138.201.2.53 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): Hetzner Online AG

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Invalid user yoneda from 138.201.2.53 port 57962	2020-10-14 01:17:36
attack	SSH login attempts.	2020-10-13 16:27:59
attackspam	2020-10-12T21:38:57.751645shield sshd\[5350\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-12T21:39:00.137380shield sshd\[5350\]: Failed password for root from 138.201.2.53 port 55694 ssh2 2020-10-12T21:43:54.589124shield sshd\[6195\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-12T21:43:56.068061shield sshd\[6195\]: Failed password for root from 138.201.2.53 port 57360 ssh2 2020-10-12T21:48:40.551136shield sshd\[7144\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root	2020-10-13 09:00:14
attack	2020-10-07T19:56:37.449534dmca.cloudsearch.cf sshd[3326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T19:56:39.160941dmca.cloudsearch.cf sshd[3326]: Failed password for root from 138.201.2.53 port 37510 ssh2 2020-10-07T19:59:53.481579dmca.cloudsearch.cf sshd[3343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T19:59:55.434143dmca.cloudsearch.cf sshd[3343]: Failed password for root from 138.201.2.53 port 44564 ssh2 2020-10-07T20:03:03.260950dmca.cloudsearch.cf sshd[3394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.53.2.201.138.clients.your-server.de user=root 2020-10-07T20:03:05.297706dmca.cloudsearch.cf sshd[3394]: Failed password for root from 138.201.2.53 port 51626 ssh2 2020-10-07T20:06:01.951612dmca.cloudsearch.cf ssh ...	2020-10-08 05:17:00
attack	138.201.2.53 (DE/Germany/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Oct 7 09:34:08 server4 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.167.240.210 user=root Oct 7 09:34:34 server4 sshd[8475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.53.227.180 user=root Oct 7 09:34:36 server4 sshd[8475]: Failed password for root from 120.53.227.180 port 57810 ssh2 Oct 7 09:36:16 server4 sshd[9357]: Failed password for root from 51.254.114.105 port 52765 ssh2 Oct 7 09:31:55 server4 sshd[6694]: Failed password for root from 138.201.2.53 port 59436 ssh2 Oct 7 09:34:09 server4 sshd[8055]: Failed password for root from 180.167.240.210 port 51826 ssh2 IP Addresses Blocked: 180.167.240.210 (CN/China/-) 120.53.227.180 (CN/China/-) 51.254.114.105 (FR/France/-)	2020-10-07 21:40:50
attackspambots	Lines containing failures of 138.201.2.53 Oct 6 01:09:38 shared07 sshd[12937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.2.53 user=r.r Oct 6 01:09:40 shared07 sshd[12937]: Failed password for r.r from 138.201.2.53 port 37592 ssh2 Oct 6 01:09:40 shared07 sshd[12937]: Received disconnect from 138.201.2.53 port 37592:11: Bye Bye [preauth] Oct 6 01:09:40 shared07 sshd[12937]: Disconnected from authenticating user r.r 138.201.2.53 port 37592 [preauth] Oct 6 01:24:52 shared07 sshd[18990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.2.53 user=r.r Oct 6 01:24:54 shared07 sshd[18990]: Failed password for r.r from 138.201.2.53 port 49958 ssh2 Oct 6 01:24:54 shared07 sshd[18990]: Received disconnect from 138.201.2.53 port 49958:11: Bye Bye [preauth] Oct 6 01:24:54 shared07 sshd[18990]: Disconnected from authenticating user r.r 138.201.2.53 port 49958 [preauth] Oct 6 ........ ------------------------------	2020-10-07 13:27:20

相同子网IP讨论:

IP	类型	评论内容	时间
138.201.245.106	attackbotsspam	2020-10-08T04:27:49.006296hostname sshd[59806]: Failed password for root from 138.201.245.106 port 35910 ssh2 ...	2020-10-09 03:33:42
138.201.245.106	attack	Oct 7 20:13:13 pl3server sshd[9540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.245.106 user=r.r Oct 7 20:13:15 pl3server sshd[9540]: Failed password for r.r from 138.201.245.106 port 53814 ssh2 Oct 7 20:13:15 pl3server sshd[9540]: Received disconnect from 138.201.245.106 port 53814:11: Bye Bye [preauth] Oct 7 20:13:15 pl3server sshd[9540]: Disconnected from 138.201.245.106 port 53814 [preauth] Oct 7 20:29:03 pl3server sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.201.245.106 user=r.r Oct 7 20:29:05 pl3server sshd[15871]: Failed password for r.r from 138.201.245.106 port 50608 ssh2 Oct 7 20:29:06 pl3server sshd[15871]: Received disconnect from 138.201.245.106 port 50608:11: Bye Bye [preauth] Oct 7 20:29:06 pl3server sshd[15871]: Disconnected from 138.201.245.106 port 50608 [preauth] Oct 7 20:32:27 pl3server sshd[17292]: pam_unix(sshd:auth): authenti........ -------------------------------	2020-10-08 19:39:10
138.201.200.50	attackspam	15.09.2020 18:58:25 - Bad Robot Ignore Robots.txt	2020-09-17 00:12:59
138.201.200.50	attackbotsspam	15.09.2020 18:58:25 - Bad Robot Ignore Robots.txt	2020-09-16 16:29:55
138.201.223.200	attackspambots	Detected by ModSecurity. Request URI: /wp-login.php	2020-08-21 05:48:42
138.201.207.106	attackspambots	Automatic report - Port Scan Attack	2020-03-12 03:31:36
138.201.21.124	attackbotsspam	suspicious action Tue, 10 Mar 2020 15:10:37 -0300	2020-03-11 08:23:31
138.201.251.170	attackbots	3x Failed Password	2020-01-27 13:11:12
138.201.254.88	spambotsattackproxynormal	Log	2019-12-19 22:29:42
138.201.200.69	attackbotsspam	Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 54572 ssh2 (target: 158.69.100.151:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 54992 ssh2 (target: 158.69.100.144:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 39994 ssh2 (target: 158.69.100.140:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 48126 ssh2 (target: 158.69.100.153:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 47492 ssh2 (target: 158.69.100.138:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 38526 ssh2 (target: 158.69.100.134:22, password: a) Dec 5 00:17:37 wildwolf ssh-honeypotd[26164]: Failed password for a from 138.201.200.69 port 51668 ssh2 (tar........ ------------------------------	2019-12-06 17:36:57
138.201.202.95	attackbots	11/23/2019-12:47:49.799524 138.201.202.95 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-24 02:18:50
138.201.202.95	attackbotsspam	138.201.202.95 was recorded 5 times by 2 hosts attempting to connect to the following ports: 2375,2376,2377. Incident counter (4h, 24h, all-time): 5, 5, 5	2019-11-23 06:58:47
138.201.203.73	attackbots	Sql/code injection probe	2019-11-16 03:08:59
138.201.225.196	attack	SSH Brute Force	2019-11-08 14:50:01
138.201.225.196	attackbotsspam	Nov 7 22:11:41 server sshd\[18615\]: Invalid user admin from 138.201.225.196 Nov 7 22:11:41 server sshd\[18615\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=het8.de.trueconf.net Nov 7 22:11:43 server sshd\[18615\]: Failed password for invalid user admin from 138.201.225.196 port 36361 ssh2 Nov 7 22:33:32 server sshd\[24179\]: Invalid user admin from 138.201.225.196 Nov 7 22:33:32 server sshd\[24179\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=het8.de.trueconf.net ...	2019-11-08 03:59:37

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.201.2.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15931
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.201.2.53.			IN	A

;; AUTHORITY SECTION:
.			580	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020100602 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 07 13:27:14 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

53.2.201.138.in-addr.arpa domain name pointer static.53.2.201.138.clients.your-server.de.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
53.2.201.138.in-addr.arpa	name = static.53.2.201.138.clients.your-server.de.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
178.234.175.182	attackspam	1585831094 - 04/02/2020 14:38:14 Host: 178.234.175.182/178.234.175.182 Port: 445 TCP Blocked	2020-04-03 05:47:44
167.114.156.183	attackspam	Apr 2 22:52:52 combo sshd[15619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.156.183 user=bin Apr 2 22:52:54 combo sshd[15619]: Failed password for bin from 167.114.156.183 port 41235 ssh2 Apr 2 22:52:54 combo sshd[15629]: Invalid user localhost from 167.114.156.183 port 44756 ...	2020-04-03 06:15:10
111.231.33.135	attackbots	Apr 2 23:48:04 eventyay sshd[15044]: Failed password for root from 111.231.33.135 port 45618 ssh2 Apr 2 23:50:34 eventyay sshd[15138]: Failed password for root from 111.231.33.135 port 48950 ssh2 ...	2020-04-03 06:10:35
111.161.74.100	attackbots	2020-04-02T21:45:13.331712shield sshd\[25357\]: Invalid user j from 111.161.74.100 port 48249 2020-04-02T21:45:13.336163shield sshd\[25357\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.161.74.100 2020-04-02T21:45:15.453837shield sshd\[25357\]: Failed password for invalid user j from 111.161.74.100 port 48249 ssh2 2020-04-02T21:47:54.794371shield sshd\[26129\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.161.74.100 user=root 2020-04-02T21:47:56.682028shield sshd\[26129\]: Failed password for root from 111.161.74.100 port 41234 ssh2	2020-04-03 05:53:43
167.71.72.70	attack	Apr 3 03:14:17 gw1 sshd[9617]: Failed password for root from 167.71.72.70 port 35564 ssh2 ...	2020-04-03 06:22:46
134.209.115.206	attack	Apr 2 23:49:49 eventyay sshd[15103]: Failed password for root from 134.209.115.206 port 57396 ssh2 Apr 2 23:53:12 eventyay sshd[15266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.115.206 Apr 2 23:53:15 eventyay sshd[15266]: Failed password for invalid user xiaoyun from 134.209.115.206 port 41028 ssh2 ...	2020-04-03 06:01:06
80.211.177.243	attack	2020-04-02 23:53:11,738 fail2ban.actions: WARNING [ssh] Ban 80.211.177.243	2020-04-03 06:04:11
115.202.70.161	attack	2020-04-02T21:53:11.005152 X postfix/smtpd[854752]: lost connection after AUTH from unknown[115.202.70.161] 2020-04-02T21:53:11.910059 X postfix/smtpd[854693]: lost connection after AUTH from unknown[115.202.70.161] 2020-04-02T21:53:12.823388 X postfix/smtpd[854752]: lost connection after AUTH from unknown[115.202.70.161]	2020-04-03 06:02:43
177.44.168.146	attack	Invalid user cpx from 177.44.168.146 port 48793	2020-04-03 06:18:34
101.187.34.10	attack	Automatic report - Port Scan Attack	2020-04-03 06:07:19
209.105.243.145	attackspambots	SASL PLAIN auth failed: ruser=...	2020-04-03 06:16:20
118.122.148.193	attackspam	Apr 3 03:06:02 gw1 sshd[9176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.122.148.193 Apr 3 03:06:04 gw1 sshd[9176]: Failed password for invalid user shuangbo from 118.122.148.193 port 38931 ssh2 ...	2020-04-03 06:06:20
106.12.139.137	attack	Invalid user liangbin from 106.12.139.137 port 33872	2020-04-03 06:25:00
72.192.84.230	attackbots	SSH brute-force attempt	2020-04-03 06:11:48
203.127.84.42	attack	Apr 2 23:42:05 icinga sshd[21715]: Failed password for root from 203.127.84.42 port 59521 ssh2 Apr 2 23:48:37 icinga sshd[33710]: Failed password for root from 203.127.84.42 port 3042 ssh2 ...	2020-04-03 06:12:06

最近上报的IP列表

232.192.149.214	7.117.147.69	69.60.68.98	95.110.103.225
26.250.52.219	89.101.139.130	118.54.210.50	218.20.14.183
61.77.161.99	2a01:4f8:c2c:97c1::1	74.220.219.186	34.65.118.201
206.248.17.106	103.223.8.111	35.222.30.137	138.197.189.231
104.248.246.8	200.146.196.100	49.234.96.173	45.114.51.40