138.197.196.221

基本信息:

城市(city): Santa Clara

省份(region): California

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	$f2bV_matches	2020-07-04 04:59:18
attackbotsspam	Jun 26 08:17:01 roki sshd[30702]: Invalid user csgoserver from 138.197.196.221 Jun 26 08:17:01 roki sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 Jun 26 08:17:03 roki sshd[30702]: Failed password for invalid user csgoserver from 138.197.196.221 port 37656 ssh2 Jun 26 08:23:30 roki sshd[31127]: Invalid user anselmo from 138.197.196.221 Jun 26 08:23:30 roki sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 ...	2020-06-26 16:40:26
attackbotsspam	$f2bV_matches	2020-06-25 08:39:54
attack	Jun 21 08:28:43 pbkit sshd[155018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 Jun 21 08:28:43 pbkit sshd[155018]: Invalid user user from 138.197.196.221 port 43700 Jun 21 08:28:45 pbkit sshd[155018]: Failed password for invalid user user from 138.197.196.221 port 43700 ssh2 ...	2020-06-21 17:16:37
attackbots	SSH Invalid Login	2020-06-21 06:14:47
attackspam	Total attacks: 2	2020-06-16 23:06:12
attack	SSH Brute-Force Attack	2020-06-03 20:58:10
attackspambots	May 28 21:10:35 vpn01 sshd[21806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 May 28 21:10:37 vpn01 sshd[21806]: Failed password for invalid user upload from 138.197.196.221 port 55214 ssh2 ...	2020-05-29 03:55:57
attack	May 15 10:24:07 electroncash sshd[60452]: Invalid user teamspeak3 from 138.197.196.221 port 46732 May 15 10:24:07 electroncash sshd[60452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 May 15 10:24:07 electroncash sshd[60452]: Invalid user teamspeak3 from 138.197.196.221 port 46732 May 15 10:24:09 electroncash sshd[60452]: Failed password for invalid user teamspeak3 from 138.197.196.221 port 46732 ssh2 May 15 10:26:01 electroncash sshd[60931]: Invalid user timo from 138.197.196.221 port 50092 ...	2020-05-15 16:36:01
attackbots	prod11 ...	2020-05-14 02:16:47
attackspambots	SSH Login Bruteforce	2020-05-10 17:20:02
attackbots	May 8 16:02:27 meumeu sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 May 8 16:02:29 meumeu sshd[30473]: Failed password for invalid user janine from 138.197.196.221 port 46430 ssh2 May 8 16:06:41 meumeu sshd[31102]: Failed password for root from 138.197.196.221 port 57896 ssh2 ...	2020-05-08 23:00:12
attack	May 6 14:33:31 [host] sshd[31420]: Invalid user d May 6 14:33:31 [host] sshd[31420]: pam_unix(sshd: May 6 14:33:33 [host] sshd[31420]: Failed passwor	2020-05-06 23:30:48
attack	2020-05-04T15:04:30.771789randservbullet-proofcloud-66.localdomain sshd[25955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.221 user=root 2020-05-04T15:04:32.423927randservbullet-proofcloud-66.localdomain sshd[25955]: Failed password for root from 138.197.196.221 port 34682 ssh2 2020-05-04T15:09:14.134704randservbullet-proofcloud-66.localdomain sshd[25982]: Invalid user ubuntu from 138.197.196.221 port 55802 ...	2020-05-05 02:59:52
attackbotsspam	Invalid user cho from 138.197.196.221 port 43942	2020-05-02 20:07:13
attack	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-04-29 07:49:11

相同子网IP讨论:

IP	类型	评论内容	时间
138.197.196.208	attackbots	Jun 12 18:53:33 vps647732 sshd[7706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.208 Jun 12 18:53:36 vps647732 sshd[7706]: Failed password for invalid user angel2019 from 138.197.196.208 port 38854 ssh2 ...	2020-06-13 01:32:22
138.197.196.208	attackbots	Jun 7 08:28:05 cloud sshd[2056]: Failed password for root from 138.197.196.208 port 52264 ssh2	2020-06-07 14:44:14
138.197.196.208	attack	(sshd) Failed SSH login from 138.197.196.208 (US/United States/-): 5 in the last 3600 secs	2020-05-24 23:14:58
138.197.196.208	attackspambots	odoo8 ...	2020-05-22 08:15:58
138.197.196.196	attack	May 6 09:31:32 our-server-hostname sshd[32580]: Invalid user frappe from 138.197.196.196 May 6 09:31:32 our-server-hostname sshd[32580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.196 May 6 09:31:34 our-server-hostname sshd[32580]: Failed password for invalid user frappe from 138.197.196.196 port 49008 ssh2 May 6 09:57:51 our-server-hostname sshd[5614]: Invalid user dck from 138.197.196.196 May 6 09:57:51 our-server-hostname sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.196 May 6 09:57:53 our-server-hostname sshd[5614]: Failed password for invalid user dck from 138.197.196.196 port 41416 ssh2 May 6 10:01:50 our-server-hostname sshd[7040]: Invalid user oracle from 138.197.196.196 May 6 10:01:50 our-server-hostname sshd[7040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.196 May 6 10:0........ -------------------------------	2020-05-07 00:39:25
138.197.196.174	attack	Jan 15 05:51:40 tuxlinux sshd[48768]: Invalid user deborah from 138.197.196.174 port 48772 Jan 15 05:51:40 tuxlinux sshd[48768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.174 Jan 15 05:51:40 tuxlinux sshd[48768]: Invalid user deborah from 138.197.196.174 port 48772 Jan 15 05:51:40 tuxlinux sshd[48768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.174 Jan 15 05:51:40 tuxlinux sshd[48768]: Invalid user deborah from 138.197.196.174 port 48772 Jan 15 05:51:40 tuxlinux sshd[48768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.196.174 Jan 15 05:51:43 tuxlinux sshd[48768]: Failed password for invalid user deborah from 138.197.196.174 port 48772 ssh2 ...	2020-01-15 16:39:08
138.197.196.243	attackspambots	WordPress wp-login brute force :: 138.197.196.243 0.052 BYPASS [06/Jul/2019:23:24:29 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-07-07 03:25:38

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.196.221
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24144
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.196.221.		IN	A

;; AUTHORITY SECTION:
.			417	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042801 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 29 07:49:07 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

