IP address

Passive DNS

Tags: Scanner

IP blacklists

AbuseIPDB

103.214.111.82 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-04-18 04:00:00.574000
Was present on blacklist at: 2025-04-08 04:00, 2025-04-09 04:00, 2025-04-10 04:00, 2025-04-11 04:00, 2025-04-12 04:00, 2025-04-13 04:00, 2025-04-14 04:00, 2025-04-15 04:00, 2025-04-16 04:00, 2025-04-17 04:00, 2025-04-18 04:00

Turris greylist

103.214.111.82 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-12 21:15:00.174000
Was present on blacklist at: 2025-04-08 21:15, 2025-04-12 21:15

CI Army

103.214.111.82 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-04-22 02:50:01.189000
Was present on blacklist at: 2025-04-09 02:50, 2025-04-10 02:50, 2025-04-11 02:50, 2025-04-12 02:50, 2025-04-13 02:50, 2025-04-14 02:50, 2025-04-15 02:50, 2025-04-16 02:50, 2025-04-17 02:50, 2025-04-18 02:50, 2025-04-19 02:50, 2025-04-20 02:50, 2025-04-21 02:50, 2025-04-22 02:50

UCEPROTECT L1

103.214.111.82 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-23 15:45:00.730000
Was present on blacklist at: 2025-04-09 07:45, 2025-04-09 15:45, 2025-04-09 23:45, 2025-04-10 07:45, 2025-04-10 15:45, 2025-04-10 23:45, 2025-04-11 07:45, 2025-04-11 15:45, 2025-04-11 23:45, 2025-04-12 07:45, 2025-04-12 15:45, 2025-04-12 23:45, 2025-04-13 07:45, 2025-04-13 15:45, 2025-04-13 23:45, 2025-04-14 07:45, 2025-04-14 15:45, 2025-04-14 23:45, 2025-04-15 07:45, 2025-04-15 15:45, 2025-04-15 23:45, 2025-04-16 07:45, 2025-04-16 15:45, 2025-04-16 23:45, 2025-04-17 07:45, 2025-04-17 15:45, 2025-04-17 23:45, 2025-04-18 07:45, 2025-04-18 15:45, 2025-04-18 23:45, 2025-04-19 07:45, 2025-04-19 15:45, 2025-04-19 23:45, 2025-04-20 07:45, 2025-04-20 15:45, 2025-04-20 23:45, 2025-04-21 07:45, 2025-04-21 15:45, 2025-04-21 23:45, 2025-04-22 07:45, 2025-04-22 15:45, 2025-04-22 23:45, 2025-04-23 07:45, 2025-04-23 15:45

Spamhaus XBL CBL

103.214.111.82 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-05 10:56:20.301000
Was present on blacklist at: 2025-04-14 10:56, 2025-04-21 10:56

Warden events (771)

2025-04-17: ReconScanning (node.4dc198): 20; ReconScanning (node.368407): 20
2025-04-16: ReconScanning (node.4dc198): 40; ReconScanning (node.368407): 39
2025-04-15: ReconScanning (node.368407): 57; ReconScanning (node.4dc198): 59
2025-04-14: ReconScanning (node.4dc198): 39; ReconScanning (node.368407): 39
2025-04-13: ReconScanning (node.368407): 39; ReconScanning (node.4dc198): 40
2025-04-12: ReconScanning (node.368407): 39; ReconScanning (node.4dc198): 39
2025-04-11: ReconScanning (node.4dc198): 40; ReconScanning (node.368407): 38
2025-04-10: ReconScanning (node.4dc198): 40; ReconScanning (node.368407): 39
2025-04-09: ReconScanning (node.4dc198): 40; ReconScanning (node.368407): 39
2025-04-08: ReconScanning (node.368407): 13; ReconScanning (node.4dc198): 15
2025-04-07: ReconScanning (node.4dc198): 19; ReconScanning (node.368407): 18

DShield reports (IP summary, reports)

2025-04-07: Number of reports: 1380; Distinct targets: 715
2025-04-08: Number of reports: 128; Distinct targets: 123
2025-04-09: Number of reports: 1621; Distinct targets: 748
2025-04-10: Number of reports: 913; Distinct targets: 656
2025-04-11: Number of reports: 1261; Distinct targets: 660
2025-04-12: Number of reports: 1206; Distinct targets: 654
2025-04-13: Number of reports: 902; Distinct targets: 648
2025-04-14: Number of reports: 911; Distinct targets: 657
2025-04-15: Number of reports: 1263; Distinct targets: 675
2025-04-16: Number of reports: 1294; Distinct targets: 669
2025-04-17: Number of reports: 816; Distinct targets: 337

OTX pulses

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2025-05-07 15:55:25.126000
Indicator created:	2025-04-07 17:50:21
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-07-06 00:00:00

Origin AS: AS63018 - DEDICATED
BGP Prefix: 103.214.111.0/24
geo: United States, Chicago; 🕑 America/Chicago
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 103.214.108.0 - 103.214.111.255
last_activity: 2025-05-07 16:00:56.793000
last_warden_event: 2025-04-17 04:03:02
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 81, 443, 2222, 3000, 3001, 3306, 4200, 5432, 8071, 8080, 8081, 8082, 9000, 9090, 9100; Tags: eol-product, database; CPEs: cpe:/a:f5:nginx:1.26.3, cpe:/a:f5:nginx:1.27.4, cpe:/a:openbsd:openssh:8.7, cpe:/a:openbsd:openssh:9.6p1, cpe:/a:oracle:jre, cpe:/o:canonical:ubuntu_linux, cpe:/a:oracle:mysql:8.0.41-0ubuntu0.24.04.1, cpe:/o:linux:linux_kernel, cpe:/a:f5:nginx:1.27.2, cpe:/a:postgresql:postgresql, cpe:/a:facebook:react, cpe:/a:f5:nginx:1.24.0, cpe:/a:f5:nginx, cpe:/a:f5:nginx:1.26.2
ts_added: 2025-04-07 10:56:17.407000
ts_last_update: 2025-05-11 10:56:20.175000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses