138.97.1.18 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: unknown

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.97.171.105	attackspambots	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: CableLink-138-97-171-105.PCs.InterCable.net.	2020-10-08 01:53:27
138.97.171.105	attack	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: CableLink-138-97-171-105.PCs.InterCable.net.	2020-10-07 18:02:10
138.97.181.169	attack	port scan and connect, tcp 23 (telnet)	2020-08-16 08:45:14
138.97.154.142	attackspambots	Attempted connection to port 445.	2020-07-25 03:02:54
138.97.123.176	attack	cctv illegal login	2020-07-06 23:54:52
138.97.123.12	attack	cctv illegal login	2020-07-06 23:53:45
138.97.15.125	attackbots	Invalid user admin from 138.97.15.125 port 35876	2020-06-18 05:47:33
138.97.161.78	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-02 17:30:10
138.97.165.209	attackspam	1587038961 - 04/16/2020 14:09:21 Host: 138.97.165.209/138.97.165.209 Port: 445 TCP Blocked	2020-04-17 02:54:14
138.97.145.148	attack	Automatic report - Port Scan Attack	2020-04-04 23:43:17
138.97.124.13	attackbotsspam	2020-03-07T16:10:54.347097linuxbox-skyline sshd[28933]: Invalid user uno85123 from 138.97.124.13 port 58210 ...	2020-03-08 08:53:25
138.97.159.217	attackbots	From: Walgreens Rewards Repetitive Walgreens reward spam - likely fraud – primarily Ukraine ISP; targeted Google phishing redirect; repetitive blacklisted phishing redirect spam links. No entity name; BBB results for "8 The Green, Dover, DE 19901": … The websites collect personal information and then transfer it to lenders and other service providers and marketing companies. BBB suggests caution in dealing with these websites. … Unsolicited bulk spam - (EHLO betrothment.clausloan.eu) (138.97.159.217) – repetitive UBE from IP range 138.97.156.* Spam link clausloan.eu = 138.97.159.10 My Tech BZ – blacklisted – phishing redirect: - www.google.com – effective URL; phishing redirect - lukkins.com = 139.99.70.208 Ovh Sas - link.agnesta.com = 62.113.207.188 23Media GmbH (previous domain link.orcelsor.com) - kq6.securessl.company = 104.223.205.137, 104.223.205.138 Global Frag Networks	2020-03-05 23:25:42
138.97.159.10	attackspam	From: Walgreens Rewards Repetitive Walgreens reward spam - likely fraud – primarily Ukraine ISP; targeted Google phishing redirect; repetitive blacklisted phishing redirect spam links. No entity name; BBB results for "8 The Green, Dover, DE 19901": … The websites collect personal information and then transfer it to lenders and other service providers and marketing companies. BBB suggests caution in dealing with these websites. … Unsolicited bulk spam - (EHLO betrothment.clausloan.eu) (138.97.159.217) – repetitive UBE from IP range 138.97.156.* Spam link clausloan.eu = 138.97.159.10 My Tech BZ – blacklisted – phishing redirect: - www.google.com – effective URL; phishing redirect - lukkins.com = 139.99.70.208 Ovh Sas - link.agnesta.com = 62.113.207.188 23Media GmbH (previous domain link.orcelsor.com) - kq6.securessl.company = 104.223.205.137, 104.223.205.138 Global Frag Networks	2020-03-05 22:38:17
138.97.124.13	attack	Mar 4 08:46:42 server sshd[1193695]: Failed password for invalid user info from 138.97.124.13 port 52798 ssh2 Mar 4 08:57:53 server sshd[1197063]: Failed password for invalid user wp-user from 138.97.124.13 port 35458 ssh2 Mar 4 09:09:03 server sshd[1200630]: Failed password for invalid user isa from 138.97.124.13 port 46350 ssh2	2020-03-04 16:13:49
138.97.147.3	attackbots	Unauthorized connection attempt detected from IP address 138.97.147.3 to port 8080	2020-03-02 04:03:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.97.1.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65200
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.97.1.18.			IN	A

;; AUTHORITY SECTION:
.			320	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030803 1800 900 604800 86400

;; Query time: 14 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 09 07:56:20 CST 2022
;; MSG SIZE  rcvd: 104

Host info

18.1.97.138.in-addr.arpa domain name pointer 18-1-97-138.clickturbo.com.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
18.1.97.138.in-addr.arpa	name = 18-1-97-138.clickturbo.com.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.113.53.226	attackspam	Oct 7 19:50:06 venus sshd\[26614\]: Invalid user 1qaz2wsx3edc4rfv5tgb from 187.113.53.226 port 34757 Oct 7 19:50:06 venus sshd\[26614\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.113.53.226 Oct 7 19:50:08 venus sshd\[26614\]: Failed password for invalid user 1qaz2wsx3edc4rfv5tgb from 187.113.53.226 port 34757 ssh2 ...	2019-10-08 06:59:38
117.148.151.251	attackbots	Unauthorised access (Oct 7) SRC=117.148.151.251 LEN=40 TOS=0x04 TTL=47 ID=41456 TCP DPT=8080 WINDOW=53756 SYN	2019-10-08 06:58:23
185.36.81.238	attackbotsspam	Oct 7 22:46:27 mail postfix/smtpd\[9809\]: warning: unknown\[185.36.81.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 7 23:14:27 mail postfix/smtpd\[10472\]: warning: unknown\[185.36.81.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 8 00:10:46 mail postfix/smtpd\[10893\]: warning: unknown\[185.36.81.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Oct 8 00:39:00 mail postfix/smtpd\[13109\]: warning: unknown\[185.36.81.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\	2019-10-08 07:01:27
111.231.100.167	attackspam	Oct 7 12:45:04 hpm sshd\[31301\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.100.167 user=root Oct 7 12:45:05 hpm sshd\[31301\]: Failed password for root from 111.231.100.167 port 49925 ssh2 Oct 7 12:49:07 hpm sshd\[31808\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.100.167 user=root Oct 7 12:49:10 hpm sshd\[31808\]: Failed password for root from 111.231.100.167 port 29742 ssh2 Oct 7 12:53:13 hpm sshd\[32146\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.100.167 user=root	2019-10-08 06:55:30
177.158.253.212	attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 07-10-2019 20:50:27.	2019-10-08 06:37:58
36.110.78.62	attackbots	Automatic report - Banned IP Access	2019-10-08 06:49:39
186.137.123.13	attackbots	Lines containing failures of 186.137.123.13 Oct 6 21:59:00 shared02 sshd[25312]: Invalid user nscd from 186.137.123.13 port 45390 Oct 6 21:59:00 shared02 sshd[25312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.137.123.13 Oct 6 21:59:03 shared02 sshd[25312]: Failed password for invalid user nscd from 186.137.123.13 port 45390 ssh2 Oct 6 21:59:03 shared02 sshd[25312]: Received disconnect from 186.137.123.13 port 45390:11: Bye Bye [preauth] Oct 6 21:59:03 shared02 sshd[25312]: Disconnected from invalid user nscd 186.137.123.13 port 45390 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=186.137.123.13	2019-10-08 06:25:40
80.211.133.238	attackspam	Oct 7 22:52:44 h2177944 sshd\[4088\]: Invalid user Duck@2017 from 80.211.133.238 port 51652 Oct 7 22:52:44 h2177944 sshd\[4088\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.133.238 Oct 7 22:52:46 h2177944 sshd\[4088\]: Failed password for invalid user Duck@2017 from 80.211.133.238 port 51652 ssh2 Oct 7 22:56:37 h2177944 sshd\[4133\]: Invalid user Thierry123 from 80.211.133.238 port 35064 ...	2019-10-08 06:41:29
49.88.112.80	attackspambots	Oct 8 00:14:56 MK-Soft-Root1 sshd[12474]: Failed password for root from 49.88.112.80 port 33284 ssh2 Oct 8 00:15:00 MK-Soft-Root1 sshd[12474]: Failed password for root from 49.88.112.80 port 33284 ssh2 ...	2019-10-08 06:19:56
111.125.82.29	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 07-10-2019 20:50:18.	2019-10-08 06:53:16
194.181.185.102	attackbots	/var/log/messages:Oct 7 10:35:10 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1570444510.085:133875): pid=20987 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=20988 suid=74 rport=39174 laddr=104.167.106.93 lport=23 exe="/usr/sbin/sshd" hostname=? addr=194.181.185.102 terminal=? res=success' /var/log/messages:Oct 7 10:35:10 sanyalnet-cloud-vps audispd: node=sanyalnet-cloud-vps.freeddns.org type=CRYPTO_SESSION msg=audhostname(1570444510.089:133876): pid=20987 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha1 pfs=ecdh-sha2-nistp256 spid=20988 suid=74 rport=39174 laddr=104.167.106.93 lport=23 exe="/usr/sbin/sshd" hostname=? addr=194.181.185.102 terminal=? res=success' /var/log/messages:Oct 7 10:35:10 sanyalnet-cloud-vps fail2ban.filter[1378]: INFO [sshd]........ -------------------------------	2019-10-08 06:29:10
179.99.201.82	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 07-10-2019 20:50:30.	2019-10-08 06:34:01
114.199.110.130	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 07-10-2019 20:50:18.	2019-10-08 06:51:54
202.131.152.2	attackbots	$f2bV_matches	2019-10-08 06:47:06
47.218.193.96	attackbots	failed_logins	2019-10-08 06:33:34

Recently Reported IPs

138.97.1.176	138.97.1.174	138.97.1.168	138.97.1.182
138.97.1.178	138.97.1.186	138.97.1.161	118.190.199.90
138.97.1.184	138.97.1.192	138.97.1.196	118.190.20.29
138.97.1.2	138.97.1.198	138.97.1.194	138.97.1.20
138.97.1.190	138.97.1.202	138.97.1.207	138.97.1.210