138.197.94.57 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Sep 29 15:16:06 host sshd[18668]: Invalid user wwwdata1 from 138.197.94.57 port 35364 ...	2020-09-30 00:26:34
attackspam	Sep 9 21:25:11 localhost sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:25:13 localhost sshd[32658]: Failed password for root from 138.197.94.57 port 50262 ssh2 Sep 9 21:28:38 localhost sshd[33038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:28:41 localhost sshd[33038]: Failed password for root from 138.197.94.57 port 54820 ssh2 Sep 9 21:32:08 localhost sshd[33387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:32:10 localhost sshd[33387]: Failed password for root from 138.197.94.57 port 59378 ssh2 ...	2020-09-10 20:45:21
attack	Sep 9 21:25:11 localhost sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:25:13 localhost sshd[32658]: Failed password for root from 138.197.94.57 port 50262 ssh2 Sep 9 21:28:38 localhost sshd[33038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:28:41 localhost sshd[33038]: Failed password for root from 138.197.94.57 port 54820 ssh2 Sep 9 21:32:08 localhost sshd[33387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 21:32:10 localhost sshd[33387]: Failed password for root from 138.197.94.57 port 59378 ssh2 ...	2020-09-10 12:31:40
attack	Sep 9 18:55:40 localhost sshd[14104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 18:55:42 localhost sshd[14104]: Failed password for root from 138.197.94.57 port 42568 ssh2 Sep 9 18:58:54 localhost sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 18:58:56 localhost sshd[14454]: Failed password for root from 138.197.94.57 port 47128 ssh2 Sep 9 19:02:13 localhost sshd[14888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 user=root Sep 9 19:02:16 localhost sshd[14888]: Failed password for root from 138.197.94.57 port 51686 ssh2 ...	2020-09-10 03:20:03
attack	Aug 28 14:06:56 home sshd[2034502]: Failed password for invalid user wzy from 138.197.94.57 port 36146 ssh2 Aug 28 14:09:53 home sshd[2035597]: Invalid user commun from 138.197.94.57 port 33356 Aug 28 14:09:53 home sshd[2035597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 Aug 28 14:09:53 home sshd[2035597]: Invalid user commun from 138.197.94.57 port 33356 Aug 28 14:09:55 home sshd[2035597]: Failed password for invalid user commun from 138.197.94.57 port 33356 ssh2 ...	2020-08-28 20:23:11
attack	Invalid user test from 138.197.94.57 port 41024	2020-08-23 01:36:18
attackspambots	Aug 14 07:47:33 vpn01 sshd[11366]: Failed password for root from 138.197.94.57 port 42778 ssh2 ...	2020-08-14 14:41:30
attackspambots	Aug 11 19:21:20 vps46666688 sshd[7244]: Failed password for root from 138.197.94.57 port 53692 ssh2 ...	2020-08-12 06:24:34
attack	Jul 30 17:19:11 xxxxxxx8 sshd[2472]: Invalid user dove from 138.197.94.57 port 45240 Jul 30 17:19:11 xxxxxxx8 sshd[2472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 Jul 30 17:19:13 xxxxxxx8 sshd[2472]: Failed password for invalid user dove from 138.197.94.57 port 45240 ssh2 Jul 30 17:24:43 xxxxxxx8 sshd[2788]: Invalid user syy from 138.197.94.57 port 49148 Jul 30 17:24:43 xxxxxxx8 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 Jul 30 17:24:45 xxxxxxx8 sshd[2788]: Failed password for invalid user syy from 138.197.94.57 port 49148 ssh2 Jul 30 17:28:40 xxxxxxx8 sshd[3079]: Invalid user zhaoshaojing from 138.197.94.57 port 33452 Jul 30 17:28:40 xxxxxxx8 sshd[3079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 Jul 30 17:28:42 xxxxxxx8 sshd[3079]: Failed password for invalid user zhaoshaojing from........ ------------------------------	2020-08-04 21:04:36
attackbots	2020-07-31T15:13:17.812020+02:00 sshd[8857]: Failed password for root from 138.197.94.57 port 37694 ssh2	2020-07-31 21:23:35
attackspam	This client attempted to login to an administrator account on a Website, or abused from another resource.	2020-07-26 17:00:45

相同子网IP讨论:

