IP address

Passive DNS

Tags: Scanner

IP blacklists

DShield Block

154.81.156.54 is listed on the DShield Block blacklist.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2025-05-05 04:50:00
Was present on blacklist at: 2025-04-08 04:50, 2025-04-09 04:50, 2025-04-10 04:50, 2025-04-11 04:50, 2025-04-12 04:50, 2025-04-13 04:50, 2025-04-14 04:50, 2025-04-15 04:50, 2025-04-16 04:50, 2025-04-17 04:50, 2025-04-18 04:50, 2025-04-20 04:50, 2025-04-21 04:50, 2025-04-22 04:50, 2025-04-23 04:50, 2025-04-24 04:50, 2025-04-25 04:50, 2025-04-26 04:50, 2025-04-27 04:50, 2025-04-28 04:50, 2025-04-29 04:50, 2025-04-30 04:50, 2025-05-01 04:50, 2025-05-02 04:50, 2025-05-03 04:50, 2025-05-04 04:50, 2025-05-05 04:50

AbuseIPDB

154.81.156.54 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 04:00:00.633000
Was present on blacklist at: 2025-04-09 04:00, 2025-04-10 04:00, 2025-04-11 04:00, 2025-04-12 04:00, 2025-04-13 04:00, 2025-04-14 04:00, 2025-04-15 04:00, 2025-04-16 04:00, 2025-04-17 04:00, 2025-04-18 04:00, 2025-04-19 04:00, 2025-04-20 04:00, 2025-04-21 04:00, 2025-04-22 04:00, 2025-04-23 04:00, 2025-04-24 04:00, 2025-04-25 04:00, 2025-04-26 04:00, 2025-04-27 04:00, 2025-04-28 04:00, 2025-04-29 04:00, 2025-04-30 04:00, 2025-05-01 04:00, 2025-05-02 04:00, 2025-05-03 04:00, 2025-05-04 04:00, 2025-05-05 04:00

Turris greylist

154.81.156.54 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 21:15:00.177000
Was present on blacklist at: 2025-04-09 21:15, 2025-04-10 21:15, 2025-04-11 21:15, 2025-04-12 21:15, 2025-04-13 21:15, 2025-04-14 21:15, 2025-04-15 21:15, 2025-04-16 21:15, 2025-04-17 21:15, 2025-04-18 21:15, 2025-04-20 21:15, 2025-04-21 21:15, 2025-04-22 21:15, 2025-04-23 21:15, 2025-04-24 21:15, 2025-04-25 21:15, 2025-04-26 21:15, 2025-04-27 21:15, 2025-04-28 21:15, 2025-04-29 21:15, 2025-04-30 21:15, 2025-05-01 21:15, 2025-05-02 21:15, 2025-05-03 21:15, 2025-05-04 21:15, 2025-05-05 21:15

CI Army

154.81.156.54 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 02:50:00.957000
Was present on blacklist at: 2025-04-20 02:50, 2025-04-21 02:50, 2025-04-22 02:50, 2025-04-23 02:50, 2025-04-24 02:50, 2025-04-25 02:50, 2025-04-26 02:50, 2025-04-27 02:50, 2025-04-28 02:50, 2025-04-29 02:50, 2025-04-30 02:50, 2025-05-01 02:50, 2025-05-02 02:50, 2025-05-03 02:50, 2025-05-04 02:50, 2025-05-05 02:50

Spamhaus XBL CBL

154.81.156.54 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-29 06:11:30.755000
Was present on blacklist at: 2025-04-29 06:11

Blocklist.net.ua

154.81.156.54 is listed on the Blocklist.net.ua blacklist.

Description: BlockList contains IP addresses that perform attacks, send spam or brute force passwords to the blocking list.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 22:15:01.924000
Was present on blacklist at: 2025-05-01 18:15, 2025-05-01 22:15, 2025-05-02 02:15, 2025-05-02 06:15, 2025-05-02 10:15, 2025-05-02 14:15, 2025-05-02 18:15, 2025-05-02 22:15, 2025-05-03 02:15, 2025-05-03 06:15, 2025-05-03 10:15, 2025-05-03 14:15, 2025-05-03 18:15, 2025-05-03 22:15, 2025-05-04 02:15, 2025-05-04 06:15, 2025-05-04 10:15, 2025-05-04 14:15, 2025-05-04 18:15, 2025-05-04 22:15, 2025-05-05 02:15, 2025-05-05 06:15, 2025-05-05 10:15, 2025-05-05 14:15, 2025-05-05 18:15, 2025-05-05 22:15

UCEPROTECT L1

154.81.156.54 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 23:45:00.523000
Was present on blacklist at: 2025-05-05 07:45, 2025-05-05 15:45, 2025-05-05 23:45

Warden events (11063)

2025-05-05: AnomalyTraffic (node.ffe95c): 49; AnomalyTraffic (node.86dac8): 37; ReconScanning (node.4dc198): 184; ReconScanning (node.368407): 133
2025-05-04: ReconScanning (node.4dc198): 148; ReconScanning (node.368407): 78; AnomalyTraffic (node.ffe95c): 29; AnomalyTraffic (node.86dac8): 16
2025-05-03: ReconScanning (node.4dc198): 289; AnomalyTraffic (node.86dac8): 49; ReconScanning (node.368407): 145; AnomalyTraffic (node.ffe95c): 93
2025-05-02: ReconScanning (node.4dc198): 289; ReconScanning (node.368407): 135; AnomalyTraffic (node.ffe95c): 99; AnomalyTraffic (node.86dac8): 66
2025-05-01: ReconScanning (node.368407): 133; ReconScanning (node.4dc198): 287; AnomalyTraffic (node.86dac8): 60; AnomalyTraffic (node.ffe95c): 83
2025-04-30: ReconScanning (node.368407): 139; ReconScanning (node.4dc198): 289; AnomalyTraffic (node.86dac8): 62; AnomalyTraffic (node.ffe95c): 97
2025-04-29: AnomalyTraffic (node.ffe95c): 85; AnomalyTraffic (node.86dac8): 60; ReconScanning (node.368407): 136; ReconScanning (node.4dc198): 288
2025-04-28: AnomalyTraffic (node.ffe95c): 86; ReconScanning (node.4dc198): 283; AnomalyTraffic (node.86dac8): 55; ReconScanning (node.368407): 147
2025-04-27: ReconScanning (node.4dc198): 287; ReconScanning (node.368407): 143; AnomalyTraffic (node.86dac8): 72; AnomalyTraffic (node.ffe95c): 113
2025-04-26: ReconScanning (node.4dc198): 287; AnomalyTraffic (node.86dac8): 65; ReconScanning (node.368407): 141; AnomalyTraffic (node.ffe95c): 92
2025-04-25: ReconScanning (node.4dc198): 286; AnomalyTraffic (node.86dac8): 60; ReconScanning (node.368407): 139; AnomalyTraffic (node.ffe95c): 88
2025-04-24: ReconScanning (node.4dc198): 289; AnomalyTraffic (node.ffe95c): 115; AnomalyTraffic (node.86dac8): 80; ReconScanning (node.368407): 138
2025-04-23: ReconScanning (node.4dc198): 286; ReconScanning (node.368407): 137; AnomalyTraffic (node.86dac8): 80; AnomalyTraffic (node.ffe95c): 103
2025-04-22: ReconScanning (node.4dc198): 287; ReconScanning (node.368407): 64; AnomalyTraffic (node.86dac8): 61; AnomalyTraffic (node.ffe95c): 73
2025-04-21: ReconScanning (node.4dc198): 288; AnomalyTraffic (node.86dac8): 63; AnomalyTraffic (node.ffe95c): 53
2025-04-20: ReconScanning (node.368407): 80; ReconScanning (node.4dc198): 289; ReconScanning (node.9c1411): 7; AnomalyTraffic (node.86dac8): 61; AnomalyTraffic (node.ffe95c): 62
2025-04-19: ReconScanning (node.4dc198): 287; ReconScanning (node.9c1411): 2; ReconScanning (node.368407): 41; AnomalyTraffic (node.86dac8): 14; AnomalyTraffic (node.ffe95c): 12
2025-04-18: ReconScanning (node.4dc198): 2; ReconScanning (node.368407): 1
2025-04-17: ReconScanning (node.4dc198): 97; ReconScanning (node.9c1411): 2
2025-04-16: ReconScanning (node.4dc198): 290
2025-04-15: ReconScanning (node.4dc198): 287; ReconScanning (node.9c1411): 2
2025-04-14: ReconScanning (node.4dc198): 274; ReconScanning (node.9c1411): 1
2025-04-13: ReconScanning (node.4dc198): 60; ReconScanning (node.9c1411): 6
2025-04-12: ReconScanning (node.4dc198): 57
2025-04-11: ReconScanning (node.4dc198): 288; ReconScanning (node.9c1411): 1
2025-04-10: ReconScanning (node.4dc198): 294
2025-04-09: ReconScanning (node.4dc198): 289; ReconScanning (node.9c1411): 1
2025-04-08: ReconScanning (node.4dc198): 192; ReconScanning (node.368407): 40; ReconScanning (node.9c1411): 5

DShield reports (IP summary, reports)

2025-04-08: Number of reports: 23580; Distinct targets: 1771
2025-04-09: Number of reports: 51530; Distinct targets: 935
2025-04-10: Number of reports: 35032; Distinct targets: 747
2025-04-11: Number of reports: 54272; Distinct targets: 854
2025-04-12: Number of reports: 11963; Distinct targets: 417
2025-04-13: Number of reports: 4643; Distinct targets: 345
2025-04-14: Number of reports: 32332; Distinct targets: 773
2025-04-15: Number of reports: 32098; Distinct targets: 735
2025-04-16: Number of reports: 51442; Distinct targets: 829
2025-04-17: Number of reports: 19450; Distinct targets: 467
2025-04-18: Number of reports: 114; Distinct targets: 44
2025-04-19: Number of reports: 33020; Distinct targets: 1152
2025-04-20: Number of reports: 49534; Distinct targets: 1021
2025-04-21: Number of reports: 50729; Distinct targets: 771
2025-04-22: Number of reports: 36140; Distinct targets: 1068
2025-04-23: Number of reports: 47029; Distinct targets: 1000
2025-04-24: Number of reports: 47863; Distinct targets: 974
2025-04-25: Number of reports: 34399; Distinct targets: 963
2025-04-26: Number of reports: 32071; Distinct targets: 996
2025-04-27: Number of reports: 44693; Distinct targets: 1438
2025-04-28: Number of reports: 43681; Distinct targets: 1464
2025-04-29: Number of reports: 29268; Distinct targets: 1111
2025-04-30: Number of reports: 43162; Distinct targets: 1039
2025-05-01: Number of reports: 43906; Distinct targets: 984
2025-05-02: Number of reports: 44582; Distinct targets: 1098
2025-05-03: Number of reports: 26043; Distinct targets: 997
2025-05-04: Number of reports: 11374; Distinct targets: 1566

OTX pulses

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2025-05-05 23:55:19.358000
Indicator created:	2025-05-05 02:20:23
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-08-03 00:00:00

[6818ae874875c4aa6b08c8d6] 2025-05-05 12:26:47.263000 | Apache honeypot logs for 05/May/2025

Author name:	jnazario
Pulse modified:	2025-05-05 12:26:47.263000
Indicator created:	2025-05-05 12:26:48
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-04 12:00:00

Origin AS: AS984 - OWS; AS36680 - NETIFACELLC
BGP Prefix: 154.81.156.0/24
geo: United Kingdom, London; 🕑 Europe/London
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 154.80.0.0 - 154.95.255.255
last_activity: 2025-05-06 00:36:42.750000
last_warden_event: 2025-05-05 16:24:28
rep: 0.9374999999999999
reserved_range: 0
Shodan's InternetDB: Open ports: 22; Tags: –; CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux
ts_added: 2025-04-08 06:11:20.555000
ts_last_update: 2025-05-06 00:36:42.767000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses