138.94.20.66 - IPInfo

Basic Info

City: São Paulo

Region: Sao Paulo

Country: Brazil

Internet Service Provider: RVR Telecomunicacoes e Informatica Eireli

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 08-04-2020 22:50:08.	2020-04-09 06:57:27

Comments on same subnet:

IP	Type	Details	Datetime
138.94.203.70	attackspambots	Unauthorized connection attempt from IP address 138.94.203.70 on Port 445(SMB)	2020-10-10 07:12:00
138.94.203.70	attack	Unauthorized connection attempt from IP address 138.94.203.70 on Port 445(SMB)	2020-10-09 23:30:09
138.94.203.70	attackspam	Unauthorized connection attempt from IP address 138.94.203.70 on Port 445(SMB)	2020-10-09 15:18:33
138.94.20.250	attackbots	Unauthorized connection attempt from IP address 138.94.20.250 on Port 445(SMB)	2020-05-04 18:54:26
138.94.203.77	attack	(smtpauth) Failed SMTP AUTH login from 138.94.203.77 (BR/Brazil/77-203-94-138.wspnp.com.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-04-22 08:18:50 login authenticator failed for 77-203-94-138.wspnp.com.br ([127.0.0.1]) [138.94.203.77]: 535 Incorrect authentication data (set_id=sales@toliddaru.biz)	2020-04-22 18:31:53
138.94.206.101	attack	1582001708 - 02/18/2020 05:55:08 Host: 138.94.206.101/138.94.206.101 Port: 23 TCP Blocked	2020-02-18 15:46:04
138.94.205.124	attackbotsspam	Automatic report - Port Scan Attack	2020-02-15 05:47:14
138.94.203.243	attack	Host Scan	2019-12-10 18:20:44
138.94.207.213	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/138.94.207.213/ BR - 1H : (154) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : BR NAME ASN : ASN264187 IP : 138.94.207.213 CIDR : 138.94.206.0/23 PREFIX COUNT : 2 UNIQUE IP COUNT : 1024 ATTACKS DETECTED ASN264187 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-11-23 07:26:56 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-23 17:03:08
138.94.205.93	attackspambots	Honeypot attack, port: 23, PTR: 138-94-205-93.rev.solnetprovedor.com.br.	2019-11-12 21:13:21
138.94.207.64	attack	Automatic report - Port Scan Attack	2019-09-01 08:37:28
138.94.20.188	attackbots	Brute force SMTP login attempted. ...	2019-08-10 02:16:10
138.94.20.188	attack	Aug 1 12:47:52 * sshd[23126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.94.20.188 Aug 1 12:47:54 * sshd[23126]: Failed password for invalid user mjestel from 138.94.20.188 port 39317 ssh2	2019-08-01 19:40:47

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.94.20.66
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16712
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.94.20.66.			IN	A

;; AUTHORITY SECTION:
.			512	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040801 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 09 06:57:24 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 66.20.94.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 66.20.94.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
83.39.198.114	attack	Unauthorized connection attempt detected from IP address 83.39.198.114 to port 23 [J]	2020-02-03 23:58:07
121.101.186.106	attackbotsspam	Unauthorized connection attempt detected from IP address 121.101.186.106 to port 8080 [J]	2020-02-03 23:54:18
188.166.117.213	attackbotsspam	Dec 28 04:18:53 v22018076590370373 sshd[24794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.117.213 ...	2020-02-03 23:33:40
79.137.72.121	attackbots	Unauthorized connection attempt detected from IP address 79.137.72.121 to port 2220 [J]	2020-02-03 23:59:40
14.170.233.44	attack	Feb 3 15:40:08 grey postfix/smtpd\[10053\]: NOQUEUE: reject: RCPT from unknown\[14.170.233.44\]: 554 5.7.1 Service unavailable\; Client host \[14.170.233.44\] blocked using cbl.abuseat.org\; Blocked - see http://www.abuseat.org/lookup.cgi\?ip=14.170.233.44\; from=\ to=\ proto=ESMTP helo=\ ...	2020-02-03 23:26:53
152.136.66.243	attackspam	Unauthorized connection attempt detected from IP address 152.136.66.243 to port 2220 [J]	2020-02-04 00:11:14
222.186.30.145	attackspam	pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.145 user=root Failed password for root from 222.186.30.145 port 57801 ssh2 Failed password for root from 222.186.30.145 port 57801 ssh2 Failed password for root from 222.186.30.145 port 57801 ssh2 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.145 user=root	2020-02-03 23:38:36
168.90.91.168	attackbotsspam	Unauthorized connection attempt from IP address 168.90.91.168 on Port 445(SMB)	2020-02-03 23:43:52
220.133.225.164	attack	Unauthorized connection attempt detected from IP address 220.133.225.164 to port 81 [J]	2020-02-04 00:04:46
122.161.195.19	attackbotsspam	Feb 3 14:17:57 amida sshd[872826]: Address 122.161.195.19 maps to abts-north-static-19.195.161.122-airtelbroadband.in, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Feb 3 14:17:57 amida sshd[872826]: Invalid user elloise from 122.161.195.19 Feb 3 14:17:57 amida sshd[872826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.195.19 Feb 3 14:18:00 amida sshd[872826]: Failed password for invalid user elloise from 122.161.195.19 port 47572 ssh2 Feb 3 14:18:00 amida sshd[872826]: Received disconnect from 122.161.195.19: 11: Bye Bye [preauth] Feb 3 14:27:35 amida sshd[875720]: Address 122.161.195.19 maps to abts-north-static-19.195.161.122-airtelbroadband.in, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Feb 3 14:27:35 amida sshd[875720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.195.19 user=backup Feb 3 14:27:37 amida........ -------------------------------	2020-02-03 23:45:20
61.163.27.222	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-03 23:32:38
2804:14c:b6:89f4:e56e:be10:7178:29ff	attackspambots	C1,WP GET /comic/wp-login.php	2020-02-03 23:45:55
188.166.108.161	attackspam	...	2020-02-03 23:48:57
167.99.203.202	attackspambots	Feb 3 16:13:24 mout sshd[18892]: Invalid user rombeek from 167.99.203.202 port 37730	2020-02-03 23:27:28
85.109.42.69	attack	Unauthorized connection attempt detected from IP address 85.109.42.69 to port 23 [J]	2020-02-03 23:57:37

Recently Reported IPs

107.88.116.179	185.220.72.244	88.13.243.141	88.218.17.224
160.85.21.31	70.253.168.46	75.28.54.86	70.105.40.211
34.68.217.146	18.11.242.222	72.238.154.39	162.1.109.208
115.22.225.213	52.156.152.50	176.150.175.216	77.60.136.138
104.245.41.235	213.94.225.27	115.76.58.201	77.27.122.245