138.68.80.235 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	138.68.80.235 - - [05/Oct/2020:07:51:33 -0700] "GET /wp-login.php HTTP/1.1" 301 561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-06 06:43:36
attack	138.68.80.235 - - [05/Oct/2020:07:51:33 -0700] "GET /wp-login.php HTTP/1.1" 301 561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-05 22:52:10
attack	hacking	2020-10-05 14:46:56
attack	138.68.80.235 - - [29/Sep/2020:17:56:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2243 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:17:57:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2287 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:17:57:00 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-30 04:31:31
attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-29 20:39:51
attackspam	138.68.80.235 - - [29/Sep/2020:03:56:38 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:03:56:40 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:03:56:41 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 12:48:53
attackbotsspam	C1,WP GET /suche/wp-login.php	2020-09-29 06:51:54
attack	xmlrpc attack	2020-09-28 23:19:46
attack	xmlrpc attack	2020-09-28 15:23:17
attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-10 00:39:17
attackspambots	Automatic report generated by Wazuh	2020-08-06 20:25:50
attackspambots	[03/Aug/2020:19:30:47 +0200] Web-Request: "GET /wp-login.php", User-Agent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-04 03:16:18
attackbotsspam	xmlrpc attack	2020-07-31 07:48:16
attack	Automatic report - XMLRPC Attack	2020-06-23 19:32:33
attackspam	Automatic report - XMLRPC Attack	2020-06-11 19:29:16
attack	138.68.80.235 - - [08/Jun/2020:14:55:35 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [08/Jun/2020:15:01:48 +0200] "POST /xmlrpc.php HTTP/1.1" 403 16468 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-08 23:09:58
attackspam	Automatic report - Banned IP Access	2020-06-03 14:36:09
attackspambots	138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "POST /wp-login.php HTTP/1.1" 200 2031 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:08 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-05-23 00:04:53
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-05-21 20:09:40
attackspam	138.68.80.235 - - [21/May/2020:10:00:21 +0200] "GET /wp-login.php HTTP/1.1" 200 6042 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [21/May/2020:10:00:22 +0200] "POST /wp-login.php HTTP/1.1" 200 6293 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [21/May/2020:10:00:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-21 17:20:28
attackbotsspam	138.68.80.235 - - \[10/May/2020:16:18:39 +0200\] "POST /wp-login.php HTTP/1.0" 200 6052 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[10/May/2020:16:18:40 +0200\] "POST /wp-login.php HTTP/1.0" 200 6044 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[10/May/2020:16:18:41 +0200\] "POST /wp-login.php HTTP/1.0" 200 6030 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-05-11 03:47:23
attackspambots	138.68.80.235 - - \[30/Apr/2020:06:24:28 +0200\] "POST /wp-login.php HTTP/1.0" 200 6827 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[30/Apr/2020:06:24:32 +0200\] "POST /wp-login.php HTTP/1.0" 200 6642 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[30/Apr/2020:06:24:33 +0200\] "POST /wp-login.php HTTP/1.0" 200 6639 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-30 16:47:13
attack	port scan and connect, tcp 3306 (mysql)	2020-04-28 05:33:51
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-03-30 07:12:00
attackspam	POST /wp-login.php HTTP/1.1 200 1827 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2019-11-08 16:35:34
attackbots	Automatic report - Banned IP Access	2019-10-29 18:37:27

Comments on same subnet:

IP	Type	Details	Datetime
138.68.80.217	attackbotsspam	port 23	2020-08-14 14:33:03

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.80.235
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3863
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.80.235.			IN	A

;; AUTHORITY SECTION:
.			308	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102900 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 29 18:37:24 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 235.80.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 235.80.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
58.162.140.172	attackspam	Triggered by Fail2Ban at Ares web server	2019-08-01 17:49:42
177.84.98.186	attackbotsspam	SMTP-sasl brute force ...	2019-08-01 18:21:34
125.167.58.136	attack	Unauthorised access (Aug 1) SRC=125.167.58.136 LEN=52 TTL=116 ID=8925 DF TCP DPT=445 WINDOW=8192 SYN	2019-08-01 19:03:12
185.164.63.234	attackbotsspam	Aug 1 06:03:48 xtremcommunity sshd\[18886\]: Invalid user webmaster from 185.164.63.234 port 60310 Aug 1 06:03:48 xtremcommunity sshd\[18886\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.164.63.234 Aug 1 06:03:50 xtremcommunity sshd\[18886\]: Failed password for invalid user webmaster from 185.164.63.234 port 60310 ssh2 Aug 1 06:08:09 xtremcommunity sshd\[19717\]: Invalid user ftpuser from 185.164.63.234 port 53756 Aug 1 06:08:09 xtremcommunity sshd\[19717\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.164.63.234 ...	2019-08-01 18:35:40
172.105.22.163	attackbots	Scanning random ports - tries to find possible vulnerable services	2019-08-01 18:42:42
177.99.190.122	attackspambots	Automated report - ssh fail2ban: Aug 1 11:33:26 wrong password, user=webmaster, port=40377, ssh2 Aug 1 12:05:30 authentication failure Aug 1 12:05:32 wrong password, user=pra, port=49017, ssh2	2019-08-01 18:18:49
77.247.108.119	attackspam	01.08.2019 10:04:35 Connection to port 5038 blocked by firewall	2019-08-01 18:22:43
85.93.93.116	attackbots	Automatic report - Banned IP Access	2019-08-01 19:04:29
187.87.13.161	attack	SMTP-sasl brute force ...	2019-08-01 18:11:21
183.103.35.194	attackbots	Aug 1 06:49:02 vps647732 sshd[14722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.35.194 Aug 1 06:49:04 vps647732 sshd[14722]: Failed password for invalid user admin from 183.103.35.194 port 55406 ssh2 ...	2019-08-01 17:57:19
94.23.204.136	attack	Aug 1 13:17:22 server01 sshd\[27469\]: Invalid user tang from 94.23.204.136 Aug 1 13:17:22 server01 sshd\[27469\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.23.204.136 Aug 1 13:17:25 server01 sshd\[27469\]: Failed password for invalid user tang from 94.23.204.136 port 54322 ssh2 ...	2019-08-01 18:52:47
140.143.227.43	attack	Aug 1 05:49:07 thevastnessof sshd[2255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.227.43 ...	2019-08-01 18:55:54
86.57.237.88	attackbots	Aug 1 09:37:18 MK-Soft-Root1 sshd\[11352\]: Invalid user johannes from 86.57.237.88 port 43350 Aug 1 09:37:18 MK-Soft-Root1 sshd\[11352\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.57.237.88 Aug 1 09:37:20 MK-Soft-Root1 sshd\[11352\]: Failed password for invalid user johannes from 86.57.237.88 port 43350 ssh2 ...	2019-08-01 18:13:45
13.73.105.153	attack	Aug 1 07:38:01 SilenceServices sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.73.105.153 Aug 1 07:38:03 SilenceServices sshd[28197]: Failed password for invalid user getmail from 13.73.105.153 port 49630 ssh2 Aug 1 07:44:16 SilenceServices sshd[32637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.73.105.153	2019-08-01 17:52:42
197.55.167.0	attack	Aug 1 05:13:40 pl3server sshd[710083]: reveeclipse mapping checking getaddrinfo for host-197.55.167.0.tedata.net [197.55.167.0] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 1 05:13:40 pl3server sshd[710083]: Invalid user admin from 197.55.167.0 Aug 1 05:13:40 pl3server sshd[710083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.55.167.0 Aug 1 05:13:43 pl3server sshd[710083]: Failed password for invalid user admin from 197.55.167.0 port 53671 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.55.167.0	2019-08-01 18:20:29

Recently Reported IPs

244.77.147.210	144.2.209.38	29.218.60.126	24.175.66.105
100.106.80.182	42.121.183.202	133.134.135.240	218.228.104.24
52.16.79.14	89.68.81.85	41.233.170.66	231.136.115.187
10.100.26.125	118.134.194.12	234.94.200.186	245.113.72.87
125.113.175.131	100.82.126.224	98.243.73.201	78.128.113.120