IP	类型	评论内容	时间
138.197.94.209	attackspambots	C2,WP GET /home/wp-includes/wlwmanifest.xml	2020-07-13 16:36:41
138.197.94.209	attackspambots	miraniessen.de 138.197.94.209 [25/Jun/2020:01:07:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4860 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" MIRANIESSEN.DE 138.197.94.209 [25/Jun/2020:01:07:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4860 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"	2020-06-25 07:55:52
138.197.94.209	attackbots	ENG,WP GET /v2/wp-includes/wlwmanifest.xml	2020-06-02 00:33:08
138.197.94.75	attack	138.197.94.75 has been banned for [WebApp Attack] ...	2020-03-25 22:50:21
138.197.94.75	attackbotsspam	138.197.94.75 has been banned for [WebApp Attack] ...	2020-03-21 05:24:39
138.197.94.164	attack	Mar 4 02:29:33 auw2 sshd\[18620\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164 user=root Mar 4 02:29:35 auw2 sshd\[18620\]: Failed password for root from 138.197.94.164 port 38928 ssh2 Mar 4 02:29:36 auw2 sshd\[18625\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164 user=root Mar 4 02:29:38 auw2 sshd\[18625\]: Failed password for root from 138.197.94.164 port 39024 ssh2 Mar 4 02:29:39 auw2 sshd\[18627\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164 user=root	2020-03-04 20:35:50
138.197.94.164	attackbots	2020-02-18T14:18:57.129984hz01.yumiweb.com sshd\[13553\]: Invalid user ark from 138.197.94.164 port 34344 2020-02-18T14:22:00.411288hz01.yumiweb.com sshd\[13570\]: Invalid user arkserver from 138.197.94.164 port 36266 2020-02-18T14:25:17.443563hz01.yumiweb.com sshd\[13583\]: Invalid user ark from 138.197.94.164 port 38188 ...	2020-02-18 23:36:10
138.197.94.75	attackbotsspam	Automatic report - XMLRPC Attack	2019-12-28 14:49:37
138.197.94.75	attackspam	138.197.94.75 - - [19/Dec/2019:22:35:31 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.94.75 - - [19/Dec/2019:22:35:32 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-20 06:58:58
138.197.94.75	attackbotsspam	[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:18 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:21 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:23 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:26 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:28 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:31 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubun	2019-12-20 04:53:21
138.197.94.75	attackbotsspam	Automatic report - XMLRPC Attack	2019-12-18 18:54:55
138.197.94.75	attackspam	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	2019-12-12 10:27:38
138.197.94.75	attack	windhundgang.de 138.197.94.75 [17/Nov/2019:07:28:22 +0100] "POST /wp-login.php HTTP/1.1" 200 8382 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" windhundgang.de 138.197.94.75 [17/Nov/2019:07:28:22 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-11-17 16:00:33
138.197.94.209	attack	Automatic report - XMLRPC Attack	2019-10-29 23:54:23
138.197.94.75	attackbots	138.197.94.75 - - \[29/Oct/2019:03:58:09 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.94.75 - - \[29/Oct/2019:03:58:09 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-10-29 12:37:05

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.94.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21934
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.94.57.			IN	A

;; AUTHORITY SECTION:
.			171	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072600 1800 900 604800 86400

;; Query time: 36 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 26 17:00:40 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 57.94.197.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.94.197.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
93.67.105.247	attack	DIS,DEF GET /phpmyadmin/	2020-08-28 09:43:14
61.177.172.128	attack	Aug 28 03:40:51 ip106 sshd[19449]: Failed password for root from 61.177.172.128 port 55940 ssh2 Aug 28 03:40:57 ip106 sshd[19449]: Failed password for root from 61.177.172.128 port 55940 ssh2 ...	2020-08-28 09:45:24
34.105.173.203	attackbots	Failed password for invalid user shubh from 34.105.173.203 port 45622 ssh2	2020-08-28 10:04:54
45.167.10.51	attack	Aug 27 04:19:08 mail.srvfarm.net postfix/smtps/smtpd[1314285]: warning: unknown[45.167.10.51]: SASL PLAIN authentication failed: Aug 27 04:19:08 mail.srvfarm.net postfix/smtps/smtpd[1314285]: lost connection after AUTH from unknown[45.167.10.51] Aug 27 04:22:33 mail.srvfarm.net postfix/smtps/smtpd[1330772]: warning: unknown[45.167.10.51]: SASL PLAIN authentication failed: Aug 27 04:22:35 mail.srvfarm.net postfix/smtps/smtpd[1330772]: lost connection after AUTH from unknown[45.167.10.51] Aug 27 04:23:36 mail.srvfarm.net postfix/smtps/smtpd[1314660]: warning: unknown[45.167.10.51]: SASL PLAIN authentication failed:	2020-08-28 09:45:58
106.75.110.232	attackspambots	Aug 27 21:05:57 marvibiene sshd[44616]: Invalid user admin from 106.75.110.232 port 47714 Aug 27 21:05:57 marvibiene sshd[44616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.110.232 Aug 27 21:05:57 marvibiene sshd[44616]: Invalid user admin from 106.75.110.232 port 47714 Aug 27 21:05:59 marvibiene sshd[44616]: Failed password for invalid user admin from 106.75.110.232 port 47714 ssh2	2020-08-28 09:52:09
119.45.142.15	attack	SSH-BruteForce	2020-08-28 09:54:01
87.204.167.99	attackspam	Aug 27 04:19:21 mail.srvfarm.net postfix/smtpd[1328473]: warning: host-1-99.erydan.net[87.204.167.99]: SASL PLAIN authentication failed: Aug 27 04:19:21 mail.srvfarm.net postfix/smtpd[1328473]: lost connection after AUTH from host-1-99.erydan.net[87.204.167.99] Aug 27 04:19:48 mail.srvfarm.net postfix/smtpd[1314737]: warning: host-1-99.erydan.net[87.204.167.99]: SASL PLAIN authentication failed: Aug 27 04:19:48 mail.srvfarm.net postfix/smtpd[1314737]: lost connection after AUTH from host-1-99.erydan.net[87.204.167.99] Aug 27 04:22:47 mail.srvfarm.net postfix/smtps/smtpd[1331985]: warning: host-1-99.erydan.net[87.204.167.99]: SASL PLAIN authentication failed:	2020-08-28 09:43:56
220.132.75.140	attack	2020-08-28T01:42:54.767510shield sshd\[18992\]: Invalid user sistema from 220.132.75.140 port 53306 2020-08-28T01:42:54.800921shield sshd\[18992\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220-132-75-140.hinet-ip.hinet.net 2020-08-28T01:42:56.681881shield sshd\[18992\]: Failed password for invalid user sistema from 220.132.75.140 port 53306 ssh2 2020-08-28T01:46:45.701329shield sshd\[19588\]: Invalid user liza from 220.132.75.140 port 57876 2020-08-28T01:46:45.724563shield sshd\[19588\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220-132-75-140.hinet-ip.hinet.net	2020-08-28 09:56:58
193.56.28.245	attackbotsspam	Lines containing failures of 193.56.28.245 Aug 27 20:40:13 mc sshd[21889]: Did not receive identification string from 193.56.28.245 port 59832 Aug 27 20:43:18 mc sshd[21898]: Invalid user ubnt from 193.56.28.245 port 56152 Aug 27 20:43:18 mc sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.56.28.245 Aug 27 20:43:20 mc sshd[21898]: Failed password for invalid user ubnt from 193.56.28.245 port 56152 ssh2 Aug 27 20:43:21 mc sshd[21898]: Postponed keyboard-interactive for invalid user ubnt from 193.56.28.245 port 56152 ssh2 [preauth] Aug 27 20:43:23 mc sshd[21898]: error: PAM: User not known to the underlying authentication module for illegal user ubnt from 193.56.28.245 Aug 27 20:43:23 mc sshd[21898]: Failed keyboard-interactive/pam for invalid user ubnt from 193.56.28.245 port 56152 ssh2 Aug 27 20:43:23 mc sshd[21898]: Received disconnect from 193.56.28.245 port 56152:11: [preauth] Aug 27 20:43:23 mc sshd[21898]: Dis........ ------------------------------	2020-08-28 09:55:26
186.216.70.118	attack	Aug 28 02:37:58 mail.srvfarm.net postfix/smtpd[2024855]: warning: unknown[186.216.70.118]: SASL PLAIN authentication failed: Aug 28 02:37:59 mail.srvfarm.net postfix/smtpd[2024855]: lost connection after AUTH from unknown[186.216.70.118] Aug 28 02:38:33 mail.srvfarm.net postfix/smtps/smtpd[2021025]: warning: unknown[186.216.70.118]: SASL PLAIN authentication failed: Aug 28 02:38:34 mail.srvfarm.net postfix/smtps/smtpd[2021025]: lost connection after AUTH from unknown[186.216.70.118] Aug 28 02:42:56 mail.srvfarm.net postfix/smtps/smtpd[2026383]: warning: unknown[186.216.70.118]: SASL PLAIN authentication failed:	2020-08-28 09:28:05
188.227.193.148	attack	Aug 27 07:36:31 mail.srvfarm.net postfix/smtpd[1410486]: warning: unknown[188.227.193.148]: SASL PLAIN authentication failed: Aug 27 07:36:31 mail.srvfarm.net postfix/smtpd[1410486]: lost connection after AUTH from unknown[188.227.193.148] Aug 27 07:37:06 mail.srvfarm.net postfix/smtps/smtpd[1409139]: warning: unknown[188.227.193.148]: SASL PLAIN authentication failed: Aug 27 07:37:06 mail.srvfarm.net postfix/smtps/smtpd[1409139]: lost connection after AUTH from unknown[188.227.193.148] Aug 27 07:41:42 mail.srvfarm.net postfix/smtps/smtpd[1408855]: warning: unknown[188.227.193.148]: SASL PLAIN authentication failed:	2020-08-28 09:27:12
222.186.42.137	attackbotsspam	Aug 28 03:43:50 MainVPS sshd[22602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137 user=root Aug 28 03:43:52 MainVPS sshd[22602]: Failed password for root from 222.186.42.137 port 10071 ssh2 Aug 28 03:43:59 MainVPS sshd[22873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137 user=root Aug 28 03:44:01 MainVPS sshd[22873]: Failed password for root from 222.186.42.137 port 44500 ssh2 Aug 28 03:44:09 MainVPS sshd[23153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137 user=root Aug 28 03:44:11 MainVPS sshd[23153]: Failed password for root from 222.186.42.137 port 26906 ssh2 ...	2020-08-28 09:46:35
45.227.98.209	attackspambots	Aug 27 04:18:17 mail.srvfarm.net postfix/smtpd[1314728]: warning: unknown[45.227.98.209]: SASL PLAIN authentication failed: Aug 27 04:18:18 mail.srvfarm.net postfix/smtpd[1314728]: lost connection after AUTH from unknown[45.227.98.209] Aug 27 04:24:17 mail.srvfarm.net postfix/smtps/smtpd[1330772]: warning: unknown[45.227.98.209]: SASL PLAIN authentication failed: Aug 27 04:24:18 mail.srvfarm.net postfix/smtps/smtpd[1330772]: lost connection after AUTH from unknown[45.227.98.209] Aug 27 04:26:04 mail.srvfarm.net postfix/smtpd[1332133]: warning: unknown[45.227.98.209]: SASL PLAIN authentication failed:	2020-08-28 09:37:44
58.217.157.36	attack	Port Scan ...	2020-08-28 10:00:24
87.204.166.78	attackspam	Aug 27 04:30:32 mail.srvfarm.net postfix/smtps/smtpd[1331222]: warning: host78.erydan.net[87.204.166.78]: SASL PLAIN authentication failed: Aug 27 04:30:32 mail.srvfarm.net postfix/smtps/smtpd[1331222]: lost connection after AUTH from host78.erydan.net[87.204.166.78] Aug 27 04:32:38 mail.srvfarm.net postfix/smtpd[1334721]: warning: host78.erydan.net[87.204.166.78]: SASL PLAIN authentication failed: Aug 27 04:32:38 mail.srvfarm.net postfix/smtpd[1334721]: lost connection after AUTH from host78.erydan.net[87.204.166.78] Aug 27 04:38:02 mail.srvfarm.net postfix/smtpd[1333802]: warning: host78.erydan.net[87.204.166.78]: SASL PLAIN authentication failed:	2020-08-28 09:34:35

最近上报的IP列表

14.104.20.221	98.6.220.199	79.135.133.247	105.40.191.57
129.45.11.104	12.244.250.187	124.131.252.198	104.33.71.242
221.30.82.207	110.208.66.148	241.100.89.105	31.118.151.18
179.123.148.154	219.92.136.41	88.14.18.243	49.83.36.245
91.245.30.147	241.72.106.76	150.141.241.152	49.235.150.196