138.68.41.137 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	[portscan] tcp/22 [SSH] *(RWIN=65535)(02041302)	2020-02-04 18:46:13

Comments on same subnet:

IP	Type	Details	Datetime
138.68.41.74	attack	GET /wp-login.php HTTP/1.1 200 2044 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2020-02-23 13:57:57
138.68.41.79	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-18 00:08:02
138.68.41.207	attackspam	Automatic report - XMLRPC Attack	2019-10-30 14:07:58
138.68.41.161	attack	Oct 5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2 Oct 5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2 Oct 5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2 Oct 5 13:20:21 server sshd[13462]: Received disconnect fro........ -------------------------------	2019-10-09 19:10:35
138.68.41.161	attackspambots	Oct 5 13:00:43 server sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:00:44 server sshd[12965]: Failed password for r.r from 138.68.41.161 port 60644 ssh2 Oct 5 13:00:44 server sshd[12965]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:16:32 server sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:16:34 server sshd[13363]: Failed password for r.r from 138.68.41.161 port 54836 ssh2 Oct 5 13:16:34 server sshd[13363]: Received disconnect from 138.68.41.161: 11: Bye Bye [preauth] Oct 5 13:20:19 server sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 user=r.r Oct 5 13:20:21 server sshd[13462]: Failed password for r.r from 138.68.41.161 port 39438 ssh2 Oct 5 13:20:21 server sshd[13462]: Received disconnect fro........ -------------------------------	2019-10-08 20:29:05
138.68.41.161	attackspambots	Oct 6 22:42:56 localhost sshd\[82683\]: Invalid user Admin@900 from 138.68.41.161 port 42976 Oct 6 22:42:56 localhost sshd\[82683\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 Oct 6 22:42:58 localhost sshd\[82683\]: Failed password for invalid user Admin@900 from 138.68.41.161 port 42976 ssh2 Oct 6 22:47:16 localhost sshd\[82806\]: Invalid user Wachtwoord@2017 from 138.68.41.161 port 55930 Oct 6 22:47:16 localhost sshd\[82806\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.161 ...	2019-10-07 07:17:33
138.68.41.255	attackspambots	Brute force SMTP login attempted. ...	2019-08-10 02:25:50
138.68.41.127	attack	2019-07-27T11:17:57.641206abusebot-5.cloudsearch.cf sshd\[22502\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.41.127 user=root	2019-07-27 22:22:15
138.68.41.178	attackbots	10s of requests to none existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined node-superagent/4.1.0	2019-07-12 05:57:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.41.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27667
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.41.137.			IN	A

;; AUTHORITY SECTION:
.			522	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020400 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 04 18:46:02 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 137.41.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 137.41.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
34.93.149.4	attackspambots	Feb 6 20:54:21 DAAP sshd[24867]: Invalid user jde from 34.93.149.4 port 47216 Feb 6 20:54:21 DAAP sshd[24867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.93.149.4 Feb 6 20:54:21 DAAP sshd[24867]: Invalid user jde from 34.93.149.4 port 47216 Feb 6 20:54:24 DAAP sshd[24867]: Failed password for invalid user jde from 34.93.149.4 port 47216 ssh2 Feb 6 20:57:10 DAAP sshd[24902]: Invalid user uea from 34.93.149.4 port 33214 ...	2020-02-07 04:46:44
63.80.185.36	attack	Feb 6 21:04:18 mxgate1 postfix/postscreen[17935]: CONNECT from [63.80.185.36]:49555 to [176.31.12.44]:25 Feb 6 21:04:18 mxgate1 postfix/dnsblog[17936]: addr 63.80.185.36 listed by domain zen.spamhaus.org as 127.0.0.3 Feb 6 21:04:18 mxgate1 postfix/dnsblog[17938]: addr 63.80.185.36 listed by domain bl.spamcop.net as 127.0.0.2 Feb 6 21:04:18 mxgate1 postfix/dnsblog[17937]: addr 63.80.185.36 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Feb 6 21:04:24 mxgate1 postfix/postscreen[18965]: DNSBL rank 4 for [63.80.185.36]:49555 Feb x@x Feb 6 21:04:25 mxgate1 postfix/postscreen[18965]: DISCONNECT [63.80.185.36]:49555 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=63.80.185.36	2020-02-07 04:39:14
189.39.10.34	attack	1581019053 - 02/06/2020 20:57:33 Host: 189.39.10.34/189.39.10.34 Port: 445 TCP Blocked	2020-02-07 04:23:45
134.73.146.226	attackbotsspam	3478/udp 123/udp 5683/udp... [2019-12-15/2020-02-06]33pkt,5pt.(udp)	2020-02-07 04:53:19
198.46.223.137	attack	W 31101,/var/log/nginx/access.log,-,-	2020-02-07 04:43:55
114.34.55.169	attackspambots	Fail2Ban Ban Triggered	2020-02-07 04:28:23
220.176.204.91	attackspam	$f2bV_matches	2020-02-07 04:21:28
183.135.1.96	attack	Brute force blocker - service: proftpd1 - aantal: 34 - Sat Jan 12 08:25:07 2019	2020-02-07 04:36:51
114.239.53.47	attack	Brute force blocker - service: proftpd1 - aantal: 41 - Wed Jan 16 10:30:08 2019	2020-02-07 04:24:53
95.85.12.25	attackbots	Feb 6 20:28:32 web8 sshd\[10516\]: Invalid user gbi from 95.85.12.25 Feb 6 20:28:32 web8 sshd\[10516\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.12.25 Feb 6 20:28:34 web8 sshd\[10516\]: Failed password for invalid user gbi from 95.85.12.25 port 47074 ssh2 Feb 6 20:31:34 web8 sshd\[12120\]: Invalid user tzf from 95.85.12.25 Feb 6 20:31:34 web8 sshd\[12120\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.12.25	2020-02-07 04:34:18
114.239.104.99	attackspam	Brute force blocker - service: proftpd1, proftpd2 - aantal: 50 - Wed Jan 23 00:25:08 2019	2020-02-07 04:13:47
91.184.106.132	spambotsattackproxynormal	Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A Please check ip type: Attack, like DDOS, Brute-Force, Port Scan, Hack, etc. SPAM, like Email Spam, Web Spam, etc. Robots, like crawler etc. Proxy, like VPN, SS, Proxy detection, etc. Normal IP	2020-02-07 04:25:12
106.13.27.31	attackbots	Feb 6 20:55:11 legacy sshd[13311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.27.31 Feb 6 20:55:13 legacy sshd[13311]: Failed password for invalid user ekt from 106.13.27.31 port 48282 ssh2 Feb 6 20:59:54 legacy sshd[13608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.27.31 ...	2020-02-07 04:32:26
1.9.46.177	attack	Automatic report - Banned IP Access	2020-02-07 04:26:21
122.189.223.171	attack	Brute force blocker - service: proftpd1 - aantal: 115 - Wed Jan 9 12:35:08 2019	2020-02-07 04:44:14

Recently Reported IPs

159.203.42.130	139.189.241.251	125.162.88.85	123.188.25.57
122.118.218.113	122.118.127.37	121.11.240.105	120.188.86.223
114.176.51.108	114.108.175.229	114.43.76.201	114.39.112.231
113.111.247.166	111.246.186.200	111.93.174.130	91.199.197.193
78.94.250.184	77.235.28.32	77.28.21.39	170.205.68.212