必须是合法有效的IP地址, 可以是IPv4或者是IPv6, 例如127.0.0.1或者2001:DB8:0:0:8:800:200C:417A
基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:
类型 评论内容 时间
attackspambots
138.197.4.42 - - \[31/Dec/2019:15:50:39 +0100\] "GET / HTTP/1.0" 200 926 "-" "Mozilla/5.0 \(compatible\; NetcraftSurveyAgent/1.0\; +info@netcraft.com\)"
...
2020-01-01 01:14:57
相同子网IP讨论:
IP 类型 评论内容 时间
138.197.43.206 attackspambots
WordPress login Brute force / Web App Attack on client site.
2020-07-14 07:51:33
138.197.43.206 attackbotsspam
138.197.43.206 - - [12/Jul/2020:16:37:42 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [12/Jul/2020:16:46:20 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2020-07-13 01:06:01
138.197.43.206 attackspambots
WordPress vulnerability sniffing (looking for /wp-login.php)
2020-07-12 12:42:54
138.197.43.206 attack
138.197.43.206 - - [05/Jul/2020:07:55:55 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [05/Jul/2020:07:55:57 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [05/Jul/2020:07:55:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2020-07-05 17:37:46
138.197.43.206 attackbotsspam
WordPress login Brute force / Web App Attack on client site.
2020-06-25 21:48:46
138.197.43.206 attack
138.197.43.206 - - \[01/Jun/2020:17:14:33 +0200\] "POST /wp-login.php HTTP/1.0" 200 6390 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - \[01/Jun/2020:17:14:35 +0200\] "POST /wp-login.php HTTP/1.0" 200 6359 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - \[01/Jun/2020:17:14:36 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
2020-06-02 00:43:10
138.197.43.206 attackspambots
138.197.43.206 - - [31/May/2020:05:49:22 +0200] "GET /wp-login.php HTTP/1.1" 200 6364 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [31/May/2020:05:49:23 +0200] "POST /wp-login.php HTTP/1.1" 200 6615 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [31/May/2020:05:49:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2020-05-31 17:36:31
138.197.43.206 attack
marleenrecords.breidenba.ch 138.197.43.206 [24/May/2020:22:30:15 +0200] "POST /wp-login.php HTTP/1.1" 200 6135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
marleenrecords.breidenba.ch 138.197.43.206 [24/May/2020:22:30:16 +0200] "POST /wp-login.php HTTP/1.1" 200 6095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2020-05-25 06:42:27
138.197.43.206 attackspambots
WordPress wp-login brute force :: 138.197.43.206 0.100 - [12/May/2020:23:39:30  0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1837 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"
2020-05-13 08:17:57
138.197.47.165 attackbotsspam
Automatic report - Port Scan
2020-03-14 02:14:33
138.197.43.206 attackspambots
php WP PHPmyadamin ABUSE blocked for 12h
2020-03-07 04:01:05
138.197.43.206 attackbotsspam
138.197.43.206 - - \[06/Feb/2020:19:13:54 +0100\] "POST /wp-login.php HTTP/1.0" 200 4404 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - \[06/Feb/2020:19:13:56 +0100\] "POST /wp-login.php HTTP/1.0" 200 4402 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - \[06/Feb/2020:19:13:56 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
2020-02-07 03:30:12
138.197.43.206 attack
138.197.43.206 - - [18/Dec/2019:23:40:15 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [18/Dec/2019:23:40:16 +0100] "POST /wp-login.php HTTP/1.1" 200 1524 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [18/Dec/2019:23:40:16 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [18/Dec/2019:23:40:17 +0100] "POST /wp-login.php HTTP/1.1" 200 1508 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [18/Dec/2019:23:40:18 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
138.197.43.206 - - [18/Dec/2019:23:40:19 +0100] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2019-12-19 07:06:08
138.197.43.206 attackbots
138.197.43.206 has been banned for [WebApp Attack]
...
2019-12-05 00:06:58
138.197.4.37 attackbotsspam
Port 22 Scan, PTR: None
2019-12-03 15:32:16
WHOIS信息:
b
DIG信息:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.4.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.4.42.			IN	A

;; AUTHORITY SECTION:
.			207	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019123100 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jan 01 01:14:52 CST 2020
;; MSG SIZE  rcvd: 116
HOST信息:
42.4.197.138.in-addr.arpa domain name pointer jobqueue-listener.jobqueue.netcraft.com-u05a1ad622bdc11ea98dbed2d838d6ab1u-digitalocean-2gb.
NSLOOKUP信息:
Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
42.4.197.138.in-addr.arpa	name = jobqueue-listener.jobqueue.netcraft.com-u05a1ad622bdc11ea98dbed2d838d6ab1u-digitalocean-2gb.

Authoritative answers can be found from:
相关IP信息:
最新评论:
IP 类型 评论内容 时间
93.41.232.91 attackspambots
Jan  7 15:25:08 mout sshd[29821]: Invalid user braxton from 93.41.232.91 port 39414
2020-01-07 22:50:56
180.250.210.133 attack
Jan  7 14:40:52 dedicated sshd[29790]: Invalid user vision from 180.250.210.133 port 44890
Jan  7 14:40:52 dedicated sshd[29790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.210.133 
Jan  7 14:40:52 dedicated sshd[29790]: Invalid user vision from 180.250.210.133 port 44890
Jan  7 14:40:54 dedicated sshd[29790]: Failed password for invalid user vision from 180.250.210.133 port 44890 ssh2
Jan  7 14:43:22 dedicated sshd[30206]: Invalid user ubuntu from 180.250.210.133 port 54886
2020-01-07 22:26:12
89.248.168.202 attack
01/07/2020-15:35:40.147905 89.248.168.202 Protocol: 6 ET DROP Dshield Block Listed Source group 1
2020-01-07 22:41:30
45.136.108.124 attack
Jan  7 14:33:59 debian-2gb-nbg1-2 kernel: \[663356.385769\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.136.108.124 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1880 PROTO=TCP SPT=40548 DPT=7835 WINDOW=1024 RES=0x00 SYN URGP=0
2020-01-07 22:22:07
168.232.130.184 attack
2020-01-07T14:02:36.039947scmdmz1 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.232.130.184  user=root
2020-01-07T14:02:38.214526scmdmz1 sshd[8736]: Failed password for root from 168.232.130.184 port 58731 ssh2
2020-01-07T14:02:40.549972scmdmz1 sshd[8736]: Failed password for root from 168.232.130.184 port 58731 ssh2
2020-01-07T14:02:36.039947scmdmz1 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.232.130.184  user=root
2020-01-07T14:02:38.214526scmdmz1 sshd[8736]: Failed password for root from 168.232.130.184 port 58731 ssh2
2020-01-07T14:02:40.549972scmdmz1 sshd[8736]: Failed password for root from 168.232.130.184 port 58731 ssh2
2020-01-07T14:02:36.039947scmdmz1 sshd[8736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.232.130.184  user=root
2020-01-07T14:02:38.214526scmdmz1 sshd[8736]: Failed password for root from 168.232.130.184 port 58731 ssh2
2
2020-01-07 22:39:34
190.144.104.50 attack
20/1/7@08:03:07: FAIL: Alarm-Network address from=190.144.104.50
...
2020-01-07 22:11:03
37.57.103.197 attackbotsspam
Unauthorized connection attempt detected from IP address 37.57.103.197 to port 1433
2020-01-07 22:47:19
167.99.71.142 attackspam
Jan  7 03:56:05 sachi sshd\[18221\]: Invalid user centos from 167.99.71.142
Jan  7 03:56:05 sachi sshd\[18221\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.71.142
Jan  7 03:56:07 sachi sshd\[18221\]: Failed password for invalid user centos from 167.99.71.142 port 51852 ssh2
Jan  7 03:59:35 sachi sshd\[18494\]: Invalid user qbc from 167.99.71.142
Jan  7 03:59:35 sachi sshd\[18494\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.71.142
2020-01-07 22:27:53
213.97.62.3 attackspam
Unauthorized connection attempt detected from IP address 213.97.62.3 to port 22
2020-01-07 22:37:13
79.113.249.192 attackspam
Lines containing failures of 79.113.249.192
Jan  7 13:52:50 shared10 sshd[29754]: Invalid user msfadmin from 79.113.249.192 port 51140
Jan  7 13:52:50 shared10 sshd[29754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.113.249.192
Jan  7 13:52:52 shared10 sshd[29754]: Failed password for invalid user msfadmin from 79.113.249.192 port 51140 ssh2
Jan  7 13:52:52 shared10 sshd[29754]: Connection closed by invalid user msfadmin 79.113.249.192 port 51140 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=79.113.249.192
2020-01-07 22:51:27
23.94.204.67 attackspambots
Unauthorized connection attempt detected from IP address 23.94.204.67 to port 22
2020-01-07 22:25:16
176.165.60.67 attack
SSH/22 MH Probe, BF, Hack -
2020-01-07 22:46:28
139.200.49.54 attackbots
firewall-block, port(s): 23/tcp
2020-01-07 22:17:04
43.224.8.12 attackbotsspam
5,33-02/01 [bc01/m68] PostRequest-Spammer scoring: essen
2020-01-07 22:48:01
92.125.149.132 attackbots
Jan  7 13:44:06 km20725 sshd[13229]: reveeclipse mapping checking getaddrinfo for b-internet.92.125.149.132.snt.ru [92.125.149.132] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan  7 13:44:07 km20725 sshd[13229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.149.132  user=r.r
Jan  7 13:44:09 km20725 sshd[13229]: Failed password for r.r from 92.125.149.132 port 45316 ssh2
Jan  7 13:44:11 km20725 sshd[13229]: Failed password for r.r from 92.125.149.132 port 45316 ssh2
Jan  7 13:44:14 km20725 sshd[13229]: Failed password for r.r from 92.125.149.132 port 45316 ssh2
Jan  7 13:44:16 km20725 sshd[13229]: Failed password for r.r from 92.125.149.132 port 45316 ssh2


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=92.125.149.132
2020-01-07 22:31:38

最近上报的IP列表

46.150.171.217 113.10.207.24 60.15.105.197 46.153.17.14
112.119.184.156 111.242.8.116 9.152.110.146 233.255.166.108
213.108.185.104 23.102.96.100 15.178.88.14 123.121.136.128
41.188.158.102 35.42.212.75 218.68.240.68 104.248.118.0
45.144.2.66 177.11.250.254 103.135.33.18 193.233.176.131