必须是合法有效的IP地址, 可以是IPv4或者是IPv6, 例如127.0.0.1或者2001:DB8:0:0:8:800:200C:417A
基本信息:

城市(city): Santa Clara

省份(region): California

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): DigitalOcean, LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:
类型 评论内容 时间
attack
Oct  1 02:23:11 hpm sshd\[14787\]: Invalid user alexander from 138.68.29.52
Oct  1 02:23:11 hpm sshd\[14787\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Oct  1 02:23:14 hpm sshd\[14787\]: Failed password for invalid user alexander from 138.68.29.52 port 55570 ssh2
Oct  1 02:27:07 hpm sshd\[15092\]: Invalid user bianka from 138.68.29.52
Oct  1 02:27:07 hpm sshd\[15092\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-10-02 03:50:16
attackspambots
[ssh] SSH attack
2019-09-30 06:56:04
attackbots
Sep 23 15:11:59 game-panel sshd[24868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Sep 23 15:12:02 game-panel sshd[24868]: Failed password for invalid user quagga from 138.68.29.52 port 38782 ssh2
Sep 23 15:15:53 game-panel sshd[24986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-09-23 23:19:26
attackspambots
Sep 23 06:58:07 hcbbdb sshd\[19576\]: Invalid user yoko from 138.68.29.52
Sep 23 06:58:07 hcbbdb sshd\[19576\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Sep 23 06:58:09 hcbbdb sshd\[19576\]: Failed password for invalid user yoko from 138.68.29.52 port 39198 ssh2
Sep 23 07:01:54 hcbbdb sshd\[20024\]: Invalid user ci from 138.68.29.52
Sep 23 07:01:54 hcbbdb sshd\[20024\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-09-23 15:09:24
attackspambots
Automatic report - Banned IP Access
2019-09-17 07:01:42
attackbots
Sep 11 23:31:42 vps691689 sshd[4760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Sep 11 23:31:44 vps691689 sshd[4760]: Failed password for invalid user 123456 from 138.68.29.52 port 32898 ssh2
...
2019-09-12 05:49:34
attackbotsspam
Sep  7 05:00:30 site2 sshd\[6854\]: Invalid user usuario from 138.68.29.52Sep  7 05:00:32 site2 sshd\[6854\]: Failed password for invalid user usuario from 138.68.29.52 port 36966 ssh2Sep  7 05:04:14 site2 sshd\[7084\]: Invalid user ubuntu from 138.68.29.52Sep  7 05:04:15 site2 sshd\[7084\]: Failed password for invalid user ubuntu from 138.68.29.52 port 51432 ssh2Sep  7 05:08:09 site2 sshd\[7412\]: Invalid user esbuser from 138.68.29.52Sep  7 05:08:10 site2 sshd\[7412\]: Failed password for invalid user esbuser from 138.68.29.52 port 37690 ssh2
...
2019-09-07 10:20:22
attack
Sep  3 19:13:13 tdfoods sshd\[5242\]: Invalid user chu from 138.68.29.52
Sep  3 19:13:13 tdfoods sshd\[5242\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Sep  3 19:13:15 tdfoods sshd\[5242\]: Failed password for invalid user chu from 138.68.29.52 port 34500 ssh2
Sep  3 19:17:17 tdfoods sshd\[5658\]: Invalid user zq from 138.68.29.52
Sep  3 19:17:17 tdfoods sshd\[5658\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-09-04 13:47:24
attackbotsspam
Aug 30 02:19:58 localhost sshd\[5924\]: Invalid user gerrit2 from 138.68.29.52 port 57218
Aug 30 02:19:58 localhost sshd\[5924\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug 30 02:20:00 localhost sshd\[5924\]: Failed password for invalid user gerrit2 from 138.68.29.52 port 57218 ssh2
2019-08-30 08:56:40
attack
Aug 26 06:25:11 MK-Soft-Root2 sshd\[24665\]: Invalid user wangtao from 138.68.29.52 port 49090
Aug 26 06:25:11 MK-Soft-Root2 sshd\[24665\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug 26 06:25:13 MK-Soft-Root2 sshd\[24665\]: Failed password for invalid user wangtao from 138.68.29.52 port 49090 ssh2
...
2019-08-26 18:23:20
attackspambots
Aug 23 05:32:31 vps200512 sshd\[21938\]: Invalid user navneet from 138.68.29.52
Aug 23 05:32:31 vps200512 sshd\[21938\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug 23 05:32:33 vps200512 sshd\[21938\]: Failed password for invalid user navneet from 138.68.29.52 port 33992 ssh2
Aug 23 05:36:40 vps200512 sshd\[22137\]: Invalid user veronica from 138.68.29.52
Aug 23 05:36:40 vps200512 sshd\[22137\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-08-23 18:12:19
attackbots
Aug 19 19:54:03 MK-Soft-VM3 sshd\[9720\]: Invalid user mihai from 138.68.29.52 port 44354
Aug 19 19:54:03 MK-Soft-VM3 sshd\[9720\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug 19 19:54:05 MK-Soft-VM3 sshd\[9720\]: Failed password for invalid user mihai from 138.68.29.52 port 44354 ssh2
...
2019-08-20 10:52:40
attack
Aug 16 12:16:58 hpm sshd\[30356\]: Invalid user test from 138.68.29.52
Aug 16 12:16:58 hpm sshd\[30356\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug 16 12:17:00 hpm sshd\[30356\]: Failed password for invalid user test from 138.68.29.52 port 60172 ssh2
Aug 16 12:21:16 hpm sshd\[30737\]: Invalid user yellow from 138.68.29.52
Aug 16 12:21:16 hpm sshd\[30737\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-08-17 07:39:16
attack
Aug  8 03:51:34 dedicated sshd[24541]: Invalid user nagios from 138.68.29.52 port 35556
2019-08-08 09:56:24
attackspam
Aug  7 03:37:35 sshgateway sshd\[32301\]: Invalid user samba from 138.68.29.52
Aug  7 03:37:35 sshgateway sshd\[32301\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Aug  7 03:37:37 sshgateway sshd\[32301\]: Failed password for invalid user samba from 138.68.29.52 port 45318 ssh2
2019-08-07 14:55:57
attackspambots
SSH Brute-Force reported by Fail2Ban
2019-08-06 22:28:03
attackbotsspam
Jul 31 04:41:12 TORMINT sshd\[21395\]: Invalid user pentagon from 138.68.29.52
Jul 31 04:41:12 TORMINT sshd\[21395\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Jul 31 04:41:14 TORMINT sshd\[21395\]: Failed password for invalid user pentagon from 138.68.29.52 port 55158 ssh2
...
2019-07-31 16:49:17
attackbots
Jul 15 10:22:04 v22018076622670303 sshd\[28715\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52  user=root
Jul 15 10:22:06 v22018076622670303 sshd\[28715\]: Failed password for root from 138.68.29.52 port 36562 ssh2
Jul 15 10:26:55 v22018076622670303 sshd\[28740\]: Invalid user cs from 138.68.29.52 port 35056
Jul 15 10:26:55 v22018076622670303 sshd\[28740\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
...
2019-07-15 20:11:55
attackspam
Jul 13 21:21:54 vps691689 sshd[22416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Jul 13 21:21:56 vps691689 sshd[22416]: Failed password for invalid user sonata from 138.68.29.52 port 53614 ssh2
Jul 13 21:27:02 vps691689 sshd[22617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
...
2019-07-14 03:33:08
attack
Jun 30 14:12:31 mail sshd\[1012\]: Failed password for invalid user sqlbase from 138.68.29.52 port 36636 ssh2
Jun 30 14:28:59 mail sshd\[1096\]: Invalid user ftpadmin from 138.68.29.52 port 54422
Jun 30 14:28:59 mail sshd\[1096\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
...
2019-06-30 22:00:46
attack
Jun 22 06:09:51 mail sshd\[18997\]: Invalid user presta from 138.68.29.52 port 60280
Jun 22 06:09:51 mail sshd\[18997\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
Jun 22 06:09:53 mail sshd\[18997\]: Failed password for invalid user presta from 138.68.29.52 port 60280 ssh2
Jun 22 06:11:09 mail sshd\[19169\]: Invalid user zhua from 138.68.29.52 port 46282
Jun 22 06:11:09 mail sshd\[19169\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.29.52
2019-06-22 21:44:31
相同子网IP讨论:
IP 类型 评论内容 时间
138.68.29.69 attackspambots
Apr 26 19:01:23 master sshd[32396]: Failed password for invalid user pmc2 from 138.68.29.69 port 53048 ssh2
2020-04-27 04:16:59
WHOIS信息:
b
DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.29.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20251
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.29.52.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Apr 13 00:05:44 +08 2019
;; MSG SIZE  rcvd: 116

HOST信息:
Host 52.29.68.138.in-addr.arpa. not found: 3(NXDOMAIN)
NSLOOKUP信息:
Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 52.29.68.138.in-addr.arpa: NXDOMAIN

相关IP信息:
最新评论:
IP 类型 评论内容 时间
1.2.230.16 attack
Unauthorized connection attempt from IP address 1.2.230.16 on Port 445(SMB)
2020-06-04 19:58:39
123.207.235.247 attack
Jun  4 14:09:56 host sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.207.235.247  user=root
Jun  4 14:09:58 host sshd[15419]: Failed password for root from 123.207.235.247 port 55472 ssh2
...
2020-06-04 20:22:38
71.6.147.254 attackbots
firewall-block, port(s): 2083/tcp
2020-06-04 20:14:44
123.21.25.143 attackbotsspam
Unauthorized connection attempt from IP address 123.21.25.143 on Port 445(SMB)
2020-06-04 20:00:51
175.19.30.66 attackspam
Triggered: repeated knocking on closed ports.
2020-06-04 19:51:07
51.68.226.159 attackspambots
Jun  4 17:03:51 localhost sshd[1604038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.226.159  user=root
Jun  4 17:03:53 localhost sshd[1604038]: Failed password for root from 51.68.226.159 port 55738 ssh2
...
2020-06-04 20:00:23
200.7.126.189 attack
Unauthorized connection attempt from IP address 200.7.126.189 on Port 445(SMB)
2020-06-04 19:56:22
14.229.184.44 attackspambots
SpamScore above: 10.0
2020-06-04 20:21:59
64.227.105.48 attack
 TCP (SYN) 64.227.105.48:60569 -> port 22, len 44
2020-06-04 19:44:36
163.172.187.114 attackspambots
Jun  1 14:36:09 pl3server sshd[31009]: Did not receive identification string from 163.172.187.114 port 56604
Jun  1 14:37:19 pl3server sshd[31189]: Did not receive identification string from 163.172.187.114 port 40816
Jun  1 14:37:41 pl3server sshd[31316]: Did not receive identification string from 163.172.187.114 port 40858
Jun  1 14:37:49 pl3server sshd[31382]: Did not receive identification string from 163.172.187.114 port 55976
Jun  1 14:38:18 pl3server sshd[31571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.187.114  user=r.r
Jun  1 14:38:19 pl3server sshd[31571]: Failed password for r.r from 163.172.187.114 port 38292 ssh2
Jun  1 14:38:19 pl3server sshd[31571]: Received disconnect from 163.172.187.114 port 38292:11: Normal Shutdown, Thank you for playing [preauth]
Jun  1 14:38:19 pl3server sshd[31571]: Disconnected from 163.172.187.114 port 38292 [preauth]
Jun  1 14:38:39 pl3server sshd[31694]: pam_unix(sshd:auth........
-------------------------------
2020-06-04 20:23:25
113.23.101.9 attack
Unauthorized connection attempt from IP address 113.23.101.9 on Port 445(SMB)
2020-06-04 20:01:16
60.29.31.98 attack
$f2bV_matches
2020-06-04 20:19:48
14.242.3.203 attackbots
Lines containing failures of 14.242.3.203 (max 1000)
Jun  1 12:33:54 UTC__SANYALnet-Labs__cac12 sshd[26991]: Connection from 14.242.3.203 port 55659 on 64.137.176.96 port 22
Jun  1 12:33:58 UTC__SANYALnet-Labs__cac12 sshd[26991]: Address 14.242.3.203 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jun  1 12:33:58 UTC__SANYALnet-Labs__cac12 sshd[26991]: User r.r from 14.242.3.203 not allowed because not listed in AllowUsers
Jun  1 12:33:58 UTC__SANYALnet-Labs__cac12 sshd[26991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.242.3.203  user=r.r
Jun  1 12:34:00 UTC__SANYALnet-Labs__cac12 sshd[26991]: Failed password for invalid user r.r from 14.242.3.203 port 55659 ssh2
Jun  1 12:34:00 UTC__SANYALnet-Labs__cac12 sshd[26991]: Received disconnect from 14.242.3.203 port 55659:11: Bye Bye [preauth]
Jun  1 12:34:00 UTC__SANYALnet-Labs__cac12 sshd[26991]: Disconnected from 14.242.3.203 por........
------------------------------
2020-06-04 20:20:17
106.13.219.148 attackspambots
Jun  4 06:42:25 ns382633 sshd\[13482\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.219.148  user=root
Jun  4 06:42:27 ns382633 sshd\[13482\]: Failed password for root from 106.13.219.148 port 38296 ssh2
Jun  4 06:57:59 ns382633 sshd\[15919\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.219.148  user=root
Jun  4 06:58:01 ns382633 sshd\[15919\]: Failed password for root from 106.13.219.148 port 53158 ssh2
Jun  4 07:00:26 ns382633 sshd\[16598\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.219.148  user=root
2020-06-04 20:06:47
114.25.151.43 attackspam
Unauthorized connection attempt from IP address 114.25.151.43 on Port 445(SMB)
2020-06-04 20:01:48

最近上报的IP列表

121.200.61.250 1.169.103.128 101.142.5.172 58.218.213.77
23.224.185.62 5.234.228.143 81.229.116.167 183.91.67.246
5.144.130.12 212.253.77.169 183.157.169.145 177.184.139.230
222.139.92.89 59.1.104.140 218.60.67.7 36.81.112.131
187.72.232.172 211.105.82.250 187.120.183.20 51.15.156.40