IP address

Search at other sites:
.50845.148.10.192
Shodan(more info)
Passive DNS
Tags: Scanner Login attempts
IP blacklists
Spamhaus SBL
45.148.10.192 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-03-10 19:41:43.459000
Was present on blacklist at: 2026-02-24 19:41, 2026-03-03 19:41, 2026-03-10 19:41
Spamhaus DROP
45.148.10.192 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-03-10 19:41:43.459000
Was present on blacklist at: 2026-02-24 19:41, 2026-03-03 19:41, 2026-03-10 19:41
blocklist.de SSH
45.148.10.192 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-15 11:05:00.319000
Was present on blacklist at: 2026-02-24 23:05, 2026-02-25 05:05, 2026-02-25 11:05, 2026-02-25 23:05, 2026-02-26 05:05, 2026-02-26 11:05, 2026-02-26 17:05, 2026-02-26 23:05, 2026-02-27 05:05, 2026-02-27 11:05, 2026-02-27 17:05, 2026-02-27 23:05, 2026-02-28 05:05, 2026-02-28 11:05, 2026-02-28 17:05, 2026-02-28 23:05, 2026-03-01 05:05, 2026-03-01 11:05, 2026-03-01 17:05, 2026-03-01 23:05, 2026-03-02 05:05, 2026-03-02 11:05, 2026-03-02 17:05, 2026-03-02 23:05, 2026-03-03 05:05, 2026-03-03 11:05, 2026-03-03 17:05, 2026-03-03 23:05, 2026-03-04 05:05, 2026-03-04 11:05, 2026-03-04 17:05, 2026-03-04 23:05, 2026-03-05 05:05, 2026-03-05 11:05, 2026-03-05 17:05, 2026-03-05 23:05, 2026-03-06 05:05, 2026-03-06 11:05, 2026-03-09 11:05, 2026-03-09 17:05, 2026-03-09 23:05, 2026-03-10 05:05, 2026-03-10 11:05, 2026-03-10 17:05, 2026-03-10 23:05, 2026-03-11 05:05, 2026-03-11 11:05, 2026-03-11 17:05, 2026-03-11 23:05, 2026-03-12 05:05, 2026-03-12 11:05, 2026-03-12 17:05, 2026-03-12 23:05, 2026-03-13 05:05, 2026-03-13 11:05, 2026-03-13 17:05, 2026-03-13 23:05, 2026-03-14 05:05, 2026-03-14 11:05, 2026-03-14 23:05, 2026-03-15 05:05, 2026-03-15 11:05
DataPlane SSH conn
45.148.10.192 is listed on the DataPlane SSH conn blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IP addresses that<br>has been seen initiating an unsolicited SSH connection to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-04 07:10:01.894000
Was present on blacklist at: 2026-02-24 23:10, 2026-02-25 03:10, 2026-02-25 07:10, 2026-02-25 11:10, 2026-02-25 15:10, 2026-02-25 19:10, 2026-02-25 23:10, 2026-02-26 03:10, 2026-02-26 07:10, 2026-02-26 11:10, 2026-02-26 15:10, 2026-02-26 19:10, 2026-02-26 23:10, 2026-02-27 03:10, 2026-02-27 07:10, 2026-02-27 11:10, 2026-02-27 15:10, 2026-02-27 19:10, 2026-02-28 03:10, 2026-02-28 07:10, 2026-02-28 15:10, 2026-02-28 19:10, 2026-03-01 03:10, 2026-03-01 07:10, 2026-03-01 15:10, 2026-03-01 19:10, 2026-03-02 03:10, 2026-03-02 07:10, 2026-03-02 11:10, 2026-03-02 15:10, 2026-03-02 19:10, 2026-03-02 23:10, 2026-03-03 03:10, 2026-03-03 07:10, 2026-03-03 11:10, 2026-03-03 15:10, 2026-03-03 19:10, 2026-03-04 03:10, 2026-03-04 07:10
BruteForceBlocker
45.148.10.192 is listed on the BruteForceBlocker blacklist.

Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-04 03:52:00.256000
Was present on blacklist at: 2026-02-25 03:52, 2026-02-26 03:52, 2026-02-27 03:52, 2026-02-28 03:52, 2026-03-01 03:52, 2026-03-02 03:52, 2026-03-03 03:52, 2026-03-04 03:52
AbuseIPDB
45.148.10.192 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-03-15 05:00:00.619000
Was present on blacklist at: 2026-02-25 05:00, 2026-02-26 05:00, 2026-02-27 05:00, 2026-02-28 05:00, 2026-03-01 05:00, 2026-03-02 05:00, 2026-03-03 05:00, 2026-03-04 05:00, 2026-03-05 05:00, 2026-03-06 05:00, 2026-03-10 05:00, 2026-03-11 05:00, 2026-03-12 05:00, 2026-03-13 05:00, 2026-03-14 05:00, 2026-03-15 05:00
UCEPROTECT L1
45.148.10.192 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-11 00:45:00.634000
Was present on blacklist at: 2026-02-25 08:45, 2026-02-26 00:45, 2026-02-27 08:45, 2026-02-27 16:45, 2026-02-28 08:45, 2026-03-01 16:45, 2026-03-02 08:45, 2026-03-02 16:45, 2026-03-03 00:45, 2026-03-03 08:45, 2026-03-03 16:45, 2026-03-04 00:45, 2026-03-04 08:45, 2026-03-04 16:45, 2026-03-05 00:45, 2026-03-05 08:45, 2026-03-05 16:45, 2026-03-06 00:45, 2026-03-06 08:45, 2026-03-09 08:45, 2026-03-09 16:45, 2026-03-10 00:45, 2026-03-10 08:45, 2026-03-10 16:45, 2026-03-11 00:45
DShield Block
45.148.10.192 was recently listed on the DShield Block blacklist, but currently it is not.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking<br>class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2026-03-14 04:50:00
Was present on blacklist at: 2026-02-26 04:50, 2026-02-27 04:50, 2026-03-01 04:50, 2026-03-02 04:50, 2026-03-05 04:50
FireHOL anonymizers
45.148.10.192 is listed on the FireHOL anonymizers blacklist.

Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed: secondary (feed detail page)

Last checked at: 2026-03-14 18:05:12
Was present on blacklist at: 2026-02-27 18:05, 2026-02-28 18:05, 2026-03-01 18:05, 2026-03-02 18:05, 2026-03-03 18:05, 2026-03-04 18:05, 2026-03-05 18:05, 2026-03-09 12:05, 2026-03-09 18:05, 2026-03-10 18:05, 2026-03-11 18:05, 2026-03-12 18:05, 2026-03-13 18:05, 2026-03-14 18:05
blocklist.de strong IPs
45.148.10.192 is listed on the blocklist.de strong IPs blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that are older then two month and have<br>more then 5.000 attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-15 11:05:00.081000
Was present on blacklist at: 2026-03-02 23:05, 2026-03-03 05:05, 2026-03-03 11:05, 2026-03-03 17:05, 2026-03-03 23:05, 2026-03-04 05:05, 2026-03-04 11:05, 2026-03-04 17:05, 2026-03-04 23:05, 2026-03-05 05:05, 2026-03-05 11:05, 2026-03-05 17:05, 2026-03-05 23:05, 2026-03-06 05:05, 2026-03-06 11:05, 2026-03-09 11:05, 2026-03-09 17:05, 2026-03-09 23:05, 2026-03-10 05:05, 2026-03-10 11:05, 2026-03-10 17:05, 2026-03-10 23:05, 2026-03-11 05:05, 2026-03-11 11:05, 2026-03-11 17:05, 2026-03-11 23:05, 2026-03-12 05:05, 2026-03-12 11:05, 2026-03-12 17:05, 2026-03-12 23:05, 2026-03-13 05:05, 2026-03-13 11:05, 2026-03-13 17:05, 2026-03-13 23:05, 2026-03-14 05:05, 2026-03-14 11:05, 2026-03-14 17:05, 2026-03-14 23:05, 2026-03-15 05:05, 2026-03-15 11:05
Blocklist.net.ua
45.148.10.192 is listed on the Blocklist.net.ua blacklist.

Description: BlockList contains IP addresses that perform attacks,<br>send spam or brute force passwords to the blocking list.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-04 11:15:01.576000
Was present on blacklist at: 2026-03-03 15:15, 2026-03-03 19:15, 2026-03-03 23:15, 2026-03-04 03:15, 2026-03-04 07:15, 2026-03-04 11:15
Spamhaus XBL CBL
45.148.10.192 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-03-10 19:41:43.459000
Was present on blacklist at: 2026-03-03 19:41
Echelon SSH bruteforce
45.148.10.192 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-03-06 10:35:00.372000
Was present on blacklist at: 2026-03-05 10:35, 2026-03-06 10:35

Threat categories

TLRoleCategoryDetails
70 src login protocol: ssh
65 src scan
48 src
Warden events (4273)
2026-03-15
AttemptLogin (node.03e7a9): 188
2026-03-14
AttemptLogin (node.03e7a9): 282
2026-03-13
AttemptLogin (node.03e7a9): 286
2026-03-12
AttemptLogin (node.03e7a9): 285
2026-03-11
AttemptLogin (node.03e7a9): 266
2026-03-10
AttemptLogin (node.03e7a9): 284
2026-03-09
AttemptLogin (node.03e7a9): 285
2026-03-08
AttemptLogin (node.03e7a9): 285
2026-03-07
AttemptLogin (node.03e7a9): 285
2026-03-06
AttemptLogin (node.03e7a9): 103
2026-03-04
ReconScanning (node.4dc198): 42
ReconScanning (node.368407): 36
AttemptLogin (node.03e7a9): 19
AttemptLogin (node.9c160c): 5
AttemptLogin (node.985fb4): 3
2026-03-03
ReconScanning (node.4dc198): 91
ReconScanning (node.368407): 62
AttemptLogin (node.03e7a9): 22
AttemptLogin (node.985fb4): 5
AttemptLogin (node.9c160c): 11
AttemptLogin (node.b17ef8): 8
AttemptLogin (node.eef996): 6
2026-03-02
AttemptLogin (node.985fb4): 9
ReconScanning (node.4dc198): 93
ReconScanning (node.368407): 78
AnomalyTraffic (node.ffe95c): 1
AttemptLogin (node.9c160c): 15
AttemptLogin (node.03e7a9): 32
AttemptLogin (node.eef996): 5
AttemptLogin (node.b17ef8): 11
2026-03-01
ReconScanning (node.4dc198): 95
ReconScanning (node.368407): 71
AttemptLogin (node.985fb4): 13
AttemptLogin (node.9c160c): 6
AttemptLogin (node.eef996): 8
AttemptLogin (node.b17ef8): 13
AttemptLogin (node.03e7a9): 29
2026-02-28
ReconScanning (node.368407): 77
ReconScanning (node.4dc198): 89
AttemptLogin (node.03e7a9): 38
AttemptLogin (node.b17ef8): 6
AttemptLogin (node.985fb4): 11
AttemptLogin (node.eef996): 9
2026-02-27
ReconScanning (node.368407): 66
ReconScanning (node.4dc198): 91
AttemptLogin (node.b17ef8): 9
AttemptLogin (node.03e7a9): 18
AttemptLogin (node.eef996): 8
AttemptLogin (node.9c160c): 2
AttemptLogin (node.985fb4): 2
2026-02-26
ReconScanning (node.4dc198): 88
ReconScanning (node.368407): 76
AttemptLogin (node.03e7a9): 57
AttemptLogin (node.eef996): 8
AttemptLogin (node.c26a5f): 3
AttemptLogin (node.985fb4): 4
AttemptLogin (node.b17ef8): 3
AttemptLogin (node.9c160c): 3
2026-02-25
AttemptLogin (node.03e7a9): 33
AttemptLogin (node.c26a5f): 9
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.4dc198): 84
ReconScanning (node.368407): 73
ReconScanning (node.9c1411): 2
AttemptLogin (node.9c160c): 11
AttemptLogin (node.eef996): 4
AttemptLogin (node.b17ef8): 6
AttemptLogin (node.985fb4): 2
2026-02-24
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.4dc198): 15
ReconScanning (node.368407): 11
AttemptLogin (node.03e7a9): 9
ReconScanning (node.9c1411): 1
AttemptLogin (node.9c160c): 3
DShield reports (IP summary, reports)
2026-02-24
Number of reports: 491
Distinct targets: 78
2026-02-25
Number of reports: 491
Distinct targets: 78
2026-02-26
Number of reports: 2725
Distinct targets: 232
2026-02-27
Number of reports: 2596
Distinct targets: 221
2026-02-28
Number of reports: 3158
Distinct targets: 236
2026-03-01
Number of reports: 2968
Distinct targets: 231
2026-03-02
Number of reports: 3038
Distinct targets: 244
2026-03-03
Number of reports: 2968
Distinct targets: 242
2026-03-04
Number of reports: 2393
Distinct targets: 188
2026-03-05
Number of reports: 2393
Distinct targets: 188
OTX pulses
[69a19a443003b1751bfa447e] 2026-02-27 13:21:08.490000 | SSH honeypot logs for 2026-02-27
Author name:jnazario
Pulse modified:2026-02-27 13:21:08.490000
Indicator created:2026-02-27 13:21:09
Indicator role:None
Indicator title:
Indicator expiration:2026-03-29 13:00:00
[69a2ebe6576917a94d7130eb] 2026-02-28 13:21:42.823000 | SSH honeypot logs for 2026-02-28
Author name:jnazario
Pulse modified:2026-02-28 13:21:42.823000
Indicator created:2026-02-28 13:21:43
Indicator role:None
Indicator title:
Indicator expiration:2026-03-30 13:00:00
[69a43d4ebd5deb9730abaaa9] 2026-03-01 13:21:18.201000 | SSH honeypot logs for 2026-03-01
Author name:jnazario
Pulse modified:2026-03-01 13:21:18.201000
Indicator created:2026-03-01 13:21:19
Indicator role:None
Indicator title:
Indicator expiration:2026-03-31 13:00:00
[69a58ea3cf5debf741166f05] 2026-03-02 13:20:35.948000 | SSH honeypot logs for 2026-03-02
Author name:jnazario
Pulse modified:2026-03-02 13:20:35.948000
Indicator created:2026-03-02 13:20:36
Indicator role:None
Indicator title:
Indicator expiration:2026-04-01 13:00:00
Origin AS
AS48090 - PPTECHNOLOGY
BGP Prefix
45.148.10.0/24
geo
Netherlands, Amsterdam
🕑 Europe/Amsterdam
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
45.148.8.0 - 45.148.11.255
last_activity
2026-03-15 15:54:32.062000
last_warden_event
2026-03-15 15:54:32.062000
rep
0.5084449404761905
reserved_range
0
Shodan's InternetDB
Open ports: 21, 53, 80, 111, 143, 443, 465, 587, 993, 995, 2083, 2087
Tags: starttls
CPEs: cpe:/a:exim:exim:4.96.2, cpe:/a:pureftpd:pure-ftpd, cpe:/a:cpanel:cpanel, cpe:/a:apache:http_server
ts_added
2026-02-24 19:41:33.273000
ts_last_update
2026-03-15 15:54:40.667000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses