IP address

Passive DNS

Tags:

IP blacklists

DataPlane SSH login

38.60.220.131 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs trying an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-12 07:10:02.307000
Was present on blacklist at: 2025-12-08 15:10, 2025-12-08 19:10, 2025-12-09 03:10, 2025-12-09 07:10, 2025-12-09 15:10, 2025-12-09 19:10, 2025-12-10 03:10, 2025-12-10 07:10, 2025-12-10 15:10, 2025-12-10 19:10, 2025-12-11 03:10, 2025-12-11 07:10, 2025-12-11 15:10, 2025-12-11 19:10, 2025-12-12 03:10, 2025-12-12 07:10

Spamhaus PBL

38.60.220.131 is listed on the Spamhaus PBL blacklist.

Description: The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-12-08 15:23:11.946000
Was present on blacklist at: 2025-12-08 15:23

blocklist.de SSH

38.60.220.131 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-09 11:05:00.406000
Was present on blacklist at: 2025-12-08 17:05, 2025-12-08 23:05, 2025-12-09 05:05, 2025-12-09 11:05

AbuseIPDB

38.60.220.131 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-12-09 05:00:00.717000
Was present on blacklist at: 2025-12-09 05:00

blocklist.de web-login

38.60.220.131 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-11 17:05:00.297000
Was present on blacklist at: 2025-12-09 17:05, 2025-12-09 23:05, 2025-12-10 05:05, 2025-12-10 11:05, 2025-12-10 17:05, 2025-12-10 23:05, 2025-12-11 05:05, 2025-12-11 11:05, 2025-12-11 17:05

blocklist.de Apache

38.60.220.131 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing attacks on the service Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-11 17:05:00.413000
Was present on blacklist at: 2025-12-09 17:05, 2025-12-09 23:05, 2025-12-10 05:05, 2025-12-10 11:05, 2025-12-10 17:05, 2025-12-10 23:05, 2025-12-11 05:05, 2025-12-11 11:05, 2025-12-11 17:05

Warden events (3)

2025-12-09: Malware (node.e1f86c): 1; IntrusionUserCompromise (node.e1f86c): 1; AttemptLogin (node.e1f86c): 1

DShield reports (IP summary, reports)

2025-12-08: Number of reports: 212; Distinct targets: 5
2025-12-09: Number of reports: 60; Distinct targets: 3

Origin AS: AS138915 - KAOPU-HK
BGP Prefix: 38.60.220.0/24
geo: South Korea, Seoul; 🕑 Asia/Seoul
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 38.0.0.0 - 38.255.255.255
last_activity: 2025-12-09 11:03:30.844000
last_warden_event: 2025-12-09 11:03:30.844000
rep: 0.05
reserved_range: 0
Shodan's InternetDB: Open ports: 22; Tags: –; CPEs: cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux
ts_added: 2025-12-08 15:23:11.782000
ts_last_update: 2025-12-12 07:23:45.889000

Warden event timeline

DShield event timeline

Presence on blacklists