5.138.3.14 - IPInfo

Basic Info

City: Stavropol’

Region: Stavropol

Country: Russia

Internet Service Provider: +7Telecom

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
5.138.39.159	attack	DATE:2019-08-21 03:25:56, IP:5.138.39.159, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-08-21 19:41:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 5.138.3.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33610
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;5.138.3.14.			IN	A

;; AUTHORITY SECTION:
.			469	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022101901 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 20 05:51:12 CST 2022
;; MSG SIZE  rcvd: 103

Host info

14.3.138.5.in-addr.arpa domain name pointer host-5-138-3-14.stavropol.ru.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
14.3.138.5.in-addr.arpa	name = host-5-138-3-14.stavropol.ru.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
211.193.58.225	attackspambots	Aug 26 12:06:58 vm0 sshd[25210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.58.225 Aug 26 12:07:00 vm0 sshd[25210]: Failed password for invalid user george from 211.193.58.225 port 36675 ssh2 ...	2020-08-26 18:07:56
49.233.180.151	attackbots	Aug 26 08:10:40 lukav-desktop sshd\[3875\]: Invalid user ftp from 49.233.180.151 Aug 26 08:10:40 lukav-desktop sshd\[3875\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.180.151 Aug 26 08:10:42 lukav-desktop sshd\[3875\]: Failed password for invalid user ftp from 49.233.180.151 port 40066 ssh2 Aug 26 08:15:58 lukav-desktop sshd\[12541\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.180.151 user=root Aug 26 08:16:00 lukav-desktop sshd\[12541\]: Failed password for root from 49.233.180.151 port 40114 ssh2	2020-08-26 17:51:48
178.62.195.107	attack	Invalid user oracle from 178.62.195.107 port 54566	2020-08-26 18:25:49
71.93.112.65	attack	Aug 26 05:55:28 vps46666688 sshd[7342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.93.112.65 ...	2020-08-26 18:25:12
138.197.213.233	attackbots	Aug 26 11:50:40 marvibiene sshd[2226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.213.233 Aug 26 11:50:42 marvibiene sshd[2226]: Failed password for invalid user admin from 138.197.213.233 port 48982 ssh2	2020-08-26 18:18:14
39.153.252.94	attackspambots	firewall-block, port(s): 65022/tcp	2020-08-26 17:54:29
218.92.0.133	attack	Aug 26 12:14:53 dev0-dcde-rnet sshd[24473]: Failed password for root from 218.92.0.133 port 14115 ssh2 Aug 26 12:15:03 dev0-dcde-rnet sshd[24473]: Failed password for root from 218.92.0.133 port 14115 ssh2 Aug 26 12:15:06 dev0-dcde-rnet sshd[24473]: Failed password for root from 218.92.0.133 port 14115 ssh2 Aug 26 12:15:06 dev0-dcde-rnet sshd[24473]: error: maximum authentication attempts exceeded for root from 218.92.0.133 port 14115 ssh2 [preauth]	2020-08-26 18:15:47
80.82.77.245	attackbotsspam	SmallBizIT.US 4 packets to udp(631,997,1022,1026)	2020-08-26 18:02:18
103.40.132.19	attackbotsspam	CMS (WordPress or Joomla) login attempt.	2020-08-26 17:58:02
104.248.112.159	attack	104.248.112.159 - - [26/Aug/2020:09:50:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.112.159 - - [26/Aug/2020:09:50:37 +0200] "POST /wp-login.php HTTP/1.1" 200 1811 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.112.159 - - [26/Aug/2020:09:50:42 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.112.159 - - [26/Aug/2020:09:50:43 +0200] "POST /wp-login.php HTTP/1.1" 200 1790 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.112.159 - - [26/Aug/2020:09:50:43 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.112.159 - - [26/Aug/2020:09:50:43 +0200] "POST /wp-login.php HTTP/1.1" 200 1790 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/ ...	2020-08-26 18:03:49
54.37.65.3	attack	Aug 26 08:50:22 ns382633 sshd\[24621\]: Invalid user laurent from 54.37.65.3 port 34224 Aug 26 08:50:22 ns382633 sshd\[24621\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.65.3 Aug 26 08:50:24 ns382633 sshd\[24621\]: Failed password for invalid user laurent from 54.37.65.3 port 34224 ssh2 Aug 26 08:59:49 ns382633 sshd\[25791\]: Invalid user nat from 54.37.65.3 port 44390 Aug 26 08:59:49 ns382633 sshd\[25791\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.65.3	2020-08-26 18:09:04
115.231.144.44	attackspam	Email rejected due to spam filtering	2020-08-26 17:57:47
111.93.235.74	attack	Aug 26 03:02:44 mockhub sshd[8240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.235.74 Aug 26 03:02:47 mockhub sshd[8240]: Failed password for invalid user teamspeak from 111.93.235.74 port 15070 ssh2 ...	2020-08-26 18:12:58
178.71.10.87	attack	0,52-03/32 [bc02/m35] PostRequest-Spammer scoring: Durban01	2020-08-26 17:57:07
184.105.247.194	attackspambots	srvr2: (mod_security) mod_security (id:920350) triggered by 184.105.247.194 (US/-/scan-13.shadowserver.org): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/26 05:51:35 [error] 125640#0: 142729 [client 184.105.247.194] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159841389547.625650"] [ref "o0,13v21,13"], client: 184.105.247.194, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-26 17:49:42

Recently Reported IPs

238.58.97.88	96.152.9.168	125.151.21.204	123.98.60.35
116.134.98.58	32.209.152.140	10.2.203.25	117.247.93.58
146.117.135.11	178.245.187.48	130.57.125.8	61.234.221.240
14.78.45.109	7.165.118.7	69.48.32.28	203.161.45.115
67.96.42.62	181.236.171.194	104.41.185.6	165.153.187.165