138.68.54.2 - IPInfo

Basic Info

City: Santa Clara

Region: California

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Apr 8 01:20:56 www sshd\[62925\]: Invalid user andy from 138.68.54.2Apr 8 01:20:58 www sshd\[62925\]: Failed password for invalid user andy from 138.68.54.2 port 42076 ssh2Apr 8 01:24:55 www sshd\[63048\]: Invalid user anon from 138.68.54.2 ...	2020-04-08 06:44:11

Type

Details

Datetime

attack

Apr  8 01:20:56 www sshd\[62925\]: Invalid user andy from 138.68.54.2Apr  8 01:20:58 www sshd\[62925\]: Failed password for invalid user andy from 138.68.54.2 port 42076 ssh2Apr  8 01:24:55 www sshd\[63048\]: Invalid user anon from 138.68.54.2
...

2020-04-08 06:44:11

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.54.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.54.2.			IN	A

;; AUTHORITY SECTION:
.			458	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040702 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 08 06:44:08 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 2.54.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.54.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
184.22.168.161	attack	Hits on port : 8291	2020-07-01 03:10:25
149.202.187.142	attackbotsspam	Request to REST API denied	2020-07-01 03:09:31
141.98.9.161	attackspam	Jun 30 18:31:08 debian64 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.161 Jun 30 18:31:10 debian64 sshd[4377]: Failed password for invalid user admin from 141.98.9.161 port 41131 ssh2 ...	2020-07-01 03:21:13
190.145.81.37	attackbots	$f2bV_matches	2020-07-01 03:18:52
111.229.85.164	attackspambots	sshd jail - ssh hack attempt	2020-07-01 02:43:40
112.85.42.94	attackbots	Jun 30 18:26:14 ArkNodeAT sshd\[13448\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.94 user=root Jun 30 18:26:16 ArkNodeAT sshd\[13448\]: Failed password for root from 112.85.42.94 port 47454 ssh2 Jun 30 18:27:14 ArkNodeAT sshd\[13460\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.94 user=root	2020-07-01 03:08:30
114.98.231.143	attackspam	2020-06-30T15:13:33.521431randservbullet-proofcloud-66.localdomain sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.231.143 user=root 2020-06-30T15:13:35.985062randservbullet-proofcloud-66.localdomain sshd[22081]: Failed password for root from 114.98.231.143 port 43266 ssh2 2020-06-30T15:27:08.658153randservbullet-proofcloud-66.localdomain sshd[22130]: Invalid user sammy from 114.98.231.143 port 54856 ...	2020-07-01 02:58:45
177.104.126.50	attackspambots	Icarus honeypot on github	2020-07-01 03:24:02
51.75.208.177	attackspam	Jun 30 15:29:49 XXX sshd[2404]: Invalid user ruby from 51.75.208.177 port 47390	2020-07-01 02:55:22
177.19.164.149	attack	(imapd) Failed IMAP login from 177.19.164.149 (BR/Brazil/casadopapel.static.gvt.net.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Jun 30 16:49:31 ir1 dovecot[2885757]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=177.19.164.149, lip=5.63.12.44, TLS, session=	2020-07-01 02:47:00
116.104.92.177	attackspam	116.104.92.177 - - [30/Jun/2020:15:35:35 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 116.104.92.177 - - [30/Jun/2020:15:35:37 +0100] "POST /wp-login.php HTTP/1.1" 200 6026 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 116.104.92.177 - - [30/Jun/2020:15:39:27 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ...	2020-07-01 03:05:36
157.55.39.72	attack	Automatic report - Banned IP Access	2020-07-01 02:47:25
195.154.184.196	attack	Triggered by Fail2Ban at Ares web server	2020-07-01 03:13:47
142.93.218.248	attackbots	TCP (SYN) 142.93.218.248:58258 -> port 2528, len 44	2020-07-01 02:59:53
58.208.84.93	attackbots	Jun 30 07:23:19 dignus sshd[15646]: Invalid user elastic from 58.208.84.93 port 54010 Jun 30 07:23:19 dignus sshd[15646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.208.84.93 Jun 30 07:23:21 dignus sshd[15646]: Failed password for invalid user elastic from 58.208.84.93 port 54010 ssh2 Jun 30 07:24:32 dignus sshd[15737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.208.84.93 user=root Jun 30 07:24:34 dignus sshd[15737]: Failed password for root from 58.208.84.93 port 37276 ssh2 ...	2020-07-01 02:54:10

Recently Reported IPs

36.80.120.111	183.253.29.111	73.150.91.60	36.156.163.64
93.26.194.231	183.72.189.36	136.176.170.23	115.192.185.125
213.132.252.190	62.197.168.186	90.76.77.142	67.240.184.66
94.244.42.125	69.114.181.4	62.149.99.113	101.9.58.54
70.232.199.176	209.232.8.11	2.47.150.85	133.49.8.79