138.201.2.53 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): Hetzner Online AG

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Invalid user yoneda from 138.201.2.53 port 57962	2020-10-14 01:17:36
attack	SSH login attempts.	2020-10-13 16:27:59
attackspam	2020-10-12T21:38:57.751645shield sshd\[5350\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-12T21:39:00.137380shield sshd\[5350\]: Failed password for root from 138.201.2.53 port 55694 ssh2 2020-10-12T21:43:54.589124shield sshd\[6195\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-12T21:43:56.068061shield sshd\[6195\]: Failed password for root from 138.201.2.53 port 57360 ssh2 2020-10-12T21:48:40.551136shield sshd\[7144\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root	2020-10-13 09:00:14
attack	2020-10-07T19:56:37.449534dmca.cloudsearch.cf sshd[3326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T19:56:39.160941dmca.cloudsearch.cf sshd[3326]: Failed password for root from 138.201.2.53 port 37510 ssh2 2020-10-07T19:59:53.481579dmca.cloudsearch.cf sshd[3343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T19:59:55.434143dmca.cloudsearch.cf sshd[3343]: Failed password for root from 138.201.2.53 port 44564 ssh2 2020-10-07T20:03:03.260950dmca.cloudsearch.cf sshd[3394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T20:03:05.297706dmca.cloudsearch.cf sshd[3394]: Failed password for root from 138.201.2.53 port 51626 ssh2 2020-10-07T20:06:01.951612dmca.cloudsearch.cf ssh ...	2020-10-08 05:17:00
attack	138.201.2.53 (DE/Germany/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Oct 7 09:34:08 server4 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.167.240.210 user=root Oct 7 09:34:34 server4 sshd[8475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.53.227.180 user=root Oct 7 09:34:36 server4 sshd[8475]: Failed password for root from 120.53.227.180 port 57810 ssh2 Oct 7 09:36:16 server4 sshd[9357]: Failed password for root from 51.254.114.105 port 52765 ssh2 Oct 7 09:31:55 server4 sshd[6694]: Failed password for root from 138.201.2.53 port 59436 ssh2 Oct 7 09:34:09 server4 sshd[8055]: Failed password for root from 180.167.240.210 port 51826 ssh2 IP Addresses Blocked: 180.167.240.210 (CN/China/-) 120.53.227.180 (CN/China/-) 51.254.114.105 (FR/France/-)	2020-10-07 21:40:50
attackspambots	Lines containing failures of 138.201.2.53 Oct 6 01:09:38 shared07 sshd[12937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.2.53 user=r.r Oct 6 01:09:40 shared07 sshd[12937]: Failed password for r.r from 138.201.2.53 port 37592 ssh2 Oct 6 01:09:40 shared07 sshd[12937]: Received disconnect from 138.201.2.53 port 37592:11: Bye Bye [preauth] Oct 6 01:09:40 shared07 sshd[12937]: Disconnected from authenticating user r.r 138.201.2.53 port 37592 [preauth] Oct 6 01:24:52 shared07 sshd[18990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.2.53 user=r.r Oct 6 01:24:54 shared07 sshd[18990]: Failed password for r.r from 138.201.2.53 port 49958 ssh2 Oct 6 01:24:54 shared07 sshd[18990]: Received disconnect from 138.201.2.53 port 49958:11: Bye Bye [preauth] Oct 6 01:24:54 shared07 sshd[18990]: Disconnected from authenticating user r.r 138.201.2.53 port 49958 [preauth] Oct 6 ........ ------------------------------	2020-10-07 13:27:20

相同子网IP讨论:

IP	类型	评论内容	时间
138.201.245.106	attackbotsspam	2020-10-08T04:27:49.006296hostname sshd[59806]: Failed password for root from 138.201.245.106 port 35910 ssh2 ...	2020-10-09 03:33:42
138.201.245.106	attack	Oct 7 20:13:13 pl3server sshd[9540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.245.106 user=r.r Oct 7 20:13:15 pl3server sshd[9540]: Failed password for r.r from 138.201.245.106 port 53814 ssh2 Oct 7 20:13:15 pl3server sshd[9540]: Received disconnect from 138.201.245.106 port 53814:11: Bye Bye [preauth] Oct 7 20:13:15 pl3server sshd[9540]: Disconnected from 138.201.245.106 port 53814 [preauth] Oct 7 20:29:03 pl3server sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.245.106 user=r.r Oct 7 20:29:05 pl3server sshd[15871]: Failed password for r.r from 138.201.245.106 port 50608 ssh2 Oct 7 20:29:06 pl3server sshd[15871]: Received disconnect from 138.201.245.106 port 50608:11: Bye Bye [preauth] Oct 7 20:29:06 pl3server sshd[15871]: Disconnected from 138.201.245.106 port 50608 [preauth] Oct 7 20:32:27 pl3server sshd[17292]: pam_unix(sshd:auth): authenti........ -------------------------------	2020-10-08 19:39:10
138.201.200.50	attackspam	15.09.2020 18:58:25 - Bad Robot Ignore Robots.txt	2020-09-17 00:12:59
138.201.200.50	attackbotsspam	15.09.2020 18:58:25 - Bad Robot Ignore Robots.txt	2020-09-16 16:29:55
138.201.223.200	attackspambots	Detected by ModSecurity. Request URI: /wp-login.php	2020-08-21 05:48:42
138.201.207.106	attackspambots	Automatic report - Port Scan Attack	2020-03-12 03:31:36
138.201.21.124	attackbotsspam	suspicious action Tue, 10 Mar 2020 15:10:37 -0300	2020-03-11 08:23:31
138.201.251.170	attackbots	3x Failed Password	2020-01-27 13:11:12
138.201.254.88	spambotsattackproxynormal	Log	2019-12-19 22:29:42
138.201.200.69	attackbotsspam	Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 54572 ssh2 (target: 158.69.100.151:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 54992 ssh2 (target: 158.69.100.144:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 39994 ssh2 (target: 158.69.100.140:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 48126 ssh2 (target: 158.69.100.153:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 47492 ssh2 (target: 158.69.100.138:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 38526 ssh2 (target: 158.69.100.134:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 51668 ssh2 (tar........ ------------------------------	2019-12-06 17:36:57
138.201.202.95	attackbots	11/23/2019-12:47:49.799524 138.201.202.95 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-24 02:18:50
138.201.202.95	attackbotsspam	138.201.202.95 was recorded 5 times by 2 hosts attempting to connect to the following ports: 2375,2376,2377. Incident counter (4h, 24h, all-time): 5, 5, 5	2019-11-23 06:58:47
138.201.203.73	attackbots	Sql/code injection probe	2019-11-16 03:08:59
138.201.225.196	attack	SSH Brute Force	2019-11-08 14:50:01
138.201.225.196	attackbotsspam	Nov 7 22:11:41 server sshd\[18615\]: Invalid user admin from 138.201.225.196 Nov 7 22:11:41 server sshd\[18615\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=het8.de.trueconf.net Nov 7 22:11:43 server sshd\[18615\]: Failed password for invalid user admin from 138.201.225.196 port 36361 ssh2 Nov 7 22:33:32 server sshd\[24179\]: Invalid user admin from 138.201.225.196 Nov 7 22:33:32 server sshd\[24179\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=het8.de.trueconf.net ...	2019-11-08 03:59:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.201.2.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15931
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.201.2.53.			IN	A

;; AUTHORITY SECTION:
.			580	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020100602 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 07 13:27:14 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

53.2.201.138.in-addr.arpa domain name pointer static.53.2.201.138.clients.your-server.de.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
53.2.201.138.in-addr.arpa	name = static.53.2.201.138.clients.your-server.de.

Authoritative answers can be found from:

IP	类型	评论内容	时间
47.244.107.103	attackspam	SIP/5060 Probe, BF, Hack -	2020-01-25 03:59:17
49.88.112.76	attack	Jan 25 02:20:58 webhost01 sshd[9243]: Failed password for root from 49.88.112.76 port 25163 ssh2 Jan 25 02:21:00 webhost01 sshd[9243]: Failed password for root from 49.88.112.76 port 25163 ssh2 ...	2020-01-25 03:39:23
94.191.108.176	attack	Unauthorized connection attempt detected from IP address 94.191.108.176 to port 2220 [J]	2020-01-25 03:39:37
129.211.2.241	attackspam	Jan 24 17:38:47 * sshd[27891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.2.241 Jan 24 17:38:49 * sshd[27891]: Failed password for invalid user sqlite from 129.211.2.241 port 38714 ssh2	2020-01-25 03:42:57
188.125.107.172	attackspam	Unauthorized connection attempt from IP address 188.125.107.172 on Port 445(SMB)	2020-01-25 03:31:24
178.128.216.102	attackbots	Jan 22 22:12:47 hgb10502 sshd[4926]: Invalid user femi from 178.128.216.102 port 8827 Jan 22 22:12:50 hgb10502 sshd[4926]: Failed password for invalid user femi from 178.128.216.102 port 8827 ssh2 Jan 22 22:12:50 hgb10502 sshd[4926]: Received disconnect from 178.128.216.102 port 8827:11: Bye Bye [preauth] Jan 22 22:12:50 hgb10502 sshd[4926]: Disconnected from 178.128.216.102 port 8827 [preauth] Jan 22 22:16:24 hgb10502 sshd[5297]: User r.r from 178.128.216.102 not allowed because not listed in AllowUsers Jan 22 22:16:24 hgb10502 sshd[5297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.216.102 user=r.r Jan 22 22:16:26 hgb10502 sshd[5297]: Failed password for invalid user r.r from 178.128.216.102 port 34031 ssh2 Jan 22 22:16:26 hgb10502 sshd[5297]: Received disconnect from 178.128.216.102 port 34031:11: Bye Bye [preauth] Jan 22 22:16:26 hgb10502 sshd[5297]: Disconnected from 178.128.216.102 port 34031 [preauth] Jan 22 22........ -------------------------------	2020-01-25 03:42:02
82.149.162.78	attack	ssh failed login	2020-01-25 03:33:22
185.125.230.103	attackbotsspam	Jan 22 20:24:32 vbuntu sshd[16494]: refused connect from 185.125.230.103 (185.125.230.103) Jan 22 20:24:37 vbuntu sshd[16500]: refused connect from 185.125.230.103 (185.125.230.103) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=185.125.230.103	2020-01-25 03:37:22
188.127.227.56	attackbotsspam	Unauthorized connection attempt detected from IP address 188.127.227.56 to port 2220 [J]	2020-01-25 03:51:57
103.220.206.173	attackbots	Unauthorized connection attempt detected from IP address 103.220.206.173 to port 445	2020-01-25 03:23:15
185.209.0.18	attackbotsspam	Automatic report - Port Scan	2020-01-25 03:29:27
89.248.174.146	attack	Port Scanning MultiHosts/TCP 81 & 5555	2020-01-25 03:22:37
182.75.176.107	attack	firewall-block, port(s): 445/tcp	2020-01-25 03:46:28
31.172.139.173	attackbots	Unauthorized connection attempt from IP address 31.172.139.173 on Port 445(SMB)	2020-01-25 03:51:23
206.189.124.87	attackbots	Invalid user administrador from 206.189.124.87 port 56138	2020-01-25 03:26:53

最近上报的IP列表

232.192.149.214	7.117.147.69	69.60.68.98	95.110.103.225
26.250.52.219	89.101.139.130	118.54.210.50	218.20.14.183
61.77.161.99	2a01:4f8:c2c:97c1::1	74.220.219.186	34.65.118.201
206.248.17.106	103.223.8.111	35.222.30.137	138.197.189.231
104.248.246.8	200.146.196.100	49.234.96.173	45.114.51.40