138.97.242.113

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: SEM Fone Telecomunicacoes Ltda

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 3 18:45:37 mellenthin postfix/smtpd[20478]: NOQUEUE: reject: RCPT from unknown[138.97.242.113]: 554 5.7.1 Service unavailable; Client host [138.97.242.113] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/138.97.242.113; from= to= proto=ESMTP helo=<138-97-242-113.altavelocidade>	2020-09-05 01:57:57
attackbotsspam	Sep 3 18:45:37 mellenthin postfix/smtpd[20478]: NOQUEUE: reject: RCPT from unknown[138.97.242.113]: 554 5.7.1 Service unavailable; Client host [138.97.242.113] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/138.97.242.113; from= to= proto=ESMTP helo=<138-97-242-113.altavelocidade>	2020-09-04 17:18:53

Type

Details

Datetime

attack

Sep  3 18:45:37 mellenthin postfix/smtpd[20478]: NOQUEUE: reject: RCPT from unknown[138.97.242.113]: 554 5.7.1 Service unavailable; Client host [138.97.242.113] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/138.97.242.113; from= to= proto=ESMTP helo=<138-97-242-113.altavelocidade>

2020-09-05 01:57:57

attackbotsspam

Sep  3 18:45:37 mellenthin postfix/smtpd[20478]: NOQUEUE: reject: RCPT from unknown[138.97.242.113]: 554 5.7.1 Service unavailable; Client host [138.97.242.113] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/138.97.242.113; from= to= proto=ESMTP helo=<138-97-242-113.altavelocidade>

2020-09-04 17:18:53

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.97.242.113
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64489
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.97.242.113.			IN	A

;; AUTHORITY SECTION:
.			354	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090400 1800 900 604800 86400

;; Query time: 120 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 04 17:18:48 CST 2020
;; MSG SIZE  rcvd: 118

Host info

113.242.97.138.in-addr.arpa domain name pointer 138-97-242-113.altavelocidade.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
113.242.97.138.in-addr.arpa	name = 138-97-242-113.altavelocidade.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.223.161.80	attack	Ein möglicherweise gefährlicher Request.Form-Wert wurde vom Client (mp$ContentZone$TxtMessage="	2019-08-08 05:11:27
185.220.101.69	attackbots	Aug 5 08:17:33 * sshd[19880]: Failed password for invalid user administrator from 185.220.101.69 port 32801 ssh2 Aug 5 08:17:39 * sshd[19886]: Failed password for invalid user NetLinx from 185.220.101.69 port 33836 ssh2 Aug 6 10:35:12 * sshd[15890]: Failed password for invalid user admin from 185.220.101.69 port 36436 ssh2 Aug 6 10:35:15 * sshd[15890]: Failed password for invalid user admin from 185.220.101.69 port 36436 ssh2 Aug 7 01:46:50 * sshd[5763]: Failed password for invalid user demo from 185.220.101.69 port 43597 ssh2 Aug 7 01:50:47 * sshd[5878]: Failed password for invalid user geosolutions from 185.220.101.69 port 39284 ssh2 Aug 7 01:50:53 *** sshd[5881]: Failed password for invalid user pyimagesearch from 185.220.101.69 port 39855 ssh2	2019-08-08 05:15:21
193.29.15.192	attackbotsspam	1565201090 - 08/07/2019 20:04:50 Host: 193.29.15.192/193.29.15.192 Port: 1900 UDP Blocked	2019-08-08 05:27:11
81.44.65.195	attackbotsspam	ssh intrusion attempt	2019-08-08 05:24:40
34.87.11.3	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-08-08 04:56:34
191.53.193.70	attackspam	Aug 7 19:37:30 xeon postfix/smtpd[15324]: warning: unknown[191.53.193.70]: SASL PLAIN authentication failed: authentication failure	2019-08-08 05:11:11
110.93.219.92	attack	firewall-block, port(s): 445/tcp	2019-08-08 05:05:35
63.83.73.195	attackbots	Aug 7 19:40:06 smtp postfix/smtpd[98549]: NOQUEUE: reject: RCPT from brevity.jdmbrosllc.com[63.83.73.195]: 554 5.7.1 Service unavailable; Client host [63.83.73.195] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo= ...	2019-08-08 05:07:45
185.175.93.105	attackbots	08/07/2019-16:33:44.246115 185.175.93.105 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-08-08 05:18:01
180.126.235.225	attackspambots	Automatic report - Port Scan Attack	2019-08-08 05:27:59
5.62.41.134	attackbots	\[2019-08-07 16:57:03\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '5.62.41.134:1184' - Wrong password \[2019-08-07 16:57:03\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-07T16:57:03.849-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="18185",SessionID="0x7ff4d0160998",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.41.134/62834",Challenge="6591e38e",ReceivedChallenge="6591e38e",ReceivedHash="9b0db67aea1896f58662747befd42d89" \[2019-08-07 16:57:43\] NOTICE\[2288\] chan_sip.c: Registration from '\' failed for '5.62.41.134:1159' - Wrong password \[2019-08-07 16:57:43\] SECURITY\[2326\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-08-07T16:57:43.625-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="46371",SessionID="0x7ff4d0160998",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/5.62.41.134/5	2019-08-08 05:08:22
58.219.248.72	attackbotsspam	Honeypot attack, port: 23, PTR: PTR record not found	2019-08-08 05:09:06
131.100.77.18	attackbotsspam	Brute force attack to crack SMTP password (port 25 / 587)	2019-08-08 05:12:28
173.245.239.249	attackbots	(imapd) Failed IMAP login from 173.245.239.249 (US/United States/-): 1 in the last 3600 secs	2019-08-08 05:04:27
142.44.160.173	attackspambots	Aug 7 17:40:06 MK-Soft-VM6 sshd\[19134\]: Invalid user backlog from 142.44.160.173 port 55580 Aug 7 17:40:06 MK-Soft-VM6 sshd\[19134\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.160.173 Aug 7 17:40:08 MK-Soft-VM6 sshd\[19134\]: Failed password for invalid user backlog from 142.44.160.173 port 55580 ssh2 ...	2019-08-08 05:04:59

Recently Reported IPs

128.199.106.46	128.199.105.58	88.247.101.17	82.178.43.102
117.212.36.247	117.211.61.162	114.32.210.222	234.49.100.150
117.242.9.169	8.101.149.131	110.81.100.101	103.57.150.168
188.18.226.216	71.41.100.178	58.152.38.250	177.70.154.230
36.81.255.151	174.108.238.163	190.72.219.26	176.248.187.114