54.38.195.213 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Poland

运营商(isp): OVH SAS

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	failed root login	2019-10-21 12:58:07
attack	Oct 18 04:30:21 h2034429 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.195.213 user=r.r Oct 18 04:30:23 h2034429 sshd[21216]: Failed password for r.r from 54.38.195.213 port 53664 ssh2 Oct 18 04:30:23 h2034429 sshd[21216]: Received disconnect from 54.38.195.213 port 53664:11: Bye Bye [preauth] Oct 18 04:30:23 h2034429 sshd[21216]: Disconnected from 54.38.195.213 port 53664 [preauth] Oct 18 04:51:45 h2034429 sshd[21566]: Invalid user 0 from 54.38.195.213 Oct 18 04:51:45 h2034429 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.195.213 Oct 18 04:51:47 h2034429 sshd[21566]: Failed password for invalid user 0 from 54.38.195.213 port 44420 ssh2 Oct 18 04:51:47 h2034429 sshd[21566]: Received disconnect from 54.38.195.213 port 44420:11: Bye Bye [preauth] Oct 18 04:51:47 h2034429 sshd[21566]: Disconnected from 54.38.195.213 port 44420 [preauth] Oct 18 04:55:25........ -------------------------------	2019-10-20 05:39:14
attackbots	$f2bV_matches	2019-10-18 15:28:28

类型

评论内容

时间

attack

failed root login

2019-10-21 12:58:07

attack

Oct 18 04:30:21 h2034429 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.195.213  user=r.r
Oct 18 04:30:23 h2034429 sshd[21216]: Failed password for r.r from 54.38.195.213 port 53664 ssh2
Oct 18 04:30:23 h2034429 sshd[21216]: Received disconnect from 54.38.195.213 port 53664:11: Bye Bye [preauth]
Oct 18 04:30:23 h2034429 sshd[21216]: Disconnected from 54.38.195.213 port 53664 [preauth]
Oct 18 04:51:45 h2034429 sshd[21566]: Invalid user 0 from 54.38.195.213
Oct 18 04:51:45 h2034429 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.195.213
Oct 18 04:51:47 h2034429 sshd[21566]: Failed password for invalid user 0 from 54.38.195.213 port 44420 ssh2
Oct 18 04:51:47 h2034429 sshd[21566]: Received disconnect from 54.38.195.213 port 44420:11: Bye Bye [preauth]
Oct 18 04:51:47 h2034429 sshd[21566]: Disconnected from 54.38.195.213 port 44420 [preauth]
Oct 18 04:55:25........
-------------------------------

2019-10-20 05:39:14

attackbots

$f2bV_matches

2019-10-18 15:28:28

相同子网IP讨论:

IP	类型	评论内容	时间
54.38.195.1	attackspam	SSH login attempts with user root at 2020-02-05.	2020-02-06 14:42:11
54.38.195.1	attackbots	SSH login attempts with user root at 2020-01-02.	2020-01-03 00:29:58
54.38.195.1	attackspambots	SSH login attempts with user root.	2019-11-30 04:54:46

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 54.38.195.213
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41403
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;54.38.195.213.			IN	A

;; AUTHORITY SECTION:
.			590	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101800 1800 900 604800 86400

;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Oct 18 15:28:25 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

