138.197.4.42 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	138.197.4.42 - - \[31/Dec/2019:15:50:39 +0100\] "GET / HTTP/1.0" 200 926 "-" "Mozilla/5.0 \(compatible\; NetcraftSurveyAgent/1.0\; +info@netcraft.com\)" ...	2020-01-01 01:14:57

相同子网IP讨论:

IP	类型	评论内容	时间
138.197.43.206	attackspambots	WordPress login Brute force / Web App Attack on client site.	2020-07-14 07:51:33
138.197.43.206	attackbotsspam	138.197.43.206 - - [12/Jul/2020:16:37:42 +0200] "POST /xmlrpc.php HTTP/1.1" 403 21861 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [12/Jul/2020:16:46:20 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-13 01:06:01
138.197.43.206	attackspambots	WordPress vulnerability sniffing (looking for /wp-login.php)	2020-07-12 12:42:54
138.197.43.206	attack	138.197.43.206 - - [05/Jul/2020:07:55:55 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [05/Jul/2020:07:55:57 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [05/Jul/2020:07:55:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-05 17:37:46
138.197.43.206	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2020-06-25 21:48:46
138.197.43.206	attack	138.197.43.206 - - \[01/Jun/2020:17:14:33 +0200\] "POST /wp-login.php HTTP/1.0" 200 6390 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - \[01/Jun/2020:17:14:35 +0200\] "POST /wp-login.php HTTP/1.0" 200 6359 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - \[01/Jun/2020:17:14:36 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-06-02 00:43:10
138.197.43.206	attackspambots	138.197.43.206 - - [31/May/2020:05:49:22 +0200] "GET /wp-login.php HTTP/1.1" 200 6364 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [31/May/2020:05:49:23 +0200] "POST /wp-login.php HTTP/1.1" 200 6615 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [31/May/2020:05:49:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-31 17:36:31
138.197.43.206	attack	marleenrecords.breidenba.ch 138.197.43.206 [24/May/2020:22:30:15 +0200] "POST /wp-login.php HTTP/1.1" 200 6135 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" marleenrecords.breidenba.ch 138.197.43.206 [24/May/2020:22:30:16 +0200] "POST /wp-login.php HTTP/1.1" 200 6095 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-25 06:42:27
138.197.43.206	attackspambots	WordPress wp-login brute force :: 138.197.43.206 0.100 - [12/May/2020:23:39:30 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 1837 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-05-13 08:17:57
138.197.47.165	attackbotsspam	Automatic report - Port Scan	2020-03-14 02:14:33
138.197.43.206	attackspambots	php WP PHPmyadamin ABUSE blocked for 12h	2020-03-07 04:01:05
138.197.43.206	attackbotsspam	138.197.43.206 - - \[06/Feb/2020:19:13:54 +0100\] "POST /wp-login.php HTTP/1.0" 200 4404 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - \[06/Feb/2020:19:13:56 +0100\] "POST /wp-login.php HTTP/1.0" 200 4402 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - \[06/Feb/2020:19:13:56 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-02-07 03:30:12
138.197.43.206	attack	138.197.43.206 - - [18/Dec/2019:23:40:15 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [18/Dec/2019:23:40:16 +0100] "POST /wp-login.php HTTP/1.1" 200 1524 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [18/Dec/2019:23:40:16 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [18/Dec/2019:23:40:17 +0100] "POST /wp-login.php HTTP/1.1" 200 1508 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [18/Dec/2019:23:40:18 +0100] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.197.43.206 - - [18/Dec/2019:23:40:19 +0100] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-19 07:06:08
138.197.43.206	attackbots	138.197.43.206 has been banned for [WebApp Attack] ...	2019-12-05 00:06:58
138.197.4.37	attackbotsspam	Port 22 Scan, PTR: None	2019-12-03 15:32:16

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.197.4.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.197.4.42.			IN	A

;; AUTHORITY SECTION:
.			207	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019123100 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jan 01 01:14:52 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

42.4.197.138.in-addr.arpa domain name pointer jobqueue-listener.jobqueue.netcraft.com-u05a1ad622bdc11ea98dbed2d838d6ab1u-digitalocean-2gb.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
42.4.197.138.in-addr.arpa	name = jobqueue-listener.jobqueue.netcraft.com-u05a1ad622bdc11ea98dbed2d838d6ab1u-digitalocean-2gb.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
123.21.121.74	attackbots	Nov 28 06:21:19 DDOS Attack: SRC=123.21.121.74 DST=[Masked] LEN=40 TOS=0x00 PREC=0x20 TTL=48 DF PROTO=TCP SPT=45808 DPT=443 WINDOW=0 RES=0x00 RST URGP=0	2019-11-28 20:24:37
95.154.102.164	attackbotsspam	Nov 28 09:52:31 [host] sshd[31583]: Invalid user phyllis from 95.154.102.164 Nov 28 09:52:31 [host] sshd[31583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.154.102.164 Nov 28 09:52:34 [host] sshd[31583]: Failed password for invalid user phyllis from 95.154.102.164 port 33748 ssh2	2019-11-28 20:25:29
5.57.33.71	attackbots	CyberHackers.eu > SSH Bruteforce attempt!	2019-11-28 20:43:15
223.171.32.56	attackspam	Automatic report - Banned IP Access	2019-11-28 20:30:37
14.185.20.138	attack	Unauthorised access (Nov 28) SRC=14.185.20.138 LEN=52 TTL=118 ID=913 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Nov 28) SRC=14.185.20.138 LEN=52 TTL=118 ID=31335 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Nov 28) SRC=14.185.20.138 LEN=52 TTL=118 ID=13176 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Nov 28) SRC=14.185.20.138 LEN=52 TTL=118 ID=19760 DF TCP DPT=445 WINDOW=8192 SYN	2019-11-28 20:37:41
123.21.223.175	attack	Nov 28 06:21:15 DDOS Attack: SRC=123.21.223.175 DST=[Masked] LEN=40 TOS=0x08 PREC=0x20 TTL=49 DF PROTO=TCP SPT=20461 DPT=443 WINDOW=0 RES=0x00 RST URGP=0	2019-11-28 20:26:45
112.196.54.35	attackbotsspam	Nov 28 12:08:40 marvibiene sshd[50950]: Invalid user db2fenc1 from 112.196.54.35 port 46144 Nov 28 12:08:40 marvibiene sshd[50950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.54.35 Nov 28 12:08:40 marvibiene sshd[50950]: Invalid user db2fenc1 from 112.196.54.35 port 46144 Nov 28 12:08:42 marvibiene sshd[50950]: Failed password for invalid user db2fenc1 from 112.196.54.35 port 46144 ssh2 ...	2019-11-28 20:48:23
122.161.196.191	attackspambots	Unauthorised access (Nov 28) SRC=122.161.196.191 LEN=52 TTL=118 ID=17557 DF TCP DPT=445 WINDOW=8192 SYN	2019-11-28 20:29:28
139.199.159.77	attackbots	Nov 28 07:06:49 h2812830 sshd[10346]: Invalid user jaccard from 139.199.159.77 port 37676 Nov 28 07:06:49 h2812830 sshd[10346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.159.77 Nov 28 07:06:49 h2812830 sshd[10346]: Invalid user jaccard from 139.199.159.77 port 37676 Nov 28 07:06:52 h2812830 sshd[10346]: Failed password for invalid user jaccard from 139.199.159.77 port 37676 ssh2 Nov 28 07:21:22 h2812830 sshd[11094]: Invalid user hutsebaut from 139.199.159.77 port 58774 ...	2019-11-28 20:22:10
157.230.184.19	attackspam	Nov 28 10:53:44 vps691689 sshd[11893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.184.19 Nov 28 10:53:46 vps691689 sshd[11893]: Failed password for invalid user dewey from 157.230.184.19 port 38146 ssh2 Nov 28 10:59:45 vps691689 sshd[12012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.184.19 ...	2019-11-28 20:29:55
181.41.216.136	attackbots	Nov 28 11:22:31 relay postfix/smtpd\[22723\]: NOQUEUE: reject: RCPT from unknown\[181.41.216.136\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[181.41.216.131\]\> Nov 28 11:22:31 relay postfix/smtpd\[22723\]: NOQUEUE: reject: RCPT from unknown\[181.41.216.136\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[181.41.216.131\]\> Nov 28 11:22:31 relay postfix/smtpd\[22723\]: NOQUEUE: reject: RCPT from unknown\[181.41.216.136\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[181.41.216.131\]\> Nov 28 11:22:31 relay postfix/smtpd\[22723\]: NOQUEUE: reject: RCPT from unknown\[181.41.216.136\]: 554 5.7.1 \: Relay access denied\; from=\ to ...	2019-11-28 20:28:53
203.195.159.186	attackbots	2019-11-28T07:20:25.115868stark.klein-stark.info sshd\[4715\]: Invalid user cheng from 203.195.159.186 port 39764 2019-11-28T07:20:25.124239stark.klein-stark.info sshd\[4715\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.159.186 2019-11-28T07:20:27.257834stark.klein-stark.info sshd\[4715\]: Failed password for invalid user cheng from 203.195.159.186 port 39764 ssh2 ...	2019-11-28 20:42:07
81.22.45.225	attackbots	Unauthorized connection attempt from IP address 81.22.45.225 on Port 3389(RDP)	2019-11-28 20:53:04
220.76.107.50	attack	Invalid user news from 220.76.107.50 port 54768	2019-11-28 20:45:01
91.243.91.32	attackbotsspam	REQUESTED PAGE: /hsvc_gallery/main.php?g2_view=shutterfly.PrintPhotos&g2_itemId=2007&g2_returnUrl=http%3A%2F%2Fwww2.hsvc.co.nz%2Fhsvc_gallery%2Fmain.php%3Fg2_itemId%3D2007&g2_authToken=a751c8313daa	2019-11-28 20:46:53

最近上报的IP列表

46.150.171.217	113.10.207.24	60.15.105.197	46.153.17.14
112.119.184.156	111.242.8.116	9.152.110.146	233.255.166.108
213.108.185.104	23.102.96.100	15.178.88.14	123.121.136.128
41.188.158.102	35.42.212.75	218.68.240.68	104.248.118.0
45.144.2.66	177.11.250.254	103.135.33.18	193.233.176.131