IP address

Search at other sites:
.00085.215.201.250ip85.215.201.250.pbiaas.com
Shodan(more info)
Passive DNS
Tags: IP in hostname
IP blacklists
CI Army
85.215.201.250 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-04 02:50:00.796000
Was present on blacklist at: 2026-04-26 02:50, 2026-04-28 02:50, 2026-04-29 02:50, 2026-04-30 02:50, 2026-05-01 02:50, 2026-05-02 02:50, 2026-05-03 02:50, 2026-05-04 02:50
AbuseIPDB
85.215.201.250 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-01 04:00:00.624000
Was present on blacklist at: 2026-04-26 04:00, 2026-04-28 04:00, 2026-04-29 04:00, 2026-04-30 04:00, 2026-05-01 04:00
Echelon SSH connection attempt
85.215.201.250 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-05-04 09:35:00.790000
Was present on blacklist at: 2026-04-29 09:35, 2026-04-30 09:35, 2026-05-01 09:35, 2026-05-03 09:35, 2026-05-04 09:35
Echelon SSH bruteforce
85.215.201.250 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-03 09:35:01.115000
Was present on blacklist at: 2026-04-29 09:35, 2026-04-30 09:35, 2026-05-01 09:35, 2026-05-03 09:35
Echelon TLS/SSL crawler
85.215.201.250 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-05-08 09:40:01.394000
Was present on blacklist at: 2026-04-30 09:40, 2026-05-01 09:40, 2026-05-04 09:40, 2026-05-05 09:40, 2026-05-07 09:40, 2026-05-08 09:40
UCEPROTECT L1
85.215.201.250 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 23:45:00.551000
Was present on blacklist at: 2026-05-01 07:45, 2026-05-01 15:45, 2026-05-01 23:45, 2026-05-02 07:45, 2026-05-02 15:45, 2026-05-02 23:45, 2026-05-03 07:45, 2026-05-03 15:45, 2026-05-03 23:45, 2026-05-04 07:45, 2026-05-04 15:45, 2026-05-04 23:45, 2026-05-05 07:45, 2026-05-05 15:45, 2026-05-05 23:45, 2026-05-06 07:45, 2026-05-06 15:45, 2026-05-06 23:45, 2026-05-07 07:45, 2026-05-07 15:45, 2026-05-07 23:45
Echelon admin panel hunt
85.215.201.250 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 09:05:01.773000
Was present on blacklist at: 2026-05-01 09:05, 2026-05-03 09:05, 2026-05-04 09:05, 2026-05-05 09:05, 2026-05-06 09:05, 2026-05-07 09:05
Echelon CMS enumeration
85.215.201.250 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 09:05:01.756000
Was present on blacklist at: 2026-05-01 09:05, 2026-05-03 09:05, 2026-05-04 09:05, 2026-05-05 09:05, 2026-05-06 09:05, 2026-05-07 09:05
Echelon database admin hunt
85.215.201.250 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 09:10:01.180000
Was present on blacklist at: 2026-05-01 09:10, 2026-05-03 09:10, 2026-05-04 09:10, 2026-05-05 09:10, 2026-05-06 09:10, 2026-05-07 09:10
Echelon directory traversal
85.215.201.250 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 09:15:01.067000
Was present on blacklist at: 2026-05-01 09:15, 2026-05-03 09:15, 2026-05-04 09:15, 2026-05-05 09:15, 2026-05-06 09:15, 2026-05-07 09:15
Echelon web crawler
85.215.201.250 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-05-07 09:50:01.466000
Was present on blacklist at: 2026-05-01 09:50, 2026-05-03 09:50, 2026-05-04 09:50, 2026-05-05 09:50, 2026-05-07 09:50
Spamhaus XBL CBL
85.215.201.250 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-05-29 14:32:20.423000
Was present on blacklist at: 2026-05-01 14:32

Threat categories

TLRoleCategoryDetails
No threat category tags assigned
Warden events (155350)
2026-05-02
ReconScanning (node.9c1411): 8
2026-05-01
ReconScanning (node.ce2b59): 23
ReconScanning (node.9c1411): 38
IntrusionUserCompromise (node.cfb4f7): 5512
2026-04-30
ReconScanning (node.9c1411): 43
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 24692
2026-04-29
ReconScanning (node.9c1411): 46
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 26518
2026-04-28
IntrusionUserCompromise (node.cfb4f7): 25151
ReconScanning (node.9c1411): 62
ReconScanning (node.ce2b59): 30
2026-04-27
ReconScanning (node.9c1411): 64
IntrusionUserCompromise (node.cfb4f7): 2064
ReconScanning (node.ce2b59): 30
AttemptLogin (node.40929a): 1
2026-04-26
ReconScanning (node.9c1411): 56
ReconScanning (node.ce2b59): 30
IntrusionUserCompromise (node.cfb4f7): 20802
ReconScanning (node.4dc198): 1
2026-04-25
IntrusionUserCompromise (node.cfb4f7): 31785
ReconScanning (node.ce2b59): 30
ReconScanning (node.9c1411): 51
2026-04-24
IntrusionUserCompromise (node.cfb4f7): 18217
ReconScanning (node.ce2b59): 29
ReconScanning (node.9c1411): 5
DShield reports (IP summary, reports)
2026-04-24
Number of reports: 139
Distinct targets: 18
2026-04-25
Number of reports: 475
Distinct targets: 23
2026-04-26
Number of reports: 525
Distinct targets: 43
2026-04-27
Number of reports: 525
Distinct targets: 43
2026-04-28
Number of reports: 316
Distinct targets: 36
2026-04-29
Number of reports: 483
Distinct targets: 23
2026-04-30
Number of reports: 483
Distinct targets: 23
2026-05-01
Number of reports: 468
Distinct targets: 23
OTX pulses
[69ef5575a4aa7e7ebb12223f] 2026-04-27 12:24:21.055000 | Telnet honeypot logs for 2026-04-27
Author name:jnazario
Pulse modified:2026-04-27 12:24:21.055000
Indicator created:2026-04-27 12:24:21
Indicator role:None
Indicator title:
Indicator expiration:2026-05-27 12:00:00
Origin AS
AS8560 - ONEANDONE-AS
BGP Prefix
85.215.128.0/17
geo
Germany
🕑 Europe/Berlin
hostname
ip85.215.201.250.pbiaas.com
hostname_class
['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database)
85.214.0.0 - 85.215.255.255
last_activity
2026-05-02 05:25:03
last_warden_event
2026-05-02 05:25:03
rep
0.0
reserved_range
0
Shodan's InternetDB
Open ports: 443
Tags: eol-product
CPEs: cpe:/a:f5:nginx:1.24.0, cpe:/o:canonical:ubuntu_linux, cpe:/o:linux:linux_kernel
ts_added
2026-04-24 14:32:11.854000
ts_last_update
2026-05-30 14:32:20.115000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses