IP address

Passive DNS

Tags: Scanner

IP blacklists

UCEPROTECT L1

92.63.197.197 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-17 15:45:00.764000
Was present on blacklist at: 2025-05-12 23:45, 2025-05-13 07:45, 2025-05-13 15:45, 2025-05-13 23:45, 2025-05-14 07:45, 2025-05-14 15:45, 2025-05-14 23:45, 2025-05-15 07:45, 2025-05-15 15:45, 2025-05-15 23:45, 2025-05-16 07:45, 2025-05-16 15:45, 2025-05-16 23:45, 2025-05-17 07:45, 2025-05-17 15:45, 2025-05-17 23:45, 2025-05-18 07:45, 2025-05-18 15:45, 2025-05-18 23:45, 2025-05-19 07:45, 2025-05-19 15:45, 2025-05-19 23:45, 2025-05-20 07:45, 2025-05-20 15:45, 2025-05-20 23:45, 2025-05-21 07:45, 2025-05-21 15:45, 2025-05-21 23:45, 2025-05-22 07:45, 2025-05-22 15:45, 2025-05-22 23:45, 2025-05-23 07:45, 2025-05-23 15:45, 2025-05-23 23:45, 2025-05-24 07:45, 2025-05-24 15:45, 2025-05-24 23:45, 2025-05-25 07:45, 2025-05-25 15:45, 2025-05-25 23:45, 2025-05-26 07:45, 2025-05-26 15:45, 2025-05-26 23:45, 2025-05-27 07:45, 2025-05-27 15:45, 2025-05-27 23:45, 2025-05-28 07:45, 2025-05-28 15:45, 2025-05-28 23:45, 2025-05-29 07:45, 2025-05-29 15:45, 2025-05-29 23:45, 2025-05-30 07:45, 2025-05-30 15:45, 2025-05-30 23:45, 2025-05-31 07:45, 2025-05-31 15:45, 2025-05-31 23:45, 2025-06-01 07:45, 2025-06-01 15:45, 2025-06-01 23:45, 2025-06-02 07:45, 2025-06-02 15:45, 2025-06-02 23:45, 2025-06-03 07:45, 2025-06-03 15:45, 2025-06-03 23:45, 2025-06-04 07:45, 2025-06-04 15:45, 2025-06-04 23:45, 2025-06-05 07:45, 2025-06-05 15:45, 2025-06-05 23:45, 2025-06-06 07:45, 2025-06-06 15:45, 2025-06-06 23:45, 2025-06-07 07:45, 2025-06-07 15:45, 2025-06-07 23:45, 2025-06-08 07:45, 2025-06-08 15:45, 2025-06-08 23:45, 2025-06-09 07:45, 2025-06-09 15:45, 2025-06-09 23:45, 2025-06-10 07:45, 2025-06-10 15:45, 2025-06-10 23:45, 2025-06-11 07:45, 2025-06-11 15:45, 2025-06-11 23:45, 2025-06-12 07:45, 2025-06-12 15:45, 2025-06-12 23:45, 2025-06-13 07:45, 2025-06-13 15:45, 2025-06-13 23:45, 2025-06-14 07:45, 2025-06-14 15:45, 2025-06-14 23:45, 2025-06-15 07:45, 2025-06-15 15:45, 2025-06-15 23:45, 2025-06-16 07:45, 2025-06-16 15:45, 2025-06-16 23:45, 2025-06-17 07:45, 2025-06-17 15:45

Spamhaus PBL

92.63.197.197 is listed on the Spamhaus PBL blacklist.

Description: The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-07-08 00:04:01.578000
Was present on blacklist at: 2025-05-13 00:03, 2025-05-20 00:04, 2025-05-27 00:04, 2025-06-03 00:04, 2025-06-10 00:04, 2025-06-17 00:04, 2025-06-24 00:04, 2025-07-01 00:04, 2025-07-08 00:04

AbuseIPDB

92.63.197.197 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-06-28 04:00:00.602000
Was present on blacklist at: 2025-05-14 04:00, 2025-05-15 04:00, 2025-05-20 04:00, 2025-05-28 04:00, 2025-06-15 04:00, 2025-06-17 04:00, 2025-06-18 04:00, 2025-06-19 04:00, 2025-06-20 04:00, 2025-06-21 04:00, 2025-06-22 04:00, 2025-06-23 04:00, 2025-06-24 04:00, 2025-06-28 04:00

CI Army

92.63.197.197 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-06-29 02:50:01.082000
Was present on blacklist at: 2025-05-16 02:50, 2025-05-20 02:50, 2025-05-21 02:50, 2025-05-22 02:50, 2025-05-23 02:50, 2025-06-15 02:50, 2025-06-16 02:50, 2025-06-17 02:50, 2025-06-18 02:50, 2025-06-19 02:50, 2025-06-20 02:50, 2025-06-21 02:50, 2025-06-22 02:50, 2025-06-23 02:50, 2025-06-24 02:50, 2025-06-25 02:50, 2025-06-28 02:50, 2025-06-29 02:50

Turris greylist

92.63.197.197 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-24 21:15:00.200000
Was present on blacklist at: 2025-06-15 21:15, 2025-06-16 21:15, 2025-06-17 21:15, 2025-06-20 21:15, 2025-06-23 21:15, 2025-06-24 21:15

Warden events (16)

2025-06-29: ReconScanning (node.86eb21): 3
2025-06-10: ReconScanning (node.9c1411): 8
2025-06-09: ReconScanning (node.9c1411): 5

DShield reports (IP summary, reports)

2025-05-15: Number of reports: 193; Distinct targets: 164
2025-05-19: Number of reports: 283; Distinct targets: 181
2025-06-14: Number of reports: 1851; Distinct targets: 1686
2025-06-15: Number of reports: 6643; Distinct targets: 5486
2025-06-16: Number of reports: 641; Distinct targets: 517
2025-06-17: Number of reports: 2426; Distinct targets: 1851
2025-06-18: Number of reports: 5094; Distinct targets: 4023
2025-06-19: Number of reports: 5537; Distinct targets: 4154
2025-06-20: Number of reports: 2830; Distinct targets: 2398
2025-06-21: Number of reports: 7338; Distinct targets: 4650
2025-06-22: Number of reports: 3391; Distinct targets: 1914
2025-06-23: Number of reports: 5798; Distinct targets: 4244
2025-06-24: Number of reports: 5456; Distinct targets: 4509
2025-06-25: Number of reports: 82; Distinct targets: 66
2025-06-27: Number of reports: 93; Distinct targets: 57
2025-06-28: Number of reports: 100; Distinct targets: 100
2025-06-29: Number of reports: 1214; Distinct targets: 602

OTX pulses

[68233a6dd5985d2306b356cb] 2025-05-13 12:26:21.834000 | RDP honeypot logs for 2025/05/13

Author name:	jnazario
Pulse modified:	2025-05-13 12:26:21.834000
Indicator created:	2025-05-13 12:26:22
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-12 12:00:00

[68237ef8a9730b1fe9cb2095] 2025-05-13 17:18:48.665000 | RDP honeypot logs for 2025/05/13

Author name:	jnazario
Pulse modified:	2025-05-13 17:18:48.665000
Indicator created:	2025-05-13 17:18:49
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-12 17:00:00

[6827822d25063d47eb652546] 2025-05-16 18:21:33.486000 | RDP honeypot logs for 2025/05/16

Author name:	jnazario
Pulse modified:	2025-05-16 18:21:33.486000
Indicator created:	2025-05-16 18:21:34
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-15 18:00:00

[682880473511cd0e1b884ee4] 2025-05-17 12:25:43.874000 | RDP honeypot logs for 2025/05/17

Author name:	jnazario
Pulse modified:	2025-05-17 12:25:43.874000
Indicator created:	2025-05-17 12:25:44
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-16 12:00:00

[682dc6485da8b99948c2f06d] 2025-05-21 12:25:44.601000 | RDP honeypot logs for 2025/05/21

Author name:	jnazario
Pulse modified:	2025-05-21 12:25:44.601000
Indicator created:	2025-05-21 12:25:45
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-20 12:00:00

[682f187db58304fe1d570426] 2025-05-22 12:28:45.096000 | RDP honeypot logs for 2025/05/22

Author name:	jnazario
Pulse modified:	2025-05-22 12:28:45.096000
Indicator created:	2025-05-22 12:28:45
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-21 12:00:00

[6839a4236bdb4980de5c3ca2] 2025-05-30 12:27:15.927000 | RDP honeypot logs for 2025/05/30

Author name:	jnazario
Pulse modified:	2025-05-30 12:27:15.927000
Indicator created:	2025-05-30 12:27:16
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-29 12:00:00

[683af5631832cb9001b0c812] 2025-05-31 12:26:11.125000 | RDP honeypot logs for 2025/05/31

Author name:	jnazario
Pulse modified:	2025-05-31 12:26:11.125000
Indicator created:	2025-05-31 12:26:12
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-30 12:00:00

Origin AS: AS12695 - DINET-AS; AS204655 - NOVOGARA-AS; AS60307 - HVFOPServer-AS; AS44446 - SibirInvest; AS210848 - TK-NET; AS211736 - FDN3
BGP Prefix: 92.63.197.0/24
geo: South Africa; 🕑 Africa/Johannesburg
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 92.63.196.0 - 92.63.199.255
last_activity: 2025-06-29 11:54:46
last_warden_event: 2025-06-29 11:54:46
rep: 0.004166666666666667
reserved_range: 0
Shodan's InternetDB: Open ports: 80, 445, 1723; Tags: –; CPEs: cpe:/a:f5:nginx
ts_added: 2025-05-13 00:03:55.074000
ts_last_update: 2025-07-12 00:04:02.426000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses