必须是合法有效的IP地址, 可以是IPv4或者是IPv6, 例如127.0.0.1或者2001:DB8:0:0:8:800:200C:417A
基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:
类型 评论内容 时间
attack
Sep 29 15:16:06 host sshd[18668]: Invalid user wwwdata1 from 138.197.94.57 port 35364
...
2020-09-30 00:26:34
attackspam
Sep  9 21:25:11 localhost sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:25:13 localhost sshd[32658]: Failed password for root from 138.197.94.57 port 50262 ssh2
Sep  9 21:28:38 localhost sshd[33038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:28:41 localhost sshd[33038]: Failed password for root from 138.197.94.57 port 54820 ssh2
Sep  9 21:32:08 localhost sshd[33387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:32:10 localhost sshd[33387]: Failed password for root from 138.197.94.57 port 59378 ssh2
...
2020-09-10 20:45:21
attack
Sep  9 21:25:11 localhost sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:25:13 localhost sshd[32658]: Failed password for root from 138.197.94.57 port 50262 ssh2
Sep  9 21:28:38 localhost sshd[33038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:28:41 localhost sshd[33038]: Failed password for root from 138.197.94.57 port 54820 ssh2
Sep  9 21:32:08 localhost sshd[33387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 21:32:10 localhost sshd[33387]: Failed password for root from 138.197.94.57 port 59378 ssh2
...
2020-09-10 12:31:40
attack
Sep  9 18:55:40 localhost sshd[14104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 18:55:42 localhost sshd[14104]: Failed password for root from 138.197.94.57 port 42568 ssh2
Sep  9 18:58:54 localhost sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 18:58:56 localhost sshd[14454]: Failed password for root from 138.197.94.57 port 47128 ssh2
Sep  9 19:02:13 localhost sshd[14888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57  user=root
Sep  9 19:02:16 localhost sshd[14888]: Failed password for root from 138.197.94.57 port 51686 ssh2
...
2020-09-10 03:20:03
attack
Aug 28 14:06:56 home sshd[2034502]: Failed password for invalid user wzy from 138.197.94.57 port 36146 ssh2
Aug 28 14:09:53 home sshd[2035597]: Invalid user commun from 138.197.94.57 port 33356
Aug 28 14:09:53 home sshd[2035597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57 
Aug 28 14:09:53 home sshd[2035597]: Invalid user commun from 138.197.94.57 port 33356
Aug 28 14:09:55 home sshd[2035597]: Failed password for invalid user commun from 138.197.94.57 port 33356 ssh2
...
2020-08-28 20:23:11
attack
Invalid user test from 138.197.94.57 port 41024
2020-08-23 01:36:18
attackspambots
Aug 14 07:47:33 vpn01 sshd[11366]: Failed password for root from 138.197.94.57 port 42778 ssh2
...
2020-08-14 14:41:30
attackspambots
Aug 11 19:21:20 vps46666688 sshd[7244]: Failed password for root from 138.197.94.57 port 53692 ssh2
...
2020-08-12 06:24:34
attack
Jul 30 17:19:11 xxxxxxx8 sshd[2472]: Invalid user dove from 138.197.94.57 port 45240
Jul 30 17:19:11 xxxxxxx8 sshd[2472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57
Jul 30 17:19:13 xxxxxxx8 sshd[2472]: Failed password for invalid user dove from 138.197.94.57 port 45240 ssh2
Jul 30 17:24:43 xxxxxxx8 sshd[2788]: Invalid user syy from 138.197.94.57 port 49148
Jul 30 17:24:43 xxxxxxx8 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57
Jul 30 17:24:45 xxxxxxx8 sshd[2788]: Failed password for invalid user syy from 138.197.94.57 port 49148 ssh2
Jul 30 17:28:40 xxxxxxx8 sshd[3079]: Invalid user zhaoshaojing from 138.197.94.57 port 33452
Jul 30 17:28:40 xxxxxxx8 sshd[3079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.57
Jul 30 17:28:42 xxxxxxx8 sshd[3079]: Failed password for invalid user zhaoshaojing from........
------------------------------
2020-08-04 21:04:36
attackbots
2020-07-31T15:13:17.812020+02:00  sshd[8857]: Failed password for root from 138.197.94.57 port 37694 ssh2
2020-07-31 21:23:35
attackspam
This client attempted to login to an administrator account on a Website, or abused from another resource.
2020-07-26 17:00:45
相同子网IP讨论:
IP 类型 评论内容 时间
138.197.94.209 attackspambots
C2,WP GET /home/wp-includes/wlwmanifest.xml
2020-07-13 16:36:41
138.197.94.209 attackspambots
miraniessen.de 138.197.94.209 [25/Jun/2020:01:07:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4860 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
MIRANIESSEN.DE 138.197.94.209 [25/Jun/2020:01:07:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4860 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
2020-06-25 07:55:52
138.197.94.209 attackbots
ENG,WP GET /v2/wp-includes/wlwmanifest.xml
2020-06-02 00:33:08
138.197.94.75 attack
138.197.94.75 has been banned for [WebApp Attack]
...
2020-03-25 22:50:21
138.197.94.75 attackbotsspam
138.197.94.75 has been banned for [WebApp Attack]
...
2020-03-21 05:24:39
138.197.94.164 attack
Mar  4 02:29:33 auw2 sshd\[18620\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164  user=root
Mar  4 02:29:35 auw2 sshd\[18620\]: Failed password for root from 138.197.94.164 port 38928 ssh2
Mar  4 02:29:36 auw2 sshd\[18625\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164  user=root
Mar  4 02:29:38 auw2 sshd\[18625\]: Failed password for root from 138.197.94.164 port 39024 ssh2
Mar  4 02:29:39 auw2 sshd\[18627\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.94.164  user=root
2020-03-04 20:35:50
138.197.94.164 attackbots
2020-02-18T14:18:57.129984hz01.yumiweb.com sshd\[13553\]: Invalid user ark from 138.197.94.164 port 34344
2020-02-18T14:22:00.411288hz01.yumiweb.com sshd\[13570\]: Invalid user arkserver from 138.197.94.164 port 36266
2020-02-18T14:25:17.443563hz01.yumiweb.com sshd\[13583\]: Invalid user ark from 138.197.94.164 port 38188
...
2020-02-18 23:36:10
138.197.94.75 attackbotsspam
Automatic report - XMLRPC Attack
2019-12-28 14:49:37
138.197.94.75 attackspam
138.197.94.75 - - [19/Dec/2019:22:35:31 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.94.75 - - [19/Dec/2019:22:35:32 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2019-12-20 06:58:58
138.197.94.75 attackbotsspam
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:18 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:21 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:23 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:26 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:28 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 138.197.94.75 - - [19/Dec/2019:20:56:31 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubun
2019-12-20 04:53:21
138.197.94.75 attackbotsspam
Automatic report - XMLRPC Attack
2019-12-18 18:54:55
138.197.94.75 attackspam
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
2019-12-12 10:27:38
138.197.94.75 attack
windhundgang.de 138.197.94.75 [17/Nov/2019:07:28:22 +0100] "POST /wp-login.php HTTP/1.1" 200 8382 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
windhundgang.de 138.197.94.75 [17/Nov/2019:07:28:22 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2019-11-17 16:00:33
138.197.94.209 attack
Automatic report - XMLRPC Attack
2019-10-29 23:54:23
138.197.94.75 attackbots
138.197.94.75 - - \[29/Oct/2019:03:58:09 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
138.197.94.75 - - \[29/Oct/2019:03:58:09 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
...
2019-10-29 12:37:05
WHOIS信息:
b
DIG信息:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.94.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21934
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.94.57.			IN	A

;; AUTHORITY SECTION:
.			171	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072600 1800 900 604800 86400

;; Query time: 36 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 26 17:00:40 CST 2020
;; MSG SIZE  rcvd: 117
HOST信息:
Host 57.94.197.138.in-addr.arpa. not found: 3(NXDOMAIN)
NSLOOKUP信息:
Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.94.197.138.in-addr.arpa: NXDOMAIN
相关IP信息:
最新评论:
IP 类型 评论内容 时间
185.234.218.238 attackspam
Jun 28 19:25:54 mail postfix/smtpd\[22691\]: warning: unknown\[185.234.218.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\
Jun 28 20:02:36 mail postfix/smtpd\[23817\]: warning: unknown\[185.234.218.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\
Jun 28 20:11:42 mail postfix/smtpd\[24109\]: warning: unknown\[185.234.218.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\
Jun 28 20:20:45 mail postfix/smtpd\[24288\]: warning: unknown\[185.234.218.238\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\
2019-06-29 02:38:20
68.251.142.26 attack
Jun 28 03:33:22 Ubuntu-1404-trusty-64-minimal sshd\[22905\]: Invalid user usuario from 68.251.142.26
Jun 28 03:33:22 Ubuntu-1404-trusty-64-minimal sshd\[22905\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.251.142.26
Jun 28 03:33:24 Ubuntu-1404-trusty-64-minimal sshd\[22905\]: Failed password for invalid user usuario from 68.251.142.26 port 30847 ssh2
Jun 28 20:23:46 Ubuntu-1404-trusty-64-minimal sshd\[12707\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.251.142.26  user=root
Jun 28 20:23:49 Ubuntu-1404-trusty-64-minimal sshd\[12707\]: Failed password for root from 68.251.142.26 port 31766 ssh2
2019-06-29 02:57:34
213.57.26.237 attack
Jun 28 20:06:57 ncomp sshd[10188]: Invalid user support from 213.57.26.237
Jun 28 20:06:57 ncomp sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.57.26.237
Jun 28 20:06:57 ncomp sshd[10188]: Invalid user support from 213.57.26.237
Jun 28 20:06:59 ncomp sshd[10188]: Failed password for invalid user support from 213.57.26.237 port 57230 ssh2
2019-06-29 03:14:12
132.232.40.67 attack
3306/tcp
[2019-06-28]1pkt
2019-06-29 02:34:42
125.41.139.111 attackspambots
Telnet Server BruteForce Attack
2019-06-29 02:58:59
177.66.73.17 attack
Brute force attempt
2019-06-29 03:09:56
131.100.76.71 attack
SMTP-sasl brute force
...
2019-06-29 02:39:29
94.177.224.127 attackspambots
Jun 28 19:31:28 localhost sshd\[21775\]: Invalid user dinesh from 94.177.224.127 port 41600
Jun 28 19:31:28 localhost sshd\[21775\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.224.127
Jun 28 19:31:29 localhost sshd\[21775\]: Failed password for invalid user dinesh from 94.177.224.127 port 41600 ssh2
2019-06-29 02:46:29
41.236.144.242 attackbotsspam
23/tcp
[2019-06-28]1pkt
2019-06-29 02:41:07
83.0.128.73 attackbots
8080/tcp
[2019-06-28]1pkt
2019-06-29 03:03:23
93.81.34.96 attack
23/tcp
[2019-06-28]1pkt
2019-06-29 02:47:57
189.235.190.38 attack
37215/tcp
[2019-06-28]1pkt
2019-06-29 03:07:54
42.112.143.121 attackbotsspam
445/tcp
[2019-06-28]1pkt
2019-06-29 02:38:49
186.216.153.229 attack
failed_logins
2019-06-29 02:40:36
117.199.155.72 attackbots
23/tcp
[2019-06-28]1pkt
2019-06-29 02:45:03

最近上报的IP列表

14.104.20.221 98.6.220.199 79.135.133.247 105.40.191.57
129.45.11.104 12.244.250.187 124.131.252.198 104.33.71.242
221.30.82.207 110.208.66.148 241.100.89.105 31.118.151.18
179.123.148.154 219.92.136.41 88.14.18.243 49.83.36.245
91.245.30.147 241.72.106.76 150.141.241.152 49.235.150.196