138.201.6.249 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: unknown

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.201.63.8	attack	Automatic report - XMLRPC Attack	2020-04-26 02:13:46
138.201.60.47	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54110087ca66d72d \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: DE \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: skk.moe \| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208 \| CF_DC: FRA. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:08:59
138.201.64.18	attack	138.201.64.18 - - [12/Oct/2019:18:20:32 +0000] "GET / HTTP/1.1" 403 153 "-" "Mozilla/5.0 zgrab/0.x"	2019-10-13 03:30:02

Type

Details

Datetime

138.201.63.8

attack

Automatic report - XMLRPC Attack

2020-04-26 02:13:46

138.201.60.47

attack

The IP has triggered Cloudflare WAF. CF-Ray: 54110087ca66d72d | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: DE | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: skk.moe | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208 | CF_DC: FRA. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 04:08:59

138.201.64.18

attack

138.201.64.18 - - [12/Oct/2019:18:20:32 +0000] "GET / HTTP/1.1" 403 153 "-" "Mozilla/5.0 zgrab/0.x"

2019-10-13 03:30:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.201.6.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51002
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.201.6.249.			IN	A

;; AUTHORITY SECTION:
.			599	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030803 1800 900 604800 86400

;; Query time: 74 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 09 07:39:14 CST 2022
;; MSG SIZE  rcvd: 106

Host info

249.6.201.138.in-addr.arpa domain name pointer static.249.6.201.138.clients.your-server.de.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
249.6.201.138.in-addr.arpa	name = static.249.6.201.138.clients.your-server.de.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
198.108.67.62	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 02:45:29
112.74.243.157	attackspam	Oct 14 19:42:57 elenin sshd[3424]: User r.r from 112.74.243.157 not allowed because not listed in AllowUsers Oct 14 19:42:57 elenin sshd[3424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.74.243.157 user=r.r Oct 14 19:42:59 elenin sshd[3424]: Failed password for invalid user r.r from 112.74.243.157 port 48914 ssh2 Oct 14 19:42:59 elenin sshd[3424]: Received disconnect from 112.74.243.157: 11: Bye Bye [preauth] Oct 14 19:55:33 elenin sshd[3516]: Invalid user adduci from 112.74.243.157 Oct 14 19:55:33 elenin sshd[3516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.74.243.157 Oct 14 19:55:35 elenin sshd[3516]: Failed password for invalid user adduci from 112.74.243.157 port 46208 ssh2 Oct 14 19:55:35 elenin sshd[3516]: Received disconnect from 112.74.243.157: 11: Bye Bye [preauth] Oct 14 20:00:04 elenin sshd[3529]: Invalid user test123 from 112.74.243.157 Oct 14 20:00:04 elenin........ -------------------------------	2019-10-17 02:53:54
198.108.67.78	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 4734 proto: TCP cat: Misc Attack	2019-10-17 02:47:24
80.211.132.145	attackbotsspam	$f2bV_matches	2019-10-17 02:48:33
198.108.67.84	attackspam	10/16/2019-08:42:46.724153 198.108.67.84 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-17 02:50:29
58.144.150.232	attack	Oct 16 15:34:11 localhost sshd\[32724\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.144.150.232 user=root Oct 16 15:34:13 localhost sshd\[32724\]: Failed password for root from 58.144.150.232 port 39488 ssh2 Oct 16 15:39:55 localhost sshd\[944\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.144.150.232 user=root	2019-10-17 03:07:36
201.69.247.69	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 03:18:56
171.221.226.23	attack	Brute force attempt	2019-10-17 03:11:13
201.142.254.179	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 03:16:39
39.188.104.67	attackbots	60 probes for contact details	2019-10-17 02:54:17
198.108.67.94	attack	Portscan or hack attempt detected by psad/fwsnort	2019-10-17 02:58:28
200.155.7.246	attackspam	SMB Server BruteForce Attack	2019-10-17 03:22:28
200.38.73.240	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 03:12:05
198.27.108.202	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 03:04:07
202.163.87.253	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 03:21:24

Recently Reported IPs

138.201.63.1	138.201.61.106	138.201.62.45	138.201.62.8
118.175.228.125	138.201.63.105	138.201.63.123	138.201.63.93
118.175.228.126	138.201.65.123	138.201.63.139	138.201.65.226
138.201.65.124	138.201.65.48	138.201.65.81	138.201.65.141
138.201.65.253	138.201.65.93	138.201.66.143	138.201.66.185