138.197.131.57

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.197.131.66	attackbotsspam	138.197.131.66 - - [10/Sep/2020:16:34:59 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-11 01:12:33
138.197.131.66	attack	138.197.131.66 - - [10/Sep/2020:09:37:17 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:09:40:59 +0200] "POST /xmlrpc.php HTTP/1.1" 403 13510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 16:32:12
138.197.131.66	attack	Automatic report - XMLRPC Attack	2020-09-10 07:09:41
138.197.131.66	attackspambots	Automatic report - XMLRPC Attack	2020-09-08 06:26:08
138.197.131.66	attack	138.197.131.66 - - [14/Aug/2020:00:07:04 +0100] "POST /wp-login.php HTTP/1.1" 200 1791 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [14/Aug/2020:00:07:06 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [14/Aug/2020:00:07:06 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-14 07:37:23
138.197.131.66	attackbots	138.197.131.66 - - [09/Aug/2020:21:12:12 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [09/Aug/2020:21:12:15 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [09/Aug/2020:21:12:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-10 03:22:46
138.197.131.66	attack	138.197.131.66 - - [08/Aug/2020:08:35:58 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [08/Aug/2020:08:36:01 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [08/Aug/2020:08:36:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-08 18:30:52
138.197.131.66	attackbotsspam	138.197.131.66 - - [25/Jul/2020:21:36:15 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [25/Jul/2020:21:36:16 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [25/Jul/2020:21:36:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-26 04:41:52
138.197.131.66	attackbotsspam	138.197.131.66 - - [20/Jul/2020:05:35:20 +0200] "POST /xmlrpc.php HTTP/1.1" 403 611 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [20/Jul/2020:05:55:39 +0200] "POST /xmlrpc.php HTTP/1.1" 403 31 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-20 13:48:54
138.197.131.66	attackbots	138.197.131.66 - - [23/Jun/2020:09:22:27 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [23/Jun/2020:09:22:30 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [23/Jun/2020:09:22:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-23 17:00:22
138.197.131.66	attackspam	138.197.131.66 - - [14/Jun/2020:23:27:11 +0200] "GET /wp-login.php HTTP/1.1" 200 6433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [14/Jun/2020:23:27:12 +0200] "POST /wp-login.php HTTP/1.1" 200 6684 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [14/Jun/2020:23:27:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-15 06:49:18
138.197.131.66	attackspam	Attempt to log in with non-existing username: admin	2020-06-03 06:38:44
138.197.131.66	attackbots	138.197.131.66 - - [26/May/2020:01:26:37 +0200] "GET /wp-login.php HTTP/1.1" 200 6614 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [26/May/2020:01:26:38 +0200] "POST /wp-login.php HTTP/1.1" 200 6865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [26/May/2020:01:26:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-26 09:50:29
138.197.131.66	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-23 20:27:15
138.197.131.249	attackbots	May 20 19:02:19 server sshd[8421]: Failed password for invalid user ypi from 138.197.131.249 port 47900 ssh2 May 20 19:06:11 server sshd[12207]: Failed password for invalid user nqv from 138.197.131.249 port 56856 ssh2 May 20 19:10:06 server sshd[15845]: Failed password for invalid user nke from 138.197.131.249 port 37584 ssh2	2020-05-21 03:25:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.131.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47233
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.197.131.57.			IN	A

;; AUTHORITY SECTION:
.			195	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021702 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 11:53:37 CST 2022
;; MSG SIZE  rcvd: 107

Host info

Host 57.131.197.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 57.131.197.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.88.112.55	attack	Aug 6 06:27:08 vtv3 sshd\[27323\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.55 user=root Aug 6 06:27:10 vtv3 sshd\[27323\]: Failed password for root from 49.88.112.55 port 23024 ssh2 Aug 6 06:27:13 vtv3 sshd\[27323\]: Failed password for root from 49.88.112.55 port 23024 ssh2 Aug 6 06:27:16 vtv3 sshd\[27323\]: Failed password for root from 49.88.112.55 port 23024 ssh2 Aug 6 06:27:18 vtv3 sshd\[27323\]: Failed password for root from 49.88.112.55 port 23024 ssh2 Aug 9 12:44:43 vtv3 sshd\[21585\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.55 user=root Aug 9 12:44:45 vtv3 sshd\[21585\]: Failed password for root from 49.88.112.55 port 59833 ssh2 Aug 9 12:44:48 vtv3 sshd\[21585\]: Failed password for root from 49.88.112.55 port 59833 ssh2 Aug 9 12:44:51 vtv3 sshd\[21585\]: Failed password for root from 49.88.112.55 port 59833 ssh2 Aug 9 12:44:54 vtv3 sshd\[21585\]: Failed password for r	2019-08-15 15:36:32
220.79.10.102	attack	Aug 15 03:34:11 lnxweb61 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.79.10.102	2019-08-15 15:51:55
113.200.25.24	attackspambots	$f2bV_matches	2019-08-15 15:21:48
192.241.141.124	attackspambots	WordPress login Brute force / Web App Attack on client site.	2019-08-15 15:04:53
118.24.37.81	attackbots	Aug 15 00:53:07 master sshd[27301]: Failed password for invalid user sims from 118.24.37.81 port 34814 ssh2 Aug 15 01:14:13 master sshd[27618]: Failed password for invalid user avid from 118.24.37.81 port 46756 ssh2 Aug 15 01:19:38 master sshd[27636]: Failed password for invalid user a1 from 118.24.37.81 port 37560 ssh2 Aug 15 01:24:47 master sshd[27642]: Failed password for invalid user sales from 118.24.37.81 port 56576 ssh2 Aug 15 01:30:10 master sshd[27948]: Failed password for root from 118.24.37.81 port 47378 ssh2 Aug 15 01:35:29 master sshd[27954]: Failed password for invalid user admin from 118.24.37.81 port 38172 ssh2 Aug 15 01:40:40 master sshd[27958]: Failed password for invalid user hdfs from 118.24.37.81 port 57192 ssh2 Aug 15 01:45:51 master sshd[27971]: Failed password for invalid user postgresql from 118.24.37.81 port 47976 ssh2 Aug 15 01:51:08 master sshd[27975]: Failed password for invalid user testing from 118.24.37.81 port 38768 ssh2 Aug 15 01:56:22 master sshd[27983]: Failed password for	2019-08-15 15:14:25
68.183.183.18	attackbotsspam	$f2bV_matches	2019-08-15 15:57:45
157.157.77.168	attack	Aug 15 08:09:15 mail1 sshd\[19836\]: Invalid user aaa from 157.157.77.168 port 59553 Aug 15 08:09:15 mail1 sshd\[19836\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.157.77.168 Aug 15 08:09:17 mail1 sshd\[19836\]: Failed password for invalid user aaa from 157.157.77.168 port 59553 ssh2 Aug 15 08:14:00 mail1 sshd\[21992\]: Invalid user maie from 157.157.77.168 port 57065 Aug 15 08:14:00 mail1 sshd\[21992\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.157.77.168 ...	2019-08-15 15:21:13
191.53.223.9	attack	Brute force attempt	2019-08-15 15:29:11
182.149.128.226	attack	Brute force attempt	2019-08-15 15:08:11
91.219.88.130	attack	[portscan] Port scan	2019-08-15 15:08:58
187.109.59.36	attackspam	Brute force attempt	2019-08-15 15:34:36
165.227.153.151	attackspambots	Aug 15 07:53:50 pkdns2 sshd\[43652\]: Invalid user wwwdata from 165.227.153.151Aug 15 07:53:52 pkdns2 sshd\[43652\]: Failed password for invalid user wwwdata from 165.227.153.151 port 49804 ssh2Aug 15 07:58:15 pkdns2 sshd\[43846\]: Invalid user text from 165.227.153.151Aug 15 07:58:16 pkdns2 sshd\[43846\]: Failed password for invalid user text from 165.227.153.151 port 41842 ssh2Aug 15 08:02:45 pkdns2 sshd\[44006\]: Invalid user taivi from 165.227.153.151Aug 15 08:02:47 pkdns2 sshd\[44006\]: Failed password for invalid user taivi from 165.227.153.151 port 33850 ssh2 ...	2019-08-15 15:58:32
94.191.26.216	attackspambots	leo_www	2019-08-15 15:53:41
181.123.10.88	attack	Aug 15 07:55:43 h2177944 sshd\[2877\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.123.10.88 user=root Aug 15 07:55:45 h2177944 sshd\[2877\]: Failed password for root from 181.123.10.88 port 41564 ssh2 Aug 15 08:01:45 h2177944 sshd\[3557\]: Invalid user sinusbot from 181.123.10.88 port 60106 Aug 15 08:01:45 h2177944 sshd\[3557\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.123.10.88 ...	2019-08-15 15:39:49
35.204.21.214	attackbotsspam	CloudCIX Reconnaissance Scan Detected, PTR: 214.21.204.35.bc.googleusercontent.com.	2019-08-15 15:30:31

Recently Reported IPs

138.197.134.120	138.197.136.156	138.197.136.27	138.197.132.197
138.197.138.178	138.197.136.96	138.197.140.47	138.197.140.147
138.197.137.143	138.197.142.152	138.197.141.62	138.197.142.68
138.197.141.75	138.197.143.106	138.197.146.99	138.197.148.238
138.197.147.223	138.197.150.244	138.197.150.137	138.197.152.183