IP address

Passive DNS

Tags:

IP blacklists

UCEPROTECT L1

152.89.198.42 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-07-24 07:45:01.377000
Was present on blacklist at: 2024-04-28 07:45, 2024-04-28 15:45, 2024-04-28 23:45, 2024-04-29 07:45, 2024-04-29 15:45, 2024-04-29 23:45, 2024-04-30 07:45, 2024-04-30 15:45, 2024-05-28 15:45, 2024-05-28 23:45, 2024-05-29 07:45, 2024-05-29 15:45, 2024-05-29 23:45, 2024-05-30 07:45, 2024-05-30 15:45, 2024-05-30 23:45, 2024-05-31 07:45, 2024-05-31 15:45, 2024-05-31 23:45, 2024-06-01 07:45, 2024-06-01 15:45, 2024-06-01 23:45, 2024-06-02 07:45, 2024-06-02 15:45, 2024-06-02 23:45, 2024-06-03 07:45, 2024-06-03 15:45, 2024-06-03 23:45, 2024-06-04 07:45, 2024-06-13 23:45, 2024-06-14 07:45, 2024-06-14 15:45, 2024-06-14 23:45, 2024-06-15 07:45, 2024-06-15 15:45, 2024-06-15 23:45, 2024-06-16 07:45, 2024-06-16 15:45, 2024-06-16 23:45, 2024-06-17 07:45, 2024-06-17 15:45, 2024-06-17 23:45, 2024-06-18 07:45, 2024-06-18 23:45, 2024-06-19 07:45, 2024-06-19 15:45, 2024-06-19 23:45, 2024-06-20 07:45, 2024-06-20 15:45, 2024-06-20 23:45, 2024-06-21 07:45, 2024-06-21 15:45, 2024-06-21 23:45, 2024-06-22 15:45, 2024-06-22 23:45, 2024-06-23 07:45, 2024-06-23 15:45, 2024-06-23 23:45, 2024-06-24 07:45, 2024-06-24 15:45, 2024-06-24 23:45, 2024-06-25 07:45, 2024-06-25 15:45, 2024-06-25 23:45, 2024-06-26 15:45, 2024-06-26 23:45, 2024-06-27 07:45, 2024-06-27 15:45, 2024-06-27 23:45, 2024-06-28 07:45, 2024-06-28 15:45, 2024-06-28 23:45, 2024-06-29 07:45, 2024-06-29 15:45, 2024-07-08 23:45, 2024-07-09 07:45, 2024-07-09 15:45, 2024-07-09 23:45, 2024-07-10 07:45, 2024-07-10 15:45, 2024-07-11 07:45, 2024-07-11 15:45, 2024-07-11 23:45, 2024-07-12 07:45, 2024-07-12 15:45, 2024-07-12 23:45, 2024-07-13 07:45, 2024-07-13 23:45, 2024-07-14 07:45, 2024-07-14 15:45, 2024-07-15 07:45, 2024-07-15 15:45, 2024-07-15 23:45, 2024-07-16 07:45, 2024-07-16 15:45, 2024-07-16 23:45, 2024-07-17 07:45, 2024-07-17 15:45, 2024-07-17 23:45, 2024-07-18 07:45, 2024-07-18 15:45, 2024-07-18 23:45, 2024-07-19 07:45, 2024-07-19 15:45, 2024-07-20 07:45, 2024-07-20 15:45, 2024-07-21 07:45, 2024-07-21 15:45, 2024-07-21 23:45, 2024-07-22 07:45, 2024-07-22 15:45, 2024-07-22 23:45, 2024-07-23 07:45, 2024-07-23 15:45, 2024-07-23 23:45, 2024-07-24 07:45

DShield Block

152.89.198.42 is listed on the DShield Block blacklist.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking<br>class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2024-07-26 04:50:00
Was present on blacklist at: 2024-04-29 04:50, 2024-04-30 04:50, 2024-05-01 04:50, 2024-05-02 04:50, 2024-05-03 04:50, 2024-05-11 04:50, 2024-05-12 04:50, 2024-05-13 04:50, 2024-05-14 04:50, 2024-05-15 04:50, 2024-05-16 04:50, 2024-05-17 04:50, 2024-05-18 04:50, 2024-05-19 04:50, 2024-05-21 04:50, 2024-05-22 04:50, 2024-05-23 04:50, 2024-05-26 04:50, 2024-05-27 04:50, 2024-05-29 04:50, 2024-06-15 04:50, 2024-06-18 04:50, 2024-06-19 04:50, 2024-06-20 04:50, 2024-06-21 04:50, 2024-06-22 04:50, 2024-06-25 04:50, 2024-06-26 04:50, 2024-06-27 04:50, 2024-07-02 04:50, 2024-07-03 04:50, 2024-07-05 04:50, 2024-07-06 04:50, 2024-07-07 04:50, 2024-07-09 04:50, 2024-07-10 04:50, 2024-07-11 04:50, 2024-07-13 04:50, 2024-07-14 04:50, 2024-07-15 04:50, 2024-07-18 04:50, 2024-07-19 04:50, 2024-07-22 04:50, 2024-07-23 04:50, 2024-07-25 04:50, 2024-07-26 04:50

DShield reports (IP summary, reports)

2024-06-02: Number of reports: 14; Distinct targets: 6
2024-06-05: Number of reports: 10; Distinct targets: 10
2024-06-10: Number of reports: 25; Distinct targets: 19
2024-06-12: Number of reports: 15; Distinct targets: 10
2024-06-21: Number of reports: 13; Distinct targets: 7
2024-07-15: Number of reports: 463; Distinct targets: 254

OTX pulses

[65e49450486aae0903cbee12] 2024-03-03 15:16:31.999000 | Redis honeypot logs for 2024-03-03

Author name:	jnazario
Pulse modified:	2024-03-03 15:16:31.999000
Indicator created:	2024-03-03 15:16:32
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-02 15:00:00

[65f063b26a4596c5d5fe8c7d] 2024-03-12 14:16:18.464000 | RDP honeypot logs for 2024/03/12

Author name:	jnazario
Pulse modified:	2024-03-12 14:16:18.464000
Indicator created:	2024-03-12 14:16:19
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-11 14:00:00

[65f306b29e0b2b4ba2bab18a] 2024-03-14 14:16:18.598000 | RDP honeypot logs for 2024/03/14

Author name:	jnazario
Pulse modified:	2024-03-14 14:16:18.598000
Indicator created:	2024-03-14 14:16:19
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-13 14:00:00

[65f6fb3198de078e1566fc3b] 2024-03-17 14:16:17.059000 | Redis honeypot logs for 2024-03-17

Author name:	jnazario
Pulse modified:	2024-03-17 14:16:17.059000
Indicator created:	2024-03-17 14:16:17
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-16 14:00:00

[65fd92b00655a62dc3f494f1] 2024-03-22 14:16:16.275000 | RDP honeypot logs for 2024/03/22

Author name:	jnazario
Pulse modified:	2024-03-22 14:16:16.275000
Indicator created:	2024-03-22 14:16:17
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-21 14:00:00

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2024-07-27 03:55:18.248000
Indicator created:	2024-07-22 17:10:16
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2024-10-20 00:00:00

[66081eb15d9286d14cd08e0e] 2024-03-30 14:16:17.461000 | RDP honeypot logs for 2024/03/30

Author name:	jnazario
Pulse modified:	2024-03-30 14:16:17.461000
Indicator created:	2024-03-30 14:16:18
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-29 14:00:00

[667044f515cfecc403d4dbdb] 2024-06-17 14:15:17.684000 | RDP honeypot logs for 2024/06/17

Author name:	jnazario
Pulse modified:	2024-06-17 14:15:17.684000
Indicator created:	2024-06-17 14:15:18
Indicator role:	None
Indicator title:
Indicator expiration:	2024-07-17 14:00:00

[6696844ad1dc5c42d3ebc93c] 2024-07-16 14:31:38.413000 | RDP honeypot logs for 2024/07/16

Author name:	jnazario
Pulse modified:	2024-07-16 14:31:38.413000
Indicator created:	2024-07-16 14:31:39
Indicator role:	None
Indicator title:
Indicator expiration:	2024-08-15 14:00:00

[6697d24a12e3deca9706871e] 2024-07-17 14:16:42.749000 | RDP honeypot logs for 2024/07/17

Author name:	jnazario
Pulse modified:	2024-07-17 14:16:42.749000
Indicator created:	2024-07-17 14:16:43
Indicator role:	None
Indicator title:
Indicator expiration:	2024-08-16 14:00:00

Origin AS: AS57523 - changway-as
BGP Prefix: 152.89.198.0/24
fmp: {'general': 0.615939736366272}
geo: Russia; 🕑 Europe/Moscow
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 152.89.198.0 - 152.89.198.255
last_activity: 2024-07-27 04:03:21.379000
reserved_range: 0
Shodan's InternetDB: Open ports: 135, 445, 3389, 5985; Tags: self-signed; CPEs: –
ts_added: 2023-12-20 00:55:26.391000
ts_last_update: 2024-07-27 04:03:21.392000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses