168.138.14.139

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): Oracle Public Cloud

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	404 NOT FOUND	2020-06-22 12:52:30
attackbots	Lines containing failures of 168.138.14.139 May 5 07:22:51 nexus sshd[15918]: Invalid user elastic from 168.138.14.139 port 52324 May 5 07:22:51 nexus sshd[15918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.14.139 May 5 07:22:53 nexus sshd[15918]: Failed password for invalid user elastic from 168.138.14.139 port 52324 ssh2 May 5 07:22:54 nexus sshd[15918]: Connection closed by 168.138.14.139 port 52324 [preauth] May 5 09:16:45 nexus sshd[17826]: Invalid user regwag2003 from 168.138.14.139 port 47954 May 5 09:16:45 nexus sshd[17826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.14.139 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=168.138.14.139	2020-05-07 23:24:39

类型

评论内容

时间

attackspambots

404 NOT FOUND

2020-06-22 12:52:30

attackbots

Lines containing failures of 168.138.14.139
May  5 07:22:51 nexus sshd[15918]: Invalid user elastic from 168.138.14.139 port 52324
May  5 07:22:51 nexus sshd[15918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.14.139
May  5 07:22:53 nexus sshd[15918]: Failed password for invalid user elastic from 168.138.14.139 port 52324 ssh2
May  5 07:22:54 nexus sshd[15918]: Connection closed by 168.138.14.139 port 52324 [preauth]
May  5 09:16:45 nexus sshd[17826]: Invalid user regwag2003 from 168.138.14.139 port 47954
May  5 09:16:45 nexus sshd[17826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.14.139


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=168.138.14.139

2020-05-07 23:24:39

相同子网IP讨论:

IP	类型	评论内容	时间
168.138.140.50	attack	DATE:2020-09-30 22:37:31, IP:168.138.140.50, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-10-02 05:55:23
168.138.140.50	attackspambots	DATE:2020-09-30 22:37:31, IP:168.138.140.50, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-10-01 22:18:06
168.138.140.50	attackbots	DATE:2020-09-30 22:37:31, IP:168.138.140.50, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-10-01 14:37:16
168.138.145.173	attackspambots	Unauthorized connection attempt detected from IP address 168.138.145.173 to port 445 [T]	2020-07-22 02:32:41
168.138.144.172	attackspam	phpMyAdmin_Attack	2020-05-15 15:58:04
168.138.144.172	attack	php WP PHPmyadamin ABUSE blocked for 12h	2020-05-14 08:54:19
168.138.147.95	attack	May 5 20:10:51 inter-technics sshd[5375]: Invalid user daniel from 168.138.147.95 port 40858 May 5 20:10:51 inter-technics sshd[5375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 May 5 20:10:51 inter-technics sshd[5375]: Invalid user daniel from 168.138.147.95 port 40858 May 5 20:10:54 inter-technics sshd[5375]: Failed password for invalid user daniel from 168.138.147.95 port 40858 ssh2 May 5 20:17:35 inter-technics sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 user=root May 5 20:17:37 inter-technics sshd[8505]: Failed password for root from 168.138.147.95 port 47372 ssh2 ...	2020-05-06 02:53:18
168.138.144.172	attackspambots	Hacking	2020-05-04 08:21:01
168.138.147.95	attackspam	Invalid user ts4 from 168.138.147.95 port 40946	2020-05-01 12:08:34
168.138.147.95	attackbots	Apr 27 15:03:44 ArkNodeAT sshd\[23003\]: Invalid user mall from 168.138.147.95 Apr 27 15:03:44 ArkNodeAT sshd\[23003\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 Apr 27 15:03:46 ArkNodeAT sshd\[23003\]: Failed password for invalid user mall from 168.138.147.95 port 47106 ssh2	2020-04-28 00:23:51
168.138.147.95	attack	Apr 21 14:22:41 ns382633 sshd\[32632\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 user=root Apr 21 14:22:43 ns382633 sshd\[32632\]: Failed password for root from 168.138.147.95 port 58264 ssh2 Apr 21 14:33:14 ns382633 sshd\[2542\]: Invalid user testftp from 168.138.147.95 port 46414 Apr 21 14:33:14 ns382633 sshd\[2542\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 Apr 21 14:33:17 ns382633 sshd\[2542\]: Failed password for invalid user testftp from 168.138.147.95 port 46414 ssh2	2020-04-21 20:35:39
168.138.147.95	attackbotsspam	2020-04-11T22:42:26.380453ns386461 sshd\[6771\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 user=root 2020-04-11T22:42:28.623859ns386461 sshd\[6771\]: Failed password for root from 168.138.147.95 port 39768 ssh2 2020-04-11T22:51:16.278747ns386461 sshd\[14589\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 user=root 2020-04-11T22:51:18.282557ns386461 sshd\[14589\]: Failed password for root from 168.138.147.95 port 33900 ssh2 2020-04-11T22:56:59.951658ns386461 sshd\[19994\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.138.147.95 user=root ...	2020-04-12 05:27:01

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 168.138.14.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25224
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;168.138.14.139.			IN	A

;; AUTHORITY SECTION:
.			411	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020050700 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 07 23:24:34 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 139.14.138.168.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 139.14.138.168.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
31.211.86.13	attackbotsspam	Automatic report - Banned IP Access	2020-08-24 22:52:34
111.74.11.85	attack	$f2bV_matches	2020-08-24 22:53:48
222.73.182.137	attackspambots	Aug 24 17:02:59 hosting sshd[14957]: Invalid user matt from 222.73.182.137 port 34360 ...	2020-08-24 23:05:40
191.233.142.46	attack	Aug 24 08:43:03 ny01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.233.142.46 Aug 24 08:43:05 ny01 sshd[28948]: Failed password for invalid user kfk from 191.233.142.46 port 58000 ssh2 Aug 24 08:47:59 ny01 sshd[29729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.233.142.46	2020-08-24 22:30:41
185.220.101.213	attackspambots	detected by Fail2Ban	2020-08-24 22:22:13
163.179.97.16	attack	Icarus honeypot on github	2020-08-24 22:56:28
18.27.197.252	attack	(imapd) Failed IMAP login from 18.27.197.252 (US/United States/wholesomeserver.media.mit.edu): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Aug 24 16:20:25 ir1 dovecot[3110802]: imap-login: Disconnected (auth failed, 1 attempts in 3 secs): user=, method=PLAIN, rip=18.27.197.252, lip=5.63.12.44, TLS, session=	2020-08-24 22:59:51
218.92.0.173	attackspam	Aug 24 07:55:20 dignus sshd[11057]: Failed password for root from 218.92.0.173 port 26853 ssh2 Aug 24 07:55:23 dignus sshd[11057]: Failed password for root from 218.92.0.173 port 26853 ssh2 Aug 24 07:55:30 dignus sshd[11057]: error: maximum authentication attempts exceeded for root from 218.92.0.173 port 26853 ssh2 [preauth] Aug 24 07:55:36 dignus sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.173 user=root Aug 24 07:55:38 dignus sshd[11118]: Failed password for root from 218.92.0.173 port 50074 ssh2 ...	2020-08-24 22:55:50
156.196.240.185	attack	Icarus honeypot on github	2020-08-24 22:36:12
91.121.68.60	attack	[MonAug2413:50:36.3796312020][:error][pid32741:tid47165108848384][client91.121.68.60:49532][client91.121.68.60]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent$python-requests$.Disablethisruleifyouusepython-requests/."][severity"CRITICAL"][hostname"fit-easy.com"][uri"/admin/images/cal_date_over.gif"][unique_id"X0OpjCtSzoxNLh@Tstk9aAAAAUk"][MonAug2413:50:47.9381692020][:error][pid32482:tid47165098342144][client91.121.68.60:50388][client91.121.68.60]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"python-requests/"atREQUEST_HEADERS:User-Agent.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"218"][id"332039"][rev"4"][msg"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent$python-requests$.Disablethisruleifyouusepython-requests/."][severity"CRITICAL\	2020-08-24 22:37:51
211.149.155.116	attackbotsspam	port	2020-08-24 22:40:40
46.214.192.199	attack	Automatic report - XMLRPC Attack	2020-08-24 22:48:20
194.36.108.6	attackbotsspam	0,20-13/09 [bc01/m10] PostRequest-Spammer scoring: zurich	2020-08-24 22:31:41
106.13.201.44	attackbots	2020-08-24T14:36:42.231757shield sshd\[27371\]: Invalid user zx from 106.13.201.44 port 52142 2020-08-24T14:36:42.260335shield sshd\[27371\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.201.44 2020-08-24T14:36:44.362653shield sshd\[27371\]: Failed password for invalid user zx from 106.13.201.44 port 52142 ssh2 2020-08-24T14:40:35.724652shield sshd\[27788\]: Invalid user qadmin from 106.13.201.44 port 35946 2020-08-24T14:40:35.745242shield sshd\[27788\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.201.44	2020-08-24 22:52:53
45.129.33.142	attack	[portscan] Port scan	2020-08-24 22:37:01

最近上报的IP列表

210.21.36.182	97.87.51.228	83.196.98.96	187.177.183.18
148.105.11.43	145.239.90.198	216.41.205.1	91.148.138.116
94.21.40.231	210.211.117.41	78.180.38.127	5.253.206.142
89.34.18.94	67.70.142.247	87.251.74.173	76.238.219.68
121.156.122.97	2.86.246.211	183.11.235.24	90.189.197.237