IP address

Passive DNS

Tags:

IP blacklists

BruteForceBlocker

154.219.99.198 is listed on the BruteForceBlocker blacklist.

Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed: primary (feed detail page)

Last checked at: 2025-07-06 02:52:00.249000
Was present on blacklist at: 2025-06-17 02:52, 2025-06-18 02:52, 2025-06-19 02:52, 2025-06-20 02:52, 2025-06-21 02:52, 2025-06-22 02:52, 2025-06-23 02:52, 2025-06-24 02:52, 2025-06-25 02:52, 2025-06-26 02:52, 2025-06-27 02:52, 2025-06-28 02:52, 2025-06-29 02:52, 2025-06-30 02:52, 2025-07-01 02:52, 2025-07-02 02:52, 2025-07-03 02:52, 2025-07-04 02:52, 2025-07-05 02:52, 2025-07-06 02:52

blocklist.de SSH

154.219.99.198 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-20 16:05:00.567000
Was present on blacklist at: 2025-06-17 04:05, 2025-06-17 10:05, 2025-06-17 16:05, 2025-06-17 22:05, 2025-06-18 04:05, 2025-06-18 10:05, 2025-06-18 16:05, 2025-06-18 22:05, 2025-06-19 04:05, 2025-06-19 10:05, 2025-06-19 16:05, 2025-06-19 22:05, 2025-06-20 04:05, 2025-06-20 10:05, 2025-06-20 16:05

UCEPROTECT L1

154.219.99.198 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-24 15:45:00.758000
Was present on blacklist at: 2025-06-17 23:45, 2025-06-18 07:45, 2025-06-18 15:45, 2025-06-18 23:45, 2025-06-19 07:45, 2025-06-19 15:45, 2025-06-19 23:45, 2025-06-20 07:45, 2025-06-20 15:45, 2025-06-20 23:45, 2025-06-21 07:45, 2025-06-21 15:45, 2025-06-21 23:45, 2025-06-22 07:45, 2025-06-22 15:45, 2025-06-22 23:45, 2025-06-23 07:45, 2025-06-23 15:45, 2025-06-23 23:45, 2025-06-24 07:45, 2025-06-24 15:45

FireHOL anonymizers

154.219.99.198 is listed on the FireHOL anonymizers blacklist.

Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed: secondary (feed detail page)

Last checked at: 2025-07-06 00:05:08
Was present on blacklist at: 2025-06-20 00:05, 2025-06-21 00:05, 2025-06-22 00:05, 2025-06-23 00:05, 2025-06-24 00:05, 2025-06-25 00:05, 2025-06-26 00:05, 2025-06-27 00:05, 2025-06-28 00:05, 2025-06-29 00:05, 2025-06-30 00:05, 2025-07-01 00:05, 2025-07-02 00:05, 2025-07-03 00:05, 2025-07-04 00:05, 2025-07-05 00:05, 2025-07-06 00:05

Warden events (9)

2025-06-19: ReconScanning (node.368407): 1
2025-06-18: ReconScanning (node.368407): 1
2025-06-17: ReconScanning (node.368407): 4; AttemptLogin (node.03e7a9): 1; AttemptLogin (node.368407): 1
2025-06-16: AttemptLogin (node.b17ef8): 1

DShield reports (IP summary, reports)

2025-06-17: Number of reports: 69; Distinct targets: 33
2025-06-18: Number of reports: 28; Distinct targets: 12

Origin AS: AS137899 - ILAYERLIMITED-AS-AP
BGP Prefix: 154.219.96.0/22
geo: Hong Kong; 🕑 Asia/Hong_Kong
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 154.192.0.0 - 154.223.255.255
last_activity: 2025-06-19 11:15:59
last_warden_event: 2025-06-19 11:15:59
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 21, 22, 80, 81, 111, 888, 3015, 3050, 3060, 3080, 3112, 3121, 3150, 3160, 3306; Tags: starttls, self-signed, database; CPEs: cpe:/a:openbsd:openssh:7.4, cpe:/a:oracle:mysql, cpe:/a:f5:nginx, cpe:/a:pureftpd:pure-ftpd
ts_added: 2025-06-16 23:49:46.727000
ts_last_update: 2025-07-06 02:52:06.931000

Warden event timeline

DShield event timeline

Presence on blacklists