IP address

Search at other sites:

.62736.154.50.214

Shodan(more info)

Passive DNS

IP blacklists

AbuseIPDB

36.154.50.214 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-02-28 05:00:00.637000
Was present on blacklist at: 2026-02-12 05:00, 2026-02-13 05:00, 2026-02-14 05:00, 2026-02-17 05:00, 2026-02-18 05:00, 2026-02-19 05:00, 2026-02-20 05:00, 2026-02-21 05:00, 2026-02-22 05:00, 2026-02-23 05:00, 2026-02-24 05:00, 2026-02-25 05:00, 2026-02-26 05:00, 2026-02-27 05:00, 2026-02-28 05:00

blocklist.de bots

36.154.50.214 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-28 11:05:05.062000
Was present on blacklist at: 2026-02-12 05:05, 2026-02-12 11:05, 2026-02-12 17:05, 2026-02-12 23:05, 2026-02-13 05:05, 2026-02-13 11:05, 2026-02-13 17:05, 2026-02-13 23:05, 2026-02-16 05:05, 2026-02-16 11:05, 2026-02-16 17:05, 2026-02-16 23:05, 2026-02-17 05:05, 2026-02-17 11:05, 2026-02-17 17:05, 2026-02-17 23:05, 2026-02-18 11:05, 2026-02-18 17:05, 2026-02-18 23:05, 2026-02-19 05:05, 2026-02-19 11:05, 2026-02-19 17:05, 2026-02-19 23:05, 2026-02-20 05:05, 2026-02-21 11:05, 2026-02-21 17:05, 2026-02-21 23:05, 2026-02-22 05:05, 2026-02-22 11:05, 2026-02-22 17:05, 2026-02-22 23:05, 2026-02-23 05:05, 2026-02-25 05:05, 2026-02-25 11:05, 2026-02-25 17:05, 2026-02-25 23:05, 2026-02-26 05:05, 2026-02-26 11:05, 2026-02-26 17:05, 2026-02-26 23:05, 2026-02-27 23:05, 2026-02-28 05:05, 2026-02-28 11:05

DataPlane SSH conn

36.154.50.214 is listed on the DataPlane SSH conn blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IP addresses that<br>has been seen initiating an unsolicited SSH connection to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-28 15:10:06.633000
Was present on blacklist at: 2026-02-12 07:10, 2026-02-12 11:10, 2026-02-12 15:10, 2026-02-12 19:10, 2026-02-12 23:10, 2026-02-13 03:10, 2026-02-13 07:10, 2026-02-13 11:10, 2026-02-13 15:10, 2026-02-13 19:10, 2026-02-13 23:10, 2026-02-14 03:10, 2026-02-14 07:10, 2026-02-14 11:10, 2026-02-14 15:10, 2026-02-14 19:10, 2026-02-14 23:10, 2026-02-15 03:10, 2026-02-15 07:10, 2026-02-15 15:10, 2026-02-15 19:10, 2026-02-16 03:10, 2026-02-16 07:10, 2026-02-16 15:10, 2026-02-16 19:10, 2026-02-16 23:10, 2026-02-17 03:10, 2026-02-17 07:10, 2026-02-17 11:10, 2026-02-17 15:10, 2026-02-17 19:10, 2026-02-17 23:10, 2026-02-18 03:10, 2026-02-18 07:10, 2026-02-18 11:10, 2026-02-18 15:10, 2026-02-18 19:10, 2026-02-18 23:10, 2026-02-19 03:10, 2026-02-19 07:10, 2026-02-19 11:10, 2026-02-19 15:10, 2026-02-19 19:10, 2026-02-20 03:10, 2026-02-20 07:10, 2026-02-20 11:10, 2026-02-20 15:10, 2026-02-20 19:10, 2026-02-20 23:10, 2026-02-21 03:10, 2026-02-21 07:10, 2026-02-21 11:10, 2026-02-21 15:10, 2026-02-21 19:10, 2026-02-21 23:10, 2026-02-22 03:10, 2026-02-22 07:10, 2026-02-22 11:10, 2026-02-22 15:10, 2026-02-22 19:10, 2026-02-22 23:10, 2026-02-23 03:10, 2026-02-23 07:10, 2026-02-23 11:10, 2026-02-23 15:10, 2026-02-23 19:10, 2026-02-23 23:10, 2026-02-24 03:10, 2026-02-24 07:10, 2026-02-24 11:10, 2026-02-24 15:10, 2026-02-24 19:10, 2026-02-24 23:10, 2026-02-25 03:10, 2026-02-25 07:10, 2026-02-25 11:10, 2026-02-25 15:10, 2026-02-25 19:10, 2026-02-25 23:10, 2026-02-26 03:10, 2026-02-26 07:10, 2026-02-26 11:10, 2026-02-26 15:10, 2026-02-26 19:10, 2026-02-26 23:10, 2026-02-27 03:10, 2026-02-27 07:10, 2026-02-27 11:10, 2026-02-27 15:10, 2026-02-27 19:10, 2026-02-28 03:10, 2026-02-28 07:10, 2026-02-28 15:10

DataPlane TELNET login

36.154.50.214 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-28 15:10:01.852000
Was present on blacklist at: 2026-02-12 07:10, 2026-02-12 11:10, 2026-02-12 15:10, 2026-02-12 19:10, 2026-02-12 23:10, 2026-02-13 03:10, 2026-02-13 07:10, 2026-02-13 11:10, 2026-02-13 15:10, 2026-02-13 19:10, 2026-02-13 23:10, 2026-02-14 03:10, 2026-02-14 07:10, 2026-02-14 11:10, 2026-02-14 15:10, 2026-02-14 19:10, 2026-02-14 23:10, 2026-02-15 03:10, 2026-02-15 07:10, 2026-02-15 11:10, 2026-02-15 15:10, 2026-02-15 19:10, 2026-02-15 23:10, 2026-02-16 03:10, 2026-02-16 07:10, 2026-02-16 11:10, 2026-02-16 15:10, 2026-02-16 19:10, 2026-02-16 23:10, 2026-02-17 03:10, 2026-02-17 07:10, 2026-02-17 11:10, 2026-02-17 15:10, 2026-02-17 19:10, 2026-02-17 23:10, 2026-02-18 03:10, 2026-02-18 07:10, 2026-02-18 11:10, 2026-02-18 15:10, 2026-02-18 19:10, 2026-02-18 23:10, 2026-02-19 03:10, 2026-02-19 07:10, 2026-02-19 11:10, 2026-02-19 15:10, 2026-02-19 19:10, 2026-02-20 03:10, 2026-02-20 07:10, 2026-02-20 11:10, 2026-02-20 15:10, 2026-02-20 19:10, 2026-02-20 23:10, 2026-02-21 03:10, 2026-02-21 07:10, 2026-02-21 11:10, 2026-02-21 15:10, 2026-02-21 19:10, 2026-02-21 23:10, 2026-02-22 03:10, 2026-02-22 07:10, 2026-02-22 11:10, 2026-02-22 15:10, 2026-02-22 19:10, 2026-02-22 23:10, 2026-02-23 03:10, 2026-02-23 07:10, 2026-02-23 11:10, 2026-02-23 15:10, 2026-02-23 19:10, 2026-02-23 23:10, 2026-02-24 03:10, 2026-02-24 07:10, 2026-02-24 11:10, 2026-02-24 15:10, 2026-02-24 19:10, 2026-02-24 23:10, 2026-02-25 03:10, 2026-02-25 07:10, 2026-02-25 11:10, 2026-02-25 15:10, 2026-02-25 19:10, 2026-02-25 23:10, 2026-02-26 03:10, 2026-02-26 07:10, 2026-02-26 11:10, 2026-02-26 15:10, 2026-02-26 19:10, 2026-02-26 23:10, 2026-02-27 03:10, 2026-02-27 07:10, 2026-02-27 11:10, 2026-02-27 15:10, 2026-02-27 19:10, 2026-02-27 23:10, 2026-02-28 03:10, 2026-02-28 07:10, 2026-02-28 11:10, 2026-02-28 15:10

Turris greylist

36.154.50.214 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-27 22:15:00.111000
Was present on blacklist at: 2026-02-13 22:15, 2026-02-14 22:15, 2026-02-15 22:15, 2026-02-16 22:15, 2026-02-17 22:15, 2026-02-18 22:15, 2026-02-19 22:15, 2026-02-20 22:15, 2026-02-21 22:15, 2026-02-22 22:15, 2026-02-23 22:15, 2026-02-24 22:15, 2026-02-25 22:15, 2026-02-26 22:15, 2026-02-27 22:15

