138.68.46.165 - IPInfo

基本信息:

城市(city): Santa Clara

省份(region): California

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	trying to access non-authorized port	2020-07-14 03:44:32
attackbots	TCP (SYN) 138.68.46.165:55267 -> port 16933, len 44	2020-07-08 19:48:19
attackbotsspam	Jun 6 12:53:36 debian kernel: [339777.043773] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=138.68.46.165 DST=89.252.131.35 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=12280 PROTO=TCP SPT=48992 DPT=24681 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-06 17:55:31
attack	May 30 14:08:28 debian-2gb-nbg1-2 kernel: \[13099289.243371\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=138.68.46.165 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11881 PROTO=TCP SPT=47906 DPT=20294 WINDOW=1024 RES=0x00 SYN URGP=0	2020-05-31 01:48:12
attackbots	" "	2020-04-29 05:36:36

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.46.209	attack	Aug 21 09:12:26 vpn01 sshd[18938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.46.209 ...	2020-08-21 15:54:04
138.68.46.85	attack	Spoofing spamming phishing fraudulent perpetrator of various scams, including fake scratch cards, fake Netflix offers, spoofed BT messages, delayed parcels awaiting shipment, please confirm transaction, a new message is waiting for you, your Bitcoin transaction has been approved, bogus investment scams, or false mobile phone offers. This is sent from a different domain and IP address each and every time. This one has come from domain of @repertoirepool.com designates 138.68.46.85 as permitted sender.	2020-03-31 23:45:38

类型

评论内容

时间

138.68.46.209

attack

Aug 21 09:12:26 vpn01 sshd[18938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.46.209
...

2020-08-21 15:54:04

138.68.46.85

attack

Spoofing spamming phishing fraudulent perpetrator of various scams, including fake scratch cards, fake Netflix offers, spoofed BT messages, delayed parcels awaiting shipment, please confirm transaction, a new message is waiting for you, your Bitcoin transaction has been approved, bogus investment scams, or false mobile phone offers. This is sent from a different domain and IP address each and every time. This one has come from  domain of @repertoirepool.com designates 138.68.46.85 as permitted sender.

2020-03-31 23:45:38

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.46.165
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58084
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.46.165.			IN	A

;; AUTHORITY SECTION:
.			490	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042801 1800 900 604800 86400

;; Query time: 108 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 29 05:36:32 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 165.46.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 165.46.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
222.186.175.151	attack	Oct 16 18:48:18 server sshd\[32618\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.151 user=root Oct 16 18:48:20 server sshd\[32618\]: Failed password for root from 222.186.175.151 port 64792 ssh2 Oct 16 18:48:24 server sshd\[32618\]: Failed password for root from 222.186.175.151 port 64792 ssh2 Oct 16 18:48:28 server sshd\[32618\]: Failed password for root from 222.186.175.151 port 64792 ssh2 Oct 16 18:48:33 server sshd\[32618\]: Failed password for root from 222.186.175.151 port 64792 ssh2 ...	2019-10-16 23:54:53
216.218.206.87	attack	3389BruteforceFW23	2019-10-16 23:56:23
139.59.4.141	attackbotsspam	Oct 16 10:28:41 xtremcommunity sshd\[577247\]: Invalid user alex from 139.59.4.141 port 58314 Oct 16 10:28:41 xtremcommunity sshd\[577247\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.4.141 Oct 16 10:28:43 xtremcommunity sshd\[577247\]: Failed password for invalid user alex from 139.59.4.141 port 58314 ssh2 Oct 16 10:33:22 xtremcommunity sshd\[577336\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.4.141 user=root Oct 16 10:33:23 xtremcommunity sshd\[577336\]: Failed password for root from 139.59.4.141 port 41286 ssh2 ...	2019-10-17 00:03:03
124.156.240.114	attack	2019-10-16 13:07:30 GET /tools/phpMyAdmin/index.php et al.	2019-10-16 23:57:25
118.122.77.193	attackbotsspam	Oct 16 16:15:30 SilenceServices sshd[26562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.77.193 Oct 16 16:15:31 SilenceServices sshd[26562]: Failed password for invalid user franciszek from 118.122.77.193 port 55688 ssh2 Oct 16 16:21:39 SilenceServices sshd[28240]: Failed password for root from 118.122.77.193 port 35544 ssh2	2019-10-17 00:14:08
40.114.44.98	attackspambots	Oct 16 05:48:36 wbs sshd\[30451\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.114.44.98 user=root Oct 16 05:48:38 wbs sshd\[30451\]: Failed password for root from 40.114.44.98 port 33082 ssh2 Oct 16 05:53:11 wbs sshd\[30819\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.114.44.98 user=backup Oct 16 05:53:13 wbs sshd\[30819\]: Failed password for backup from 40.114.44.98 port 45056 ssh2 Oct 16 05:57:37 wbs sshd\[31140\]: Invalid user ping from 40.114.44.98	2019-10-17 00:02:32
187.188.169.123	attackbotsspam	Oct 16 17:10:27 jane sshd[13047]: Failed password for root from 187.188.169.123 port 51598 ssh2 ...	2019-10-17 00:04:35
139.219.133.155	attackspam	Oct 16 17:09:23 MK-Soft-VM3 sshd[8419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.133.155 Oct 16 17:09:25 MK-Soft-VM3 sshd[8419]: Failed password for invalid user zenenko from 139.219.133.155 port 40414 ssh2 ...	2019-10-16 23:55:20
150.223.19.232	attackspambots	Oct 16 02:26:30 eddieflores sshd\[17684\]: Invalid user , from 150.223.19.232 Oct 16 02:26:30 eddieflores sshd\[17684\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.223.19.232 Oct 16 02:26:32 eddieflores sshd\[17684\]: Failed password for invalid user , from 150.223.19.232 port 36779 ssh2 Oct 16 02:30:43 eddieflores sshd\[17978\]: Invalid user qwaszx!@\# from 150.223.19.232 Oct 16 02:30:43 eddieflores sshd\[17978\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.223.19.232	2019-10-17 00:20:46
163.182.255.102	attack	Oct 16 11:09:56 sshgateway sshd\[473\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.182.255.102 user=root Oct 16 11:09:58 sshgateway sshd\[473\]: Failed password for root from 163.182.255.102 port 53375 ssh2 Oct 16 11:18:39 sshgateway sshd\[526\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.182.255.102 user=root	2019-10-17 00:21:40
92.119.160.106	attack	Oct 16 18:21:05 mc1 kernel: \[2529235.311790\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.106 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40004 PROTO=TCP SPT=48793 DPT=10644 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 16 18:21:22 mc1 kernel: \[2529253.115268\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.106 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=50956 PROTO=TCP SPT=48793 DPT=11150 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 16 18:22:25 mc1 kernel: \[2529315.256428\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=92.119.160.106 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44875 PROTO=TCP SPT=48793 DPT=11240 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-10-17 00:29:21
118.24.178.224	attackspam	$f2bV_matches	2019-10-17 00:36:06
114.237.8.95	attack	" "	2019-10-16 23:58:43
148.70.4.242	attack	Oct 16 06:11:57 hanapaa sshd\[3429\]: Invalid user TAMA from 148.70.4.242 Oct 16 06:11:57 hanapaa sshd\[3429\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.4.242 Oct 16 06:11:59 hanapaa sshd\[3429\]: Failed password for invalid user TAMA from 148.70.4.242 port 42688 ssh2 Oct 16 06:18:26 hanapaa sshd\[3939\]: Invalid user 1q2w3e4r@12345 from 148.70.4.242 Oct 16 06:18:26 hanapaa sshd\[3939\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.4.242	2019-10-17 00:22:58
118.126.105.120	attackspambots	Oct 16 17:50:04 server sshd\[13841\]: Failed password for invalid user sig@qhdx from 118.126.105.120 port 60938 ssh2 Oct 16 18:51:55 server sshd\[1489\]: Invalid user vvv from 118.126.105.120 Oct 16 18:51:55 server sshd\[1489\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.126.105.120 Oct 16 18:51:57 server sshd\[1489\]: Failed password for invalid user vvv from 118.126.105.120 port 41146 ssh2 Oct 16 18:58:06 server sshd\[3254\]: Invalid user ljz from 118.126.105.120 Oct 16 18:58:06 server sshd\[3254\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.126.105.120 ...	2019-10-17 00:05:08

最近上报的IP列表

183.11.39.136	185.56.215.113	185.50.149.25	8.128.164.75
189.228.167.17	92.151.199.0	144.136.132.102	162.28.56.23
209.97.37.118	98.234.224.151	10.62.223.130	118.88.49.94
180.0.53.19	77.107.206.170	226.33.1.148	27.128.173.120
119.25.68.95	83.48.120.190	5.134.60.233	185.143.74.108