138.197.13.103

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	138.197.13.103 - - \[17/Jan/2020:14:01:25 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[17/Jan/2020:14:01:27 +0100\] "POST /wp-login.php HTTP/1.0" 200 5728 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[17/Jan/2020:14:01:28 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 802 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-01-18 00:33:44
attackbotsspam	Automatic report - Banned IP Access	2019-12-30 20:31:29
attack	138.197.13.103 - - [19/Dec/2019:22:35:45 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - [19/Dec/2019:22:35:45 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-20 06:43:05
attackspambots	138.197.13.103 - - [14/Dec/2019:16:39:16 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - [14/Dec/2019:16:39:16 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-15 02:20:49
attackspambots	xmlrpc attack	2019-12-14 17:28:28
attack	138.197.13.103 - - \[10/Dec/2019:05:59:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 6655 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[10/Dec/2019:05:59:20 +0100\] "POST /wp-login.php HTTP/1.0" 200 6493 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[10/Dec/2019:05:59:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 6492 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-10 13:13:29
attack	138.197.13.103 - - \[01/Dec/2019:18:44:11 +0100\] "POST /wp-login.php HTTP/1.0" 200 4404 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[01/Dec/2019:18:44:12 +0100\] "POST /wp-login.php HTTP/1.0" 200 4236 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[01/Dec/2019:18:44:13 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-02 05:22:53
attackspambots	138.197.13.103 - - \[14/Nov/2019:07:29:46 +0100\] "POST /wp-login.php HTTP/1.0" 200 4128 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[14/Nov/2019:07:29:47 +0100\] "POST /wp-login.php HTTP/1.0" 200 3955 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[14/Nov/2019:07:29:48 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-14 15:27:56
attackbotsspam	xmlrpc attack	2019-10-29 15:16:54
attackbotsspam	138.197.13.103 - - \[24/Oct/2019:08:20:36 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.13.103 - - \[24/Oct/2019:08:20:36 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-10-24 17:25:13
attack	WordPress wp-login brute force :: 138.197.13.103 0.120 BYPASS [23/Oct/2019:20:19:19 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-23 17:41:45
attackspam	[munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:24 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:26 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:28 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:30 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:32 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 138.197.13.103 - - [21/Oct/2019:13:42:34 +0200] "POST /[munged]: HTTP/1.1" 200 9078 "-" "Mozilla/5.0 (X11	2019-10-21 22:48:20
attackspam	WordPress login Brute force / Web App Attack on client site.	2019-10-06 05:48:31
attackbotsspam	xmlrpc attack	2019-10-02 03:42:54
attackspambots	Automatic report - Banned IP Access	2019-09-26 07:08:43

相同子网IP讨论:

IP	类型	评论内容	时间
138.197.136.163	attack	Bruteforce detected by fail2ban	2020-09-30 03:10:28
138.197.136.163	attack	Invalid user oracle from 138.197.136.163 port 37458	2020-09-29 19:14:00
138.197.135.102	attackspambots	138.197.135.102 - - [19/Sep/2020:07:11:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-20 03:49:48
138.197.135.102	attack	138.197.135.102 - - [19/Sep/2020:07:11:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2451 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.135.102 - - [19/Sep/2020:07:11:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2431 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-19 19:55:09
138.197.137.225	attack	138.197.137.225 - - [11/Sep/2020:18:52:58 +0200] "HEAD / HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36"	2020-09-13 00:18:48
138.197.137.225	attackbotsspam	138.197.137.225 - - [11/Sep/2020:18:52:58 +0200] "HEAD / HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36"	2020-09-12 16:17:14
138.197.135.102	attack	138.197.135.102 - - [10/Sep/2020:21:13:11 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-11 03:27:35
138.197.131.66	attackbotsspam	138.197.131.66 - - [10/Sep/2020:16:34:59 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:16:35:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-11 01:12:33
138.197.135.102	attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-10 18:58:01
138.197.131.66	attack	138.197.131.66 - - [10/Sep/2020:09:37:17 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.131.66 - - [10/Sep/2020:09:40:59 +0200] "POST /xmlrpc.php HTTP/1.1" 403 13510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-10 16:32:12
138.197.131.66	attack	Automatic report - XMLRPC Attack	2020-09-10 07:09:41
138.197.131.66	attackspambots	Automatic report - XMLRPC Attack	2020-09-08 06:26:08
138.197.135.102	attackbots	CMS (WordPress or Joomla) login attempt.	2020-09-08 00:12:36
138.197.135.102	attackbotsspam	Brute forcing Wordpress login	2020-09-07 08:07:25
138.197.130.138	attackspambots	Sep 4 13:08:14 sigma sshd\[10630\]: Failed password for root from 138.197.130.138 port 42912 ssh2Sep 4 13:16:52 sigma sshd\[11175\]: Invalid user cactiuser from 138.197.130.138 ...	2020-09-04 23:16:07

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.13.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24873
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.13.103.			IN	A

;; AUTHORITY SECTION:
.			293	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092503 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 26 07:08:40 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 103.13.197.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 103.13.197.138.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
103.233.206.214	attackbots	Unauthorized connection attempt from IP address 103.233.206.214 on Port 445(SMB)	2019-10-09 07:48:02
46.225.128.218	attackspam	postfix (unknown user, SPF fail or relay access denied)	2019-10-09 07:33:14
103.91.120.42	attack	Unauthorized connection attempt from IP address 103.91.120.42 on Port 445(SMB)	2019-10-09 07:26:48
176.74.73.203	attackbots	Unauthorized connection attempt from IP address 176.74.73.203 on Port 445(SMB)	2019-10-09 07:21:44
82.81.133.15	attackbotsspam	Automatic report - Port Scan Attack	2019-10-09 07:44:56
218.17.56.50	attack	Oct 8 21:45:25 apollo sshd\[8511\]: Failed password for root from 218.17.56.50 port 37172 ssh2Oct 8 21:52:00 apollo sshd\[8540\]: Failed password for root from 218.17.56.50 port 39057 ssh2Oct 8 22:02:05 apollo sshd\[8584\]: Failed password for root from 218.17.56.50 port 56017 ssh2 ...	2019-10-09 07:31:39
101.95.17.118	attack	Unauthorized connection attempt from IP address 101.95.17.118 on Port 445(SMB)	2019-10-09 07:44:41
52.232.31.246	attackspambots	Oct 8 21:59:37 apollo sshd\[8574\]: Failed password for root from 52.232.31.246 port 57290 ssh2Oct 8 22:05:36 apollo sshd\[8620\]: Failed password for root from 52.232.31.246 port 55398 ssh2Oct 8 22:09:18 apollo sshd\[8630\]: Failed password for root from 52.232.31.246 port 39834 ssh2 ...	2019-10-09 07:52:54
189.155.198.47	attack	Unauthorized connection attempt from IP address 189.155.198.47 on Port 445(SMB)	2019-10-09 07:45:32
181.196.48.26	attackspam	Unauthorized connection attempt from IP address 181.196.48.26 on Port 445(SMB)	2019-10-09 07:23:56
36.68.17.173	attackspambots	Unauthorized connection attempt from IP address 36.68.17.173 on Port 445(SMB)	2019-10-09 07:56:01
190.197.3.7	attackbots	Oct 8 22:01:49 vpn01 sshd[5619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.197.3.7 Oct 8 22:01:52 vpn01 sshd[5619]: Failed password for invalid user admin from 190.197.3.7 port 35249 ssh2 ...	2019-10-09 07:39:17
216.244.66.201	attackbotsspam	Automated report (2019-10-08T22:49:30+00:00). Misbehaving bot detected at this address.	2019-10-09 07:40:32
202.39.133.175	attackbots	Unauthorized connection attempt from IP address 202.39.133.175 on Port 445(SMB)	2019-10-09 07:18:47
80.234.43.229	attack	Unauthorized connection attempt from IP address 80.234.43.229 on Port 445(SMB)	2019-10-09 07:45:15

最近上报的IP列表

109.197.249.207	192.0.87.159	37.72.175.120	187.189.111.136
154.168.135.185	37.87.23.119	78.186.65.174	39.96.3.240
141.255.109.79	185.227.138.70	185.46.121.194	18.188.140.237
124.152.108.166	86.12.108.29	1.32.40.24	96.118.215.76
27.210.158.137	192.99.233.219	141.92.70.82	43.241.145.101