138.204.24.49 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Brazil

运营商(isp): Copel Telecomunicacoes S.A.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Mar 29 19:48:54 ws19vmsma01 sshd[98427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.49 Mar 29 19:48:56 ws19vmsma01 sshd[98427]: Failed password for invalid user gxy from 138.204.24.49 port 58582 ssh2 ...	2020-03-30 08:12:53
attackbotsspam	Fail2Ban Ban Triggered (2)	2020-03-29 22:44:06

类型

评论内容

时间

attack

Mar 29 19:48:54 ws19vmsma01 sshd[98427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.49
Mar 29 19:48:56 ws19vmsma01 sshd[98427]: Failed password for invalid user gxy from 138.204.24.49 port 58582 ssh2
...

2020-03-30 08:12:53

attackbotsspam

Fail2Ban Ban Triggered (2)

2020-03-29 22:44:06

相同子网IP讨论:

IP	类型	评论内容	时间
138.204.24.67	attackspambots	repeated SSH login attempts	2020-10-10 05:58:51
138.204.24.67	attackspambots	(sshd) Failed SSH login from 138.204.24.67 (BR/Brazil/67.24.204.138.rfc6598.dynamic.copelfibra.com.br): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 9 07:09:31 server sshd[3739]: Invalid user vagrant from 138.204.24.67 port 26781 Oct 9 07:09:33 server sshd[3739]: Failed password for invalid user vagrant from 138.204.24.67 port 26781 ssh2 Oct 9 07:32:49 server sshd[9560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.67 user=sshd Oct 9 07:32:51 server sshd[9560]: Failed password for sshd from 138.204.24.67 port 32362 ssh2 Oct 9 07:36:39 server sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.67 user=root	2020-10-09 22:05:13
138.204.24.67	attackspam	Oct 8 20:24:22 logopedia-1vcpu-1gb-nyc1-01 sshd[226296]: Invalid user oracle from 138.204.24.67 port 54720 ...	2020-10-09 13:55:54
138.204.24.69	attack	2020-08-22T05:06:58.430086shield sshd\[10730\]: Invalid user system from 138.204.24.69 port 63497 2020-08-22T05:06:58.440969shield sshd\[10730\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.69 2020-08-22T05:06:59.911227shield sshd\[10730\]: Failed password for invalid user system from 138.204.24.69 port 63497 ssh2 2020-08-22T05:12:24.576332shield sshd\[11973\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.69 user=root 2020-08-22T05:12:26.468073shield sshd\[11973\]: Failed password for root from 138.204.24.69 port 8358 ssh2	2020-08-22 13:16:36
138.204.24.69	attackspam	sshd: Failed password for invalid user .... from 138.204.24.69 port 38575 ssh2 (5 attempts)	2020-08-20 19:44:34
138.204.24.73	attack	Aug 17 05:54:16 vmd17057 sshd[32019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.73 Aug 17 05:54:19 vmd17057 sshd[32019]: Failed password for invalid user szk from 138.204.24.73 port 27239 ssh2 ...	2020-08-17 19:56:00
138.204.24.73	attackspambots	Aug 7 17:44:17 myhostname sshd[10446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.73 user=r.r Aug 7 17:44:19 myhostname sshd[10446]: Failed password for r.r from 138.204.24.73 port 16138 ssh2 Aug 7 17:44:19 myhostname sshd[10446]: Received disconnect from 138.204.24.73 port 16138:11: Bye Bye [preauth] Aug 7 17:44:19 myhostname sshd[10446]: Disconnected from 138.204.24.73 port 16138 [preauth] Aug 7 17:47:02 myhostname sshd[12659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.73 user=r.r ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=138.204.24.73	2020-08-09 03:08:17
138.204.24.70	attackbots	Invalid user ab from 138.204.24.70 port 58604	2020-07-22 08:04:25
138.204.24.25	attackbotsspam	$f2bV_matches	2020-07-10 07:50:12
138.204.24.31	attack	$f2bV_matches	2020-07-04 04:31:49
138.204.24.32	attackbotsspam	$f2bV_matches	2020-07-04 04:29:14
138.204.24.11	attackbotsspam	Jun 25 19:29:30 host2 sshd[14979]: reveeclipse mapping checking getaddrinfo for 11.24.204.138.rfc6598.dynamic.copelfibra.com.br [138.204.24.11] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 25 19:29:30 host2 sshd[14979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.11 user=r.r Jun 25 19:29:32 host2 sshd[14979]: Failed password for r.r from 138.204.24.11 port 12852 ssh2 Jun 25 19:29:33 host2 sshd[14979]: Received disconnect from 138.204.24.11: 11: Bye Bye [preauth] Jun 25 19:37:54 host2 sshd[17083]: reveeclipse mapping checking getaddrinfo for 11.24.204.138.rfc6598.dynamic.copelfibra.com.br [138.204.24.11] failed - POSSIBLE BREAK-IN ATTEMPT! Jun 25 19:37:54 host2 sshd[17083]: Invalid user luan from 138.204.24.11 Jun 25 19:37:54 host2 sshd[17083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.11 Jun 25 19:37:56 host2 sshd[17083]: Failed password for invalid user luan fro........ -------------------------------	2020-06-26 22:29:06
138.204.24.11	attackbots	Jun 26 12:13:31 h2779839 sshd[18878]: Invalid user j from 138.204.24.11 port 58089 Jun 26 12:13:31 h2779839 sshd[18878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.11 Jun 26 12:13:31 h2779839 sshd[18878]: Invalid user j from 138.204.24.11 port 58089 Jun 26 12:13:33 h2779839 sshd[18878]: Failed password for invalid user j from 138.204.24.11 port 58089 ssh2 Jun 26 12:17:15 h2779839 sshd[18928]: Invalid user jenkins from 138.204.24.11 port 51917 Jun 26 12:17:15 h2779839 sshd[18928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.11 Jun 26 12:17:15 h2779839 sshd[18928]: Invalid user jenkins from 138.204.24.11 port 51917 Jun 26 12:17:17 h2779839 sshd[18928]: Failed password for invalid user jenkins from 138.204.24.11 port 51917 ssh2 Jun 26 12:21:01 h2779839 sshd[18960]: Invalid user apache2 from 138.204.24.11 port 28887 ...	2020-06-26 18:35:08
138.204.24.211	spambotsattackproxynormal	Tenho intruso	2020-06-02 13:08:11
138.204.24.142	attackspambots	2020-04-24T05:01:30.439802shield sshd\[12012\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.142 user=root 2020-04-24T05:01:32.724860shield sshd\[12012\]: Failed password for root from 138.204.24.142 port 4299 ssh2 2020-04-24T05:05:45.202946shield sshd\[12952\]: Invalid user lr from 138.204.24.142 port 32581 2020-04-24T05:05:45.207444shield sshd\[12952\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.24.142 2020-04-24T05:05:47.165330shield sshd\[12952\]: Failed password for invalid user lr from 138.204.24.142 port 32581 ssh2	2020-04-24 15:18:12

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.204.24.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50395
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.204.24.49.			IN	A

;; AUTHORITY SECTION:
.			443	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032900 1800 900 604800 86400

;; Query time: 90 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Mar 29 22:43:57 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

49.24.204.138.in-addr.arpa domain name pointer 49.24.204.138.rfc6598.dynamic.copelfibra.com.br.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
49.24.204.138.in-addr.arpa	name = 49.24.204.138.rfc6598.dynamic.copelfibra.com.br.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
85.105.42.85	attack	1599583960 - 09/08/2020 18:52:40 Host: 85.105.42.85/85.105.42.85 Port: 445 TCP Blocked	2020-09-09 08:43:28
45.227.255.4	attackbots	honeypot 22 port	2020-09-09 12:04:09
118.45.190.167	attackbotsspam	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth): user=root	2020-09-09 12:09:11
139.199.14.128	attackspam	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth):	2020-09-09 08:33:48
167.99.66.74	attack	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth):	2020-09-09 08:42:28
202.77.105.110	attack	Sep 8 21:58:28 localhost sshd\[15737\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.77.105.110 user=root Sep 8 21:58:30 localhost sshd\[15737\]: Failed password for root from 202.77.105.110 port 43504 ssh2 Sep 8 22:06:26 localhost sshd\[15885\]: Invalid user chuy from 202.77.105.110 port 33290 ...	2020-09-09 12:03:16
123.54.238.19	attackspambots	SSH brute force	2020-09-09 12:28:54
123.206.28.232	attack	Sep 8 20:51:27 firewall sshd[18761]: Failed password for root from 123.206.28.232 port 52528 ssh2 Sep 8 20:54:55 firewall sshd[18945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.206.28.232 user=root Sep 8 20:54:58 firewall sshd[18945]: Failed password for root from 123.206.28.232 port 51728 ssh2 ...	2020-09-09 08:34:43
62.138.7.194	attackspambots	Port scan on 1 port(s): 21	2020-09-09 12:21:32
2a00:23c4:b60b:e700:a532:1987:ad6:c26f	attack	xmlrpc attack	2020-09-09 12:20:29
192.42.116.28	attackspam	(sshd) Failed SSH login from 192.42.116.28 (NL/Netherlands/this-is-a-tor-exit-node-hviv128.hviv.nl): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 9 00:17:34 server sshd[7609]: Failed password for root from 192.42.116.28 port 55402 ssh2 Sep 9 00:17:37 server sshd[7609]: Failed password for root from 192.42.116.28 port 55402 ssh2 Sep 9 00:17:39 server sshd[7609]: Failed password for root from 192.42.116.28 port 55402 ssh2 Sep 9 00:17:41 server sshd[7609]: Failed password for root from 192.42.116.28 port 55402 ssh2 Sep 9 00:17:44 server sshd[7609]: Failed password for root from 192.42.116.28 port 55402 ssh2	2020-09-09 12:26:31
45.63.83.160	attack	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth): user=root	2020-09-09 12:08:12
62.210.172.189	attackbots	Automatic report - XMLRPC Attack	2020-09-09 08:37:09
222.186.175.151	attackspam	Sep 9 06:16:03 server sshd[60593]: Failed none for root from 222.186.175.151 port 36088 ssh2 Sep 9 06:16:06 server sshd[60593]: Failed password for root from 222.186.175.151 port 36088 ssh2 Sep 9 06:16:09 server sshd[60593]: Failed password for root from 222.186.175.151 port 36088 ssh2	2020-09-09 12:22:14
91.205.217.22	attack	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth): user=root	2020-09-09 12:27:34

最近上报的IP列表

8.96.47.83	222.186.15.62	189.68.232.177	162.247.65.9
203.195.162.63	201.141.119.96	214.206.137.109	238.102.15.130
51.38.130.205	194.31.244.30	173.214.188.76	90.188.117.237
187.188.51.157	31.220.51.151	192.241.244.66	78.188.164.95
118.126.96.194	111.230.210.78	82.208.17.193	95.38.172.19