138.246.253.21

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: Ludwig-Maximilians-Universitaet Muenchen

Hostname: unknown

Organization: unknown

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Port scan on 1 port(s): 53	2020-04-08 05:41:02
attack	Port scan on 1 port(s): 53	2020-03-31 23:58:37
attack	Port scan on 1 port(s): 53	2020-02-13 23:20:48
attack	Port scan on 1 port(s): 53	2020-01-20 15:52:05
attack	Port Scan detected from 138.246.253.21 (DE/Germany/planetlab21.net.in.tum.de). 5 hits in the last 270 seconds	2019-10-16 05:00:35
attackbotsspam	Port scan on 1 port(s): 53	2019-09-07 16:08:43

Comments on same subnet:

IP	Type	Details	Datetime
138.246.253.15	attackspam	8 web app probes over 24 hour period.	2020-09-25 10:34:17
138.246.253.15	attackbots	CF RAY ID: 5ccfd7a5f8c6eda7 IP Class: unknown URI: /	2020-09-04 04:21:27
138.246.253.15	attack	Unauthorized connection attempt detected from IP address 138.246.253.15 to port 443 [T]	2020-09-03 20:03:51
138.246.253.7	attackbotsspam	TCP (SYN) 138.246.253.7:49295 -> port 53, len 40	2020-08-13 01:56:06
138.246.253.15	attackbotsspam	CF RAY ID: 5be922ac2e11d44f IP Class: unknown URI: /	2020-08-06 23:50:03
138.246.253.15	attackspambots	Unauthorized connection attempt detected from IP address 138.246.253.15 to port 443	2020-06-24 00:44:02
138.246.253.15	attackspambots	138.246.253.15 - - [14/Apr/2020:15:20:12 +0200] "HEAD / HTTP/1.1" 400 3592 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36"	2020-04-14 23:19:21
138.246.253.5	attackspam	From CCTV User Interface Log ...::ffff:138.246.253.5 - - [20/Mar/2020:09:06:43 +0000] "-" 400 179 ...	2020-03-21 04:04:27
138.246.253.15	attackbotsspam	port scan and connect, tcp 443 (https)	2020-03-05 15:32:29
138.246.253.5	attack	138.246.253.5 - - [23/Feb/2020:12:13:07 -0500] "HEAD / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36"	2020-02-24 05:41:47
138.246.253.10	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-19 22:38:30
138.246.253.5	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 54172b9bff56c29f \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: DE \| CF_IPClass: unknown \| Protocol: HTTP/1.1 \| Method: HEAD \| Host: d.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36 \| CF_DC: FRA. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:48:13
138.246.253.5	attackspam	Open Proxy "PROMETHEUS" Node.	2019-11-04 18:34:33
138.246.253.5	attack	UTC: 2019-10-21 port: 443/tcp	2019-10-22 13:54:40
138.246.253.5	attack	firewall-block_invalid_GET_Request	2019-08-07 10:37:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.246.253.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57727
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.246.253.21.			IN	A

;; AUTHORITY SECTION:
.			2670	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090700 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 07 16:08:28 CST 2019
;; MSG SIZE  rcvd: 118

Host info

21.253.246.138.in-addr.arpa domain name pointer planetlab21.net.in.tum.de.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
21.253.246.138.in-addr.arpa	name = planetlab21.net.in.tum.de.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.38.190.237	attackspambots	51.38.190.237 - - [07/Oct/2020:06:18:52 +0100] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.38.190.237 - - [07/Oct/2020:06:18:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.38.190.237 - - [07/Oct/2020:06:18:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-07 14:09:44
106.12.69.35	attackspam	Oct 6 07:59:05 master sshd[3037]: Failed password for root from 106.12.69.35 port 34422 ssh2 Oct 6 08:03:43 master sshd[3075]: Failed password for root from 106.12.69.35 port 48944 ssh2 Oct 6 08:04:58 master sshd[3087]: Failed password for root from 106.12.69.35 port 34940 ssh2 Oct 6 08:06:15 master sshd[3091]: Failed password for root from 106.12.69.35 port 49170 ssh2 Oct 6 08:07:30 master sshd[3101]: Failed password for root from 106.12.69.35 port 35166 ssh2 Oct 6 08:08:44 master sshd[3107]: Failed password for root from 106.12.69.35 port 49390 ssh2 Oct 6 08:09:58 master sshd[3125]: Failed password for root from 106.12.69.35 port 35384 ssh2 Oct 6 08:11:14 master sshd[3135]: Failed password for root from 106.12.69.35 port 49610 ssh2 Oct 6 08:12:28 master sshd[3141]: Failed password for root from 106.12.69.35 port 35606 ssh2 Oct 6 08:13:39 master sshd[3149]: Failed password for root from 106.12.69.35 port 49828 ssh2	2020-10-07 13:51:47
200.146.196.100	attackbotsspam	Oct 6 06:21:07 lola sshd[10274]: reveeclipse mapping checking getaddrinfo for 200-146-196-100.static.ctbctelecom.com.br [200.146.196.100] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 6 06:21:07 lola sshd[10274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.146.196.100 user=r.r Oct 6 06:21:09 lola sshd[10274]: Failed password for r.r from 200.146.196.100 port 35336 ssh2 Oct 6 06:21:09 lola sshd[10274]: Received disconnect from 200.146.196.100: 11: Bye Bye [preauth] Oct 6 06:24:43 lola sshd[10351]: reveeclipse mapping checking getaddrinfo for 200-146-196-100.static.ctbctelecom.com.br [200.146.196.100] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 6 06:24:43 lola sshd[10351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.146.196.100 user=r.r Oct 6 06:24:45 lola sshd[10351]: Failed password for r.r from 200.146.196.100 port 53922 ssh2 Oct 6 06:24:45 lola sshd[10351]: Received disconn........ -------------------------------	2020-10-07 13:50:23
152.136.173.58	attackbotsspam	Oct 7 01:53:19 ovpn sshd\[787\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.173.58 user=root Oct 7 01:53:22 ovpn sshd\[787\]: Failed password for root from 152.136.173.58 port 34274 ssh2 Oct 7 01:58:24 ovpn sshd\[2050\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.173.58 user=root Oct 7 01:58:27 ovpn sshd\[2050\]: Failed password for root from 152.136.173.58 port 59568 ssh2 Oct 7 02:02:31 ovpn sshd\[3125\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.173.58 user=root	2020-10-07 13:49:38
61.2.179.152	attack	TCP (SYN) 61.2.179.152:42910 -> port 23, len 40	2020-10-07 13:38:22
206.248.17.106	attack	20/10/6@16:44:09: FAIL: Alarm-Network address from=206.248.17.106 20/10/6@16:44:09: FAIL: Alarm-Network address from=206.248.17.106 ...	2020-10-07 13:45:52
172.81.239.224	attackbotsspam	Oct 7 04:21:06 ip-172-31-61-156 sshd[10782]: Failed password for root from 172.81.239.224 port 48922 ssh2 Oct 7 04:22:21 ip-172-31-61-156 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.81.239.224 user=root Oct 7 04:22:23 ip-172-31-61-156 sshd[10816]: Failed password for root from 172.81.239.224 port 35514 ssh2 Oct 7 04:23:32 ip-172-31-61-156 sshd[10854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.81.239.224 user=root Oct 7 04:23:34 ip-172-31-61-156 sshd[10854]: Failed password for root from 172.81.239.224 port 50338 ssh2 ...	2020-10-07 13:36:28
159.203.66.114	attack	SSH login attempts.	2020-10-07 13:53:20
112.237.139.212	attackbots	TCP (SYN) 112.237.139.212:36494 -> port 23, len 44	2020-10-07 14:07:48
45.227.254.30	attackbots	TCP (SYN) 45.227.254.30:41439 -> port 53393, len 44	2020-10-07 13:35:41
120.71.145.189	attack	Oct 7 04:22:19 PorscheCustomer sshd[14329]: Failed password for root from 120.71.145.189 port 41177 ssh2 Oct 7 04:27:11 PorscheCustomer sshd[14423]: Failed password for root from 120.71.145.189 port 42412 ssh2 ...	2020-10-07 14:08:38
111.231.63.14	attackspambots	Oct 6 22:52:12 ip-172-31-61-156 sshd[25635]: Failed password for root from 111.231.63.14 port 49558 ssh2 Oct 6 22:55:09 ip-172-31-61-156 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.63.14 user=root Oct 6 22:55:10 ip-172-31-61-156 sshd[25730]: Failed password for root from 111.231.63.14 port 39768 ssh2 Oct 6 22:55:09 ip-172-31-61-156 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.63.14 user=root Oct 6 22:55:10 ip-172-31-61-156 sshd[25730]: Failed password for root from 111.231.63.14 port 39768 ssh2 ...	2020-10-07 13:44:23
157.55.39.175	attackspambots	Automatic report - Banned IP Access	2020-10-07 13:47:32
83.97.20.30	attackbotsspam	Icarus honeypot on github	2020-10-07 14:03:11
49.233.180.165	attackspam	Oct 7 04:16:06 IngegnereFirenze sshd[26357]: User root from 49.233.180.165 not allowed because not listed in AllowUsers ...	2020-10-07 13:59:03

Recently Reported IPs

156.55.31.119	119.249.217.124	18.208.139.207	188.31.18.15
200.10.108.22	13.243.217.46	137.221.190.213	187.189.119.122
54.183.182.161	68.170.246.58	45.80.184.109	171.43.54.12
138.68.208.199	86.121.167.53	186.233.173.124	106.61.89.178
206.134.86.75	130.109.124.188	49.83.118.97	62.210.178.165