138.197.21.218

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	$f2bV_matches	2020-08-30 05:55:45
attack	Aug 18 05:51:35 vmd17057 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 Aug 18 05:51:37 vmd17057 sshd[15897]: Failed password for invalid user arkserver from 138.197.21.218 port 55982 ssh2 ...	2020-08-18 17:03:28
attackbotsspam	Aug 15 23:18:17 ip106 sshd[9143]: Failed password for root from 138.197.21.218 port 35068 ssh2 ...	2020-08-16 06:18:38
attack	Aug 9 17:17:04 lanister sshd[24871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root Aug 9 17:17:05 lanister sshd[24871]: Failed password for root from 138.197.21.218 port 48560 ssh2 Aug 9 17:18:44 lanister sshd[24878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root Aug 9 17:18:46 lanister sshd[24878]: Failed password for root from 138.197.21.218 port 50916 ssh2	2020-08-10 07:26:18
attackspam	Failed password for invalid user admin from 138.197.21.218 port 48140 ssh2	2020-07-25 02:17:30
attack	2020-07-12T17:16:31.804856abusebot-5.cloudsearch.cf sshd[29847]: Invalid user uucp from 138.197.21.218 port 54742 2020-07-12T17:16:31.810008abusebot-5.cloudsearch.cf sshd[29847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com 2020-07-12T17:16:31.804856abusebot-5.cloudsearch.cf sshd[29847]: Invalid user uucp from 138.197.21.218 port 54742 2020-07-12T17:16:33.729762abusebot-5.cloudsearch.cf sshd[29847]: Failed password for invalid user uucp from 138.197.21.218 port 54742 ssh2 2020-07-12T17:21:03.275434abusebot-5.cloudsearch.cf sshd[29855]: Invalid user france from 138.197.21.218 port 39324 2020-07-12T17:21:03.280858abusebot-5.cloudsearch.cf sshd[29855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com 2020-07-12T17:21:03.275434abusebot-5.cloudsearch.cf sshd[29855]: Invalid user france from 138.197.21.218 port 39324 2020-07-12T17:21:05.207261abusebot-5.cloudsearch.cf ssh ...	2020-07-13 03:51:39
attackbots	$f2bV_matches	2020-07-09 13:23:08
attackbotsspam	Jul 7 09:56:06 Tower sshd[25751]: Connection from 138.197.21.218 port 39614 on 192.168.10.220 port 22 rdomain "" Jul 7 09:56:07 Tower sshd[25751]: Invalid user frida from 138.197.21.218 port 39614 Jul 7 09:56:07 Tower sshd[25751]: error: Could not get shadow information for NOUSER Jul 7 09:56:07 Tower sshd[25751]: Failed password for invalid user frida from 138.197.21.218 port 39614 ssh2 Jul 7 09:56:07 Tower sshd[25751]: Received disconnect from 138.197.21.218 port 39614:11: Bye Bye [preauth] Jul 7 09:56:07 Tower sshd[25751]: Disconnected from invalid user frida 138.197.21.218 port 39614 [preauth]	2020-07-07 21:58:54
attack	Jul 3 22:34:41 ns381471 sshd[28016]: Failed password for postgres from 138.197.21.218 port 50612 ssh2	2020-07-04 04:58:18
attackbots	Jun 23 09:32:43 *** sshd[24350]: Invalid user beta from 138.197.21.218	2020-06-23 19:30:36
attack	Jun 20 01:02:40 sso sshd[17405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 Jun 20 01:02:42 sso sshd[17405]: Failed password for invalid user syftp from 138.197.21.218 port 41444 ssh2 ...	2020-06-20 08:42:06
attackbotsspam	Jun 17 22:16:08 dignus sshd[27339]: Failed password for invalid user dima from 138.197.21.218 port 47988 ssh2 Jun 17 22:19:09 dignus sshd[27646]: Invalid user oracle from 138.197.21.218 port 47520 Jun 17 22:19:09 dignus sshd[27646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 Jun 17 22:19:11 dignus sshd[27646]: Failed password for invalid user oracle from 138.197.21.218 port 47520 ssh2 Jun 17 22:22:05 dignus sshd[27897]: Invalid user bungee from 138.197.21.218 port 47056 ...	2020-06-18 13:23:13
attackbots	Jun 16 16:39:27 server sshd[29359]: Failed password for invalid user deploy from 138.197.21.218 port 51574 ssh2 Jun 16 16:42:41 server sshd[32215]: Failed password for root from 138.197.21.218 port 51386 ssh2 Jun 16 16:45:49 server sshd[34920]: Failed password for invalid user core from 138.197.21.218 port 51204 ssh2	2020-06-16 22:46:38
attackspam	Port Scan detected from 138.197.21.218 (US/United States/New Jersey/Clifton/ns1.hostingbytg.com). 4 hits in the last 251 seconds	2020-06-15 16:31:39
attackspam	(sshd) Failed SSH login from 138.197.21.218 (US/United States/ns1.hostingbytg.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 10 08:32:54 amsweb01 sshd[31686]: Invalid user tb5 from 138.197.21.218 port 44916 Jun 10 08:32:56 amsweb01 sshd[31686]: Failed password for invalid user tb5 from 138.197.21.218 port 44916 ssh2 Jun 10 08:46:22 amsweb01 sshd[1391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root Jun 10 08:46:25 amsweb01 sshd[1391]: Failed password for root from 138.197.21.218 port 40634 ssh2 Jun 10 08:49:33 amsweb01 sshd[1841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root	2020-06-10 16:09:01
attackbotsspam	Invalid user vmz from 138.197.21.218 port 53358	2020-05-24 13:00:51
attack	$f2bV_matches	2020-05-20 01:50:37
attackbotsspam	Invalid user deploy from 138.197.21.218 port 34252	2020-05-16 19:05:15
attack	Brute force attempt	2020-05-10 14:47:14
attackspambots	Invalid user admin from 138.197.21.218 port 37946	2020-04-30 15:24:11
attack	2020-04-28T12:14:51.736473abusebot-8.cloudsearch.cf sshd[3437]: Invalid user aiken from 138.197.21.218 port 48178 2020-04-28T12:14:51.745697abusebot-8.cloudsearch.cf sshd[3437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com 2020-04-28T12:14:51.736473abusebot-8.cloudsearch.cf sshd[3437]: Invalid user aiken from 138.197.21.218 port 48178 2020-04-28T12:14:53.711938abusebot-8.cloudsearch.cf sshd[3437]: Failed password for invalid user aiken from 138.197.21.218 port 48178 ssh2 2020-04-28T12:20:45.393788abusebot-8.cloudsearch.cf sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com user=root 2020-04-28T12:20:47.625617abusebot-8.cloudsearch.cf sshd[3778]: Failed password for root from 138.197.21.218 port 52590 ssh2 2020-04-28T12:23:00.550716abusebot-8.cloudsearch.cf sshd[4042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=n ...	2020-04-28 21:45:17
attack	Apr 23 15:41:48 ourumov-web sshd\[25846\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root Apr 23 15:41:49 ourumov-web sshd\[25846\]: Failed password for root from 138.197.21.218 port 36100 ssh2 Apr 23 15:48:15 ourumov-web sshd\[26309\]: Invalid user techuser from 138.197.21.218 port 55286 ...	2020-04-23 23:13:48
attackspambots	(sshd) Failed SSH login from 138.197.21.218 (US/United States/ns1.hostingbytg.com): 5 in the last 3600 secs	2020-04-19 20:22:31
attackspam	Apr 16 08:05:17 pornomens sshd\[5072\]: Invalid user ubuntu from 138.197.21.218 port 45902 Apr 16 08:05:17 pornomens sshd\[5072\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 Apr 16 08:05:19 pornomens sshd\[5072\]: Failed password for invalid user ubuntu from 138.197.21.218 port 45902 ssh2 ...	2020-04-16 17:02:28
attack	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-04-13 12:36:02
attackspam	2020-04-10T08:08:13.825000sorsha.thespaminator.com sshd[6973]: Invalid user user from 138.197.21.218 port 40922 2020-04-10T08:08:16.101899sorsha.thespaminator.com sshd[6973]: Failed password for invalid user user from 138.197.21.218 port 40922 ssh2 ...	2020-04-11 00:10:17
attackspambots	SSH Brute-Force attacks	2020-04-07 18:21:58
attackspambots	2020-04-03T10:16:25.106488abusebot-8.cloudsearch.cf sshd[6149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com user=root 2020-04-03T10:16:26.833062abusebot-8.cloudsearch.cf sshd[6149]: Failed password for root from 138.197.21.218 port 51648 ssh2 2020-04-03T10:20:06.791157abusebot-8.cloudsearch.cf sshd[6339]: Invalid user user12 from 138.197.21.218 port 36478 2020-04-03T10:20:06.801197abusebot-8.cloudsearch.cf sshd[6339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns1.hostingbytg.com 2020-04-03T10:20:06.791157abusebot-8.cloudsearch.cf sshd[6339]: Invalid user user12 from 138.197.21.218 port 36478 2020-04-03T10:20:08.531158abusebot-8.cloudsearch.cf sshd[6339]: Failed password for invalid user user12 from 138.197.21.218 port 36478 ssh2 2020-04-03T10:23:45.630021abusebot-8.cloudsearch.cf sshd[6533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhos ...	2020-04-03 19:01:01
attack	<6 unauthorized SSH connections	2020-04-01 15:25:26
attack	Mar 30 07:13:14 server1 sshd\[25901\]: Invalid user nisuser1 from 138.197.21.218 Mar 30 07:13:14 server1 sshd\[25901\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 Mar 30 07:13:16 server1 sshd\[25901\]: Failed password for invalid user nisuser1 from 138.197.21.218 port 42534 ssh2 Mar 30 07:18:24 server1 sshd\[27356\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.21.218 user=root Mar 30 07:18:26 server1 sshd\[27356\]: Failed password for root from 138.197.21.218 port 54358 ssh2 ...	2020-03-30 21:41:28

相同子网IP讨论:

IP	类型	评论内容	时间
138.197.217.210	spamattack	PHISHING ATTACK 138.197.217.210Richard Wilcox - richardwilcoo@gmail.com - How Are You?, 19 May 2021 08:11:52 NetRange: 138.197.0.0 - 138.197.255.255 NetName: DIGITALOCEAN-138-197-0-0	2021-05-20 05:08:38
138.197.213.160	attack	138.197.213.160 - - [13/Oct/2020:23:18:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2386 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.213.160 - - [13/Oct/2020:23:18:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2319 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.213.160 - - [13/Oct/2020:23:18:22 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-14 07:06:35
138.197.216.162	attackspam	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-10-12 02:05:57
138.197.216.162	attack	Oct 11 06:58:59 ajax sshd[29351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.162 Oct 11 06:59:02 ajax sshd[29351]: Failed password for invalid user vnc from 138.197.216.162 port 55872 ssh2	2020-10-11 17:55:01
138.197.213.241	attackspambots	$f2bV_matches	2020-10-05 02:35:36
138.197.216.135	attackspam	(sshd) Failed SSH login from 138.197.216.135 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 4 11:16:42 optimus sshd[23211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.135 user=root Oct 4 11:16:43 optimus sshd[23211]: Failed password for root from 138.197.216.135 port 45342 ssh2 Oct 4 11:20:31 optimus sshd[24282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.135 user=root Oct 4 11:20:33 optimus sshd[24282]: Failed password for root from 138.197.216.135 port 51740 ssh2 Oct 4 11:24:11 optimus sshd[25688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.135 user=root	2020-10-05 02:01:14
138.197.213.241	attackspam	Invalid user mikael from 138.197.213.241 port 49748	2020-10-04 18:18:38
138.197.216.135	attackspam	Oct 4 09:29:05 onepixel sshd[490332]: Failed password for root from 138.197.216.135 port 40108 ssh2 Oct 4 09:31:02 onepixel sshd[490629]: Invalid user saurabh from 138.197.216.135 port 46082 Oct 4 09:31:02 onepixel sshd[490629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.135 Oct 4 09:31:02 onepixel sshd[490629]: Invalid user saurabh from 138.197.216.135 port 46082 Oct 4 09:31:04 onepixel sshd[490629]: Failed password for invalid user saurabh from 138.197.216.135 port 46082 ssh2	2020-10-04 17:44:02
138.197.216.162	attackspam	Invalid user zabbix from 138.197.216.162 port 33422	2020-09-30 06:53:52
138.197.216.162	attackspam	Sep 29 20:28:50 dhoomketu sshd[3455985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.162 Sep 29 20:28:50 dhoomketu sshd[3455985]: Invalid user informix from 138.197.216.162 port 50836 Sep 29 20:28:52 dhoomketu sshd[3455985]: Failed password for invalid user informix from 138.197.216.162 port 50836 ssh2 Sep 29 20:30:21 dhoomketu sshd[3456001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.162 user=root Sep 29 20:30:22 dhoomketu sshd[3456001]: Failed password for root from 138.197.216.162 port 37730 ssh2 ...	2020-09-29 23:10:54
138.197.216.162	attackbotsspam	Sep 29 03:46:30 hell sshd[5598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.216.162 Sep 29 03:46:32 hell sshd[5598]: Failed password for invalid user solaris from 138.197.216.162 port 34338 ssh2 ...	2020-09-29 15:29:44
138.197.214.200	attackbots	[MK-VM5] Blocked by UFW	2020-09-28 07:37:51
138.197.214.200	attackbotsspam	[MK-VM5] Blocked by UFW	2020-09-28 00:09:42
138.197.214.200	attackspambots	[MK-VM5] Blocked by UFW	2020-09-27 16:11:15
138.197.217.164	attackbotsspam	Sep 26 01:04:37 * sshd[30361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.217.164 Sep 26 01:04:39 * sshd[30361]: Failed password for invalid user Guest from 138.197.217.164 port 47290 ssh2	2020-09-26 07:10:05

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.21.218
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11959
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.21.218.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080301 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Aug 04 08:44:58 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

218.21.197.138.in-addr.arpa domain name pointer ns1.hostingbytg.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
218.21.197.138.in-addr.arpa	name = ns1.hostingbytg.com.

Authoritative answers can be found from:

IP	类型	评论内容	时间
177.10.209.21	attackbots	RDP Bruteforce	2020-09-17 06:51:25
37.120.153.210	attackbots	[2020-09-16 17:25:01] NOTICE[1239] chan_sip.c: Registration from '"171"' failed for '37.120.153.210:22977' - Wrong password [2020-09-16 17:25:01] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-16T17:25:01.866-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="171",SessionID="0x7f4d480d6c18",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/37.120.153.210/22977",Challenge="7ab7eb6e",ReceivedChallenge="7ab7eb6e",ReceivedHash="a23281c4ab54b8f5e3daf95335e418f1" [2020-09-16 17:25:09] NOTICE[1239] chan_sip.c: Registration from '"173"' failed for '37.120.153.210:51970' - Wrong password [2020-09-16 17:25:09] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-16T17:25:09.883-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="173",SessionID="0x7f4d481972d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/37.1 ...	2020-09-17 06:17:53
120.31.204.22	attack	RDP Bruteforce	2020-09-17 06:40:45
200.58.79.209	attack	RDP Bruteforce	2020-09-17 06:48:58
131.221.161.123	attackbotsspam	Automatic report - Port Scan Attack	2020-09-17 06:23:04
222.186.175.163	attack	2020-09-17T01:46:22.441174lavrinenko.info sshd[5236]: Failed password for root from 222.186.175.163 port 27794 ssh2 2020-09-17T01:46:26.179291lavrinenko.info sshd[5236]: Failed password for root from 222.186.175.163 port 27794 ssh2 2020-09-17T01:46:31.336657lavrinenko.info sshd[5236]: Failed password for root from 222.186.175.163 port 27794 ssh2 2020-09-17T01:46:36.355748lavrinenko.info sshd[5236]: Failed password for root from 222.186.175.163 port 27794 ssh2 2020-09-17T01:46:40.431815lavrinenko.info sshd[5236]: Failed password for root from 222.186.175.163 port 27794 ssh2 ...	2020-09-17 06:48:00
125.22.56.125	attack	Unauthorized connection attempt from IP address 125.22.56.125 on Port 445(SMB)	2020-09-17 06:25:49
100.26.178.43	attackbotsspam	21 attempts against mh-ssh on star	2020-09-17 06:21:40
190.152.245.102	attackspambots	RDP Bruteforce	2020-09-17 06:35:11
88.209.116.204	attack	RDP Bruteforce	2020-09-17 06:42:18
185.139.56.186	attackbots	RDP Bruteforce	2020-09-17 06:35:51
157.245.240.102	attackbotsspam	157.245.240.102 - - [16/Sep/2020:19:00:09 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.240.102 - - [16/Sep/2020:19:00:10 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 157.245.240.102 - - [16/Sep/2020:19:00:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-17 06:24:04
181.191.64.81	attackspam	Unauthorized connection attempt from IP address 181.191.64.81 on Port 445(SMB)	2020-09-17 06:28:32
152.136.116.24	attackspam	RDP Bruteforce	2020-09-17 06:37:14
52.80.175.139	attackspam	RDP Bruteforce	2020-09-17 06:43:58

最近上报的IP列表

139.81.135.66	99.233.245.22	82.117.191.2	107.159.171.46
77.42.117.174	66.249.64.208	46.148.120.206	46.101.54.199
68.183.167.60	42.87.163.65	108.170.108.155	139.155.143.195
194.254.124.58	218.21.218.10	233.123.229.130	191.15.255.138
170.144.248.148	77.31.26.228	3.15.111.205	21.236.115.202