CI Army

36.154.50.214 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-02-28 03:50:00.945000
Was present on blacklist at: 2026-02-14 03:50, 2026-02-15 03:50, 2026-02-16 03:50, 2026-02-17 03:50, 2026-02-18 03:50, 2026-02-19 03:50, 2026-02-20 03:50, 2026-02-21 03:50, 2026-02-22 03:50, 2026-02-23 03:50, 2026-02-24 03:50, 2026-02-25 03:50, 2026-02-26 03:50, 2026-02-27 03:50, 2026-02-28 03:50

blocklist.de SSH

36.154.50.214 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-21 05:05:00.260000
Was present on blacklist at: 2026-02-14 17:05, 2026-02-14 23:05, 2026-02-15 05:05, 2026-02-15 11:05, 2026-02-15 17:05, 2026-02-20 23:05, 2026-02-21 05:05

blocklist.de web-login

36.154.50.214 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-15 23:05:00.118000
Was present on blacklist at: 2026-02-15 23:05

blocklist.de Apache

36.154.50.214 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-15 23:05:05.266000
Was present on blacklist at: 2026-02-15 23:05

Spamhaus XBL CBL

36.154.50.214 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-26 02:38:10.928000
Was present on blacklist at: 2026-02-19 02:38, 2026-02-26 02:38

Threat categories

TL	Role	Category	Details
66	src	login	protocol: ssh, telnet port: 23
47	src	scan
25	src	exploit	protocol: http

---

Warden events (211042)

2026-02-28

IntrusionUserCompromise (node.cfb4f7): 1886

2026-02-27

IntrusionUserCompromise (node.cfb4f7): 4953

2026-02-26

IntrusionUserCompromise (node.cfb4f7): 4183

AttemptLogin (node.03e7a9): 1

2026-02-25

IntrusionUserCompromise (node.cfb4f7): 3640

ReconScanning (node.4dc198): 1

2026-02-24

IntrusionUserCompromise (node.cfb4f7): 1700

2026-02-23

IntrusionUserCompromise (node.cfb4f7): 5113

ReconScanning (node.4dc198): 2

2026-02-22

IntrusionUserCompromise (node.cfb4f7): 7898

AttemptLogin (node.9c160c): 1

ReconScanning (node.4dc198): 1

2026-02-21

IntrusionUserCompromise (node.cfb4f7): 6315

2026-02-20

IntrusionUserCompromise (node.cfb4f7): 18091

2026-02-19

IntrusionUserCompromise (node.cfb4f7): 7673

2026-02-18

AttemptLogin (node.985fb4): 1

IntrusionUserCompromise (node.cfb4f7): 20243

ReconScanning (node.4dc198): 1

2026-02-17

IntrusionUserCompromise (node.cfb4f7): 18720

2026-02-16

IntrusionUserCompromise (node.cfb4f7): 15755

ReconScanning (node.4dc198): 1

2026-02-15

IntrusionUserCompromise (node.cfb4f7): 16245

ReconScanning (node.4dc198): 5

AttemptLogin (node.03e7a9): 1

2026-02-14

IntrusionUserCompromise (node.cfb4f7): 9019

2026-02-13

IntrusionUserCompromise (node.cfb4f7): 24779

ReconScanning (node.4dc198): 20

AttemptLogin (node.c26a5f): 1

2026-02-12

IntrusionUserCompromise (node.cfb4f7): 44793

DShield reports (IP summary, reports)

2026-02-24

Number of reports: 402

Distinct targets: 43

2026-02-25

Number of reports: 402

Distinct targets: 43

2026-02-26

Number of reports: 118

Distinct targets: 37

2026-02-27

Number of reports: 148

Distinct targets: 32

OTX pulses

[69946d81e88866fd70ea7707] 2026-02-17 13:30:41.978000 | Apache honeypot logs for 17/Feb/2026

Author name:	jnazario
Pulse modified:	2026-02-17 13:30:41.978000
Indicator created:	2026-02-17 13:30:42
Indicator role:	None
Indicator title:
Indicator expiration:	2026-03-19 13:00:00

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2026-02-28 15:01:23.673000
Indicator created:	2026-02-23 22:15:31
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2026-03-25 22:00:00

Origin AS

AS56046 - CMNET-Jiangsu-AP

BGP Prefix

36.154.50.0/24

geo

China

🕑 Asia/Shanghai

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

36.128.0.0 - 36.191.255.255

last_activity

2026-02-28 16:39:24.530000

last_warden_event

2026-02-28 16:06:59

rep

0.6273809523809523

reserved_range

0

Shodan's InternetDB

Open ports: 22, 37, 554, 3306, 5544, 8000, 8888, 9000, 9001, 9200

Tags: database

CPEs: cpe:/a:oracle:mysql:8.0.38, cpe:/a:openbsd:openssh:7.2

ts_added

2026-02-12 02:38:01.230000

ts_last_update

2026-02-28 16:41:03.289000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses