138.68.80.235 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	138.68.80.235 - - [05/Oct/2020:07:51:33 -0700] "GET /wp-login.php HTTP/1.1" 301 561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-06 06:43:36
attack	138.68.80.235 - - [05/Oct/2020:07:51:33 -0700] "GET /wp-login.php HTTP/1.1" 301 561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-05 22:52:10
attack	hacking	2020-10-05 14:46:56
attack	138.68.80.235 - - [29/Sep/2020:17:56:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2243 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:17:57:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2287 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:17:57:00 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-30 04:31:31
attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-29 20:39:51
attackspam	138.68.80.235 - - [29/Sep/2020:03:56:38 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:03:56:40 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [29/Sep/2020:03:56:41 +0100] "POST /wp-login.php HTTP/1.1" 401 3568 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-29 12:48:53
attackbotsspam	C1,WP GET /suche/wp-login.php	2020-09-29 06:51:54
attack	xmlrpc attack	2020-09-28 23:19:46
attack	xmlrpc attack	2020-09-28 15:23:17
attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-10 00:39:17
attackspambots	Automatic report generated by Wazuh	2020-08-06 20:25:50
attackspambots	[03/Aug/2020:19:30:47 +0200] Web-Request: "GET /wp-login.php", User-Agent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-04 03:16:18
attackbotsspam	xmlrpc attack	2020-07-31 07:48:16
attack	Automatic report - XMLRPC Attack	2020-06-23 19:32:33
attackspam	Automatic report - XMLRPC Attack	2020-06-11 19:29:16
attack	138.68.80.235 - - [08/Jun/2020:14:55:35 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [08/Jun/2020:15:01:48 +0200] "POST /xmlrpc.php HTTP/1.1" 403 16468 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-08 23:09:58
attackspam	Automatic report - Banned IP Access	2020-06-03 14:36:09
attackspambots	138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "POST /wp-login.php HTTP/1.1" 200 2031 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [22/May/2020:15:39:08 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-05-23 00:04:53
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-05-21 20:09:40
attackspam	138.68.80.235 - - [21/May/2020:10:00:21 +0200] "GET /wp-login.php HTTP/1.1" 200 6042 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [21/May/2020:10:00:22 +0200] "POST /wp-login.php HTTP/1.1" 200 6293 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - [21/May/2020:10:00:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-21 17:20:28
attackbotsspam	138.68.80.235 - - \[10/May/2020:16:18:39 +0200\] "POST /wp-login.php HTTP/1.0" 200 6052 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[10/May/2020:16:18:40 +0200\] "POST /wp-login.php HTTP/1.0" 200 6044 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[10/May/2020:16:18:41 +0200\] "POST /wp-login.php HTTP/1.0" 200 6030 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-05-11 03:47:23
attackspambots	138.68.80.235 - - \[30/Apr/2020:06:24:28 +0200\] "POST /wp-login.php HTTP/1.0" 200 6827 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[30/Apr/2020:06:24:32 +0200\] "POST /wp-login.php HTTP/1.0" 200 6642 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.80.235 - - \[30/Apr/2020:06:24:33 +0200\] "POST /wp-login.php HTTP/1.0" 200 6639 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-30 16:47:13
attack	port scan and connect, tcp 3306 (mysql)	2020-04-28 05:33:51
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-03-30 07:12:00
attackspam	POST /wp-login.php HTTP/1.1 200 1827 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2019-11-08 16:35:34
attackbots	Automatic report - Banned IP Access	2019-10-29 18:37:27

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.80.217	attackbotsspam	port 23	2020-08-14 14:33:03

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.80.235
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3863
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.80.235.			IN	A

;; AUTHORITY SECTION:
.			308	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102900 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 29 18:37:24 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 235.80.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 235.80.68.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.76.58.76	attack	Oct 22 14:08:58 plusreed sshd[539]: Invalid user com from 180.76.58.76 ...	2019-10-23 02:18:39
49.235.124.192	attack	Oct 22 18:31:56 v22018076622670303 sshd\[20742\]: Invalid user support from 49.235.124.192 port 44950 Oct 22 18:31:56 v22018076622670303 sshd\[20742\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.124.192 Oct 22 18:31:58 v22018076622670303 sshd\[20742\]: Failed password for invalid user support from 49.235.124.192 port 44950 ssh2 ...	2019-10-23 02:10:04
85.167.56.111	attackbotsspam	Oct 22 18:08:10 nextcloud sshd\[25226\]: Invalid user po from 85.167.56.111 Oct 22 18:08:10 nextcloud sshd\[25226\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.167.56.111 Oct 22 18:08:12 nextcloud sshd\[25226\]: Failed password for invalid user po from 85.167.56.111 port 44544 ssh2 ...	2019-10-23 02:15:19
85.95.184.143	attackspambots	Automatic report - Port Scan Attack	2019-10-23 02:01:35
207.154.194.145	attackspambots	Oct 22 17:06:10 dedicated sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.194.145 user=root Oct 22 17:06:12 dedicated sshd[17968]: Failed password for root from 207.154.194.145 port 46852 ssh2	2019-10-23 02:23:09
182.16.115.130	attackspambots	Oct 22 14:49:25 MK-Soft-VM6 sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.16.115.130 Oct 22 14:49:27 MK-Soft-VM6 sshd[26106]: Failed password for invalid user Triple2017 from 182.16.115.130 port 51068 ssh2 ...	2019-10-23 02:12:12
117.208.124.55	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 22-10-2019 12:45:32.	2019-10-23 01:52:17
149.56.46.220	attack	Oct 22 16:34:31 SilenceServices sshd[20557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.46.220 Oct 22 16:34:33 SilenceServices sshd[20557]: Failed password for invalid user teamspeak from 149.56.46.220 port 59048 ssh2 Oct 22 16:38:40 SilenceServices sshd[21620]: Failed password for root from 149.56.46.220 port 41894 ssh2	2019-10-23 02:19:06
61.76.169.138	attackbotsspam	2019-10-22T12:33:18.1141371495-001 sshd\[8208\]: Failed password for root from 61.76.169.138 port 29135 ssh2 2019-10-22T13:36:58.3646901495-001 sshd\[10958\]: Invalid user student from 61.76.169.138 port 13411 2019-10-22T13:36:58.3695841495-001 sshd\[10958\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.169.138 2019-10-22T13:37:00.5853051495-001 sshd\[10958\]: Failed password for invalid user student from 61.76.169.138 port 13411 ssh2 2019-10-22T13:41:13.9783571495-001 sshd\[11154\]: Invalid user openerp from 61.76.169.138 port 13394 2019-10-22T13:41:13.9865141495-001 sshd\[11154\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.169.138 ...	2019-10-23 01:51:45
167.172.83.203	attackspambots	167.172.83.203 - - \[22/Oct/2019:15:08:44 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 167.172.83.203 - - \[22/Oct/2019:15:08:45 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-10-23 02:07:12
113.91.208.211	attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 22-10-2019 12:45:22.	2019-10-23 01:57:34
106.13.136.238	attackspam	Oct 22 15:05:40 lnxmysql61 sshd[15971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.238	2019-10-23 02:11:29
128.134.217.17	attackspam	Brute force attempt	2019-10-23 01:54:26
182.253.230.143	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 22-10-2019 12:45:34.	2019-10-23 01:48:34
103.44.144.62	attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-10-23 02:12:28

最近上报的IP列表

244.77.147.210	144.2.209.38	29.218.60.126	24.175.66.105
100.106.80.182	42.121.183.202	133.134.135.240	218.228.104.24
52.16.79.14	89.68.81.85	41.233.170.66	231.136.115.187
10.100.26.125	118.134.194.12	234.94.200.186	245.113.72.87
125.113.175.131	100.82.126.224	98.243.73.201	78.128.113.120