138.68.245.137

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	138.68.245.137 - - \[25/Mar/2020:06:04:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 6699 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:26 +0100\] "POST /wp-login.php HTTP/1.0" 200 11606 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:29 +0100\] "POST /wp-login.php HTTP/1.0" 200 6515 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-25 14:11:37
attackbots	C1,WP GET /nelson/wp-login.php	2020-02-25 03:01:15
attackspam	WordPress wp-login brute force :: 138.68.245.137 0.124 - [03/Feb/2020:08:12:07 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-02-03 17:06:47
attackbots	WordPress wp-login brute force :: 138.68.245.137 0.148 - [08/Jan/2020:13:05:25 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-01-08 22:21:01
attackspam	WordPress login Brute force / Web App Attack on client site.	2019-12-21 17:26:25
attackbotsspam	138.68.245.137 - - \[09/Dec/2019:13:29:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 7538 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:52 +0100\] "POST /wp-login.php HTTP/1.0" 200 7363 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:55 +0100\] "POST /wp-login.php HTTP/1.0" 200 7358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-12-09 21:59:57
attackspam	xmlrpc attack	2019-12-03 03:58:36
attackbotsspam	138.68.245.137 - - \[22/Nov/2019:13:15:04 +0100\] "POST /wp-login.php HTTP/1.0" 200 5269 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:07 +0100\] "POST /wp-login.php HTTP/1.0" 200 5099 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:10 +0100\] "POST /wp-login.php HTTP/1.0" 200 5093 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-22 21:49:36
attackbots	11/11/2019-19:29:10.464285 138.68.245.137 Protocol: 6 ET POLICY Cleartext WordPress Login	2019-11-12 03:21:53
attack	WordPress login Brute force / Web App Attack on client site.	2019-11-11 18:31:26
attack	www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:44 +0100\] "POST /wp-login.php HTTP/1.1" 200 5785 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:50 +0100\] "POST /wp-login.php HTTP/1.1" 200 5789 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-04 01:23:31
attackspam	C1,WP GET /suche/wp-login.php	2019-11-03 02:14:00
attack	WordPress wp-login brute force :: 138.68.245.137 0.260 BYPASS [11/Oct/2019:07:11:30 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-11 04:33:20
attackbots	Automatic report - XMLRPC Attack	2019-10-07 19:53:27
attackbots	xmlrpc.php	2019-08-31 20:28:32
attackbotsspam	www.lust-auf-land.com 138.68.245.137 \[26/Aug/2019:15:38:03 +0200\] "POST /wp-login.php HTTP/1.1" 200 5787 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.lust-auf-land.com 138.68.245.137 \[26/Aug/2019:15:38:09 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-08-26 22:07:29

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.245.152	attackbots	Invalid user digiacomo from 138.68.245.152 port 46472	2020-08-22 14:07:40
138.68.245.152	attackspambots	Aug 21 01:49:25 george sshd[13051]: Failed password for root from 138.68.245.152 port 35384 ssh2 Aug 21 01:51:59 george sshd[13081]: Invalid user install from 138.68.245.152 port 50052 Aug 21 01:51:59 george sshd[13081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 Aug 21 01:52:01 george sshd[13081]: Failed password for invalid user install from 138.68.245.152 port 50052 ssh2 Aug 21 01:54:38 george sshd[13103]: Invalid user kasutaja from 138.68.245.152 port 36482 ...	2020-08-21 14:24:08
138.68.245.152	attackbots	Automatic report - Banned IP Access	2020-08-19 08:32:45
138.68.245.152	attackbotsspam	$f2bV_matches	2020-08-15 08:25:28
138.68.245.152	attack	Aug 9 12:27:06 game-panel sshd[22652]: Failed password for root from 138.68.245.152 port 39360 ssh2 Aug 9 12:31:01 game-panel sshd[22810]: Failed password for root from 138.68.245.152 port 49706 ssh2	2020-08-09 20:35:44
138.68.245.152	attackbotsspam	Aug 7 22:52:14 sshgateway sshd\[7796\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root Aug 7 22:52:16 sshgateway sshd\[7796\]: Failed password for root from 138.68.245.152 port 54592 ssh2 Aug 7 22:54:17 sshgateway sshd\[7807\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root	2020-08-08 06:12:28
138.68.245.152	attack	Aug 8 01:03:19 webhost01 sshd[1644]: Failed password for root from 138.68.245.152 port 34402 ssh2 ...	2020-08-08 02:23:17

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.245.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30702
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.245.137.			IN	A

;; AUTHORITY SECTION:
.			2305	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082600 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 26 22:07:05 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 137.245.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 137.245.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
190.60.94.189	attack	2020-03-26T18:23:20.155729rocketchat.forhosting.nl sshd[2899]: Invalid user var from 190.60.94.189 port 18941 2020-03-26T18:23:21.650358rocketchat.forhosting.nl sshd[2899]: Failed password for invalid user var from 190.60.94.189 port 18941 ssh2 2020-03-26T18:35:16.375488rocketchat.forhosting.nl sshd[3141]: Invalid user www from 190.60.94.189 port 47506 ...	2020-03-27 03:25:14
23.29.9.21	attackspambots	Honeypot attack, port: 5555, PTR: 23-29-9-21.netptc.net.	2020-03-27 03:21:13
188.166.165.228	attackspambots	Mar 26 15:27:05 ws24vmsma01 sshd[118926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.165.228 Mar 26 15:27:07 ws24vmsma01 sshd[118926]: Failed password for invalid user postgres from 188.166.165.228 port 51398 ssh2 ...	2020-03-27 03:16:11
203.24.50.138	attackbots	Mar 26 20:05:40 prox sshd[28146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.24.50.138 Mar 26 20:05:42 prox sshd[28146]: Failed password for invalid user xaviar from 203.24.50.138 port 42932 ssh2	2020-03-27 03:15:46
190.103.181.253	attackbotsspam	Lines containing failures of 190.103.181.253 Mar 26 13:05:26 own sshd[13291]: Invalid user teste from 190.103.181.253 port 58255 Mar 26 13:05:26 own sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.181.253 Mar 26 13:05:27 own sshd[13291]: Failed password for invalid user teste from 190.103.181.253 port 58255 ssh2 Mar 26 13:05:28 own sshd[13291]: Received disconnect from 190.103.181.253 port 58255:11: Bye Bye [preauth] Mar 26 13:05:28 own sshd[13291]: Disconnected from invalid user teste 190.103.181.253 port 58255 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=190.103.181.253	2020-03-27 03:41:31
134.122.118.229	attackspambots	" "	2020-03-27 03:12:02
212.129.63.209	attack	Automatic report - Port Scan Attack	2020-03-27 03:39:24
193.252.189.177	attackbots	2020-03-26T19:24:09.358509librenms sshd[6701]: Invalid user cisco from 193.252.189.177 port 33954 2020-03-26T19:24:11.164565librenms sshd[6701]: Failed password for invalid user cisco from 193.252.189.177 port 33954 ssh2 2020-03-26T19:28:09.828540librenms sshd[7202]: Invalid user web1 from 193.252.189.177 port 51774 ...	2020-03-27 03:13:43
35.168.59.90	attack	Bad Bot, Forum Spammer	2020-03-27 03:33:47
96.114.71.147	attackbots	$f2bV_matches	2020-03-27 03:20:29
177.103.202.52	attackbots	Honeypot attack, port: 81, PTR: 177-103-202-52.dsl.telesp.net.br.	2020-03-27 03:26:03
172.247.123.16	attackspambots	Mar 26 13:14:44 Ubuntu-1404-trusty-64-minimal sshd\[25882\]: Invalid user iepure from 172.247.123.16 Mar 26 13:14:44 Ubuntu-1404-trusty-64-minimal sshd\[25882\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.123.16 Mar 26 13:14:45 Ubuntu-1404-trusty-64-minimal sshd\[25882\]: Failed password for invalid user iepure from 172.247.123.16 port 46880 ssh2 Mar 26 13:34:14 Ubuntu-1404-trusty-64-minimal sshd\[6930\]: Invalid user eugene from 172.247.123.16 Mar 26 13:34:14 Ubuntu-1404-trusty-64-minimal sshd\[6930\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.247.123.16	2020-03-27 03:40:23
14.186.179.69	attackbots	Mar 26 13:03:44 tux sshd[20448]: Address 14.186.179.69 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Mar 26 13:03:44 tux sshd[20448]: Invalid user admin from 14.186.179.69 Mar 26 13:03:44 tux sshd[20448]: Connection closed by 14.186.179.69 [preauth] Mar 26 13:03:51 tux sshd[20450]: Address 14.186.179.69 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Mar 26 13:03:51 tux sshd[20450]: Invalid user admin from 14.186.179.69 Mar 26 13:03:51 tux sshd[20450]: Connection closed by 14.186.179.69 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=14.186.179.69	2020-03-27 03:37:51
122.51.92.215	attackspam	Mar 26 18:59:31 serwer sshd\[22820\]: Invalid user leya from 122.51.92.215 port 37944 Mar 26 18:59:31 serwer sshd\[22820\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.92.215 Mar 26 18:59:33 serwer sshd\[22820\]: Failed password for invalid user leya from 122.51.92.215 port 37944 ssh2 ...	2020-03-27 03:17:52
195.161.41.222	attackspambots	1585225284 - 03/26/2020 13:21:24 Host: 195.161.41.222/195.161.41.222 Port: 22 TCP Blocked	2020-03-27 03:26:47

最近上报的IP列表

37.191.172.177	201.184.130.194	37.210.201.211	175.211.105.99
37.252.15.154	83.97.20.145	227.118.36.225	177.19.46.77
37.34.251.132	78.198.55.70	95.90.133.44	54.37.233.20
212.129.11.232	191.243.57.237	91.79.15.146	90.253.220.86
95.167.111.162	125.167.251.184	213.130.128.207	104.211.240.166