IP address

Passive DNS

Tags: IP in hostname

IP blacklists

UCEPROTECT L1

23.94.159.193 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-29 07:45:00.889000
Was present on blacklist at: 2025-06-14 07:45, 2025-06-14 15:45, 2025-06-14 23:45, 2025-06-15 07:45, 2025-06-15 15:45, 2025-06-15 23:45, 2025-06-16 07:45, 2025-06-16 15:45, 2025-06-16 23:45, 2025-06-17 07:45, 2025-06-17 15:45, 2025-06-17 23:45, 2025-06-18 07:45, 2025-06-18 15:45, 2025-06-18 23:45, 2025-06-19 07:45, 2025-06-19 15:45, 2025-06-19 23:45, 2025-06-20 07:45, 2025-06-20 15:45, 2025-06-20 23:45, 2025-06-21 07:45, 2025-06-21 15:45, 2025-06-21 23:45, 2025-06-22 07:45, 2025-06-22 15:45, 2025-06-22 23:45, 2025-06-23 07:45, 2025-06-23 15:45, 2025-06-23 23:45, 2025-06-24 07:45, 2025-06-24 15:45, 2025-06-24 23:45, 2025-06-26 15:45, 2025-06-26 23:45, 2025-06-27 07:45, 2025-06-27 15:45, 2025-06-27 23:45, 2025-06-28 07:45, 2025-06-28 15:45, 2025-06-28 23:45, 2025-06-29 07:45

Turris greylist

23.94.159.193 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-18 21:15:00.211000
Was present on blacklist at: 2025-06-18 21:15

Spamhaus SBL CSS

23.94.159.193 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-06-27 14:44:12.443000
Was present on blacklist at: 2025-06-20 14:44

DataPlane SMTP greeting

23.94.159.193 is listed on the DataPlane SMTP greeting blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs that are<br>identified as SMTP clients issuing unsolicited HELO or EHLO commands.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-29 06:10:01.633000
Was present on blacklist at: 2025-06-28 14:10, 2025-06-28 18:10, 2025-06-28 22:10, 2025-06-29 02:10, 2025-06-29 06:10

Warden events (17)

2025-06-28: IntrusionUserCompromise (node.cfb4f7): 1
2025-06-27: IntrusionUserCompromise (node.cfb4f7): 1
2025-06-26: IntrusionUserCompromise (node.cfb4f7): 2
2025-06-25: IntrusionUserCompromise (node.cfb4f7): 2
2025-06-18: IntrusionUserCompromise (node.cfb4f7): 1
2025-06-15: IntrusionUserCompromise (node.cfb4f7): 6
2025-06-14: IntrusionUserCompromise (node.cfb4f7): 2
2025-06-13: IntrusionUserCompromise (node.cfb4f7): 2

Origin AS: AS36352 - AS-COLOCROSSING
BGP Prefix: 23.94.156.0/22
geo: United States, Buffalo; 🕑 America/New_York
hostname: 23-94-159-193-host.colocrossing.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 23.94.0.0 - 23.95.255.255
last_activity: 2025-06-28 00:38:53
last_warden_event: 2025-06-28 00:38:53
rep: 0.16063988095238096
reserved_range: 0
Shodan's InternetDB: Open ports: 3389; Tags: self-signed; CPEs: –
ts_added: 2025-06-13 14:44:04.711000
ts_last_update: 2025-06-29 08:01:10.458000

Warden event timeline

DShield event timeline

Presence on blacklists