138.68.212.31 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	firewall-block, port(s): 123/udp	2019-09-03 07:37:22

Comments on same subnet:

IP	Type	Details	Datetime
138.68.212.139	attackbots	" "	2019-11-29 08:49:47
138.68.212.45	attackspam	Mozilla/5.0 zgrab/0.x	2019-11-22 22:48:08
138.68.212.139	attackbots	port scan and connect, tcp 443 (https)	2019-11-10 21:03:29
138.68.212.113	attackspambots	Honeypot hit.	2019-11-10 01:07:35
138.68.212.139	attackspam	138.68.212.139 was recorded 5 times by 5 hosts attempting to connect to the following ports: 1028. Incident counter (4h, 24h, all-time): 5, 16, 23	2019-11-09 22:03:05
138.68.212.45	attackspam	Connection by 138.68.212.45 on port: 10009 got caught by honeypot at 11/8/2019 10:05:03 AM	2019-11-08 21:20:49
138.68.212.113	attackbotsspam	179/tcp 1433/tcp 5060/udp... [2019-09-02/10-31]51pkt,43pt.(tcp),4pt.(udp)	2019-11-02 19:20:16
138.68.212.45	attackbotsspam	53169/tcp 49738/tcp 8118/tcp... [2019-08-31/10-30]49pkt,37pt.(tcp),3pt.(udp)	2019-10-31 01:38:00
138.68.212.139	attack	firewall-block, port(s): 990/tcp	2019-10-14 16:56:22
138.68.212.113	attack	firewall-block, port(s): 465/tcp	2019-10-03 02:45:27
138.68.212.45	attackspam	port scan and connect, tcp 22 (ssh)	2019-09-27 14:35:48
138.68.212.45	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-09-13 12:22:35
138.68.212.185	attackbotsspam	" "	2019-09-06 04:29:10
138.68.212.207	attackbotsspam	2525/tcp 8443/tcp 5902/tcp... [2019-08-29/09-05]7pkt,7pt.(tcp)	2019-09-05 22:31:56
138.68.212.210	attackbotsspam	Honeypot hit, critical abuseConfidenceScore, incoming Traffic from this IP	2019-09-04 02:34:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.212.31
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22762
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.212.31.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090201 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Sep 03 07:37:16 CST 2019
;; MSG SIZE  rcvd: 117

Host info

31.212.68.138.in-addr.arpa domain name pointer zg-0829b-132.stretchoid.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
31.212.68.138.in-addr.arpa	name = zg-0829b-132.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
129.213.194.201	attack	Oct 8 21:42:51 bouncer sshd\[1598\]: Invalid user Pa55w0rd@2019 from 129.213.194.201 port 45842 Oct 8 21:42:51 bouncer sshd\[1598\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.194.201 Oct 8 21:42:54 bouncer sshd\[1598\]: Failed password for invalid user Pa55w0rd@2019 from 129.213.194.201 port 45842 ssh2 ...	2019-10-09 03:54:07
103.23.100.87	attackspam	Jul 1 08:07:38 vtv3 sshd\[8534\]: Invalid user avahi-autoipd from 103.23.100.87 port 49854 Jul 1 08:07:38 vtv3 sshd\[8534\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.100.87 Jul 1 08:07:40 vtv3 sshd\[8534\]: Failed password for invalid user avahi-autoipd from 103.23.100.87 port 49854 ssh2 Jul 1 08:11:40 vtv3 sshd\[10488\]: Invalid user cisco from 103.23.100.87 port 39490 Jul 1 08:11:40 vtv3 sshd\[10488\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.100.87 Jul 1 08:22:53 vtv3 sshd\[15660\]: Invalid user wp-user from 103.23.100.87 port 35387 Jul 1 08:22:53 vtv3 sshd\[15660\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.100.87 Jul 1 08:22:55 vtv3 sshd\[15660\]: Failed password for invalid user wp-user from 103.23.100.87 port 35387 ssh2 Jul 1 08:24:36 vtv3 sshd\[16371\]: Invalid user guest from 103.23.100.87 port 42860 Jul 1 08:24:36 vtv3 ssh	2019-10-09 03:41:22
51.77.119.240	attack	Connection by 51.77.119.240 on port: 5900 got caught by honeypot at 10/8/2019 12:05:09 PM	2019-10-09 04:02:30
119.62.62.23	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/119.62.62.23/ CN - 1H : (574) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4837 IP : 119.62.62.23 CIDR : 119.62.0.0/16 PREFIX COUNT : 1262 UNIQUE IP COUNT : 56665856 WYKRYTE ATAKI Z ASN4837 : 1H - 6 3H - 29 6H - 60 12H - 126 24H - 233 DateTime : 2019-10-08 13:46:55 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-09 03:25:32
222.186.180.223	attackbotsspam	Oct 8 21:14:32 meumeu sshd[22745]: Failed password for root from 222.186.180.223 port 60198 ssh2 Oct 8 21:14:37 meumeu sshd[22745]: Failed password for root from 222.186.180.223 port 60198 ssh2 Oct 8 21:14:42 meumeu sshd[22745]: Failed password for root from 222.186.180.223 port 60198 ssh2 Oct 8 21:14:47 meumeu sshd[22745]: Failed password for root from 222.186.180.223 port 60198 ssh2 ...	2019-10-09 03:18:57
92.119.160.107	attackspam	Oct 8 19:17:27 mc1 kernel: \[1841444.412320\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12519 PROTO=TCP SPT=50475 DPT=464 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 8 19:17:44 mc1 kernel: \[1841461.961193\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25136 PROTO=TCP SPT=50475 DPT=15 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 8 19:20:15 mc1 kernel: \[1841612.835879\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4361 PROTO=TCP SPT=50475 DPT=35 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-10-09 03:54:37
103.253.107.43	attackspam	SSH Brute Force	2019-10-09 03:42:51
60.166.89.148	attackspam	FTP: login Brute Force attempt, PTR: PTR record not found	2019-10-09 03:41:41
178.139.228.253	attackbotsspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/178.139.228.253/ ES - 1H : (41) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : ES NAME ASN : ASN12430 IP : 178.139.228.253 CIDR : 178.139.0.0/16 PREFIX COUNT : 131 UNIQUE IP COUNT : 3717120 WYKRYTE ATAKI Z ASN12430 : 1H - 2 3H - 2 6H - 3 12H - 8 24H - 15 DateTime : 2019-10-08 13:46:55 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-09 03:26:38
103.253.42.48	attack	Oct 8 19:23:58 mail postfix/smtpd\[4107\]: warning: unknown\[103.253.42.48\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 8 20:01:17 mail postfix/smtpd\[2860\]: warning: unknown\[103.253.42.48\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 8 20:38:18 mail postfix/smtpd\[7608\]: warning: unknown\[103.253.42.48\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 8 21:15:27 mail postfix/smtpd\[9123\]: warning: unknown\[103.253.42.48\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\	2019-10-09 04:01:43
40.73.59.55	attackspambots	2019-10-08T07:27:03.5647871495-001 sshd\[1292\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.73.59.55 user=root 2019-10-08T07:27:05.4493161495-001 sshd\[1292\]: Failed password for root from 40.73.59.55 port 51866 ssh2 2019-10-08T07:31:56.0812471495-001 sshd\[1673\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.73.59.55 user=root 2019-10-08T07:31:57.8554571495-001 sshd\[1673\]: Failed password for root from 40.73.59.55 port 59560 ssh2 2019-10-08T07:36:36.0356011495-001 sshd\[2003\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.73.59.55 user=root 2019-10-08T07:36:37.7797731495-001 sshd\[2003\]: Failed password for root from 40.73.59.55 port 38980 ssh2 ...	2019-10-09 03:59:24
92.119.160.6	attackspambots	10/08/2019-15:05:01.362837 92.119.160.6 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-10-09 03:18:15
178.32.211.153	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-10-09 03:22:58
173.82.195.228	attackspambots	Lonely Russian Girls Get a Hot Date with Russian Beauties IP 173.82.195.228	2019-10-09 03:52:32
138.197.145.26	attack	Tried sshing with brute force.	2019-10-09 03:15:31

Recently Reported IPs

123.9.35.51	177.131.19.122	88.219.151.135	89.153.150.173
163.241.57.48	173.208.206.141	191.53.58.168	41.65.197.162
74.6.128.83	103.222.254.9	131.100.77.12	114.170.7.135
229.41.61.254	246.148.5.243	82.61.191.245	234.71.169.43
29.180.194.255	77.124.207.4	135.1.191.115	40.104.169.218