138.68.245.152

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Invalid user digiacomo from 138.68.245.152 port 46472	2020-08-22 14:07:40
attackspambots	Aug 21 01:49:25 george sshd[13051]: Failed password for root from 138.68.245.152 port 35384 ssh2 Aug 21 01:51:59 george sshd[13081]: Invalid user install from 138.68.245.152 port 50052 Aug 21 01:51:59 george sshd[13081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 Aug 21 01:52:01 george sshd[13081]: Failed password for invalid user install from 138.68.245.152 port 50052 ssh2 Aug 21 01:54:38 george sshd[13103]: Invalid user kasutaja from 138.68.245.152 port 36482 ...	2020-08-21 14:24:08
attackbots	Automatic report - Banned IP Access	2020-08-19 08:32:45
attackbotsspam	$f2bV_matches	2020-08-15 08:25:28
attack	Aug 9 12:27:06 game-panel sshd[22652]: Failed password for root from 138.68.245.152 port 39360 ssh2 Aug 9 12:31:01 game-panel sshd[22810]: Failed password for root from 138.68.245.152 port 49706 ssh2	2020-08-09 20:35:44
attackbotsspam	Aug 7 22:52:14 sshgateway sshd\[7796\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root Aug 7 22:52:16 sshgateway sshd\[7796\]: Failed password for root from 138.68.245.152 port 54592 ssh2 Aug 7 22:54:17 sshgateway sshd\[7807\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.245.152 user=root	2020-08-08 06:12:28
attack	Aug 8 01:03:19 webhost01 sshd[1644]: Failed password for root from 138.68.245.152 port 34402 ssh2 ...	2020-08-08 02:23:17

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.245.137	attackbotsspam	138.68.245.137 - - \[25/Mar/2020:06:04:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 6699 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:26 +0100\] "POST /wp-login.php HTTP/1.0" 200 11606 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[25/Mar/2020:06:04:29 +0100\] "POST /wp-login.php HTTP/1.0" 200 6515 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-25 14:11:37
138.68.245.137	attackbots	C1,WP GET /nelson/wp-login.php	2020-02-25 03:01:15
138.68.245.137	attackspam	WordPress wp-login brute force :: 138.68.245.137 0.124 - [03/Feb/2020:08:12:07 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-02-03 17:06:47
138.68.245.137	attackbots	WordPress wp-login brute force :: 138.68.245.137 0.148 - [08/Jan/2020:13:05:25 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1806 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-01-08 22:21:01
138.68.245.137	attackspam	WordPress login Brute force / Web App Attack on client site.	2019-12-21 17:26:25
138.68.245.137	attackbotsspam	138.68.245.137 - - \[09/Dec/2019:13:29:50 +0100\] "POST /wp-login.php HTTP/1.0" 200 7538 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:52 +0100\] "POST /wp-login.php HTTP/1.0" 200 7363 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[09/Dec/2019:13:29:55 +0100\] "POST /wp-login.php HTTP/1.0" 200 7358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-12-09 21:59:57
138.68.245.137	attackspam	xmlrpc attack	2019-12-03 03:58:36
138.68.245.137	attackbotsspam	138.68.245.137 - - \[22/Nov/2019:13:15:04 +0100\] "POST /wp-login.php HTTP/1.0" 200 5269 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:07 +0100\] "POST /wp-login.php HTTP/1.0" 200 5099 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.245.137 - - \[22/Nov/2019:13:15:10 +0100\] "POST /wp-login.php HTTP/1.0" 200 5093 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-22 21:49:36
138.68.245.137	attackbots	11/11/2019-19:29:10.464285 138.68.245.137 Protocol: 6 ET POLICY Cleartext WordPress Login	2019-11-12 03:21:53
138.68.245.137	attack	WordPress login Brute force / Web App Attack on client site.	2019-11-11 18:31:26
138.68.245.137	attack	www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:44 +0100\] "POST /wp-login.php HTTP/1.1" 200 5785 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" www.geburtshaus-fulda.de 138.68.245.137 \[03/Nov/2019:17:28:50 +0100\] "POST /wp-login.php HTTP/1.1" 200 5789 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-04 01:23:31
138.68.245.137	attackspam	C1,WP GET /suche/wp-login.php	2019-11-03 02:14:00
138.68.245.137	attack	WordPress wp-login brute force :: 138.68.245.137 0.260 BYPASS [11/Oct/2019:07:11:30 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-11 04:33:20
138.68.245.137	attackbots	Automatic report - XMLRPC Attack	2019-10-07 19:53:27
138.68.245.137	attackbots	xmlrpc.php	2019-08-31 20:28:32

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.245.152
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33306
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.245.152.			IN	A

;; AUTHORITY SECTION:
.			221	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080701 1800 900 604800 86400

;; Query time: 32 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Aug 08 02:23:14 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 152.245.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 152.245.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
46.22.49.41	attackspambots	postfix (unknown user, SPF fail or relay access denied)	2019-11-12 19:14:04
101.85.192.230	attackspam	Nov 12 12:11:59 master sshd[4841]: Failed password for invalid user galguften from 101.85.192.230 port 47241 ssh2 Nov 12 12:16:58 master sshd[4852]: Failed password for invalid user wheatley from 101.85.192.230 port 42059 ssh2 Nov 12 12:21:27 master sshd[4857]: Failed password for invalid user i from 101.85.192.230 port 59416 ssh2 Nov 12 12:27:05 master sshd[4859]: Failed password for invalid user visidh from 101.85.192.230 port 49717 ssh2 Nov 12 12:31:01 master sshd[5163]: Failed password for invalid user smmsp from 101.85.192.230 port 39596 ssh2 Nov 12 12:35:05 master sshd[5167]: Failed password for invalid user admin from 101.85.192.230 port 57748 ssh2 Nov 12 12:38:57 master sshd[5171]: Failed password for invalid user gelson from 101.85.192.230 port 47621 ssh2 Nov 12 12:43:07 master sshd[5173]: Failed password for invalid user juers from 101.85.192.230 port 37575 ssh2	2019-11-12 19:07:17
121.223.166.134	attack	Automatic report - Port Scan Attack	2019-11-12 18:57:44
130.162.66.249	attack	2019-11-12T06:57:38.991289abusebot-5.cloudsearch.cf sshd\[11621\]: Invalid user backup from 130.162.66.249 port 46237	2019-11-12 18:58:52
77.42.85.219	attack	Automatic report - Port Scan Attack	2019-11-12 19:06:31
209.251.180.190	attackspam	Nov 12 07:43:37 firewall sshd[11773]: Invalid user ryota from 209.251.180.190 Nov 12 07:43:39 firewall sshd[11773]: Failed password for invalid user ryota from 209.251.180.190 port 64392 ssh2 Nov 12 07:47:37 firewall sshd[11901]: Invalid user 1234qwer from 209.251.180.190 ...	2019-11-12 19:32:00
118.24.234.248	attackspambots	Nov 12 07:46:34 firewall sshd[11853]: Invalid user hello from 118.24.234.248 Nov 12 07:46:36 firewall sshd[11853]: Failed password for invalid user hello from 118.24.234.248 port 34698 ssh2 Nov 12 07:51:19 firewall sshd[11997]: Invalid user www01 from 118.24.234.248 ...	2019-11-12 19:17:05
209.97.191.8	attackspambots	Portscan or hack attempt detected by psad/fwsnort	2019-11-12 18:58:05
123.58.33.18	attack	$f2bV_matches	2019-11-12 19:01:42
51.15.46.184	attackspam	Nov 12 09:37:01 vps647732 sshd[13777]: Failed password for backup from 51.15.46.184 port 52634 ssh2 Nov 12 09:40:50 vps647732 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.46.184 ...	2019-11-12 18:59:51
104.248.149.126	attack	Nov 11 23:57:49 indra sshd[218521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.126 user=mysql Nov 11 23:57:51 indra sshd[218521]: Failed password for mysql from 104.248.149.126 port 53480 ssh2 Nov 11 23:57:51 indra sshd[218521]: Received disconnect from 104.248.149.126: 11: Bye Bye [preauth] Nov 12 00:11:00 indra sshd[221336]: Invalid user kk from 104.248.149.126 Nov 12 00:11:00 indra sshd[221336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.126 Nov 12 00:11:01 indra sshd[221336]: Failed password for invalid user kk from 104.248.149.126 port 53752 ssh2 Nov 12 00:11:02 indra sshd[221336]: Received disconnect from 104.248.149.126: 11: Bye Bye [preauth] Nov 12 00:14:56 indra sshd[221643]: Invalid user test from 104.248.149.126 Nov 12 00:14:56 indra sshd[221643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149........ -------------------------------	2019-11-12 19:06:06
45.76.58.248	attackbotsspam	Nov 12 08:01:28 vps666546 sshd\[30262\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.76.58.248 user=root Nov 12 08:01:29 vps666546 sshd\[30262\]: Failed password for root from 45.76.58.248 port 40966 ssh2 Nov 12 08:05:18 vps666546 sshd\[30342\]: Invalid user dbus from 45.76.58.248 port 51266 Nov 12 08:05:18 vps666546 sshd\[30342\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.76.58.248 Nov 12 08:05:20 vps666546 sshd\[30342\]: Failed password for invalid user dbus from 45.76.58.248 port 51266 ssh2 ...	2019-11-12 18:54:29
212.15.169.6	attackspambots	Nov 12 09:34:59 *** sshd[22697]: Invalid user rezon from 212.15.169.6	2019-11-12 19:07:39
188.166.42.50	attackbotsspam	2019-11-12T12:13:22.497797mail01 postfix/smtpd[9298]: warning: unknown[188.166.42.50]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-12T12:16:05.464722mail01 postfix/smtpd[469]: warning: unknown[188.166.42.50]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-12T12:21:11.163654mail01 postfix/smtpd[9301]: warning: unknown[188.166.42.50]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-12 19:30:34
154.92.22.137	attack	SSH invalid-user multiple login try	2019-11-12 19:29:45

最近上报的IP列表

197.3.6.82	112.30.136.31	62.210.14.241	190.98.254.154
121.10.41.109	186.219.243.53	111.241.134.207	49.206.51.33
122.184.85.89	192.241.239.140	111.44.130.203	223.214.114.45
54.97.8.218	164.90.150.157	29.242.125.101	155.175.163.248
20.229.255.183	115.90.32.29	103.44.235.6	96.242.117.74