138.197.13.249

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.197.136.163	attack	Bruteforce detected by fail2ban	2020-09-30 03:10:28
138.197.136.163	attack	Invalid user oracle from 138.197.136.163 port 37458	2020-09-29 19:14:00
138.197.135.102	attackspambots	138.197.135.102 - - [19/Sep/2020:07:11:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-20 03:49:48
138.197.135.102	attack	138.197.135.102 - - [19/Sep/2020:07:11:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-19 19:55:09
138.197.137.225	attack	138.197.137.225 - - [11/Sep/2020:18:52:58 +0200] "HEAD / HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36"	2020-09-13 00:18:48
138.197.137.225	attackbotsspam	138.197.137.225 - - [11/Sep/2020:18:52:58 +0200] "HEAD / HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36"	2020-09-12 16:17:14
138.197.135.102	attack	138.197.135.102 - - [10/Sep/2020:21:13:11 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-11 03:27:35
138.197.131.66	attackbotsspam	138.197.131.66 - - [10/Sep/2020:16:34:59 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-11 01:12:33
138.197.135.102	attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-10 18:58:01
138.197.131.66	attack	138.197.131.66 - - [10/Sep/2020:09:37:17 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:09:40:59 +0200] "POST /xmlrpc.php HTTP/1.1" 403 13510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 16:32:12
138.197.131.66	attack	Automatic report - XMLRPC Attack	2020-09-10 07:09:41
138.197.131.66	attackspambots	Automatic report - XMLRPC Attack	2020-09-08 06:26:08
138.197.135.102	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-08 00:12:36
138.197.135.102	attackbotsspam	Brute forcing Wordpress login	2020-09-07 08:07:25
138.197.130.138	attackspambots	Sep 4 13:08:14 sigma sshd\[10630\]: Failed password for root from 138.197.130.138 port 42912 ssh2Sep 4 13:16:52 sigma sshd\[11175\]: Invalid user cactiuser from 138.197.130.138 ...	2020-09-04 23:16:07

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.13.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 867
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.197.13.249.			IN	A

;; AUTHORITY SECTION:
.			180	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020702 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 08 15:05:21 CST 2022
;; MSG SIZE  rcvd: 107

Host info

249.13.197.138.in-addr.arpa domain name pointer elisha.3330008888.hob.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
249.13.197.138.in-addr.arpa	name = elisha.3330008888.hob.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
190.182.179.1	attackspam	Dec 5 07:25:10 [munged] sshd[30604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.182.179.1	2019-12-05 21:17:31
122.170.119.144	attack	port scan and connect, tcp 1433 (ms-sql-s)	2019-12-05 21:14:52
193.77.154.238	attackspambots	ssh failed login	2019-12-05 21:01:35
206.81.8.14	attackspambots	Dec 5 02:42:23 php1 sshd\[30791\]: Invalid user lipscomb from 206.81.8.14 Dec 5 02:42:23 php1 sshd\[30791\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.8.14 Dec 5 02:42:26 php1 sshd\[30791\]: Failed password for invalid user lipscomb from 206.81.8.14 port 36578 ssh2 Dec 5 02:48:18 php1 sshd\[32141\]: Invalid user wy from 206.81.8.14 Dec 5 02:48:18 php1 sshd\[32141\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.8.14	2019-12-05 20:58:50
68.183.84.15	attack	2019-12-05T09:07:11.136277abusebot-5.cloudsearch.cf sshd\[8078\]: Invalid user qw123e from 68.183.84.15 port 34224	2019-12-05 21:18:18
36.90.156.31	attackbots	Automatic report - XMLRPC Attack	2019-12-05 21:22:37
195.228.231.150	attack	$f2bV_matches	2019-12-05 21:11:02
145.239.87.109	attackspambots	$f2bV_matches	2019-12-05 21:12:12
111.231.59.116	attack	Dec 5 13:15:32 srv01 sshd[31885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.59.116 user=root Dec 5 13:15:34 srv01 sshd[31885]: Failed password for root from 111.231.59.116 port 48444 ssh2 Dec 5 13:23:22 srv01 sshd[32509]: Invalid user test from 111.231.59.116 port 50054 Dec 5 13:23:22 srv01 sshd[32509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.59.116 Dec 5 13:23:22 srv01 sshd[32509]: Invalid user test from 111.231.59.116 port 50054 Dec 5 13:23:24 srv01 sshd[32509]: Failed password for invalid user test from 111.231.59.116 port 50054 ssh2 ...	2019-12-05 21:12:53
181.98.82.254	attackbots	Automatic report - Port Scan Attack	2019-12-05 21:17:55
123.123.219.61	attackbotsspam	WordPress XMLRPC scan :: 123.123.219.61 116.172 - [05/Dec/2019:06:21:43 0000] www.[censored_1] "GET /xmlrpc.php HTTP/1.1" 499 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" "HTTP/1.1"	2019-12-05 21:21:06
216.99.159.227	attack	Host Scan	2019-12-05 21:21:36
92.63.194.148	attackbots	12/05/2019-07:18:04.488658 92.63.194.148 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-05 20:52:27
182.74.190.198	attackbots	Dec 5 16:19:33 webhost01 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.74.190.198 Dec 5 16:19:35 webhost01 sshd[20052]: Failed password for invalid user ngeow from 182.74.190.198 port 53608 ssh2 ...	2019-12-05 20:52:40
159.203.201.110	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-05 21:05:00

Recently Reported IPs

138.197.181.30	138.197.155.221	138.197.103.140	138.197.186.203
138.197.183.14	138.197.68.48	138.201.11.122	138.201.202.58
138.197.8.78	138.197.77.15	138.201.88.1	138.204.78.248
138.207.154.32	138.255.240.36	138.68.148.111	138.68.188.19
138.68.10.135	138.68.240.114	138.68.44.149	138.68.143.242