IP address

Search at other sites:

--20.125.195.236

Shodan(more info)

Passive DNS

IP blacklists

CI Army

20.125.195.236 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-10-12 02:50:01.108000
Was present on blacklist at: 2024-09-04 02:50, 2024-09-05 02:50, 2024-09-06 02:50, 2024-09-07 02:50, 2024-09-08 02:50, 2024-09-29 02:50, 2024-09-30 02:50, 2024-10-01 02:50, 2024-10-02 02:50, 2024-10-03 02:50, 2024-10-08 02:50, 2024-10-09 02:50, 2024-10-10 02:50, 2024-10-11 02:50, 2024-10-12 02:50

UCEPROTECT L1

20.125.195.236 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-10-16 07:45:00.921000
Was present on blacklist at: 2024-09-10 15:45, 2024-09-10 23:45, 2024-09-11 07:45, 2024-09-11 15:45, 2024-09-11 23:45, 2024-09-12 07:45, 2024-10-01 23:45, 2024-10-02 07:45, 2024-10-02 15:45, 2024-10-02 23:45, 2024-10-03 07:45, 2024-10-03 15:45, 2024-10-03 23:45, 2024-10-04 07:45, 2024-10-04 15:45, 2024-10-04 23:45, 2024-10-05 07:45, 2024-10-05 15:45, 2024-10-05 23:45, 2024-10-06 07:45, 2024-10-06 15:45, 2024-10-06 23:45, 2024-10-07 07:45, 2024-10-07 15:45, 2024-10-07 23:45, 2024-10-09 15:45, 2024-10-09 23:45, 2024-10-10 15:45, 2024-10-10 23:45, 2024-10-11 07:45, 2024-10-11 15:45, 2024-10-11 23:45, 2024-10-12 15:45, 2024-10-12 23:45, 2024-10-13 07:45, 2024-10-13 15:45, 2024-10-13 23:45, 2024-10-14 07:45, 2024-10-14 15:45, 2024-10-14 23:45, 2024-10-15 07:45, 2024-10-15 15:45, 2024-10-15 23:45, 2024-10-16 07:45

DShield reports (IP summary, reports)

2024-09-03

Number of reports: 129

Distinct targets: 93

2024-09-04

Number of reports: 207

Distinct targets: 143

2024-09-28

Number of reports: 206

Distinct targets: 153

2024-09-29

Number of reports: 140

Distinct targets: 91

2024-10-07

Number of reports: 122

Distinct targets: 89

2024-10-08

Number of reports: 226

Distinct targets: 157

OTX pulses

[66d9bd09816d39d549c4da6a] 2024-09-05 14:15:37.068000 | RDP honeypot logs for 2024/09/05

Author name:	jnazario
Pulse modified:	2024-09-05 14:15:37.068000
Indicator created:	2024-09-05 14:15:37
Indicator role:	None
Indicator title:
Indicator expiration:	2024-10-05 14:00:00

[66fc0404d6b414f4419a19a4] 2024-10-01 14:15:32.824000 | RDP honeypot logs for 2024/10/01

Author name:	jnazario
Pulse modified:	2024-10-01 14:15:32.824000
Indicator created:	2024-10-01 14:15:33
Indicator role:	None
Indicator title:
Indicator expiration:	2024-10-31 14:00:00

[670691e26588719ba4733c61] 2024-10-09 14:23:30.410000 | RDP honeypot logs for 2024/10/09

Author name:	jnazario
Pulse modified:	2024-10-09 14:23:30.410000
Indicator created:	2024-10-09 14:23:31
Indicator role:	None
Indicator title:
Indicator expiration:	2024-11-08 14:00:00

Origin AS

AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK

BGP Prefix

20.64.0.0/10

geo

United States, Chicago

🕑 America/Chicago

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

20.64.0.0 - 20.127.255.255

last_activity

2024-10-09 16:21:50.835000

reserved_range

0

Shodan's InternetDB

Open ports: 21, 80, 3389

Tags: cloud, self-signed, scanner

CPEs: cpe:/a:microsoft:internet_information_services:10.0, cpe:/o:microsoft:windows

ts_added

2024-09-04 02:50:49.711000

ts_last_update

2024-11-17 02:50:50.540000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses