138.68.4.8 is a Hacker from United States (Santa Clara)

IP informations Cybercrime IP Feeds Raw whois

138.68.4.8

is a

Hacker

100 %

United States

Report Abuse

1022attacks reported

819Brute-ForceSSH

74Brute-Force

66SSH

23HackingBrute-ForceSSH

17Port ScanBrute-ForceSSH

10uncategorized

3Port ScanHackingBrute-ForceWeb App AttackSSH

2Hacking

2Brute-ForceSSHPort Scan

1Port ScanBrute-Force

...

1abuse reported

1Email Spam

from 161 distinct reporters

and 11 distinct sources : BadIPs.com, Blocklist.de, FireHOL, NoThink.org, NormShield.com, darklist.de, GreenSnow.co, Charles Haley, VoIPBL.org, blocklist.net.ua, AbuseIPDB

138.68.4.8 was first signaled at 2019-01-30 05:51 and last record was at 2021-04-09 10:38.

138.68.4.8

Organization

DigitalOcean, LLC

all IP owned by DigitalOcean, LLC

Localisation

United States

California, Santa Clara

NetRange : First & Last IP

138.68.0.0 - 138.68.255.255

Network CIDR

138.68.0.0/16

ASN

14061

list IP by ASN 14061

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2019-04-08 01:28	attacks	Brute-Force		AbuseIPDB	Apr 8 12:28:01 herz-der-gamer sshd[11976]: Invalid user shadow from 138.68.4.8 port 38282 Apr 8 12:28:01 herz-der-gamer sshd[11976]: pam_unix(sshd:aut
2019-04-07 23:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 8 15:05:22 itv-usvr-01 sshd[14683]: Invalid user deb from 138.68.4.8
2019-04-07 22:53	attacks	Brute-ForceSSH		AbuseIPDB	Apr 8 09:50:00 lnxmysql61 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 8 09:50:0
2019-04-07 22:15	attacks	Brute-ForceSSH		AbuseIPDB	Apr 8 01:09:32 itv-usvr-01 sshd[7187]: Invalid user cemergen from 138.68.4.8 port 38588 Apr 8 01:09:32 itv-usvr-01 sshd[7187]: pam_unix(sshd:auth): au
2019-04-07 20:33	attacks	SSH		AbuseIPDB	Apr 8 07:26:38 OPSO sshd\[18725\]: Invalid user prasobsub from 138.68.4.8 port 60410 Apr 8 07:26:38 OPSO sshd\[18725\]: pam_unix\(sshd:auth\): authent
2019-04-07 19:21	attacks	Brute-ForceSSH		AbuseIPDB	Apr 8 06:21:04 nextcloud sshd\[28712\]: Invalid user gl from 138.68.4.8 Apr 8 06:21:04 nextcloud sshd\[28712\]: pam_unix\(sshd:auth\): authentication
2019-04-07 18:27	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 23:27:41 TORMINT sshd\[9891\]: Invalid user jhesrhel from 138.68.4.8 Apr 7 23:27:41 TORMINT sshd\[9891\]: pam_unix\(sshd:auth\): authentication
2019-04-07 16:35	attacks	Brute-ForceSSH		AbuseIPDB	Apr 8 03:30:24 cp sshd[9174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 8 03:30:26 cp ssh
2019-04-07 16:00	attacks	HackingBrute-ForceSSH		AbuseIPDB	Apr 8 00:01:12 XXX sshd[60497]: Invalid user smartphoto from 138.68.4.8 port 40030
2019-04-07 15:49	attacks	Brute-ForceSSH		AbuseIPDB	SSH-BruteForce
2019-04-07 15:01	attacks	HackingBrute-ForceSSH		AbuseIPDB	Apr 7 23:57:04 XXX sshd[60391]: Invalid user share from 138.68.4.8 port 42978
2019-04-07 11:24	attacks	SSH		AbuseIPDB	ssh-bruteforce
2019-04-07 10:27	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 21:22:03 mail sshd[22082]: Invalid user ky from 138.68.4.8 Apr 7 21:22:03 mail sshd[22082]: pam_unix(sshd:auth): authentication failure; logname
2019-04-07 09:49	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 20:45:47 lnxweb62 sshd[18140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 7 20:45:48
2019-04-07 09:28	attacks	Brute-ForceSSH		AbuseIPDB	2019-04-07T20:28:18.0981841240 sshd\[29594\]: Invalid user Martti from 138.68.4.8 port 39238 2019-04-07T20:28:18.1032021240 sshd\[29594\]: pam_unix\(s
2019-04-07 09:17	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 14:09:28 debian sshd[32414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 7 14:09:30 d
2019-04-07 09:14	attacks	Brute-ForceSSH		AbuseIPDB	SSH Brute-Force reported by Fail2Ban
2019-04-07 08:12	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 19:12:24 vps65 sshd\[22777\]: Invalid user Esaias from 138.68.4.8 port 56022 Apr 7 19:12:24 vps65 sshd\[22777\]: pam_unix\(sshd:auth\): authenti
2019-04-07 08:01	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 17:57:56 marquez sshd[16239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 7 17:57:58
2019-04-07 07:56	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 12:55:43 Tower sshd[8650]: Connection from 138.68.4.8 port 40412 on 192.168.10.220 port 22 Apr 7 12:55:43 Tower sshd[8650]: Invalid user tbdb fr
2019-04-07 07:01	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-07 06:56	attacks	SSH		AbuseIPDB	Apr 7 15:56:31 sshgateway sshd\[5160\]: Invalid user l4d2server from 138.68.4.8 Apr 7 15:56:31 sshgateway sshd\[5160\]: pam_unix\(sshd:auth\): authent
2019-04-07 04:47	attacks	Brute-ForceSSH		AbuseIPDB	2019-04-07T13:42:36.193764hubschaetterus sshd\[8990\]: Invalid user itmuser from 138.68.4.8 2019-04-07T13:42:36.224203hubschaetterus sshd\[8990\]: pam
2019-04-07 01:40	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 12:34:18 dev0-dcde-rnet sshd[27036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 7 12
2019-04-07 01:20	attacks	HackingBrute-ForceSSH		AbuseIPDB	Time: Sun Apr 7 04:06:25 2019 +0100 Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD]
2019-04-06 19:39	attacks	Brute-ForceSSH		AbuseIPDB	Apr 7 04:39:50 localhost sshd\[102230\]: Invalid user name from 138.68.4.8 port 36496 Apr 7 04:39:50 localhost sshd\[102230\]: pam_unix\(sshd:auth\):
2019-04-06 15:58	attacks	Brute-ForceSSH		AbuseIPDB	Brute-Force attack detected (85) and blocked by Fail2Ban.
2019-04-06 15:58	attacks	Brute-Force		AbuseIPDB	Apr 7 02:53:36 mysql sshd\[10355\]: Invalid user ki from 138.68.4.8\ Apr 7 02:53:39 mysql sshd\[10355\]: Failed password for invalid user ki from 138.
2019-04-06 15:23	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 20:17:26 plusreed sshd[22872]: Invalid user ftpguest from 138.68.4.8 Apr 6 20:17:26 plusreed sshd[22872]: pam_unix(sshd:auth): authentication fa
2019-04-06 12:33	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-06 11:23	attacks	Brute-Force		AbuseIPDB	Fail2Ban Ban Triggered
2019-04-06 10:44	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 14:39:40 aat-srv002 sshd[14088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Apr 6 14:39:
2019-04-06 08:31	attacks	Brute-ForceSSH		AbuseIPDB	2019-04-06T19:31:18.3663761240 sshd\[16652\]: Invalid user hive from 138.68.4.8 port 39812 2019-04-06T19:31:18.3842721240 sshd\[16652\]: pam_unix\(ssh
2019-04-06 04:06	attacks	Brute-ForceSSH		AbuseIPDB	SSH Brute-Force reported by Fail2Ban
2019-04-06 00:39	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 11:39:17 PowerEdge sshd\[31026\]: Invalid user amy from 138.68.4.8 Apr 6 11:39:17 PowerEdge sshd\[31026\]: pam_unix\(sshd:auth\): authentication
2019-04-06 00:21	attacks	Brute-Force		AbuseIPDB	Apr 6 09:21:05 localhost sshd\[1122\]: Invalid user ident from 138.68.4.8 port 47032 Apr 6 09:21:05 localhost sshd\[1122\]: pam_unix\(sshd:auth\): aut
2019-04-05 11:00	attacks	Brute-ForceSSH		AbuseIPDB	SSH-Bruteforce
2019-04-05 10:40	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 19:39:59 *** sshd[22104]: Invalid user divine from 138.68.4.8
2019-04-05 10:17	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-05 09:57	attacks	SSH		AbuseIPDB	Apr 5 18:56:09 sshgateway sshd\[14231\]: Invalid user info from 138.68.4.8 Apr 5 18:56:09 sshgateway sshd\[14231\]: pam_unix\(sshd:auth\): authenticat
2019-04-05 02:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 14:05:49 server01 sshd\[25218\]: Invalid user telnet from 138.68.4.8 Apr 5 14:05:49 server01 sshd\[25218\]: pam_unix\(sshd:auth\): authenticatio
2019-04-05 02:05	attacks	SSH		AbuseIPDB	Apr 5 11:05:28 thevastnessof sshd[16656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8
2019-04-04 21:08	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 09:08:22 server01 sshd\[20312\]: Invalid user teamspeak3 from 138.68.4.8 Apr 5 09:08:22 server01 sshd\[20312\]: pam_unix\(sshd:auth\): authentic
2019-04-04 21:08	attacks	SSH		AbuseIPDB	Apr 5 06:08:01 thevastnessof sshd[12700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8
2019-04-04 18:15	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 05:15:32 mail sshd\[7099\]: Invalid user svn from 138.68.4.8 port 47016 Apr 5 05:15:32 mail sshd\[7099\]: Disconnected from 138.68.4.8 port 4701
2019-04-04 16:09	attacks	Brute-Force		AbuseIPDB	Apr 5 03:09:09 s0 sshd\[29075\]: Invalid user devmgr from 138.68.4.8 port 47332 Apr 5 03:09:09 s0 sshd\[29075\]: pam_unix\(sshd:auth\): authentication
2019-04-04 09:31	attacks	Brute-ForceSSH		AbuseIPDB	Triggered by Fail2Ban
2019-04-04 09:26	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-04 02:01	attacks	Brute-ForceSSH		AbuseIPDB	SSH Brute-Force reported by Fail2Ban
2019-04-04 01:04	attacks	Brute-ForceSSH		AbuseIPDB	Multiple failed SSH logins
2019-01-30 05:51	attacks	Brute-ForceSSH		AbuseIPDB	SSH-Bruteforce
2019-02-02 10:38	attacks	Brute-Force		AbuseIPDB	Feb 2 21:32:39 alltele sshd\[27388\]: Invalid user qbf77101 from 138.68.4.8\ Feb 2 21:32:41 alltele sshd\[27388\]: Failed password for invalid user qb
2019-02-02 11:47	attacks	Brute-ForceSSH		AbuseIPDB	Feb 2 21:40:29 ns3041690 sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Feb 2 21:40:31
2019-02-02 12:19	attacks	Brute-ForceSSH		AbuseIPDB	Feb 2 23:16:14 mail sshd\[104208\]: Invalid user cccc from 138.68.4.8 Feb 2 23:16:14 mail sshd\[104208\]: pam_unix\(sshd:auth\): authentication failur
2019-02-02 17:46	attacks	SSH		AbuseIPDB	ssh-bruteforce
2019-02-02 19:45	attacks	Brute-ForceSSH		AbuseIPDB	Feb 3 06:45:25 * sshd[8466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.4.8 Feb 3 06:45:27 * sshd[
2019-02-02 21:26	attacks	Brute-ForceSSH		AbuseIPDB	Tried sshing with brute force.
2019-02-02 22:55	attacks	Brute-ForceSSH		AbuseIPDB	Feb 3 08:55:44 localhost sshd\[30602\]: Invalid user fluffy from 138.68.4.8 port 38504 Feb 3 08:55:44 localhost sshd\[30602\]: pam_unix\(sshd:auth\):
2019-02-02 23:20	attacks	Brute-ForceSSH		AbuseIPDB	Feb 3 10:18:09 mail sshd\[32149\]: Invalid user administrator from 138.68.4.8 Feb 3 10:18:09 mail sshd\[32149\]: pam_unix\(sshd:auth\): authentication
2019-02-03 02:56	attacks	Brute-ForceSSH		AbuseIPDB	Feb 3 13:52:32 mail sshd\[51994\]: Invalid user ftpadmin from 138.68.4.8 Feb 3 13:52:32 mail sshd\[51994\]: pam_unix\(sshd:auth\): authentication fail
2019-03-29 18:18	attacks		bi_any_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_0_1d	BadIPs.com
2019-03-29 18:21	attacks		blocklist_de	Blocklist.de
2019-03-29 18:21	attacks	SSH	blocklist_de_ssh	Blocklist.de
2019-03-29 18:27	attacks		firehol_level2	FireHOL
2019-06-03 23:00	attacks	SSH	nt_ssh_7d	NoThink.org
2019-06-09 17:20	attacks	Bad Web Bot	bi_badbots_0_1d	BadIPs.com
2019-06-09 17:20	attacks	Brute-Force	bi_bruteforce_0_1d	BadIPs.com
2019-06-10 16:01	attacks	Web App AttackApache Attack	blocklist_de_apache	Blocklist.de
2019-06-10 16:01	attacks	Brute-Force	blocklist_de_bruteforce	Blocklist.de
2019-06-11 15:18	attacks		bi_default_0_1d	BadIPs.com
2019-06-11 15:19	attacks		bi_unknown_0_1d	BadIPs.com
2019-06-30 19:29	attacks	Brute-Force	normshield_all_bruteforce	NormShield.com
2019-06-30 19:29	attacks	Brute-Force	normshield_high_bruteforce	NormShield.com
2019-08-12 06:36	attacks		darklist_de	darklist.de
2020-07-31 15:57	attacks		blocklist_de_strongips	Blocklist.de
2020-07-31 16:02	attacks		firehol_level4	FireHOL
2020-07-31 16:10	attacks		greensnow	GreenSnow.co
2020-07-31 16:10	attacks	SSH	haley_ssh	Charles Haley
2020-07-31 16:24	attacks	Fraud VoIP	voipbl	VoIPBL.org
2020-11-05 05:14	abuse	Email Spam	blocklist_net_ua	blocklist.net.ua
2021-04-09 10:38	attacks		firehol_webserver	FireHOL

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

NetRange: 138.68.0.0 - 138.68.255.255
CIDR: 138.68.0.0/16
NetName: DIGITALOCEAN-138-68-0-0
NetHandle: NET-138-68-0-0-1
Parent: NET138 (NET-138-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2016-01-26
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/ 138.68.0.0

OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: 10th Floor
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2021-05-03
Comment: http://www.digitalocean.com
Comment: Simple Cloud Hosting
Ref: https://rdap.arin.net/registry/entity/DO-13

OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse@digitalocean.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN

OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: noc@digitalocean.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: noc@digitalocean.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

most specific ip range is highlighted

Updated : 2022-01-06