138.68.55.199 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Mar 17 08:35:54 php1 sshd\[8604\]: Invalid user xautomation from 138.68.55.199 Mar 17 08:35:54 php1 sshd\[8604\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.55.199 Mar 17 08:35:56 php1 sshd\[8604\]: Failed password for invalid user xautomation from 138.68.55.199 port 35208 ssh2 Mar 17 08:40:41 php1 sshd\[9275\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.55.199 user=root Mar 17 08:40:43 php1 sshd\[9275\]: Failed password for root from 138.68.55.199 port 59432 ssh2	2020-03-18 04:02:56

Type

Details

Datetime

attackspam

Mar 17 08:35:54 php1 sshd\[8604\]: Invalid user xautomation from 138.68.55.199
Mar 17 08:35:54 php1 sshd\[8604\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.55.199
Mar 17 08:35:56 php1 sshd\[8604\]: Failed password for invalid user xautomation from 138.68.55.199 port 35208 ssh2
Mar 17 08:40:41 php1 sshd\[9275\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.55.199  user=root
Mar 17 08:40:43 php1 sshd\[9275\]: Failed password for root from 138.68.55.199 port 59432 ssh2

2020-03-18 04:02:56

Comments on same subnet:

IP	Type	Details	Datetime
138.68.55.147	attackspambots	SSH login attempts.	2020-10-10 23:27:05
138.68.55.147	attackspambots	SSH login attempts.	2020-10-10 15:16:18
138.68.55.193	attack	Invalid user charisse from 138.68.55.193 port 45654	2020-09-15 03:19:26
138.68.55.193	attackbotsspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-09-14 19:14:19
138.68.55.201	attack	SS5,WP GET /wp-login.php	2020-02-25 19:47:59
138.68.55.201	attackbotsspam	Wordpress login attempts	2019-11-19 22:53:53
138.68.55.201	attack	WordPress wp-login brute force :: 138.68.55.201 0.044 BYPASS [26/Sep/2019:13:56:51 1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-26 12:56:42
138.68.55.201	attack	masters-of-media.de 138.68.55.201 \[05/Jul/2019:00:59:23 +0200\] "POST /wp-login.php HTTP/1.1" 200 5856 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" masters-of-media.de 138.68.55.201 \[05/Jul/2019:00:59:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 5820 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-07-05 07:15:33

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.55.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34782
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.55.199.			IN	A

;; AUTHORITY SECTION:
.			464	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031701 1800 900 604800 86400

;; Query time: 93 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 18 04:02:53 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 199.55.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 199.55.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
104.237.130.237	attack	Honeypot attack, port: 445, PTR: li806-237.members.linode.com.	2020-03-11 08:52:28
218.92.0.200	attackspam	Mar 10 22:11:18 marvibiene sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.200 user=root Mar 10 22:11:20 marvibiene sshd[10722]: Failed password for root from 218.92.0.200 port 62671 ssh2 Mar 10 22:11:22 marvibiene sshd[10722]: Failed password for root from 218.92.0.200 port 62671 ssh2 Mar 10 22:11:18 marvibiene sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.200 user=root Mar 10 22:11:20 marvibiene sshd[10722]: Failed password for root from 218.92.0.200 port 62671 ssh2 Mar 10 22:11:22 marvibiene sshd[10722]: Failed password for root from 218.92.0.200 port 62671 ssh2 ...	2020-03-11 08:36:58
122.241.205.170	attackspambots	suspicious action Tue, 10 Mar 2020 15:09:58 -0300	2020-03-11 08:56:48
198.199.115.94	attack	Mar 11 00:06:08 lnxweb62 sshd[957]: Failed password for root from 198.199.115.94 port 59604 ssh2 Mar 11 00:06:08 lnxweb62 sshd[957]: Failed password for root from 198.199.115.94 port 59604 ssh2 Mar 11 00:10:02 lnxweb62 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.115.94	2020-03-11 08:50:26
41.221.168.167	attack	Mar 10 23:53:13 mout sshd[26493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.221.168.167 user=root Mar 10 23:53:14 mout sshd[26493]: Failed password for root from 41.221.168.167 port 40819 ssh2	2020-03-11 08:50:08
192.140.115.22	attack	firewall-block, port(s): 23/tcp	2020-03-11 08:45:19
185.234.219.64	attack	2020-03-10T23:43:45.176708MailD postfix/smtpd[6536]: warning: unknown[185.234.219.64]: SASL LOGIN authentication failed: authentication failure 2020-03-11T00:00:17.122387MailD postfix/smtpd[7535]: warning: unknown[185.234.219.64]: SASL LOGIN authentication failed: authentication failure 2020-03-11T00:15:57.378178MailD postfix/smtpd[8292]: warning: unknown[185.234.219.64]: SASL LOGIN authentication failed: authentication failure	2020-03-11 08:25:57
75.119.218.246	attack	CMS (WordPress or Joomla) login attempt.	2020-03-11 09:01:11
217.70.186.133	attack	CMS (WordPress or Joomla) login attempt.	2020-03-11 08:58:57
104.140.188.30	attack	Unauthorized connection attempt detected from IP address 104.140.188.30 to port 3389	2020-03-11 08:38:31
133.130.98.177	attack	(sshd) Failed SSH login from 133.130.98.177 (JP/Japan/v133-130-98-177.a027.g.tyo1.static.cnode.io): 5 in the last 3600 secs	2020-03-11 08:32:57
78.108.177.53	attackspambots	Scanning random ports - tries to find possible vulnerable services	2020-03-11 08:40:57
51.89.157.7	attackbots	suspicious action Tue, 10 Mar 2020 15:10:32 -0300	2020-03-11 08:30:02
111.231.142.79	attackspambots	Mar 10 17:47:04 lanister sshd[16531]: Invalid user cloud from 111.231.142.79 Mar 10 17:47:04 lanister sshd[16531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.142.79 Mar 10 17:47:04 lanister sshd[16531]: Invalid user cloud from 111.231.142.79 Mar 10 17:47:07 lanister sshd[16531]: Failed password for invalid user cloud from 111.231.142.79 port 38288 ssh2	2020-03-11 08:57:48
187.171.160.239	attackbots	1583863813 - 03/10/2020 19:10:13 Host: 187.171.160.239/187.171.160.239 Port: 445 TCP Blocked	2020-03-11 08:42:47

Recently Reported IPs

54.149.89.75	109.184.172.197	185.62.174.27	109.70.100.34
203.77.246.1	182.61.49.107	219.144.67.60	1.109.10.114
175.18.212.236	118.254.109.58	108.91.35.177	62.122.225.1
226.48.44.220	246.10.166.132	223.100.167.105	94.233.118.149
45.84.196.28	61.138.100.126	150.242.87.90	187.57.51.247