138.68.96.161 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Feb 8 02:58:30 legacy sshd[5088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161 Feb 8 02:58:32 legacy sshd[5088]: Failed password for invalid user wvq from 138.68.96.161 port 33134 ssh2 Feb 8 03:01:47 legacy sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161 ...	2020-02-08 10:49:56
attack	Jan 23 19:38:11 localhost sshd\[6645\]: Invalid user mu from 138.68.96.161 port 35616 Jan 23 19:38:11 localhost sshd\[6645\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161 Jan 23 19:38:13 localhost sshd\[6645\]: Failed password for invalid user mu from 138.68.96.161 port 35616 ssh2	2020-01-24 02:42:00

类型

评论内容

时间

attackspam

Feb  8 02:58:30 legacy sshd[5088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161
Feb  8 02:58:32 legacy sshd[5088]: Failed password for invalid user wvq from 138.68.96.161 port 33134 ssh2
Feb  8 03:01:47 legacy sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161
...

2020-02-08 10:49:56

attack

Jan 23 19:38:11 localhost sshd\[6645\]: Invalid user mu from 138.68.96.161 port 35616
Jan 23 19:38:11 localhost sshd\[6645\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.161
Jan 23 19:38:13 localhost sshd\[6645\]: Failed password for invalid user mu from 138.68.96.161 port 35616 ssh2

2020-01-24 02:42:00

相同子网IP讨论:

IP	类型	评论内容	时间
138.68.96.104	attack	Invalid user ubnt from 138.68.96.104 port 49862	2020-08-26 01:39:10
138.68.96.104	attack	Port 22 Scan, PTR: None	2020-08-14 12:15:19
138.68.96.222	attack	" "	2020-04-10 06:50:02
138.68.96.199	attackspam	X-Client-Addr: 138.68.96.199 Received: from bd89.financezeitung24.de (bd89.financezeitung24.de [138.68.96.199]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by fe23.mail.saunalahti.fi (Postfix) with ESMTPS id A8D7D20002 for ; Sun, 28 Jul 2019 02:00:38 +0300 (EEST) Mime-Version: 1.0 Date: Sun, 28 Jul 2019 02:00:38 +0300 Subject: =?UTF-8?b?MTMgMDAwIOKCrCBUYXNhbiAyNCBUdW5uaXNzYQ==?= Reply-To: "BTC" List-Unsubscribe: info@koberlin.ltd Precedence: bulk X-CSA-Complaints: info@koberlin.ltd Campuid: 5d3cbd4090ff6 [app3] From: "BTC" To: x Content-Transfer-Encoding: base64 Content-Type: text/html; charset=UTF-8 Message-Id: <2019_________________43D0@bd89.financezeitung24.de> 104.24.121.159 http://koberlin.ltd	2019-07-28 22:31:36
138.68.96.5	attackbotsspam	Jul 21 03:22:21 josie sshd[22890]: Did not receive identification string from 138.68.96.5 Jul 21 03:22:21 josie sshd[22891]: Did not receive identification string from 138.68.96.5 Jul 21 03:22:21 josie sshd[22892]: Did not receive identification string from 138.68.96.5 Jul 21 03:22:21 josie sshd[22893]: Did not receive identification string from 138.68.96.5 Jul 21 03:24:54 josie sshd[24441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.5 user=r.r Jul 21 03:24:54 josie sshd[24464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.5 user=r.r Jul 21 03:24:54 josie sshd[24475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.5 user=r.r Jul 21 03:24:54 josie sshd[24463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.96.5 user=r.r Jul 21 03:24:54 josie sshd[24468]: pam_unix(........ -------------------------------	2019-07-21 22:34:15

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.96.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.68.96.161.			IN	A

;; AUTHORITY SECTION:
.			520	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020012300 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jan 24 02:41:57 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

161.96.68.138.in-addr.arpa domain name pointer radiusdesk-64-2017-0-4-disk001.vmdk-s-4vcpu-8gb-fra1-01.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
161.96.68.138.in-addr.arpa	name = radiusdesk-64-2017-0-4-disk001.vmdk-s-4vcpu-8gb-fra1-01.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
120.53.10.191	attackbotsspam	fail2ban	2020-06-30 08:13:57
119.57.162.18	attackbotsspam	SSH Invalid Login	2020-06-30 08:15:50
80.82.65.253	attackspam	Triggered: repeated knocking on closed ports.	2020-06-30 08:23:28
206.189.199.48	attackbotsspam	1111. On Jun 29 2020 experienced a Brute Force SSH login attempt -> 10 unique times by 206.189.199.48.	2020-06-30 07:57:27
222.232.29.235	attackspambots	Jun 30 01:52:54 inter-technics sshd[495]: Invalid user comp from 222.232.29.235 port 37238 Jun 30 01:52:54 inter-technics sshd[495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.232.29.235 Jun 30 01:52:54 inter-technics sshd[495]: Invalid user comp from 222.232.29.235 port 37238 Jun 30 01:52:57 inter-technics sshd[495]: Failed password for invalid user comp from 222.232.29.235 port 37238 ssh2 Jun 30 01:59:23 inter-technics sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.232.29.235 user=root Jun 30 01:59:25 inter-technics sshd[1139]: Failed password for root from 222.232.29.235 port 60252 ssh2 ...	2020-06-30 08:01:19
179.210.170.254	attack	Jun 29 22:29:50 [host] sshd[8852]: Invalid user ch Jun 29 22:29:50 [host] sshd[8852]: pam_unix(sshd:a Jun 29 22:29:52 [host] sshd[8852]: Failed password	2020-06-30 08:26:11
59.125.160.248	attackbots	Invalid user adk from 59.125.160.248 port 56504	2020-06-30 08:19:51
116.196.82.80	attack	Jun 30 02:14:05 mail sshd\[6134\]: Invalid user gen from 116.196.82.80 Jun 30 02:14:05 mail sshd\[6134\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.82.80 Jun 30 02:14:08 mail sshd\[6134\]: Failed password for invalid user gen from 116.196.82.80 port 40558 ssh2	2020-06-30 08:19:18
37.49.224.224	attack	Attempted to connect 2 times to port 22 TCP	2020-06-30 08:04:58
1.214.245.27	attackbots	3. On Jun 29 2020 experienced a Brute Force SSH login attempt -> 3 unique times by 1.214.245.27.	2020-06-30 07:57:13
83.38.83.249	attack	Jun 29 21:45:48 hell sshd[1613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.38.83.249 Jun 29 21:45:50 hell sshd[1613]: Failed password for invalid user admin from 83.38.83.249 port 51108 ssh2 ...	2020-06-30 08:17:02
119.82.135.53	attack	2020-06-30T02:43:34.703214afi-git.jinr.ru sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.82.135.53 2020-06-30T02:43:34.699965afi-git.jinr.ru sshd[8451]: Invalid user nut from 119.82.135.53 port 44472 2020-06-30T02:43:36.937499afi-git.jinr.ru sshd[8451]: Failed password for invalid user nut from 119.82.135.53 port 44472 ssh2 2020-06-30T02:45:16.767480afi-git.jinr.ru sshd[8947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.82.135.53 user=root 2020-06-30T02:45:18.670600afi-git.jinr.ru sshd[8947]: Failed password for root from 119.82.135.53 port 42182 ssh2 ...	2020-06-30 08:14:17
54.38.187.211	attack	54.38.187.211 - - [30/Jun/2020:00:05:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2020 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 54.38.187.211 - - [30/Jun/2020:00:05:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2019 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 54.38.187.211 - - [30/Jun/2020:00:05:06 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-30 08:06:42
27.78.149.73	attack	Honeypot attack, port: 81, PTR: localhost.	2020-06-30 08:03:17
118.89.160.141	attackspambots	SSH bruteforce	2020-06-30 08:10:46

最近上报的IP列表

53.63.28.84	128.76.185.153	15.188.237.240	198.116.69.73
159.65.133.81	35.116.122.189	69.25.182.110	219.94.83.241
197.233.69.6	160.176.205.55	54.71.10.34	149.61.234.224
28.97.30.238	107.174.101.178	112.234.106.40	49.233.165.151
236.237.251.224	212.159.44.179	109.25.112.43	141.145.163.222