IP address

Search at other sites:
.638141.255.167.250hostedby.privatelayer.com
Shodan(more info)
Passive DNS
Tags: Scanner Login attempts
IP blacklists
UCEPROTECT L1
141.255.167.250 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-03 23:45:00.835000
Was present on blacklist at: 2024-05-01 15:45, 2024-05-01 23:45, 2024-05-02 07:45, 2024-05-02 15:45, 2024-05-02 23:45, 2024-05-03 07:45, 2024-05-03 15:45, 2024-05-03 23:45
ThreatFox
141.255.167.250 is listed on the ThreatFox blacklist.

Description: ThreatFox is a free platform from abuse.ch with the goal of<br>sharing indicators of compromise (IOCs) associated with malware with the<br>infosec community, AV vendors and threat intelligence providers.
Type of feed: primary (feed detail page)

Last checked at: 2024-02-06 15:10:00.151000
Was present on blacklist at: 2024-02-04 19:10, 2024-02-05 03:10, 2024-02-05 07:10, 2024-02-05 11:10, 2024-02-05 15:10, 2024-02-05 19:10, 2024-02-06 03:10, 2024-02-06 07:10, 2024-02-06 15:10
Turris greylist
141.255.167.250 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-03 21:15:00.188000
Was present on blacklist at: 2024-04-30 21:15, 2024-05-01 21:15, 2024-05-02 21:15, 2024-05-03 21:15
CI Army
141.255.167.250 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 02:50:01.005000
Was present on blacklist at: 2024-05-01 02:50, 2024-05-02 02:50, 2024-05-03 02:50, 2024-05-04 02:50
AbuseIPDB
141.255.167.250 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>IPs performing malicious activity(DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 04:00:00.684000
Was present on blacklist at: 2024-05-01 04:00, 2024-05-02 04:00, 2024-05-03 04:00, 2024-05-04 04:00
DataPlane SSH login
141.255.167.250 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs performing<br>login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 06:10:03.160000
Was present on blacklist at: 2024-05-01 14:10, 2024-05-01 18:10, 2024-05-01 22:10, 2024-05-02 02:10, 2024-05-02 06:10, 2024-05-02 10:10, 2024-05-02 14:10, 2024-05-02 18:10, 2024-05-02 22:10, 2024-05-03 02:10, 2024-05-03 06:10, 2024-05-03 10:10, 2024-05-03 14:10, 2024-05-03 18:10, 2024-05-03 22:10, 2024-05-04 02:10, 2024-05-04 06:10
blocklist.de SSH
141.255.167.250 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 04:05:00.444000
Was present on blacklist at: 2024-05-01 16:05, 2024-05-01 22:05, 2024-05-02 04:05, 2024-05-02 10:05, 2024-05-02 16:05, 2024-05-02 22:05, 2024-05-03 04:05, 2024-05-03 10:05, 2024-05-03 16:05, 2024-05-03 22:05, 2024-05-04 04:05
BruteForceBlocker
141.255.167.250 is listed on the BruteForceBlocker blacklist.

Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 02:52:00.251000
Was present on blacklist at: 2024-05-02 02:52, 2024-05-03 02:52, 2024-05-04 02:52
Haley SSH
141.255.167.250 is listed on the Haley SSH blacklist.

Description: IPs launching SSH dictionary attacks attacks against the server of Charles B. Haley.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-04 06:10:04.941000
Was present on blacklist at: 2024-05-02 14:10, 2024-05-02 18:10, 2024-05-02 22:10, 2024-05-03 02:10, 2024-05-03 06:10, 2024-05-03 10:10, 2024-05-03 14:10, 2024-05-03 18:10, 2024-05-03 22:10, 2024-05-04 02:10, 2024-05-04 06:10
Spamhaus XBL CBL
141.255.167.250 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-05-03 16:52:20.525000
Was present on blacklist at: 2024-05-03 16:52
Warden events (1988)
2024-05-04
ReconScanning (node.8cbf96): 83
ReconScanning (node.7d83c0): 27
ReconScanning (node.bd32ad): 83
ReconScanning (node.293592): 27
2024-05-03
AttemptLogin (node.bd32ad): 16
ReconScanning (node.293592): 90
AttemptLogin (node.8cbf96): 7
Malware (node.7956a5): 1
IntrusionUserCompromise (node.7956a5): 1
AttemptLogin (node.7956a5): 1
ReconScanning (node.7d83c0): 83
AttemptLogin (node.7d83c0): 1
ReconScanning (node.bd32ad): 240
ReconScanning (node.8cbf96): 224
ReconScanning (node.32f23f): 1
AttemptLogin (node.f6f462): 1
2024-05-02
ReconScanning (node.7d83c0): 42
ReconScanning (node.293592): 82
ReconScanning (node.bd32ad): 121
AttemptLogin (node.bd32ad): 72
AttemptLogin (node.8cbf96): 75
ReconScanning (node.8cbf96): 1
ReconScanning (node.32f23f): 8
AttemptLogin (node.7d83c0): 15
AttemptLogin (node.7956a5): 1
AttemptLogin (node.f6f462): 1
2024-05-01
ReconScanning (node.bd32ad): 134
ReconScanning (node.8cbf96): 133
ReconScanning (node.293592): 86
ReconScanning (node.7d83c0): 49
ReconScanning (node.32f23f): 4
AttemptLogin (node.bd32ad): 58
AttemptLogin (node.8cbf96): 69
Malware (node.7956a5): 2
IntrusionUserCompromise (node.7956a5): 2
AttemptLogin (node.7956a5): 2
AttemptLogin (node.7d83c0): 5
AttemptLogin (node.32f23f): 1
AttemptLogin (node.f6f462): 1
2024-04-30
ReconScanning (node.7d83c0): 23
ReconScanning (node.bd32ad): 46
ReconScanning (node.293592): 16
ReconScanning (node.8cbf96): 42
ReconScanning (node.32f23f): 2
2024-04-29
ReconScanning (node.8cbf96): 1
ReconScanning (node.bd32ad): 3
ReconScanning (node.7d83c0): 3
ReconScanning (node.293592): 2
DShield reports (IP summary, reports)
2024-04-29
Number of reports: 18
Distinct targets: 11
2024-04-30
Number of reports: 1749
Distinct targets: 619
2024-05-01
Number of reports: 5187
Distinct targets: 891
2024-05-02
Number of reports: 4211
Distinct targets: 597
2024-05-03
Number of reports: 7098
Distinct targets: 672
OTX pulses
[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day
Author name:david3
Pulse modified:2024-05-04 03:55:16.554000
Indicator created:2024-04-30 14:20:15
Indicator role:scanning_host
Indicator title:404 NOT FOUND
Indicator expiration:2024-07-29 00:00:00
[6633a05c5dfb54e141ce1afd] 2024-05-02 14:16:59.438000 | Apache honeypot logs for 02/May/2024
Author name:jnazario
Pulse modified:2024-05-02 14:16:59.438000
Indicator created:2024-05-02 14:17:01
Indicator role:None
Indicator title:
Indicator expiration:2024-06-01 14:00:00
Origin AS
AS51852 - PLI-AS
BGP Prefix
141.255.160.0/21
geo
Switzerland, Zurich
🕑 Europe/Zurich
hostname
hostedby.privatelayer.com
Address block ('inetnum' or 'NetRange' in whois database)
141.255.160.0 - 141.255.167.255
last_activity
2024-05-04 06:54:09
last_warden_event
2024-05-04 06:54:09
rep
0.6376406715029762
reserved_range
0
ts_added
2024-01-26 16:52:12.040000
ts_last_update
2024-05-04 06:54:17.418000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses