138.68.137.20 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorized connection attempt detected from IP address 138.68.137.20 to port 6765 [T]	2020-04-12 16:10:23
attackbots	Brute force attempt	2020-04-09 18:16:43
attack	Apr 4 06:51:24 site3 sshd\[187581\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.20 user=root Apr 4 06:51:26 site3 sshd\[187581\]: Failed password for root from 138.68.137.20 port 55852 ssh2 Apr 4 06:52:29 site3 sshd\[187593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.20 user=root Apr 4 06:52:32 site3 sshd\[187593\]: Failed password for root from 138.68.137.20 port 42846 ssh2 Apr 4 06:53:44 site3 sshd\[187603\]: Invalid user admin from 138.68.137.20 ...	2020-04-04 17:59:15

类型

评论内容

时间

attack

Unauthorized connection attempt detected from IP address 138.68.137.20 to port 6765 [T]

2020-04-12 16:10:23

attackbots

Brute force attempt

2020-04-09 18:16:43

attack

Apr  4 06:51:24 site3 sshd\[187581\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.20  user=root
Apr  4 06:51:26 site3 sshd\[187581\]: Failed password for root from 138.68.137.20 port 55852 ssh2
Apr  4 06:52:29 site3 sshd\[187593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.20  user=root
Apr  4 06:52:32 site3 sshd\[187593\]: Failed password for root from 138.68.137.20 port 42846 ssh2
Apr  4 06:53:44 site3 sshd\[187603\]: Invalid user admin from 138.68.137.20
...

2020-04-04 17:59:15

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.137.169	attack	Sep 7 07:38:29 wbs sshd\[22759\]: Invalid user 12345 from 138.68.137.169 Sep 7 07:38:29 wbs sshd\[22759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.169 Sep 7 07:38:31 wbs sshd\[22759\]: Failed password for invalid user 12345 from 138.68.137.169 port 37900 ssh2 Sep 7 07:42:55 wbs sshd\[23245\]: Invalid user apitest from 138.68.137.169 Sep 7 07:42:55 wbs sshd\[23245\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.169	2019-09-08 01:53:56
138.68.137.169	attackspambots	Aug 30 03:31:02 eddieflores sshd\[21908\]: Invalid user irma from 138.68.137.169 Aug 30 03:31:02 eddieflores sshd\[21908\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.169 Aug 30 03:31:03 eddieflores sshd\[21908\]: Failed password for invalid user irma from 138.68.137.169 port 45362 ssh2 Aug 30 03:35:14 eddieflores sshd\[22259\]: Invalid user kjell from 138.68.137.169 Aug 30 03:35:14 eddieflores sshd\[22259\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.169	2019-08-30 22:03:12
138.68.137.169	attackspam	Automatic report - Banned IP Access	2019-08-16 00:10:19
138.68.137.169	attackbotsspam	Aug 8 00:29:48 www sshd\[392\]: Invalid user fabrice from 138.68.137.169Aug 8 00:29:51 www sshd\[392\]: Failed password for invalid user fabrice from 138.68.137.169 port 51290 ssh2Aug 8 00:33:52 www sshd\[520\]: Invalid user slash from 138.68.137.169 ...	2019-08-08 05:48:47
138.68.137.169	attackspambots	Aug 2 21:31:39 lnxmail61 sshd[8813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.137.169	2019-08-03 04:36:05

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.137.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23119
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.137.20.			IN	A

;; AUTHORITY SECTION:
.			413	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040400 1800 900 604800 86400

;; Query time: 41 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Apr 04 17:59:08 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 20.137.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 20.137.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
34.207.67.28	attack	WordPress wp-login brute force :: 34.207.67.28 0.056 BYPASS [01/Aug/2019:13:27:06 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-01 16:28:04
218.92.0.154	attackspambots	SSH-bruteforce attempts	2019-08-01 16:55:35
218.77.50.45	attackbots	Honeypot attack, port: 139, PTR: PTR record not found	2019-08-01 16:49:25
193.112.129.199	attackspam	Aug 1 03:59:56 vps200512 sshd\[11230\]: Invalid user wch from 193.112.129.199 Aug 1 03:59:56 vps200512 sshd\[11230\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.129.199 Aug 1 03:59:58 vps200512 sshd\[11230\]: Failed password for invalid user wch from 193.112.129.199 port 36692 ssh2 Aug 1 04:05:10 vps200512 sshd\[11366\]: Invalid user webserver from 193.112.129.199 Aug 1 04:05:10 vps200512 sshd\[11366\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.129.199	2019-08-01 16:17:22
117.36.50.61	attackspambots	Aug 1 06:17:33 dedicated sshd[5293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.36.50.61 user=nobody Aug 1 06:17:34 dedicated sshd[5293]: Failed password for nobody from 117.36.50.61 port 55256 ssh2	2019-08-01 16:48:46
5.9.107.211	attack	Automatic report - Banned IP Access	2019-08-01 16:54:11
185.30.177.63	attackspam	Aug105:05:49server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=185.30.177.63\,lip=148.251.104.77\,TLS:Connectionclosed\,session=\Aug105:06:45server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=185.30.177.176\,lip=148.251.104.77\,TLS:Connectionclosed\,session=\Aug105:06:06server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=185.30.177.176\,lip=148.251.104.77\,TLS:Connectionclosed\,session=\Aug105:16:54server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=185.30.177.176\,lip=148.251.104.77\,TLS:Connectionclosed\,session=\Aug105:05:47server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=185.30.177.176\,lip=148.25	2019-08-01 16:34:05
218.92.0.190	attackbotsspam	Aug 1 12:27:42 webhost01 sshd[14746]: Failed password for root from 218.92.0.190 port 25279 ssh2 ...	2019-08-01 16:24:02
5.23.79.3	attackbotsspam	Invalid user support from 5.23.79.3 port 41643	2019-08-01 16:16:19
49.234.102.232	attackbotsspam	Jul 30 05:31:08 penfold sshd[18033]: Invalid user jaimie from 49.234.102.232 port 45282 Jul 30 05:31:08 penfold sshd[18033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.102.232 Jul 30 05:31:10 penfold sshd[18033]: Failed password for invalid user jaimie from 49.234.102.232 port 45282 ssh2 Jul 30 05:31:11 penfold sshd[18033]: Received disconnect from 49.234.102.232 port 45282:11: Bye Bye [preauth] Jul 30 05:31:11 penfold sshd[18033]: Disconnected from 49.234.102.232 port 45282 [preauth] Jul 30 05:44:50 penfold sshd[18439]: Connection closed by 49.234.102.232 port 58610 [preauth] Jul 30 05:46:16 penfold sshd[18544]: Invalid user wave from 49.234.102.232 port 54512 Jul 30 05:46:16 penfold sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.102.232 Jul 30 05:46:17 penfold sshd[18544]: Failed password for invalid user wave from 49.234.102.232 port 54512 ssh2 Jul 30 05........ -------------------------------	2019-08-01 16:47:05
165.227.67.64	attack	Aug 1 08:41:27 ArkNodeAT sshd\[7254\]: Invalid user everdata from 165.227.67.64 Aug 1 08:41:27 ArkNodeAT sshd\[7254\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.67.64 Aug 1 08:41:29 ArkNodeAT sshd\[7254\]: Failed password for invalid user everdata from 165.227.67.64 port 55310 ssh2	2019-08-01 16:42:01
153.36.232.49	attack	Aug 1 10:13:32 MainVPS sshd[12065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.232.49 user=root Aug 1 10:13:33 MainVPS sshd[12065]: Failed password for root from 153.36.232.49 port 13393 ssh2 Aug 1 10:13:57 MainVPS sshd[12101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.232.49 user=root Aug 1 10:13:59 MainVPS sshd[12101]: Failed password for root from 153.36.232.49 port 19554 ssh2 Aug 1 10:14:07 MainVPS sshd[12115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.232.49 user=root Aug 1 10:14:09 MainVPS sshd[12115]: Failed password for root from 153.36.232.49 port 53788 ssh2 ...	2019-08-01 16:20:56
165.227.80.168	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2019-08-01 16:43:58
82.85.143.181	attackspam	Automatic report - Banned IP Access	2019-08-01 16:29:34
106.75.103.35	attackbotsspam	Aug 1 10:14:21 vps647732 sshd[19581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.103.35 Aug 1 10:14:22 vps647732 sshd[19581]: Failed password for invalid user cmt from 106.75.103.35 port 46576 ssh2 ...	2019-08-01 16:22:56

最近上报的IP列表

170.244.188.36	169.38.69.117	198.143.180.182	200.206.145.124
203.69.17.147	206.252.19.75	182.232.37.35	114.227.123.149
8.62.97.71	218.26.179.149	122.59.181.52	27.34.47.87
179.106.107.207	116.7.11.81	91.177.25.162	106.13.52.107
64.52.172.92	80.95.211.130	122.51.7.115	211.144.69.249