138.68.1.18 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 6 06:29:21 MK-Soft-VM4 sshd\[30132\]: Invalid user qwe123 from 138.68.1.18 port 42442 Sep 6 06:29:21 MK-Soft-VM4 sshd\[30132\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.1.18 Sep 6 06:29:24 MK-Soft-VM4 sshd\[30132\]: Failed password for invalid user qwe123 from 138.68.1.18 port 42442 ssh2 ...	2019-09-06 14:45:10
attack	Automated report - ssh fail2ban: Aug 31 00:58:18 authentication failure Aug 31 00:58:20 wrong password, user=aya, port=40824, ssh2 Aug 31 01:02:36 authentication failure	2019-08-31 07:18:39
attackbotsspam	Aug 21 13:16:41 mail sshd\[5244\]: Failed password for invalid user csgoserver from 138.68.1.18 port 51732 ssh2 Aug 21 13:33:02 mail sshd\[5671\]: Invalid user ts3 from 138.68.1.18 port 60094 ...	2019-08-21 20:41:05
attackspam	Aug 20 03:37:01 ny01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.1.18 Aug 20 03:37:03 ny01 sshd[2591]: Failed password for invalid user vbox from 138.68.1.18 port 46050 ssh2 Aug 20 03:41:33 ny01 sshd[3054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.1.18	2019-08-20 15:41:44

Comments on same subnet:

IP	Type	Details	Datetime
138.68.191.85	attackproxy	Malicious IP / Malware	2024-04-26 12:55:20
138.68.100.102	attackbotsspam	Lines containing failures of 138.68.100.102 Oct 8 08:42:23 newdogma sshd[22234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.100.102 user=r.r Oct 8 08:42:25 newdogma sshd[22234]: Failed password for r.r from 138.68.100.102 port 36538 ssh2 Oct 8 08:42:26 newdogma sshd[22234]: Received disconnect from 138.68.100.102 port 36538:11: Bye Bye [preauth] Oct 8 08:42:26 newdogma sshd[22234]: Disconnected from authenticating user r.r 138.68.100.102 port 36538 [preauth] Oct 8 08:58:51 newdogma sshd[22800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.100.102 user=r.r Oct 8 08:58:53 newdogma sshd[22800]: Failed password for r.r from 138.68.100.102 port 37066 ssh2 Oct 8 08:58:55 newdogma sshd[22800]: Received disconnect from 138.68.100.102 port 37066:11: Bye Bye [preauth] Oct 8 08:58:55 newdogma sshd[22800]: Disconnected from authenticating user r.r 138.68.100.102 port 37066........ ------------------------------	2020-10-10 02:09:51
138.68.100.102	attackbotsspam	Lines containing failures of 138.68.100.102 Oct 8 08:42:23 newdogma sshd[22234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.100.102 user=r.r Oct 8 08:42:25 newdogma sshd[22234]: Failed password for r.r from 138.68.100.102 port 36538 ssh2 Oct 8 08:42:26 newdogma sshd[22234]: Received disconnect from 138.68.100.102 port 36538:11: Bye Bye [preauth] Oct 8 08:42:26 newdogma sshd[22234]: Disconnected from authenticating user r.r 138.68.100.102 port 36538 [preauth] Oct 8 08:58:51 newdogma sshd[22800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.100.102 user=r.r Oct 8 08:58:53 newdogma sshd[22800]: Failed password for r.r from 138.68.100.102 port 37066 ssh2 Oct 8 08:58:55 newdogma sshd[22800]: Received disconnect from 138.68.100.102 port 37066:11: Bye Bye [preauth] Oct 8 08:58:55 newdogma sshd[22800]: Disconnected from authenticating user r.r 138.68.100.102 port 37066........ ------------------------------	2020-10-09 17:54:43
138.68.178.64	attack	Invalid user dev from 138.68.178.64 port 36768	2020-10-05 06:30:12
138.68.178.64	attack	Brute%20Force%20SSH	2020-10-04 22:31:37
138.68.148.177	attack	DATE:2020-10-03 20:05:08, IP:138.68.148.177, PORT:ssh SSH brute force auth (docker-dc)	2020-10-04 04:04:27
138.68.148.177	attackbotsspam	Invalid user web from 138.68.148.177 port 50132	2020-10-03 20:06:41
138.68.150.93	attackspam	138.68.150.93 - - [01/Oct/2020:12:48:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2252 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:12:48:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2255 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:12:48:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2204 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 05:01:01
138.68.176.38	attackbotsspam	2020-10-01T13:52:46.3242641495-001 sshd[6947]: Invalid user techuser from 138.68.176.38 port 43908 2020-10-01T13:52:47.9374071495-001 sshd[6947]: Failed password for invalid user techuser from 138.68.176.38 port 43908 ssh2 2020-10-01T13:55:43.7073231495-001 sshd[7097]: Invalid user socks from 138.68.176.38 port 56220 2020-10-01T13:55:43.7108621495-001 sshd[7097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.176.38 2020-10-01T13:55:43.7073231495-001 sshd[7097]: Invalid user socks from 138.68.176.38 port 56220 2020-10-01T13:55:45.6148271495-001 sshd[7097]: Failed password for invalid user socks from 138.68.176.38 port 56220 ssh2 ...	2020-10-02 02:31:30
138.68.150.93	attackbotsspam	138.68.150.93 - - [01/Oct/2020:12:48:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2252 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:12:48:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2255 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:12:48:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2204 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 21:19:24
138.68.150.93	attackbotsspam	138.68.150.93 - - [01/Oct/2020:05:40:26 +0100] "POST /wp-login.php HTTP/1.1" 200 2596 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:05:40:27 +0100] "POST /wp-login.php HTTP/1.1" 200 2580 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.150.93 - - [01/Oct/2020:05:40:28 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 13:34:15
138.68.106.62	attack	[ssh] SSH attack	2020-10-01 02:37:08
138.68.106.62	attackspam	Brute force attempt	2020-09-30 18:46:41
138.68.14.219	attackbots	Invalid user admin from 138.68.14.219 port 50376	2020-09-30 05:38:13
138.68.148.177	attackspambots	2020-09-29T10:39:26.1576871495-001 sshd[4600]: Failed password for invalid user internet from 138.68.148.177 port 58416 ssh2 2020-09-29T10:43:32.3590071495-001 sshd[4775]: Invalid user seco from 138.68.148.177 port 40074 2020-09-29T10:43:32.3619891495-001 sshd[4775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.148.177 2020-09-29T10:43:32.3590071495-001 sshd[4775]: Invalid user seco from 138.68.148.177 port 40074 2020-09-29T10:43:34.4990511495-001 sshd[4775]: Failed password for invalid user seco from 138.68.148.177 port 40074 ssh2 2020-09-29T10:47:48.2306251495-001 sshd[4918]: Invalid user angel from 138.68.148.177 port 49974 ...	2020-09-30 05:07:07

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.1.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53616
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.1.18.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Aug 20 15:41:36 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 18.1.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 18.1.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
129.28.180.174	attack	SSH-BruteForce	2019-09-07 09:09:51
177.66.99.144	attack	PNN - okay - potential is to exploit -uk i.e. same bunch -monitor history of own country and social media/20,000 police and 20,000 social care workers alongside to deal with mental issues -highlighting -all ip -also can upload to real abuseipdb.com without the 3 extras ?ip= Ken Inverness online -your business -dragged into this- out of control IT DEV	2019-09-07 09:28:27
165.22.249.96	attackspambots	Sep 6 19:41:04 aat-srv002 sshd[31900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.249.96 Sep 6 19:41:05 aat-srv002 sshd[31900]: Failed password for invalid user passwd from 165.22.249.96 port 58140 ssh2 Sep 6 19:45:41 aat-srv002 sshd[32019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.249.96 Sep 6 19:45:43 aat-srv002 sshd[32019]: Failed password for invalid user ftpsecure from 165.22.249.96 port 44426 ssh2 ...	2019-09-07 08:58:25
103.133.108.248	attack	09/06/2019-21:26:32.171691 103.133.108.248 Protocol: 6 ET COMPROMISED Known Compromised or Hostile Host Traffic group 1	2019-09-07 09:28:57
118.24.157.127	attackbots	SSH-BruteForce	2019-09-07 09:25:50
54.38.18.211	attack	2019-09-02T02:47:56.565252ns557175 sshd\[7331\]: Invalid user ftpuser from 54.38.18.211 port 52150 2019-09-02T02:47:56.570699ns557175 sshd\[7331\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip211.ip-54-38-18.eu 2019-09-02T02:47:58.553292ns557175 sshd\[7331\]: Failed password for invalid user ftpuser from 54.38.18.211 port 52150 ssh2 2019-09-02T02:54:53.813810ns557175 sshd\[7453\]: Invalid user amministratore from 54.38.18.211 port 52640 2019-09-02T02:54:53.820081ns557175 sshd\[7453\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip211.ip-54-38-18.eu 2019-09-02T02:54:56.133243ns557175 sshd\[7453\]: Failed password for invalid user amministratore from 54.38.18.211 port 52640 ssh2 2019-09-02T02:58:41.925473ns557175 sshd\[7524\]: Invalid user goga from 54.38.18.211 port 40846 2019-09-02T02:58:41.930934ns557175 sshd\[7524\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty ...	2019-09-07 09:36:14
129.78.111.159	attackbots	SSH-BruteForce	2019-09-07 09:07:19
106.13.109.19	attackspambots	2019-09-07T00:41:39.636436hub.schaetter.us sshd\[3037\]: Invalid user 1qaz@WSX from 106.13.109.19 2019-09-07T00:41:39.667852hub.schaetter.us sshd\[3037\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.109.19 2019-09-07T00:41:42.086049hub.schaetter.us sshd\[3037\]: Failed password for invalid user 1qaz@WSX from 106.13.109.19 port 47364 ssh2 2019-09-07T00:45:34.950294hub.schaetter.us sshd\[3075\]: Invalid user pass from 106.13.109.19 2019-09-07T00:45:34.991918hub.schaetter.us sshd\[3075\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.109.19 ...	2019-09-07 09:19:53
114.67.70.94	attackspam	Sep 7 00:56:07 hcbbdb sshd\[25762\]: Invalid user admin from 114.67.70.94 Sep 7 00:56:07 hcbbdb sshd\[25762\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.70.94 Sep 7 00:56:10 hcbbdb sshd\[25762\]: Failed password for invalid user admin from 114.67.70.94 port 60418 ssh2 Sep 7 01:01:13 hcbbdb sshd\[26329\]: Invalid user uploader from 114.67.70.94 Sep 7 01:01:13 hcbbdb sshd\[26329\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.70.94	2019-09-07 09:03:52
114.35.222.134	attack	port scan and connect, tcp 23 (telnet)	2019-09-07 09:15:06
114.216.206.39	attack	Sep 7 04:03:48 www sshd\[23506\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.216.206.39 user=mysql Sep 7 04:03:50 www sshd\[23506\]: Failed password for mysql from 114.216.206.39 port 58938 ssh2 Sep 7 04:08:32 www sshd\[23570\]: Invalid user christian from 114.216.206.39 ...	2019-09-07 09:17:07
221.226.68.147	attackbots	Sep 7 04:00:44 site1 sshd\[25104\]: Invalid user guest from 221.226.68.147Sep 7 04:00:46 site1 sshd\[25104\]: Failed password for invalid user guest from 221.226.68.147 port 43648 ssh2Sep 7 04:04:40 site1 sshd\[25318\]: Invalid user insserver from 221.226.68.147Sep 7 04:04:42 site1 sshd\[25318\]: Failed password for invalid user insserver from 221.226.68.147 port 60057 ssh2Sep 7 04:08:28 site1 sshd\[25403\]: Invalid user hadoop from 221.226.68.147Sep 7 04:08:30 site1 sshd\[25403\]: Failed password for invalid user hadoop from 221.226.68.147 port 48232 ssh2 ...	2019-09-07 09:22:55
51.38.186.207	attackbots	Sep 7 04:21:51 www sshd\[26822\]: Invalid user mc from 51.38.186.207Sep 7 04:21:54 www sshd\[26822\]: Failed password for invalid user mc from 51.38.186.207 port 45602 ssh2Sep 7 04:25:49 www sshd\[26835\]: Invalid user mcserver from 51.38.186.207Sep 7 04:25:51 www sshd\[26835\]: Failed password for invalid user mcserver from 51.38.186.207 port 60906 ssh2 ...	2019-09-07 09:26:54
175.147.53.254	attack	Automatic report - Port Scan Attack	2019-09-07 08:57:16
202.60.172.197	attackspambots	port scan and connect, tcp 23 (telnet)	2019-09-07 09:31:44

Recently Reported IPs

125.27.83.134	92.249.143.33	40.88.179.18	125.161.70.63
121.67.44.191	94.230.135.178	93.171.65.191	51.79.140.137
143.107.232.252	142.28.119.55	217.168.66.243	223.166.74.28
213.124.36.186	167.71.212.68	113.220.231.32	73.247.12.4
138.94.211.164	98.17.155.25	189.141.24.236	177.50.138.1