IP address

Passive DNS

Tags: Scanner

IP blacklists

CI Army

194.50.16.198 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-11-21 03:50:01.018000
Was present on blacklist at: 2024-11-08 03:50, 2024-11-09 03:50, 2024-11-10 03:50, 2024-11-11 03:50, 2024-11-12 03:50, 2024-11-13 03:50, 2024-11-14 03:50, 2024-11-15 03:50, 2024-11-16 03:50, 2024-11-17 03:50, 2024-11-18 03:50, 2024-11-19 03:50, 2024-11-20 03:50, 2024-11-21 03:50

AbuseIPDB

194.50.16.198 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-11-21 05:00:00.328000
Was present on blacklist at: 2024-11-08 05:00, 2024-11-09 05:00, 2024-11-10 05:00, 2024-11-11 05:00, 2024-11-12 05:00, 2024-11-13 05:00, 2024-11-14 05:00, 2024-11-15 05:00, 2024-11-16 05:00, 2024-11-17 05:00, 2024-11-18 05:00, 2024-11-19 05:00, 2024-11-20 05:00, 2024-11-21 05:00

Turris greylist

194.50.16.198 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-11-20 22:15:00.210000
Was present on blacklist at: 2024-11-08 22:15, 2024-11-09 22:15, 2024-11-10 22:15, 2024-11-11 22:15, 2024-11-12 22:15, 2024-11-13 22:15, 2024-11-14 22:15, 2024-11-15 22:15, 2024-11-16 22:15, 2024-11-17 22:15, 2024-11-18 22:15, 2024-11-19 22:15, 2024-11-20 22:15

UCEPROTECT L1

194.50.16.198 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-11-16 00:45:00.804000
Was present on blacklist at: 2024-11-09 08:45, 2024-11-09 16:45, 2024-11-10 00:45, 2024-11-10 08:45, 2024-11-10 16:45, 2024-11-11 00:45, 2024-11-11 08:45, 2024-11-11 16:45, 2024-11-12 00:45, 2024-11-12 08:45, 2024-11-12 16:45, 2024-11-13 00:45, 2024-11-13 08:45, 2024-11-13 16:45, 2024-11-14 00:45, 2024-11-14 08:45, 2024-11-14 16:45, 2024-11-15 00:45, 2024-11-15 08:45, 2024-11-15 16:45, 2024-11-16 00:45

Spamhaus XBL CBL

194.50.16.198 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-11-21 08:31:10.090000
Was present on blacklist at: 2024-11-14 08:31, 2024-11-21 08:31

Warden events (75049)

2024-11-21: IntrusionUserCompromise (node.cfb4f7): 23; ReconScanning (node.4dc198): 78; ReconScanning (node.368407): 50; ReconScanning (node.ce2b59): 11; AnomalyTraffic (node.ffe95c): 3; AnomalyTraffic (node.86dac8): 1
2024-11-20: ReconScanning (node.4dc198): 220; AnomalyTraffic (node.ffe95c): 20; ReconScanning (node.ce2b59): 26; ReconScanning (node.368407): 76; IntrusionUserCompromise (node.cfb4f7): 1761; AnomalyTraffic (node.86dac8): 12; ReconScanning (node.5f02e7): 1
2024-11-19: ReconScanning (node.4dc198): 229; AnomalyTraffic (node.86dac8): 50; ReconScanning (node.ce2b59): 7; ReconScanning (node.368407): 72; AnomalyTraffic (node.ffe95c): 49; IntrusionUserCompromise (node.cfb4f7): 3751
2024-11-18: AnomalyTraffic (node.86dac8): 36; ReconScanning (node.4dc198): 228; ReconScanning (node.368407): 96; AnomalyTraffic (node.ffe95c): 32; IntrusionUserCompromise (node.cfb4f7): 2483; ReconScanning (node.ce2b59): 6; ReconScanning (node.5f02e7): 1
2024-11-17: ReconScanning (node.ce2b59): 30; AnomalyTraffic (node.ffe95c): 4; AnomalyTraffic (node.86dac8): 14; ReconScanning (node.4dc198): 125; ReconScanning (node.368407): 41; IntrusionUserCompromise (node.cfb4f7): 2582
2024-11-16: IntrusionUserCompromise (node.cfb4f7): 2961; AnomalyTraffic (node.86dac8): 26; ReconScanning (node.4dc198): 164; ReconScanning (node.368407): 51; AnomalyTraffic (node.ffe95c): 19; ReconScanning (node.ce2b59): 8
2024-11-15: AnomalyTraffic (node.86dac8): 54; AnomalyTraffic (node.ffe95c): 84; ReconScanning (node.4dc198): 220; ReconScanning (node.368407): 73; IntrusionUserCompromise (node.cfb4f7): 7143; ReconScanning (node.ce2b59): 1
2024-11-14: ReconScanning (node.4dc198): 228; AnomalyTraffic (node.ffe95c): 79; IntrusionUserCompromise (node.cfb4f7): 7319; AnomalyTraffic (node.86dac8): 56; ReconScanning (node.368407): 90
2024-11-13: ReconScanning (node.4dc198): 224; AnomalyTraffic (node.86dac8): 55; AnomalyTraffic (node.ffe95c): 79; ReconScanning (node.368407): 94; IntrusionUserCompromise (node.cfb4f7): 6379
2024-11-12: IntrusionUserCompromise (node.cfb4f7): 6436; ReconScanning (node.368407): 77; ReconScanning (node.ce2b59): 3; ReconScanning (node.4dc198): 209; AnomalyTraffic (node.ffe95c): 79; AnomalyTraffic (node.86dac8): 57
2024-11-11: ReconScanning (node.368407): 58; ReconScanning (node.4dc198): 180; AnomalyTraffic (node.ffe95c): 67; AnomalyTraffic (node.86dac8): 49; IntrusionUserCompromise (node.cfb4f7): 6984
2024-11-10: AnomalyTraffic (node.ffe95c): 80; AnomalyTraffic (node.86dac8): 56; ReconScanning (node.4dc198): 218; ReconScanning (node.368407): 89; IntrusionUserCompromise (node.cfb4f7): 6600; ReconScanning (node.ce2b59): 2
2024-11-09: ReconScanning (node.368407): 85; ReconScanning (node.4dc198): 226; AnomalyTraffic (node.ffe95c): 80; AnomalyTraffic (node.86dac8): 57; IntrusionUserCompromise (node.cfb4f7): 8820; ReconScanning (node.ce2b59): 2
2024-11-08: AnomalyTraffic (node.86dac8): 67; AnomalyTraffic (node.ffe95c): 82; ReconScanning (node.4dc198): 211; ReconScanning (node.368407): 124; IntrusionUserCompromise (node.cfb4f7): 5694
2024-11-07: AnomalyTraffic (node.ffe95c): 60; AnomalyTraffic (node.86dac8): 60; ReconScanning (node.368407): 116; ReconScanning (node.ce2b59): 1; ReconScanning (node.4dc198): 112; IntrusionUserCompromise (node.cfb4f7): 483

DShield reports (IP summary, reports)

2024-11-07: Number of reports: 1477; Distinct targets: 27
2024-11-08: Number of reports: 18331; Distinct targets: 3752
2024-11-09: Number of reports: 22447; Distinct targets: 3141
2024-11-10: Number of reports: 22682; Distinct targets: 2686
2024-11-11: Number of reports: 18241; Distinct targets: 2604
2024-11-12: Number of reports: 22922; Distinct targets: 2613
2024-11-13: Number of reports: 23010; Distinct targets: 2637
2024-11-14: Number of reports: 22897; Distinct targets: 2639
2024-11-15: Number of reports: 23020; Distinct targets: 2616
2024-11-16: Number of reports: 11089; Distinct targets: 2994
2024-11-17: Number of reports: 5776; Distinct targets: 1754
2024-11-18: Number of reports: 10501; Distinct targets: 2759
2024-11-19: Number of reports: 12172; Distinct targets: 3028
2024-11-20: Number of reports: 11865; Distinct targets: 2979

OTX pulses

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2024-11-21 03:45:31.096000
Indicator created:	2024-11-09 00:53:44
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2024-12-09 00:00:00

[672f7f24b24051925084a666] 2024-11-09 15:26:28.784000 | Apache honeypot logs for 09/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-09 15:26:28.784000
Indicator created:	2024-11-09 15:26:29
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-09 15:00:00

[6730d1e677fb2e87f809993b] 2024-11-10 15:31:50.920000 | Apache honeypot logs for 10/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-10 15:31:50.920000
Indicator created:	2024-11-10 15:31:51
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-10 15:00:00

[6732221131b81ebeacfe84fe] 2024-11-11 15:26:09.591000 | Apache honeypot logs for 11/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-11 15:26:09.591000
Indicator created:	2024-11-11 15:26:10
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-11 15:00:00

[673373887446dec68c09173d] 2024-11-12 15:26:00.309000 | Apache honeypot logs for 12/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-12 15:26:00.309000
Indicator created:	2024-11-12 15:26:01
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-12 15:00:00

[6734c46ebf1473193d1b3363] 2024-11-13 15:23:26.526000 | Apache honeypot logs for 13/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-13 15:23:26.526000
Indicator created:	2024-11-13 15:23:27
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-13 15:00:00

[673614a4067fc3b117e68e1f] 2024-11-14 15:17:56.398000 | Apache honeypot logs for 14/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-14 15:17:56.398000
Indicator created:	2024-11-14 15:17:57
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-14 15:00:00

[673766379bc4389574431568] 2024-11-15 15:18:15.259000 | Apache honeypot logs for 15/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-15 15:18:15.259000
Indicator created:	2024-11-15 15:18:16
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-15 15:00:00

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2024-11-21 07:55:15.794000
Indicator created:	2024-11-16 15:15:21
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-02-14 00:00:00

[6738b7ac56ea177d4de0b059] 2024-11-16 15:18:04.820000 | Apache honeypot logs for 16/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-16 15:18:04.820000
Indicator created:	2024-11-16 15:18:05
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-16 15:00:00

[673b5aa8ab3731b6408cb943] 2024-11-18 15:18:00.380000 | Apache honeypot logs for 18/Nov/2024

Author name:	jnazario
Pulse modified:	2024-11-18 15:18:00.380000
Indicator created:	2024-11-18 15:18:01
Indicator role:	None
Indicator title:
Indicator expiration:	2024-12-18 15:00:00

Origin AS: AS49870 - AS49870-BV
BGP Prefix: 194.50.16.0/24
geo: Netherlands, Amsterdam; 🕑 Europe/Amsterdam
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 194.50.16.0 - 194.50.19.255
last_activity: 2024-11-21 08:34:09
last_warden_event: 2024-11-21 08:34:09
rep: 0.983482142857143
reserved_range: 0
ts_added: 2024-11-07 08:31:08.523000
ts_last_update: 2024-11-21 08:34:16.051000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses