SPAM email	2020-02-06 23:44:58
138.185.166.173	attackbotsspam	spam	2020-01-22 16:23:34
138.185.166.136	attackbots	Absender hat Spam-Falle ausgel?st	2019-12-19 16:15:01
138.185.166.194	attackspam	Brute force attempt	2019-08-15 05:13:26
138.185.166.166	attackspambots	Lines containing failures of 138.185.166.166 Jul 27 03:25:46 omfg postfix/smtpd[27121]: connect from unknown[138.185.166.166] Jul x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=138.185.166.166	2019-07-29 08:50:12
138.185.166.149	attackspam	Jul 17 15:34:24 h2421860 postfix/postscreen[29334]: CONNECT from [138.185.166.149]:57743 to [85.214.119.52]:25 Jul 17 15:34:24 h2421860 postfix/dnsblog[29337]: addr 138.185.166.149 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Jul 17 15:34:24 h2421860 postfix/dnsblog[29338]: addr 138.185.166.149 listed by domain bl.spamcop.net as 127.0.0.2 Jul 17 15:34:24 h2421860 postfix/dnsblog[29338]: addr 138.185.166.149 listed by domain zen.spamhaus.org as 127.0.0.4 Jul 17 15:34:24 h2421860 postfix/dnsblog[29338]: addr 138.185.166.149 listed by domain zen.spamhaus.org as 127.0.0.3 Jul 17 15:34:24 h2421860 postfix/dnsblog[29342]: addr 138.185.166.149 listed by domain Unknown.trblspam.com as 185.53.179.7 Jul 17 15:34:24 h2421860 postfix/dnsblog[29339]: addr 138.185.166.149 listed by domain b.barracudacentral.org as 127.0.0.2 Jul 17 15:34:24 h2421860 postfix/dnsblog[29338]: addr 138.185.166.149 listed by domain dnsbl.sorbs.net as 127.0.0.6 Jul 17 15:34:24 h2421860 postfix/postscre........ -------------------------------	2019-07-18 18:23:59
138.185.166.194	attack	Jul 10 20:09:44 mxgate1 postfix/postscreen[26117]: CONNECT from [138.185.166.194]:49880 to [176.31.12.44]:25 Jul 10 20:09:44 mxgate1 postfix/dnsblog[26118]: addr 138.185.166.194 listed by domain zen.spamhaus.org as 127.0.0.4 Jul 10 20:09:44 mxgate1 postfix/dnsblog[26118]: addr 138.185.166.194 listed by domain zen.spamhaus.org as 127.0.0.3 Jul 10 20:09:44 mxgate1 postfix/dnsblog[26122]: addr 138.185.166.194 listed by domain cbl.abuseat.org as 127.0.0.2 Jul 10 20:09:44 mxgate1 postfix/dnsblog[26119]: addr 138.185.166.194 listed by domain bl.spamcop.net as 127.0.0.2 Jul 10 20:09:44 mxgate1 postfix/dnsblog[26121]: addr 138.185.166.194 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Jul 10 20:09:45 mxgate1 postfix/dnsblog[26166]: addr 138.185.166.194 listed by domain b.barracudacentral.org as 127.0.0.2 Jul 10 20:09:45 mxgate1 postfix/postscreen[26117]: PREGREET 38 after 0.53 from [138.185.166.194]:49880: EHLO ip138-185-166-194.netjat.com.br Jul 10 20:09:45 mxgate1 postfix........ -------------------------------	2019-07-11 18:27:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.185.166.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43150
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.185.166.252.		IN	A

;; AUTHORITY SECTION:
.			171	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030803 1800 900 604800 86400

;; Query time: 69 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 09 07:30:13 CST 2022
;; MSG SIZE  rcvd: 108

Host info

252.166.185.138.in-addr.arpa domain name pointer ip138-185-166-252.netjat.com.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
252.166.185.138.in-addr.arpa	name = ip138-185-166-252.netjat.com.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
68.183.57.66	attackspam	WordPress (CMS) attack attempts. Date: 2020 Jul 24. 07:28:43 Source IP: 68.183.57.66 Portion of the log(s): 68.183.57.66 - [24/Jul/2020:07:28:40 +0200] "GET /wp-login.php HTTP/1.1" 200 1962 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 68.183.57.66 - [24/Jul/2020:07:28:41 +0200] "POST /wp-login.php HTTP/1.1" 200 2414 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 68.183.57.66 - [24/Jul/2020:07:28:41 +0200] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-24 20:21:11
92.252.184.143	attack	IP 92.252.184.143 attacked honeypot on port: 3433 at 7/23/2020 10:15:26 PM	2020-07-24 19:36:44
111.202.211.10	attackspam	$f2bV_matches	2020-07-24 20:20:50
183.89.8.122	attack	Unauthorized connection attempt from IP address 183.89.8.122 on Port 445(SMB)	2020-07-24 20:00:59
220.123.241.30	attack	Invalid user gao from 220.123.241.30 port 50627	2020-07-24 20:07:58
189.148.181.236	attackbots	Unauthorized connection attempt from IP address 189.148.181.236 on Port 445(SMB)	2020-07-24 20:26:17
113.168.75.62	attackbotsspam	Unauthorized connection attempt from IP address 113.168.75.62 on Port 445(SMB)	2020-07-24 19:43:32
159.203.98.228	attackspambots	159.203.98.228 - - \[24/Jul/2020:11:57:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 5997 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 159.203.98.228 - - \[24/Jul/2020:11:57:29 +0200\] "POST /wp-login.php HTTP/1.0" 200 5825 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 159.203.98.228 - - \[24/Jul/2020:11:57:30 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 904 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-07-24 19:49:53
98.197.85.90	attackspambots	2020-07-24T07:15:20.812154vps751288.ovh.net sshd\[8248\]: Invalid user admin from 98.197.85.90 port 60658 2020-07-24T07:15:20.966865vps751288.ovh.net sshd\[8248\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-98-197-85-90.hsd1.tx.comcast.net 2020-07-24T07:15:24.000743vps751288.ovh.net sshd\[8248\]: Failed password for invalid user admin from 98.197.85.90 port 60658 ssh2 2020-07-24T07:15:25.403556vps751288.ovh.net sshd\[8252\]: Invalid user admin from 98.197.85.90 port 60843 2020-07-24T07:15:25.598548vps751288.ovh.net sshd\[8252\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-98-197-85-90.hsd1.tx.comcast.net	2020-07-24 20:26:52
178.32.219.66	attackspam	Invalid user user from 178.32.219.66 port 60102	2020-07-24 19:37:38
125.24.72.17	attackbots	Unauthorized connection attempt from IP address 125.24.72.17 on Port 445(SMB)	2020-07-24 19:38:36
77.43.245.4	attackbotsspam	Automatic report - Port Scan Attack	2020-07-24 19:37:17
46.52.186.108	attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-07-24 20:13:49
195.54.160.228	attackspambots	Port scan: Attack repeated for 24 hours	2020-07-24 20:05:14
180.244.244.43	attack	Unauthorized connection attempt from IP address 180.244.244.43 on Port 445(SMB)	2020-07-24 20:15:48

Recently Reported IPs

138.185.166.91	138.185.167.134	138.185.167.125	118.175.169.28
138.185.167.175	138.185.167.249	138.185.167.142	138.185.167.141
138.185.167.44	138.185.167.209	138.185.167.33	138.185.167.28
138.185.167.46	138.185.167.58	118.175.169.32	138.185.167.66
138.185.17.199	138.185.167.84	138.185.172.138	138.185.173.128