138.68.24.138 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Automatic report - XMLRPC Attack	2019-12-11 23:17:40
attack	138.68.24.138 - - [30/Nov/2019:07:18:10 +0100] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.24.138 - - [30/Nov/2019:07:18:11 +0100] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.24.138 - - [30/Nov/2019:07:18:11 +0100] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.24.138 - - [30/Nov/2019:07:18:12 +0100] "POST /wp-login.php HTTP/1.1" 200 1684 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.24.138 - - [30/Nov/2019:07:18:13 +0100] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.24.138 - - [30/Nov/2019:07:18:14 +0100] "POST /wp-login.php HTTP/1.1" 200 1688 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-11-30 21:52:03
attackbots	138.68.24.138 - - \[03/Nov/2019:10:33:57 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.24.138 - - \[03/Nov/2019:10:34:06 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-11-03 19:03:29
attackbots	138.68.24.138 - - \[23/Oct/2019:07:14:01 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.24.138 - - \[23/Oct/2019:07:14:02 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-10-23 15:28:05
attackbots	WordPress wp-login brute force :: 138.68.24.138 0.044 BYPASS [17/Oct/2019:04:47:52 1100] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-17 02:05:22
attackspambots	WordPress wp-login brute force :: 138.68.24.138 0.124 BYPASS [14/Oct/2019:22:50:59 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-14 22:42:34
attack	www.goldgier.de 138.68.24.138 \[28/Sep/2019:00:36:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 8727 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.goldgier.de 138.68.24.138 \[28/Sep/2019:00:36:27 +0200\] "POST /wp-login.php HTTP/1.1" 200 8727 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-09-28 07:09:57
attackspambots	138.68.24.138 - - [29/Aug/2019:01:48:11 +0200] "POST [munged]wp-login.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 0.000	2019-08-29 13:44:01

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.24.88	attack	2020-10-08T11:26:06.297892abusebot-5.cloudsearch.cf sshd[25522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root 2020-10-08T11:26:08.120862abusebot-5.cloudsearch.cf sshd[25522]: Failed password for root from 138.68.24.88 port 41412 ssh2 2020-10-08T11:30:42.634333abusebot-5.cloudsearch.cf sshd[25645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root 2020-10-08T11:30:45.014208abusebot-5.cloudsearch.cf sshd[25645]: Failed password for root from 138.68.24.88 port 42936 ssh2 2020-10-08T11:33:06.379416abusebot-5.cloudsearch.cf sshd[25669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root 2020-10-08T11:33:08.859673abusebot-5.cloudsearch.cf sshd[25669]: Failed password for root from 138.68.24.88 port 52216 ssh2 2020-10-08T11:35:29.195472abusebot-5.cloudsearch.cf sshd[25756]: pam_unix(sshd:auth): authenticat ...	2020-10-09 03:13:12
138.68.24.88	attackspambots	Oct 8 09:38:29 pornomens sshd\[3051\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root Oct 8 09:38:31 pornomens sshd\[3051\]: Failed password for root from 138.68.24.88 port 48838 ssh2 Oct 8 09:42:19 pornomens sshd\[3120\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root ...	2020-10-08 19:17:17
138.68.24.88	attackspambots	Sep 28 12:00:45 roki-contabo sshd\[13203\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 user=root Sep 28 12:00:47 roki-contabo sshd\[13203\]: Failed password for root from 138.68.24.88 port 59256 ssh2 Sep 28 12:06:17 roki-contabo sshd\[13341\]: Invalid user user2 from 138.68.24.88 Sep 28 12:06:17 roki-contabo sshd\[13341\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.24.88 Sep 28 12:06:19 roki-contabo sshd\[13341\]: Failed password for invalid user user2 from 138.68.24.88 port 52608 ssh2 ...	2020-10-05 02:26:18
138.68.24.88	attack	Oct 4 09:24:51 ip-172-31-16-56 sshd\[6311\]: Invalid user testuser2 from 138.68.24.88\ Oct 4 09:24:53 ip-172-31-16-56 sshd\[6311\]: Failed password for invalid user testuser2 from 138.68.24.88 port 35206 ssh2\ Oct 4 09:28:34 ip-172-31-16-56 sshd\[6347\]: Invalid user usuario1 from 138.68.24.88\ Oct 4 09:28:36 ip-172-31-16-56 sshd\[6347\]: Failed password for invalid user usuario1 from 138.68.24.88 port 41814 ssh2\ Oct 4 09:32:17 ip-172-31-16-56 sshd\[6380\]: Invalid user ben from 138.68.24.88\	2020-10-04 18:10:13
138.68.247.104	attack	138.68.247.104 - - - [03/Oct/2020:21:29:36 +0200] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"	2020-10-04 06:55:34
138.68.247.104	attackspam	Unauthorized connection attempt detected, IP banned.	2020-10-03 23:06:40
138.68.247.104	attackspam	Unauthorized connection attempt detected, IP banned.	2020-10-03 14:49:41
138.68.248.80	attackbotsspam	Invalid user minecraft from 138.68.248.80 port 40102	2020-09-29 05:29:19
138.68.248.80	attack	2020-09-28T11:25:45.097195vps-d63064a2 sshd[16738]: Invalid user adi from 138.68.248.80 port 49768 2020-09-28T11:25:47.228216vps-d63064a2 sshd[16738]: Failed password for invalid user adi from 138.68.248.80 port 49768 ssh2 2020-09-28T11:31:18.644362vps-d63064a2 sshd[16822]: Invalid user jessica from 138.68.248.80 port 59084 2020-09-28T11:31:18.654134vps-d63064a2 sshd[16822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.248.80 2020-09-28T11:31:18.644362vps-d63064a2 sshd[16822]: Invalid user jessica from 138.68.248.80 port 59084 2020-09-28T11:31:20.824607vps-d63064a2 sshd[16822]: Failed password for invalid user jessica from 138.68.248.80 port 59084 ssh2 ...	2020-09-28 21:49:21
138.68.248.80	attackbots	SSH bruteforce	2020-09-28 13:56:16
138.68.24.88	attackspambots	Sep 26 16:40:14 db sshd[29711]: User root from 138.68.24.88 not allowed because none of user's groups are listed in AllowGroups ...	2020-09-27 02:40:52
138.68.24.88	attackbotsspam	Invalid user saeed from 138.68.24.88 port 35796	2020-09-26 18:37:09
138.68.246.71	attackspambots	138.68.246.71 - - [21/Sep/2020:16:11:10 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.246.71 - - [21/Sep/2020:16:11:17 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.246.71 - - [21/Sep/2020:16:11:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-22 03:56:26
138.68.246.71	attackspam	xmlrpc attack	2020-09-21 19:45:20
138.68.248.80	attackbotsspam	Invalid user ftpuser from 138.68.248.80 port 60418	2020-09-19 21:41:57

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.24.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9011
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.24.138.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082900 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Aug 29 13:43:52 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 138.24.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 138.24.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
167.248.133.35	attackbotsspam	Sep 3 08:59:17 baraca inetd[94461]: refused connection from scanner-08.ch1.censys-scanner.com, service sshd (tcp) Sep 3 08:59:18 baraca inetd[94462]: refused connection from scanner-08.ch1.censys-scanner.com, service sshd (tcp) Sep 3 08:59:19 baraca inetd[94464]: refused connection from scanner-08.ch1.censys-scanner.com, service sshd (tcp) ...	2020-09-03 14:59:39
175.6.6.147	attackspam	SSH brute force	2020-09-03 15:13:23
134.209.123.101	attack	134.209.123.101 - - [03/Sep/2020:07:00:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1905 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.123.101 - - [03/Sep/2020:07:00:54 +0100] "POST /wp-login.php HTTP/1.1" 200 1890 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.123.101 - - [03/Sep/2020:07:00:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1887 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-03 14:52:48
31.223.43.131	attack	Attempted connection to port 80.	2020-09-03 15:00:47
181.129.167.166	attackbotsspam	Sep 3 02:34:13 george sshd[17269]: Failed password for invalid user emily from 181.129.167.166 port 19393 ssh2 Sep 3 02:41:21 george sshd[17419]: Invalid user ten from 181.129.167.166 port 60993 Sep 3 02:41:21 george sshd[17419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.129.167.166 Sep 3 02:41:23 george sshd[17419]: Failed password for invalid user ten from 181.129.167.166 port 60993 ssh2 Sep 3 02:44:56 george sshd[17433]: Invalid user steam from 181.129.167.166 port 37793 ...	2020-09-03 14:51:48
51.75.126.115	attackbots	$f2bV_matches	2020-09-03 15:02:17
3.218.77.26	attack	Fail2Ban Ban Triggered HTTP Fake Web Crawler	2020-09-03 14:45:44
85.209.0.100	attackspambots	6x Failed Password	2020-09-03 14:56:10
217.182.68.93	attackbots	Invalid user pip from 217.182.68.93 port 55826	2020-09-03 15:05:22
37.152.178.44	attack	(sshd) Failed SSH login from 37.152.178.44 (IR/Iran/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 2 18:16:40 server sshd[13581]: Invalid user atul from 37.152.178.44 port 43528 Sep 2 18:16:41 server sshd[13581]: Failed password for invalid user atul from 37.152.178.44 port 43528 ssh2 Sep 2 18:32:07 server sshd[17898]: Invalid user odoo from 37.152.178.44 port 42504 Sep 2 18:32:10 server sshd[17898]: Failed password for invalid user odoo from 37.152.178.44 port 42504 ssh2 Sep 2 18:37:17 server sshd[19251]: Invalid user joao from 37.152.178.44 port 49088	2020-09-03 14:41:44
161.35.200.233	attackspam	Invalid user aaaaa from 161.35.200.233 port 40118	2020-09-03 14:44:03
78.25.125.198	attackspambots	Unauthorized connection attempt from IP address 78.25.125.198 on Port 445(SMB)	2020-09-03 14:45:26
177.220.133.158	attackbots	Invalid user globalflash from 177.220.133.158 port 33895	2020-09-03 15:16:26
66.68.187.140	attack	Sep 3 12:47:44 itv-usvr-02 sshd[13720]: Invalid user cumulus from 66.68.187.140 port 45294 Sep 3 12:47:44 itv-usvr-02 sshd[13720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.68.187.140 Sep 3 12:47:44 itv-usvr-02 sshd[13720]: Invalid user cumulus from 66.68.187.140 port 45294 Sep 3 12:47:46 itv-usvr-02 sshd[13720]: Failed password for invalid user cumulus from 66.68.187.140 port 45294 ssh2 Sep 3 12:51:44 itv-usvr-02 sshd[13865]: Invalid user dxp from 66.68.187.140 port 53324	2020-09-03 14:48:53
45.167.8.142	attackbotsspam	Autoban 45.167.8.142 AUTH/CONNECT	2020-09-03 14:40:31

最近上报的IP列表

59.39.141.53	67.130.182.124	177.17.154.164	184.101.69.109
141.223.12.41	124.64.126.111	45.82.153.37	106.87.51.47
5.141.190.10	212.73.44.9	182.112.139.186	43.251.73.183
233.87.200.55	106.57.172.7	185.85.163.221	173.255.215.233
117.82.92.177	103.47.57.165	180.164.209.163	91.210.159.147