213.195.38.54.in-addr.arpa domain name pointer ns3122837.ip-54-38-195.eu.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
213.195.38.54.in-addr.arpa	name = ns3122837.ip-54-38-195.eu.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
36.68.187.247	attackbots	Unauthorized connection attempt from IP address 36.68.187.247 on Port 445(SMB)	2019-11-23 01:29:26
80.211.137.52	attackbots	Nov 18 14:49:55 sanyalnet-cloud-vps4 sshd[22942]: Connection from 80.211.137.52 port 50568 on 64.137.160.124 port 23 Nov 18 14:49:57 sanyalnet-cloud-vps4 sshd[22942]: Address 80.211.137.52 maps to host52-137-211-80.serverdedicati.aruba.hostname, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Nov 18 14:49:57 sanyalnet-cloud-vps4 sshd[22942]: Invalid user szikla from 80.211.137.52 Nov 18 14:49:57 sanyalnet-cloud-vps4 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.137.52 Nov 18 14:49:59 sanyalnet-cloud-vps4 sshd[22942]: Failed password for invalid user szikla from 80.211.137.52 port 50568 ssh2 Nov 18 14:49:59 sanyalnet-cloud-vps4 sshd[22942]: Received disconnect from 80.211.137.52: 11: Bye Bye [preauth] Nov 18 14:53:43 sanyalnet-cloud-vps4 sshd[23048]: Connection from 80.211.137.52 port 59922 on 64.137.160.124 port 23 Nov 18 14:53:44 sanyalnet-cloud-vps4 sshd[23048]: Address 80.211.137.52........ -------------------------------	2019-11-23 01:40:24
189.89.238.170	attackbots	Unauthorized connection attempt from IP address 189.89.238.170 on Port 445(SMB)	2019-11-23 01:48:13
46.130.119.42	attack	Unauthorized connection attempt from IP address 46.130.119.42 on Port 445(SMB)	2019-11-23 02:02:52
139.199.84.234	attackbots	Nov 22 06:21:14 web9 sshd\[634\]: Invalid user 123 from 139.199.84.234 Nov 22 06:21:14 web9 sshd\[634\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.84.234 Nov 22 06:21:17 web9 sshd\[634\]: Failed password for invalid user 123 from 139.199.84.234 port 40238 ssh2 Nov 22 06:26:42 web9 sshd\[1839\]: Invalid user sreyas from 139.199.84.234 Nov 22 06:26:42 web9 sshd\[1839\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.84.234	2019-11-23 01:38:57
51.89.164.224	attackbots	Nov 22 11:48:59 ldap01vmsma01 sshd[21082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.164.224 Nov 22 11:49:01 ldap01vmsma01 sshd[21082]: Failed password for invalid user takuya from 51.89.164.224 port 52548 ssh2 ...	2019-11-23 02:06:45
222.186.175.220	attackspambots	F2B jail: sshd. Time: 2019-11-22 18:21:12, Reported by: VKReport	2019-11-23 01:24:22
119.28.29.169	attack	Nov 22 07:09:32 sachi sshd\[23713\]: Invalid user tanya from 119.28.29.169 Nov 22 07:09:32 sachi sshd\[23713\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.29.169 Nov 22 07:09:34 sachi sshd\[23713\]: Failed password for invalid user tanya from 119.28.29.169 port 46048 ssh2 Nov 22 07:13:46 sachi sshd\[24044\]: Invalid user 1234 from 119.28.29.169 Nov 22 07:13:46 sachi sshd\[24044\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.29.169	2019-11-23 01:23:25
201.131.203.14	attackspambots	Nov 22 12:48:06 mecmail postfix/smtpd[3011]: NOQUEUE: reject: RCPT from unknown[201.131.203.14]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=<[201.131.203.14]> Nov 22 12:48:07 mecmail postfix/smtpd[29785]: NOQUEUE: reject: RCPT from unknown[201.131.203.14]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=<[201.131.203.14]> Nov 22 12:48:07 mecmail postfix/smtpd[4072]: NOQUEUE: reject: RCPT from unknown[201.131.203.14]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=<[201.131.203.14]> Nov 22 12:48:41 mecmail postfix/smtpd[24782]: NOQUEUE: reject: RCPT from unknown[201.131.203.14]: 554 5.7.1 : Relay access denied; from= to= proto ...	2019-11-23 01:40:51
112.85.42.237	attackbots	SSH Brute Force, server-1 sshd[4980]: Failed password for root from 112.85.42.237 port 61004 ssh2	2019-11-23 01:50:41
123.207.171.211	attack	Nov 22 16:38:54 thevastnessof sshd[15343]: Failed password for invalid user prosjekt from 123.207.171.211 port 56058 ssh2 ...	2019-11-23 01:24:38
200.186.108.194	attackbots	Unauthorized connection attempt from IP address 200.186.108.194 on Port 445(SMB)	2019-11-23 01:59:11
180.94.91.232	attack	Unauthorized connection attempt from IP address 180.94.91.232 on Port 445(SMB)	2019-11-23 01:54:52
14.251.255.119	attackbotsspam	Unauthorized connection attempt from IP address 14.251.255.119 on Port 445(SMB)	2019-11-23 02:04:27
36.68.6.3	attackbots	Unauthorized connection attempt from IP address 36.68.6.3 on Port 445(SMB)	2019-11-23 01:31:04

最近上报的IP列表

20.211.111.139	157.87.199.202	161.187.16.146	248.140.76.203
192.122.225.72	247.96.155.185	54.159.141.69	233.227.90.184
189.243.81.107	165.22.64.162	112.133.237.36	103.198.83.133
162.241.155.125	213.184.218.200	199.227.84.129	172.250.228.215
183.253.21.89	4.66.3.138	227.74.46.187	43.104.252.18