IP address

Search at other sites:
.000161.97.138.151
Shodan(more info)
Passive DNS
Tags:
IP blacklists
CI Army
161.97.138.151 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-05-30 02:50:00.951000
Was present on blacklist at: 2025-03-22 03:50, 2025-03-23 03:50, 2025-03-27 03:50, 2025-03-28 03:50, 2025-03-31 02:50, 2025-04-01 02:50, 2025-04-02 02:50, 2025-04-03 02:50, 2025-04-10 02:50, 2025-04-11 02:50, 2025-04-15 02:50, 2025-04-16 02:50, 2025-04-17 02:50, 2025-04-19 02:50, 2025-04-24 02:50, 2025-05-02 02:50, 2025-05-03 02:50, 2025-05-04 02:50, 2025-05-05 02:50, 2025-05-06 02:50, 2025-05-07 02:50, 2025-05-08 02:50, 2025-05-09 02:50, 2025-05-10 02:50, 2025-05-11 02:50, 2025-05-12 02:50, 2025-05-17 02:50, 2025-05-18 02:50, 2025-05-19 02:50, 2025-05-20 02:50, 2025-05-21 02:50, 2025-05-22 02:50, 2025-05-23 02:50, 2025-05-24 02:50, 2025-05-25 02:50, 2025-05-29 02:50, 2025-05-30 02:50
AbuseIPDB
161.97.138.151 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-05-29 04:00:00.570000
Was present on blacklist at: 2025-04-02 04:00, 2025-04-10 04:00, 2025-04-22 04:00, 2025-05-05 04:00, 2025-05-07 04:00, 2025-05-10 04:00, 2025-05-12 04:00, 2025-05-13 04:00, 2025-05-29 04:00
Warden events (13)
2025-05-28
ReconScanning (node.368407): 1
AnomalyTraffic (node.ffe95c): 1
2025-05-04
ReconScanning (node.4dc198): 2
ReconScanning (node.368407): 2
2025-04-21
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
2025-04-09
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
2025-04-01
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
ReconScanning (node.5f02e7): 1
DShield reports (IP summary, reports)
2025-03-21
Number of reports: 253
Distinct targets: 224
2025-03-26
Number of reports: 256
Distinct targets: 242
2025-03-30
Number of reports: 167
Distinct targets: 135
2025-03-31
Number of reports: 515
Distinct targets: 238
2025-04-04
Number of reports: 143
Distinct targets: 77
2025-04-05
Number of reports: 69
Distinct targets: 63
2025-04-06
Number of reports: 39
Distinct targets: 27
2025-04-09
Number of reports: 440
Distinct targets: 251
2025-04-10
Number of reports: 224
Distinct targets: 179
2025-04-14
Number of reports: 263
Distinct targets: 247
2025-04-22
Number of reports: 222
Distinct targets: 199
2025-04-28
Number of reports: 21
Distinct targets: 19
2025-05-01
Number of reports: 316
Distinct targets: 209
2025-05-02
Number of reports: 302
Distinct targets: 197
2025-05-03
Number of reports: 136
Distinct targets: 124
2025-05-04
Number of reports: 19
Distinct targets: 19
2025-05-05
Number of reports: 22
Distinct targets: 18
2025-05-06
Number of reports: 143
Distinct targets: 67
2025-05-10
Number of reports: 348
Distinct targets: 198
2025-05-11
Number of reports: 135
Distinct targets: 98
2025-05-12
Number of reports: 161
Distinct targets: 91
2025-05-15
Number of reports: 24
Distinct targets: 20
2025-05-16
Number of reports: 42
Distinct targets: 38
2025-05-17
Number of reports: 329
Distinct targets: 183
2025-05-20
Number of reports: 317
Distinct targets: 205
2025-05-23
Number of reports: 42
Distinct targets: 21
2025-05-24
Number of reports: 17
Distinct targets: 9
2025-05-28
Number of reports: 242
Distinct targets: 207
2025-05-29
Number of reports: 25
Distinct targets: 21
OTX pulses
[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot
Author name:georgengelmann
Pulse modified:2025-06-08 23:00:14.613000
Indicator created:2025-05-10 00:29:03
Indicator role:bruteforce
Indicator title:RDP intrusion attempt from m23351.contaboserver.net port 56730
Indicator expiration:2025-06-09 00:00:00
Origin AS
AS51167 - CONTABO
BGP Prefix
161.97.128.0/19
geo
Germany, Düsseldorf
🕑 Europe/Berlin
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
161.97.128.0 - 161.97.159.255
last_activity
2025-06-09 00:12:39.039000
last_warden_event
2025-05-28 07:02:23
rep
0.0
reserved_range
0
Shodan's InternetDB
Open ports: 3389
Tags: self-signed, scanner
CPEs:
ts_added
2025-03-07 12:11:36.567000
ts_last_update
2025-06-18 12:11:40.219000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses