This IP address has been reported a total of
189
times from
84 distinct
sources.
138.68.101.74 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
ICS Labs identified 138.68.101.74 as a malicious indicator from threat intelligence.
DDoS Attack
Port Scan
Hacking
Brute-Force
Exploited Host
Anonymous
2026-05-27 04:51:25,715 fail2ban.actions [3799592]: NOTICE [sshd] Ban 138.68.101.74
2026-05- ...
show more2026-05-27 04:51:25,715 fail2ban.actions [3799592]: NOTICE [sshd] Ban 138.68.101.74
2026-05-27 05:12:44,401 fail2ban.actions [3799592]: NOTICE [sshd] Ban 138.68.101.74
...
show less
2026-05-24 06:37:30 server sshd[24024]: Failed password for invalid user mcgreer from 138.68.101.74 ...
show more2026-05-24 06:37:30 server sshd[24024]: Failed password for invalid user mcgreer from 138.68.101.74 port 52174 ssh2
show less
Brute-Force
SSH
Anonymous
Failed login attempt detected by Fail2Ban in ssh jail
25 May 2026 02:28:16UTC:Distributed Brute Force Password Attack (smtp, ftp, imap, pop, ssh) includin ...
show more25 May 2026 02:28:16UTC:Distributed Brute Force Password Attack (smtp, ftp, imap, pop, ssh) including ip address 138.68.101.74
show less
May 24 23:50:54 srv05 proftpd[425689]: 136.243.127.48 (138.68.101.74[138.68.101.74]) - USER mopednow ...
show moreMay 24 23:50:54 srv05 proftpd[425689]: 136.243.127.48 (138.68.101.74[138.68.101.74]) - USER mopednowka: no such user found from 138.68.101.74 [138.68.101.74] to 136.243.127.48:21
May 25 00:36:53 srv05 proftpd[430247]: 136.243.127.48 (138.68.101.74[138.68.101.74]) - USER www-data (Login failed): Incorrect password
May 25 01:21:32 srv05 proftpd[433154]: 136.243.127.48 (138.68.101.74[138.68.101.74]) - USER mopednowka: no such user found from 138.68.101.74 [138.68.101.74] to 136.243.127.48:21
May 25
...
show less
2026-05-24T20:49:31.058443+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[278904]: Invalid user darthtellectu ...
show more2026-05-24T20:49:31.058443+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[278904]: Invalid user darthtellectus from 138.68.101.74 port 38974
2026-05-24T20:49:32.425398+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[278904]: Connection closed by invalid user darthtellectus 138.68.101.74 port 38974 [preauth]
...
show less
Hacking
Brute-Force
SSH
Anonymous
May 24 14:04:35 ubuntu sshd[3982413]: Invalid user fiolka from 138.68.101.74 port 60356
May 24 16:35 ...
show moreMay 24 14:04:35 ubuntu sshd[3982413]: Invalid user fiolka from 138.68.101.74 port 60356
May 24 16:35:32 ubuntu sshd[4095355]: Invalid user test from 138.68.101.74 port 56730
May 24 20:27:19 ubuntu sshd[75049]: Invalid user fiolka from 138.68.101.74 port 53398
...
show less
138.68.101.74 (DE/Germany/-), 5 distributed sshd attacks on account [cvturkce] in the last 3600 secs ...
show more138.68.101.74 (DE/Germany/-), 5 distributed sshd attacks on account [cvturkce] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: May 24 21:44:16 localhost sshd[75880]: Invalid user cvturkce from 5.188.156.61 port 55054
May 24 21:40:13 localhost sshd[75782]: Invalid user cvturkce from 31.97.221.238 port 54740
May 24 22:03:04 localhost sshd[76456]: Invalid user cvturkce from 163.44.192.82 port 58488
May 24 22:19:23 localhost sshd[76970]: Invalid user cvturkce from 138.68.101.74 port 39654
May 24 21:21:35 localhost sshd[75243]: Invalid user cvturkce from 163.44.192.82 port 36334
IP Addresses Blocked:
5.188.156.61 (RU/Russia/-)
31.97.221.238 (ID/Indonesia/srv1631141.hstgr.cloud)
163.44.192.82 (VN/Vietnam/v163-44-192-82.a001.g.han1.static.cnode.io)
show less
FTP Brute-Force
Port Scan
Brute-Force
Web App Attack
SSH
2026-05-24T16:54:00.177853+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[222022]: Invalid user test from 138 ...
show more2026-05-24T16:54:00.177853+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[222022]: Invalid user test from 138.68.101.74 port 57750
2026-05-24T16:54:01.737518+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[222022]: Connection closed by invalid user test 138.68.101.74 port 57750 [preauth]
...
show less
Hacking
Brute-Force
SSH
Showing 1 to
15
of 189 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