Host 221.196.197.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 221.196.197.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
89.36.162.28	attack	Automatic report - Port Scan Attack	2020-03-14 02:56:57
190.52.167.126	attackbots	Unauthorized connection attempt from IP address 190.52.167.126 on Port 445(SMB)	2020-03-14 02:15:47
85.94.0.145	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-14 02:21:41
222.186.15.10	attackspam	Mar 13 19:54:06 host sshd\[28249\]: User user from 222.186.15.10 not allowed because none of user's groups are listed in AllowGroups	2020-03-14 02:58:15
104.131.2.218	attack	Lines containing failures of 104.131.2.218 Mar 12 10:57:34 shared01 sshd[1002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.2.218 user=r.r Mar 12 10:57:36 shared01 sshd[1002]: Failed password for r.r from 104.131.2.218 port 44128 ssh2 Mar 12 10:57:36 shared01 sshd[1002]: Received disconnect from 104.131.2.218 port 44128:11: Bye Bye [preauth] Mar 12 10:57:36 shared01 sshd[1002]: Disconnected from authenticating user r.r 104.131.2.218 port 44128 [preauth] Mar 12 11:06:29 shared01 sshd[4661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.2.218 user=r.r Mar 12 11:06:30 shared01 sshd[4661]: Failed password for r.r from 104.131.2.218 port 34720 ssh2 Mar 12 11:06:30 shared01 sshd[4661]: Received disconnect from 104.131.2.218 port 34720:11: Bye Bye [preauth] Mar 12 11:06:30 shared01 sshd[4661]: Disconnected from authenticating user r.r 104.131.2.218 port 34720 [preauth] ........ ----------------------------------	2020-03-14 02:18:04
87.76.14.132	attackbots	Unauthorized connection attempt from IP address 87.76.14.132 on Port 445(SMB)	2020-03-14 02:39:29
142.44.184.226	attack	Jan 10 21:23:40 pi sshd[24417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.184.226 user=root Jan 10 21:23:43 pi sshd[24417]: Failed password for invalid user root from 142.44.184.226 port 58196 ssh2	2020-03-14 02:56:18
211.137.234.86	attackbots	Portscan or hack attempt detected by psad/fwsnort	2020-03-14 02:58:37
186.225.187.57	attack	HTTP/80/443/8080 Probe, BF, WP, Hack -	2020-03-14 02:26:09
1.179.146.154	attackbots	Unauthorized connection attempt from IP address 1.179.146.154 on Port 445(SMB)	2020-03-14 02:42:31
162.243.132.46	attack	Unauthorized connection attempt detected from IP address 162.243.132.46 to port 587	2020-03-14 02:16:20
62.171.152.136	attack	Lines containing failures of 62.171.152.136 Mar 12 14:51:37 siirappi sshd[10963]: Invalid user trung from 62.171.152.136 port 48682 Mar 12 14:51:37 siirappi sshd[10963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.152.136 Mar 12 14:51:39 siirappi sshd[10963]: Failed password for invalid user trung from 62.171.152.136 port 48682 ssh2 Mar 12 14:51:39 siirappi sshd[10963]: Received disconnect from 62.171.152.136 port 48682:11: Bye Bye [preauth] Mar 12 14:51:39 siirappi sshd[10963]: Disconnected from 62.171.152.136 port 48682 [preauth] Mar 12 14:57:55 siirappi sshd[11033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.152.136 user=r.r Mar 12 14:57:57 siirappi sshd[11033]: Failed password for r.r from 62.171.152.136 port 48428 ssh2 Mar 12 14:57:57 siirappi sshd[11033]: Received disconnect from 62.171.152.136 port 48428:11: Bye Bye [preauth] Mar 12 14:57:57 siirappi sshd[11033]........ ------------------------------	2020-03-14 02:59:39
106.13.136.139	attack	Mar 13 20:13:25 ncomp sshd[25810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.139 user=root Mar 13 20:13:27 ncomp sshd[25810]: Failed password for root from 106.13.136.139 port 38510 ssh2 Mar 13 20:16:44 ncomp sshd[25860]: Invalid user superman from 106.13.136.139	2020-03-14 02:54:15
61.35.4.150	attack	Mar 13 15:24:37 lukav-desktop sshd\[25686\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.35.4.150 user=root Mar 13 15:24:39 lukav-desktop sshd\[25686\]: Failed password for root from 61.35.4.150 port 35301 ssh2 Mar 13 15:28:05 lukav-desktop sshd\[25726\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.35.4.150 user=root Mar 13 15:28:07 lukav-desktop sshd\[25726\]: Failed password for root from 61.35.4.150 port 60849 ssh2 Mar 13 15:31:33 lukav-desktop sshd\[25756\]: Invalid user xsbk from 61.35.4.150	2020-03-14 02:35:05
182.75.135.46	attack	Honeypot attack, port: 445, PTR: nsg-static-46.135.75.182-airtel.com.	2020-03-14 02:37:59

最近上报的IP列表

37.252.75.80	184.22.82.19	178.98.156.57	102.178.231.251
77.253.149.55	181.124.186.236	190.124.228.252	172.58.141.252
18.219.152.117	14.51.222.242	183.86.181.81	45.105.188.15
52.130.86.7	188.220.83.124	1.20.245.189	68.38.230.207
190.206.33.204	52.249.93.27	185.50.149.8	91.126.183.175