138.68.245.137

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	138.68.245.137 - - \[25/Mar/2020:06:04:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 6699 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:26 +0100\] "POST /wp-login.php HTTP/1.0" 200 11606 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:29 +0100\] "POST /wp-login.php HTTP/1.0" 200 6515 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-25 14:11:37
attackbots	C1,WP GET /nelson/wp-login.php	2020-02-25 03:01:15
attackspam	WordPress wp-login brute force :: 138.68.245.137 0.124 - [03/Feb/2020:08:12:07 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-02-03 17:06:47
attackbots	WordPress wp-login brute force :: 138.68.245.137 0.148 - [08/Jan/2020:13:05:25 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-01-08 22:21:01
attackspam	WordPress login Brute force / Web App Attack on client site.	2019-12-21 17:26:25
attackbotsspam	138.68.245.137 - - \[09/Dec/2019:13:29:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 7538 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:52 +0100\] "POST /wp-login.php HTTP/1.0" 200 7363 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:55 +0100\] "POST /wp-login.php HTTP/1.0" 200 7358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-12-09 21:59:57
attackspam	xmlrpc attack	2019-12-03 03:58:36
attackbotsspam	138.68.245.137 - - \[22/Nov/2019:13:15:04 +0100\] "POST /wp-login.php HTTP/1.0" 200 5269 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:07 +0100\] "POST /wp-login.php HTTP/1.0" 200 5099 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:10 +0100\] "POST /wp-login.php HTTP/1.0" 200 5093 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-22 21:49:36
attackbots	11/11/2019-19:29:10.464285 138.68.245.137 Protocol: 6 ET POLICY Cleartext WordPress Login	2019-11-12 03:21:53
attack	WordPress login Brute force / Web App Attack on client site.	2019-11-11 18:31:26
attack	www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:44 +0100\] "POST /wp-login.php HTTP/1.1" 200 5785 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:50 +0100\] "POST /wp-login.php HTTP/1.1" 200 5789 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-04 01:23:31
attackspam	C1,WP GET /suche/wp-login.php	2019-11-03 02:14:00
attack	WordPress wp-login brute force :: 138.68.245.137 0.260 BYPASS [11/Oct/2019:07:11:30 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-11 04:33:20
attackbots	Automatic report - XMLRPC Attack	2019-10-07 19:53:27
attackbots	xmlrpc.php	2019-08-31 20:28:32
attackbotsspam	www.lust-auf-land.com 138.68.245.137 \[26/Aug/2019:15:38:03 +0200\] "POST /wp-login.php HTTP/1.1" 200 5787 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.lust-auf-land.com 138.68.245.137 \[26/Aug/2019:15:38:09 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-08-26 22:07:29

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.245.152	attackbots	Invalid user digiacomo from 138.68.245.152 port 46472	2020-08-22 14:07:40
138.68.245.152	attackspambots	Aug 21 01:49:25 george sshd[13051]: Failed password for root from 138.68.245.152 port 35384 ssh2 Aug 21 01:51:59 george sshd[13081]: Invalid user install from 138.68.245.152 port 50052 Aug 21 01:51:59 george sshd[13081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 Aug 21 01:52:01 george sshd[13081]: Failed password for invalid user install from 138.68.245.152 port 50052 ssh2 Aug 21 01:54:38 george sshd[13103]: Invalid user kasutaja from 138.68.245.152 port 36482 ...	2020-08-21 14:24:08
138.68.245.152	attackbots	Automatic report - Banned IP Access	2020-08-19 08:32:45
138.68.245.152	attackbotsspam	$f2bV_matches	2020-08-15 08:25:28
138.68.245.152	attack	Aug 9 12:27:06 game-panel sshd[22652]: Failed password for root from 138.68.245.152 port 39360 ssh2 Aug 9 12:31:01 game-panel sshd[22810]: Failed password for root from 138.68.245.152 port 49706 ssh2	2020-08-09 20:35:44
138.68.245.152	attackbotsspam	Aug 7 22:52:14 sshgateway sshd\[7796\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root Aug 7 22:52:16 sshgateway sshd\[7796\]: Failed password for root from 138.68.245.152 port 54592 ssh2 Aug 7 22:54:17 sshgateway sshd\[7807\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root	2020-08-08 06:12:28
138.68.245.152	attack	Aug 8 01:03:19 webhost01 sshd[1644]: Failed password for root from 138.68.245.152 port 34402 ssh2 ...	2020-08-08 02:23:17

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.245.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30702
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.245.137.			IN	A

;; AUTHORITY SECTION:
.			2305	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082600 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 26 22:07:05 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 137.245.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 137.245.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
220.178.75.153	attack	Apr 24 17:11:32 gw1 sshd[26778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.178.75.153 Apr 24 17:11:34 gw1 sshd[26778]: Failed password for invalid user musikbot from 220.178.75.153 port 41493 ssh2 ...	2020-04-24 20:18:59
70.54.168.56	attackbotsspam	Chat Spam	2020-04-24 20:06:39
175.24.96.82	attackbots	Apr 21 16:06:37 host sshd[10170]: Invalid user test from 175.24.96.82 port 40094 Apr 21 16:06:37 host sshd[10170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.24.96.82 Apr 21 16:06:38 host sshd[10170]: Failed password for invalid user test from 175.24.96.82 port 40094 ssh2 Apr 21 16:06:39 host sshd[10170]: Received disconnect from 175.24.96.82 port 40094:11: Bye Bye [preauth] Apr 21 16:06:39 host sshd[10170]: Disconnected from invalid user test 175.24.96.82 port 40094 [preauth] Apr 21 16:15:29 host sshd[11532]: Invalid user postgres from 175.24.96.82 port 34374 Apr 21 16:15:29 host sshd[11532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.24.96.82 Apr 21 16:15:31 host sshd[11532]: Failed password for invalid user postgres from 175.24.96.82 port 34374 ssh2 Apr 21 16:15:31 host sshd[11532]: Received disconnect from 175.24.96.82 port 34374:11: Bye Bye [preauth] Apr 21 16:15:31 ho........ -------------------------------	2020-04-24 19:56:06
125.26.232.239	attack	Attempted connection to port 445.	2020-04-24 20:07:11
111.231.66.135	attackbotsspam	Invalid user admin from 111.231.66.135 port 55290	2020-04-24 20:00:16
222.186.15.115	attackbots	Apr 24 08:21:15 NPSTNNYC01T sshd[6228]: Failed password for root from 222.186.15.115 port 19710 ssh2 Apr 24 08:21:18 NPSTNNYC01T sshd[6228]: Failed password for root from 222.186.15.115 port 19710 ssh2 Apr 24 08:21:20 NPSTNNYC01T sshd[6228]: Failed password for root from 222.186.15.115 port 19710 ssh2 ...	2020-04-24 20:22:37
147.135.58.228	attackbots	Attempted connection to port 80.	2020-04-24 20:06:01
112.172.147.34	attackspam	Invalid user dp from 112.172.147.34 port 47260	2020-04-24 19:52:49
131.161.170.6	attackbotsspam	[Fri Apr 24 10:36:39 2020 GMT] "Atendimento" [URIBL_INV], Subject: RESUMO DA REDE DE ATENDIMENTO EM SÃO PAULO.	2020-04-24 20:34:09
89.248.160.150	attackbotsspam	scans 12 times in preceeding hours on the ports (in chronological order) 7936 7954 7994 8500 10006 10008 10016 19222 19222 25159 27015 28003 resulting in total of 143 scans from 89.248.160.0-89.248.174.255 block.	2020-04-24 20:26:26
159.226.22.186	attackbots	Attempted connection to port 1433.	2020-04-24 20:05:06
195.54.160.243	attack	04/24/2020-08:17:29.532709 195.54.160.243 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-04-24 20:36:25
59.8.63.48	attackspam	Attempted connection to port 81.	2020-04-24 19:56:53
188.165.169.238	attack	Apr 24 12:10:24 ip-172-31-61-156 sshd[30292]: Invalid user mobaxterm from 188.165.169.238 Apr 24 12:10:26 ip-172-31-61-156 sshd[30292]: Failed password for invalid user mobaxterm from 188.165.169.238 port 44810 ssh2 Apr 24 12:10:24 ip-172-31-61-156 sshd[30292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.165.169.238 Apr 24 12:10:24 ip-172-31-61-156 sshd[30292]: Invalid user mobaxterm from 188.165.169.238 Apr 24 12:10:26 ip-172-31-61-156 sshd[30292]: Failed password for invalid user mobaxterm from 188.165.169.238 port 44810 ssh2 ...	2020-04-24 20:28:14
202.70.66.228	attackspam	kp-sea2-01 recorded 2 login violations from 202.70.66.228 and was blocked at 2020-04-24 12:10:42. 202.70.66.228 has been blocked on 28 previous occasions. 202.70.66.228's first attempt was recorded at 2019-05-19 18:53:03	2020-04-24 20:16:04

最近上报的IP列表

37.191.172.177	201.184.130.194	37.210.201.211	175.211.105.99
37.252.15.154	83.97.20.145	227.118.36.225	177.19.46.77
37.34.251.132	78.198.55.70	95.90.133.44	54.37.233.20
212.129.11.232	191.243.57.237	91.79.15.146	90.253.220.86
95.167.111.162	125.167.251.184	213.130.128.207	104.211.240.166