IP address

Search at other sites:

.926193.142.147.209

Shodan(more info)

Passive DNS

IP blacklists

Spamhaus SBL

193.142.147.209 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-30 03:25:00.703000
Was present on blacklist at: 2025-10-23 03:24, 2025-10-30 03:25

Spamhaus DROP

193.142.147.209 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-30 03:25:00.703000
Was present on blacklist at: 2025-10-23 03:24, 2025-10-30 03:25

Blocklist.net.ua

193.142.147.209 is listed on the Blocklist.net.ua blacklist.

Description: BlockList contains IP addresses that perform attacks,<br>send spam or brute force passwords to the blocking list.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-05 15:15:02.861000
Was present on blacklist at: 2025-10-23 10:15, 2025-10-23 14:15, 2025-10-23 18:15, 2025-10-23 22:15, 2025-10-24 02:15, 2025-10-24 06:15, 2025-10-24 10:15, 2025-10-24 14:15, 2025-10-24 18:15, 2025-10-24 22:15, 2025-10-25 02:15, 2025-10-25 06:15, 2025-10-25 10:15, 2025-10-25 14:15, 2025-10-25 18:15, 2025-10-25 22:15, 2025-10-26 03:15, 2025-10-26 07:15, 2025-10-26 15:15, 2025-10-26 19:15, 2025-10-26 23:15, 2025-10-27 03:15, 2025-10-27 07:15, 2025-10-27 11:15, 2025-10-27 15:15, 2025-10-27 19:15, 2025-10-27 23:15, 2025-10-28 03:15, 2025-10-28 07:15, 2025-10-28 11:15, 2025-10-28 15:15, 2025-10-28 19:15, 2025-10-28 23:15, 2025-10-29 03:15, 2025-10-29 07:15, 2025-10-29 11:15, 2025-10-29 15:15, 2025-10-29 19:15, 2025-10-29 23:15, 2025-10-30 03:15, 2025-10-30 07:15, 2025-10-30 11:15, 2025-10-30 15:15, 2025-10-30 19:15, 2025-10-30 23:15, 2025-10-31 03:15, 2025-10-31 07:15, 2025-10-31 11:15, 2025-10-31 15:15, 2025-10-31 19:15, 2025-10-31 23:15, 2025-11-01 03:15, 2025-11-01 07:15, 2025-11-01 11:15, 2025-11-01 15:15, 2025-11-01 19:15, 2025-11-01 23:15, 2025-11-02 03:15, 2025-11-02 07:15, 2025-11-02 11:15, 2025-11-02 15:15, 2025-11-02 19:15, 2025-11-02 23:15, 2025-11-03 03:15, 2025-11-03 07:15, 2025-11-03 11:15, 2025-11-03 15:15, 2025-11-03 19:15, 2025-11-03 23:15, 2025-11-04 03:15, 2025-11-04 07:15, 2025-11-04 11:15, 2025-11-04 15:15, 2025-11-04 19:15, 2025-11-04 23:15, 2025-11-05 03:15, 2025-11-05 07:15, 2025-11-05 11:15, 2025-11-05 15:15

blocklist.de SSH

193.142.147.209 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-10-25 22:05:00.501000
Was present on blacklist at: 2025-10-23 22:05, 2025-10-24 04:05, 2025-10-24 10:05, 2025-10-24 16:05, 2025-10-24 22:05, 2025-10-25 04:05, 2025-10-25 10:05, 2025-10-25 16:05, 2025-10-25 22:05

DataPlane SSH login

193.142.147.209 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-10-30 19:10:01.777000
Was present on blacklist at: 2025-10-24 02:10, 2025-10-24 06:10, 2025-10-24 14:10, 2025-10-24 18:10, 2025-10-25 02:10, 2025-10-25 06:10, 2025-10-25 18:10, 2025-10-26 03:10, 2025-10-26 07:10, 2025-10-26 15:10, 2025-10-26 19:10, 2025-10-27 03:10, 2025-10-27 07:10, 2025-10-27 15:10, 2025-10-27 19:10, 2025-10-28 03:10, 2025-10-28 07:10, 2025-10-28 15:10, 2025-10-28 19:10, 2025-10-29 03:10, 2025-10-29 07:10, 2025-10-29 15:10, 2025-10-29 19:10, 2025-10-30 03:10, 2025-10-30 07:10, 2025-10-30 15:10, 2025-10-30 19:10

DShield Block

193.142.147.209 was recently listed on the DShield Block blacklist, but currently it is not.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking<br>class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2025-11-04 04:50:00
Was present on blacklist at: 2025-10-24 04:50

AbuseIPDB

193.142.147.209 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-11-05 05:00:00.750000
Was present on blacklist at: 2025-10-24 04:00, 2025-10-25 04:00, 2025-10-26 05:00, 2025-10-27 05:00, 2025-10-28 05:00, 2025-10-29 05:00, 2025-10-30 05:00, 2025-10-31 05:00, 2025-11-01 05:00, 2025-11-02 05:00, 2025-11-03 05:00, 2025-11-04 05:00, 2025-11-05 05:00

Turris greylist

193.142.147.209 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-04 22:15:00.192000
Was present on blacklist at: 2025-10-24 21:15, 2025-10-25 21:15, 2025-10-26 22:15, 2025-10-27 22:15, 2025-10-28 22:15, 2025-10-29 22:15, 2025-10-30 22:15, 2025-10-31 22:15, 2025-11-01 22:15, 2025-11-02 22:15, 2025-11-03 22:15, 2025-11-04 22:15

Spamhaus XBL CBL

193.142.147.209 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-30 03:25:00.703000
Was present on blacklist at: 2025-10-30 03:25

blocklist.de Apache

193.142.147.209 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-02 17:05:05.248000
Was present on blacklist at: 2025-10-31 23:05, 2025-11-01 05:05, 2025-11-01 11:05, 2025-11-01 17:05, 2025-11-01 23:05, 2025-11-02 05:05, 2025-11-02 11:05, 2025-11-02 17:05

DataPlane TELNET login

193.142.147.209 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-05 15:10:03.430000
Was present on blacklist at: 2025-11-01 19:10, 2025-11-01 23:10, 2025-11-02 03:10, 2025-11-02 07:10, 2025-11-02 11:10, 2025-11-02 15:10, 2025-11-02 19:10, 2025-11-02 23:10, 2025-11-03 03:10, 2025-11-03 07:10, 2025-11-03 11:10, 2025-11-03 15:10, 2025-11-03 19:10, 2025-11-03 23:10, 2025-11-04 03:10, 2025-11-04 07:10, 2025-11-04 11:10, 2025-11-04 15:10, 2025-11-04 19:10, 2025-11-04 23:10, 2025-11-05 03:10, 2025-11-05 07:10, 2025-11-05 11:10, 2025-11-05 15:10

UCEPROTECT L1

193.142.147.209 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-05 16:45:00.569000
Was present on blacklist at: 2025-11-02 16:45, 2025-11-03 00:45, 2025-11-03 08:45, 2025-11-03 16:45, 2025-11-04 00:45, 2025-11-04 08:45, 2025-11-04 16:45, 2025-11-05 00:45, 2025-11-05 08:45, 2025-11-05 16:45

Warden events (11242)

2025-11-05

AnomalyTraffic (node.ffe95c): 56

ReconScanning (node.9c1411): 28

ReconScanning (node.4dc198): 206

ReconScanning (node.368407): 140

IntrusionUserCompromise (node.cfb4f7): 1968

2025-11-04

ReconScanning (node.368407): 267

ReconScanning (node.4dc198): 285

AnomalyTraffic (node.ffe95c): 79

IntrusionUserCompromise (node.cfb4f7): 8

ReconScanning (node.9c1411): 2

2025-11-03

ReconScanning (node.368407): 250

ReconScanning (node.4dc198): 284

AnomalyTraffic (node.ffe95c): 92

IntrusionUserCompromise (node.cfb4f7): 440

2025-11-02

ReconScanning (node.368407): 229

ReconScanning (node.4dc198): 269

AnomalyTraffic (node.ffe95c): 84

IntrusionUserCompromise (node.cfb4f7): 1246

2025-11-01

ReconScanning (node.368407): 261

ReconScanning (node.4dc198): 287

AnomalyTraffic (node.ffe95c): 110

IntrusionUserCompromise (node.cfb4f7): 48

2025-10-31

ReconScanning (node.4dc198): 281

ReconScanning (node.368407): 233

AnomalyTraffic (node.ffe95c): 39

2025-10-30

ReconScanning (node.368407): 189

ReconScanning (node.4dc198): 212

AnomalyTraffic (node.ffe95c): 65

2025-10-29

ReconScanning (node.368407): 284

ReconScanning (node.4dc198): 284

AnomalyTraffic (node.ffe95c): 9

2025-10-28

ReconScanning (node.4dc198): 220

ReconScanning (node.368407): 184

AnomalyTraffic (node.ffe95c): 63

ReconScanning (node.9c1411): 1

2025-10-27

AnomalyTraffic (node.ffe95c): 29

ReconScanning (node.4dc198): 244

ReconScanning (node.368407): 241

2025-10-26

ReconScanning (node.4dc198): 267

AnomalyTraffic (node.ffe95c): 70

ReconScanning (node.368407): 159

2025-10-25

ReconScanning (node.368407): 158

ReconScanning (node.4dc198): 286

AnomalyTraffic (node.ffe95c): 76

ReconScanning (node.9c1411): 7

2025-10-24

ReconScanning (node.4dc198): 283

ReconScanning (node.368407): 190

AnomalyTraffic (node.ffe95c): 82

ReconScanning (node.9c1411): 11

2025-10-23

ReconScanning (node.4dc198): 179

AnomalyTraffic (node.ffe95c): 57

ReconScanning (node.368407): 106

ReconScanning (node.9c1411): 7

IntrusionUserCompromise (node.b17ef8): 15

IntrusionUserCompromise (node.03e7a9): 46

AttemptLogin (node.03e7a9): 9

AttemptLogin (node.b17ef8): 10

AttemptLogin (node.40929a): 1

IntrusionUserCompromise (node.40929a): 6

DShield reports (IP summary, reports)

2025-10-23

Number of reports: 19456

Distinct targets: 1603

2025-10-24

Number of reports: 19456

Distinct targets: 1603

2025-10-25

Number of reports: 27924

Distinct targets: 1672

2025-10-26

Number of reports: 27924

Distinct targets: 1672

2025-10-27

Number of reports: 18986

Distinct targets: 1464

2025-10-28

Number of reports: 20273

Distinct targets: 814

2025-10-29

Number of reports: 28179

Distinct targets: 765

2025-10-30

Number of reports: 18465

Distinct targets: 824

2025-10-31

Number of reports: 31453

Distinct targets: 850

2025-11-01

Number of reports: 24937

Distinct targets: 792

2025-11-02

Number of reports: 24937

Distinct targets: 792

2025-11-03

Number of reports: 21726

Distinct targets: 1087

2025-11-04

Number of reports: 21726

Distinct targets: 1087

OTX pulses

[68fa1f5419a437ebf08cf9ef] 2025-10-23 12:28:04.524000 | Apache honeypot logs for 23/Oct/2025

Author name:	jnazario
Pulse modified:	2025-10-23 12:28:04.524000
Indicator created:	2025-10-23 12:28:05
Indicator role:	None
Indicator title:
Indicator expiration:	2025-11-22 12:00:00

[68fb706718323c2674a9473c] 2025-10-24 12:26:15.517000 | Apache honeypot logs for 24/Oct/2025

Author name:	jnazario
Pulse modified:	2025-10-24 12:26:15.517000
Indicator created:	2025-10-24 12:26:16
Indicator role:	None
Indicator title:
Indicator expiration:	2025-11-23 12:00:00

[68fcc218065d6f9d539760e5] 2025-10-25 12:27:04.672000 | Apache honeypot logs for 25/Oct/2025

Author name:	jnazario
Pulse modified:	2025-10-25 12:27:04.672000
Indicator created:	2025-10-25 12:27:05
Indicator role:	None
Indicator title:
Indicator expiration:	2025-11-24 12:00:00

[68fe13d6d1d8ad77b286b308] 2025-10-26 12:28:06.562000 | Apache honeypot logs for 26/Oct/2025

Author name:	jnazario
Pulse modified:	2025-10-26 12:28:06.562000
Indicator created:	2025-10-26 12:28:07
Indicator role:	None
Indicator title:
Indicator expiration:	2025-11-25 12:00:00

[6900cd8fd5db8e0e963a0786] 2025-10-28 14:05:03.329000 | Apache honeypot logs for 28/Oct/2025

Author name:	jnazario
Pulse modified:	2025-10-28 14:05:03.329000
Indicator created:	2025-10-28 14:05:04
Indicator role:	None
Indicator title:
Indicator expiration:	2025-11-27 14:00:00

[69075c0b416b208a7a1f33bc] 2025-11-02 13:26:35.955000 | Apache honeypot logs for 02/Nov/2025

Author name:	jnazario
Pulse modified:	2025-11-02 13:26:35.955000
Indicator created:	2025-11-02 13:26:36
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-02 13:00:00

[690b502ba3176c5fdfd63dd5] 2025-11-05 13:24:59.224000 | Apache honeypot logs for 05/Nov/2025

Author name:	jnazario
Pulse modified:	2025-11-05 13:24:59.224000
Indicator created:	2025-11-05 13:25:00
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-05 13:00:00

Origin AS

AS213438 - colocatel-inc

BGP Prefix

193.142.147.0/24

geo

Germany

🕑 Europe/Berlin

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

193.142.146.0 - 193.142.147.255

last_activity

2025-11-05 17:30:59

last_warden_event

2025-11-05 17:30:59

rep

0.9264136904761904

reserved_range

0

Shodan's InternetDB

Open ports: 22

Tags: –

CPEs: cpe:/o:debian:debian_linux, cpe:/a:openbsd:openssh:8.4p1, cpe:/o:linux:linux_kernel

ts_added

2025-10-23 03:24:51.761000

ts_last_update

2025-11-05 17:31:03.445000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses