IP address

Passive DNS

Tags: IP in hostname Scanner

IP blacklists

blocklist.de Apache

23.94.20.2 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing attacks on the service Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-18 10:05:00.552000
Was present on blacklist at: 2024-09-07 22:05, 2024-09-08 04:05, 2024-09-08 10:05, 2024-09-08 16:05, 2024-09-08 22:05, 2024-09-09 04:05, 2024-09-09 10:05, 2024-09-09 16:05, 2024-09-09 22:05, 2024-09-10 04:05, 2024-09-10 10:05, 2024-09-10 22:05, 2024-09-11 04:05, 2024-09-11 10:05, 2024-09-11 16:05, 2024-09-11 22:05, 2024-09-12 04:05, 2024-09-12 10:05, 2024-09-12 16:05, 2024-09-12 22:05, 2024-09-13 04:05, 2024-09-13 10:05, 2024-09-13 16:05, 2024-09-13 22:05, 2024-09-14 04:05, 2024-09-14 10:05, 2024-09-14 16:05, 2024-09-14 22:05, 2024-09-15 04:05, 2024-09-15 10:05, 2024-09-15 16:05, 2024-09-15 22:05, 2024-09-16 04:05, 2024-09-16 10:05, 2024-09-16 16:05, 2024-09-16 22:05, 2024-09-17 04:05, 2024-09-17 10:05, 2024-09-17 16:05, 2024-09-17 22:05, 2024-09-18 04:05, 2024-09-18 10:05

CI Army

23.94.20.2 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-11-02 03:50:00.920000
Was present on blacklist at: 2024-09-08 02:50, 2024-09-09 02:50, 2024-09-10 02:50, 2024-09-11 02:50, 2024-09-12 02:50, 2024-09-13 02:50, 2024-09-14 02:50, 2024-09-15 02:50, 2024-09-16 02:50, 2024-09-17 02:50, 2024-09-18 02:50, 2024-09-19 02:50, 2024-09-20 02:50, 2024-09-21 02:50, 2024-09-22 02:50, 2024-09-23 02:50, 2024-09-24 02:50, 2024-09-25 02:50, 2024-09-26 02:50, 2024-09-27 02:50, 2024-09-28 02:50, 2024-09-29 02:50, 2024-09-30 02:50, 2024-10-01 02:50, 2024-10-02 02:50, 2024-10-03 02:50, 2024-10-04 02:50, 2024-10-05 02:50, 2024-10-06 02:50, 2024-10-07 02:50, 2024-10-08 02:50, 2024-10-09 02:50, 2024-10-10 02:50, 2024-10-11 02:50, 2024-10-12 02:50, 2024-10-13 02:50, 2024-10-14 02:50, 2024-10-15 02:50, 2024-10-16 02:50, 2024-10-17 02:50, 2024-10-18 02:50, 2024-10-19 02:50, 2024-10-20 02:50, 2024-10-21 02:50, 2024-10-22 02:50, 2024-10-23 02:50, 2024-10-24 02:50, 2024-10-25 02:50, 2024-10-26 02:50, 2024-10-27 03:50, 2024-10-28 03:50, 2024-10-29 03:50, 2024-10-30 03:50, 2024-10-31 03:50, 2024-11-01 03:50, 2024-11-02 03:50

UCEPROTECT L1

23.94.20.2 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-10-29 08:45:00.934000
Was present on blacklist at: 2024-09-10 15:45, 2024-09-10 23:45, 2024-09-11 07:45, 2024-09-11 15:45, 2024-09-11 23:45, 2024-09-12 07:45, 2024-09-12 15:45, 2024-09-12 23:45, 2024-09-13 07:45, 2024-09-13 15:45, 2024-09-13 23:45, 2024-09-14 07:45, 2024-09-14 15:45, 2024-09-14 23:45, 2024-09-15 07:45, 2024-10-01 23:45, 2024-10-02 07:45, 2024-10-02 15:45, 2024-10-02 23:45, 2024-10-03 07:45, 2024-10-03 15:45, 2024-10-03 23:45, 2024-10-04 07:45, 2024-10-04 15:45, 2024-10-04 23:45, 2024-10-05 07:45, 2024-10-05 15:45, 2024-10-05 23:45, 2024-10-06 07:45, 2024-10-06 15:45, 2024-10-06 23:45, 2024-10-07 07:45, 2024-10-07 15:45, 2024-10-07 23:45, 2024-10-12 15:45, 2024-10-12 23:45, 2024-10-13 07:45, 2024-10-13 15:45, 2024-10-13 23:45, 2024-10-14 07:45, 2024-10-14 15:45, 2024-10-14 23:45, 2024-10-15 07:45, 2024-10-15 15:45, 2024-10-15 23:45, 2024-10-16 07:45, 2024-10-16 15:45, 2024-10-16 23:45, 2024-10-17 07:45, 2024-10-17 15:45, 2024-10-17 23:45, 2024-10-18 07:45, 2024-10-18 15:45, 2024-10-18 23:45, 2024-10-19 07:45, 2024-10-19 15:45, 2024-10-19 23:45, 2024-10-20 07:45, 2024-10-20 15:45, 2024-10-20 23:45, 2024-10-21 07:45, 2024-10-21 15:45, 2024-10-21 23:45, 2024-10-22 07:45, 2024-10-22 15:45, 2024-10-22 23:45, 2024-10-23 07:45, 2024-10-23 15:45, 2024-10-23 23:45, 2024-10-24 07:45, 2024-10-24 15:45, 2024-10-24 23:45, 2024-10-25 07:45, 2024-10-25 15:45, 2024-10-25 23:45, 2024-10-26 07:45, 2024-10-26 15:45, 2024-10-26 23:45, 2024-10-27 08:45, 2024-10-27 16:45, 2024-10-28 00:45, 2024-10-28 08:45, 2024-10-28 16:45, 2024-10-29 00:45, 2024-10-29 08:45

Turris greylist

23.94.20.2 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-10-27 22:15:00.214000
Was present on blacklist at: 2024-09-10 21:15, 2024-09-11 21:15, 2024-09-19 21:15, 2024-09-23 21:15, 2024-09-25 21:15, 2024-09-27 21:15, 2024-09-29 21:15, 2024-09-30 21:15, 2024-10-03 21:15, 2024-10-04 21:15, 2024-10-09 21:15, 2024-10-20 21:15, 2024-10-22 21:15, 2024-10-27 22:15

AbuseIPDB

23.94.20.2 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-10-31 05:00:00.330000
Was present on blacklist at: 2024-09-11 04:00, 2024-09-12 04:00, 2024-09-13 04:00, 2024-09-14 04:00, 2024-09-15 04:00, 2024-09-16 04:00, 2024-09-17 04:00, 2024-09-18 04:00, 2024-09-19 04:00, 2024-09-20 04:00, 2024-09-21 04:00, 2024-09-22 04:00, 2024-09-23 04:00, 2024-09-24 04:00, 2024-09-25 04:00, 2024-09-26 04:00, 2024-09-27 04:00, 2024-09-28 04:00, 2024-09-29 04:00, 2024-10-01 04:00, 2024-10-02 04:00, 2024-10-03 04:00, 2024-10-04 04:00, 2024-10-05 04:00, 2024-10-06 04:00, 2024-10-07 04:00, 2024-10-08 04:00, 2024-10-09 04:00, 2024-10-12 04:00, 2024-10-13 04:00, 2024-10-14 04:00, 2024-10-15 04:00, 2024-10-16 04:00, 2024-10-17 04:00, 2024-10-18 04:00, 2024-10-19 04:00, 2024-10-20 04:00, 2024-10-21 04:00, 2024-10-22 04:00, 2024-10-23 04:00, 2024-10-24 04:00, 2024-10-25 04:00, 2024-10-26 04:00, 2024-10-27 05:00, 2024-10-28 05:00, 2024-10-29 05:00, 2024-10-30 05:00, 2024-10-31 05:00

Spamhaus XBL CBL

23.94.20.2 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-11-02 16:52:20.089000
Was present on blacklist at: 2024-10-05 16:52, 2024-10-12 16:52

Warden events (12023)

2024-10-30: ReconScanning (node.368407): 23; ReconScanning (node.4dc198): 19; ReconScanning (node.ce2b59): 4
2024-10-29: ReconScanning (node.ce2b59): 22; ReconScanning (node.368407): 34; ReconScanning (node.4dc198): 29
2024-10-28: ReconScanning (node.ce2b59): 2
2024-10-27: ReconScanning (node.ce2b59): 7; ReconScanning (node.4dc198): 50; ReconScanning (node.368407): 52
2024-10-26: ReconScanning (node.ce2b59): 20; ReconScanning (node.4dc198): 53; ReconScanning (node.368407): 53
2024-10-25: ReconScanning (node.4dc198): 54; ReconScanning (node.368407): 53; ReconScanning (node.ce2b59): 3
2024-10-24: ReconScanning (node.4dc198): 209; ReconScanning (node.368407): 212
2024-10-23: ReconScanning (node.4dc198): 47; ReconScanning (node.368407): 49
2024-10-22: ReconScanning (node.368407): 39; ReconScanning (node.4dc198): 29
2024-10-21: ReconScanning (node.368407): 130; ReconScanning (node.4dc198): 125
2024-10-20: ReconScanning (node.4dc198): 78; ReconScanning (node.368407): 97
2024-10-19: ReconScanning (node.4dc198): 63; ReconScanning (node.368407): 110
2024-10-18: ReconScanning (node.4dc198): 175; ReconScanning (node.368407): 225
2024-10-17: ReconScanning (node.4dc198): 120; ReconScanning (node.368407): 142
2024-10-16: ReconScanning (node.4dc198): 56; ReconScanning (node.368407): 65
2024-10-15: ReconScanning (node.4dc198): 47; ReconScanning (node.368407): 54
2024-10-14: ReconScanning (node.4dc198): 81; ReconScanning (node.368407): 95; ReconScanning (node.cfb4f7): 1
2024-10-13: ReconScanning (node.4dc198): 56; ReconScanning (node.368407): 178
2024-10-12: ReconScanning (node.368407): 121; ReconScanning (node.4dc198): 23
2024-10-11: ReconScanning (node.368407): 8; ReconScanning (node.4dc198): 1
2024-10-08: ReconScanning (node.368407): 238; ReconScanning (node.cfb4f7): 12; ReconScanning (node.4dc198): 141
2024-10-07: ReconScanning (node.cfb4f7): 58
2024-10-06: ReconScanning (node.cfb4f7): 222
2024-10-03: ReconScanning (node.cfb4f7): 862; ReconScanning (node.368407): 86; ReconScanning (node.4dc198): 27
2024-10-02: ReconScanning (node.368407): 222; ReconScanning (node.4dc198): 76; ReconScanning (node.cfb4f7): 482
2024-10-01: ReconScanning (node.368407): 127; ReconScanning (node.cfb4f7): 10; ReconScanning (node.4dc198): 10
2024-09-30: ReconScanning (node.368407): 44; ReconScanning (node.cfb4f7): 4; ReconScanning (node.4dc198): 4
2024-09-29: ReconScanning (node.368407): 198; ReconScanning (node.4dc198): 155; ReconScanning (node.cfb4f7): 51
2024-09-28: ReconScanning (node.cfb4f7): 94
2024-09-27: ReconScanning (node.cfb4f7): 237; ReconScanning (node.368407): 35; ReconScanning (node.4dc198): 1
2024-09-26: ReconScanning (node.cfb4f7): 658; ReconScanning (node.368407): 56; ReconScanning (node.4dc198): 2
2024-09-25: ReconScanning (node.4dc198): 77; ReconScanning (node.368407): 92; ReconScanning (node.cfb4f7): 73
2024-09-24: ReconScanning (node.368407): 171; ReconScanning (node.4dc198): 142; ReconScanning (node.cfb4f7): 223
2024-09-23: ReconScanning (node.368407): 194; ReconScanning (node.4dc198): 179; ReconScanning (node.cfb4f7): 269
2024-09-22: ReconScanning (node.4dc198): 216; ReconScanning (node.368407): 215
2024-09-21: ReconScanning (node.368407): 45; ReconScanning (node.4dc198): 41
2024-09-20: ReconScanning (node.368407): 181; ReconScanning (node.4dc198): 180
2024-09-19: ReconScanning (node.4dc198): 19; ReconScanning (node.368407): 19
2024-09-18: ReconScanning (node.368407): 159; ReconScanning (node.4dc198): 159
2024-09-17: ReconScanning (node.4dc198): 198; ReconScanning (node.368407): 230
2024-09-16: ReconScanning (node.ce2b59): 23
2024-09-15: ReconScanning (node.368407): 138; ReconScanning (node.4dc198): 130; ReconScanning (node.ce2b59): 18
2024-09-14: ReconScanning (node.ce2b59): 3; ReconScanning (node.368407): 19; ReconScanning (node.4dc198): 3
2024-09-13: ReconScanning (node.368407): 84; ReconScanning (node.4dc198): 49; ReconScanning (node.ce2b59): 20
2024-09-12: ReconScanning (node.ce2b59): 26; ReconScanning (node.4dc198): 162; ReconScanning (node.368407): 221
2024-09-10: ReconScanning (node.ce2b59): 21; ReconScanning (node.4dc198): 182; ReconScanning (node.368407): 181
2024-09-09: ReconScanning (node.4dc198): 80; ReconScanning (node.368407): 73; ReconScanning (node.ce2b59): 18
2024-09-08: ReconScanning (node.368407): 110; ReconScanning (node.4dc198): 84; ReconScanning (node.ce2b59): 24
2024-09-07: ReconScanning (node.368407): 15; ReconScanning (node.ce2b59): 11; ReconScanning (node.4dc198): 20

DShield reports (IP summary, reports)

2024-09-07: Number of reports: 977; Distinct targets: 742
2024-09-08: Number of reports: 5481; Distinct targets: 3731
2024-09-09: Number of reports: 4322; Distinct targets: 2874
2024-09-10: Number of reports: 4077; Distinct targets: 2666
2024-09-12: Number of reports: 4409; Distinct targets: 2851
2024-09-13: Number of reports: 2752; Distinct targets: 1742
2024-09-14: Number of reports: 205; Distinct targets: 150
2024-09-15: Number of reports: 2888; Distinct targets: 1858
2024-09-16: Number of reports: 4092; Distinct targets: 2645
2024-09-17: Number of reports: 4268; Distinct targets: 2757
2024-09-18: Number of reports: 3415; Distinct targets: 2294
2024-09-19: Number of reports: 749; Distinct targets: 460
2024-09-20: Number of reports: 4152; Distinct targets: 2695
2024-09-21: Number of reports: 683; Distinct targets: 494
2024-09-22: Number of reports: 4451; Distinct targets: 2827
2024-09-23: Number of reports: 3684; Distinct targets: 2401
2024-09-24: Number of reports: 2435; Distinct targets: 1705
2024-09-25: Number of reports: 3015; Distinct targets: 1929
2024-09-26: Number of reports: 4791; Distinct targets: 2997
2024-09-27: Number of reports: 2321; Distinct targets: 1475
2024-09-28: Number of reports: 4223; Distinct targets: 2670
2024-09-29: Number of reports: 3825; Distinct targets: 2468
2024-09-30: Number of reports: 987; Distinct targets: 703
2024-10-01: Number of reports: 3249; Distinct targets: 2060
2024-10-02: Number of reports: 3625; Distinct targets: 2413
2024-10-03: Number of reports: 3400; Distinct targets: 2188
2024-10-04: Number of reports: 170; Distinct targets: 135
2024-10-05: Number of reports: 4024; Distinct targets: 2550
2024-10-06: Number of reports: 3441; Distinct targets: 2294
2024-10-07: Number of reports: 550; Distinct targets: 359
2024-10-08: Number of reports: 4257; Distinct targets: 2783
2024-10-11: Number of reports: 58; Distinct targets: 50
2024-10-12: Number of reports: 1183; Distinct targets: 565
2024-10-13: Number of reports: 2776; Distinct targets: 1799
2024-10-14: Number of reports: 3646; Distinct targets: 2125
2024-10-15: Number of reports: 499; Distinct targets: 322
2024-10-16: Number of reports: 762; Distinct targets: 551
2024-10-17: Number of reports: 3295; Distinct targets: 2074
2024-10-18: Number of reports: 3253; Distinct targets: 2113
2024-10-19: Number of reports: 2010; Distinct targets: 1381
2024-10-20: Number of reports: 1819; Distinct targets: 1134
2024-10-21: Number of reports: 2644; Distinct targets: 1809
2024-10-22: Number of reports: 354; Distinct targets: 250
2024-10-23: Number of reports: 657; Distinct targets: 447
2024-10-24: Number of reports: 3390; Distinct targets: 2006
2024-10-25: Number of reports: 1317; Distinct targets: 911
2024-10-26: Number of reports: 1514; Distinct targets: 975
2024-10-27: Number of reports: 447; Distinct targets: 304
2024-10-28: Number of reports: 125; Distinct targets: 118
2024-10-29: Number of reports: 2766; Distinct targets: 1875
2024-10-30: Number of reports: 159; Distinct targets: 99

OTX pulses

[66ddb1857e3e6df817e14bbe] 2024-09-08 14:15:33.207000 | RDP honeypot logs for 2024/09/08

Author name:	jnazario
Pulse modified:	2024-09-08 14:15:33.207000
Indicator created:	2024-09-08 14:15:34
Indicator role:	None
Indicator title:
Indicator expiration:	2024-10-08 14:00:00

[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot

Author name:	georgengelmann
Pulse modified:	2024-11-05 23:01:42.315000
Indicator created:	2024-10-26 14:23:04
Indicator role:	bruteforce
Indicator title:	RDP intrusion attempt from 23-94-20-2-host.colocrossing.com port 42814
Indicator expiration:	2024-11-25 14:00:00

[66fc0404d6b414f4419a19a4] 2024-10-01 14:15:32.824000 | RDP honeypot logs for 2024/10/01

Author name:	jnazario
Pulse modified:	2024-10-01 14:15:32.824000
Indicator created:	2024-10-01 14:15:33
Indicator role:	None
Indicator title:
Indicator expiration:	2024-10-31 14:00:00

[670e7c7315af2d1cb696f800] 2024-10-15 14:30:11.063000 | RDP honeypot logs for 2024/10/15

Author name:	jnazario
Pulse modified:	2024-10-15 14:30:11.063000
Indicator created:	2024-10-15 14:30:11
Indicator role:	None
Indicator title:
Indicator expiration:	2024-11-14 14:00:00

[670fcb0c823ef6f45a62d804] 2024-10-16 14:17:48.119000 | RDP honeypot logs for 2024/10/16

Author name:	jnazario
Pulse modified:	2024-10-16 14:17:48.119000
Indicator created:	2024-10-16 14:17:48
Indicator role:	None
Indicator title:
Indicator expiration:	2024-11-15 14:00:00

[67111c9680eed204eb5453ae] 2024-10-17 14:17:58.506000 | RDP honeypot logs for 2024/10/17

Author name:	jnazario
Pulse modified:	2024-10-17 14:17:58.506000
Indicator created:	2024-10-17 14:17:59
Indicator role:	None
Indicator title:
Indicator expiration:	2024-11-16 14:00:00

[6717b553e069b59cfa2d7aba] 2024-10-22 14:23:15.421000 | RDP honeypot logs for 2024/10/22

Author name:	jnazario
Pulse modified:	2024-10-22 14:23:15.421000
Indicator created:	2024-10-22 14:23:16
Indicator role:	None
Indicator title:
Indicator expiration:	2024-11-21 14:00:00

Origin AS: AS36352 - AS-COLOCROSSING
BGP Prefix: 23.94.20.0/23
geo: United States, Buffalo; 🕑 America/New_York
hostname: 23-94-20-2-host.colocrossing.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 23.94.0.0 - 23.95.255.255
last_activity: 2024-11-06 00:43:25.884000
last_warden_event: 2024-10-30 02:03:55
rep: 0.26785714285714285
reserved_range: 0
Shodan's InternetDB: Open ports: 3389; Tags: scanner, self-signed; CPEs: –
ts_added: 2024-09-07 16:52:19.387000
ts_last_update: 2024-11-06 00:43:25.895000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses