IP address

Search at other sites:
.295133.18.111.20v133-18-111-20.vir.kagoya.net
Shodan(more info)
Passive DNS
Tags: IP in hostname
IP blacklists
DataPlane SSH login
133.18.111.20 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-22 03:10:01.524000
Was present on blacklist at: 2025-12-19 19:10, 2025-12-20 03:10, 2025-12-20 07:10, 2025-12-20 15:10, 2025-12-20 19:10, 2025-12-21 03:10, 2025-12-21 07:10, 2025-12-21 15:10, 2025-12-21 19:10, 2025-12-22 03:10
DataPlane TELNET login
133.18.111.20 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-22 03:10:02.892000
Was present on blacklist at: 2025-12-19 19:10, 2025-12-19 23:10, 2025-12-20 03:10, 2025-12-20 07:10, 2025-12-20 11:10, 2025-12-20 15:10, 2025-12-20 19:10, 2025-12-20 23:10, 2025-12-21 03:10, 2025-12-21 07:10, 2025-12-21 11:10, 2025-12-21 15:10, 2025-12-21 19:10, 2025-12-21 23:10, 2025-12-22 03:10
CI Army
133.18.111.20 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-12-22 03:50:00.998000
Was present on blacklist at: 2025-12-20 03:50, 2025-12-21 03:50, 2025-12-22 03:50
AbuseIPDB
133.18.111.20 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-12-22 05:00:00.757000
Was present on blacklist at: 2025-12-20 05:00, 2025-12-21 05:00, 2025-12-22 05:00
Turris greylist
133.18.111.20 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-21 22:15:00.150000
Was present on blacklist at: 2025-12-20 22:15, 2025-12-21 22:15
blocklist.de SSH
133.18.111.20 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-22 05:05:00.736000
Was present on blacklist at: 2025-12-21 05:05, 2025-12-21 11:05, 2025-12-21 17:05, 2025-12-21 23:05, 2025-12-22 05:05
Warden events (511)
2025-12-22
IntrusionUserCompromise (node.cfb4f7): 14
2025-12-21
IntrusionUserCompromise (node.cfb4f7): 118
ReconScanning (node.4dc198): 3
2025-12-20
IntrusionUserCompromise (node.cfb4f7): 266
2025-12-19
IntrusionUserCompromise (node.cfb4f7): 109
AttemptLogin (node.40929a): 1
DShield reports (IP summary, reports)
2025-12-19
Number of reports: 90
Distinct targets: 31
2025-12-20
Number of reports: 379
Distinct targets: 130
2025-12-21
Number of reports: 243
Distinct targets: 104
OTX pulses
[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors
Author name:Kapppppa
Pulse modified:2025-12-22 03:54:12.201000
Indicator created:2025-12-21 11:51:39
Indicator role:bruteforce
Indicator title:Telnet Login attempt
Indicator expiration:2026-01-20 11:00:00
Origin AS
AS24282 - KIR
BGP Prefix
133.18.0.0/16
geo
Japan, Kyoto
🕑 Asia/Tokyo
hostname
v133-18-111-20.vir.kagoya.net
hostname_class
['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database)
133.0.0.0 - 133.255.255.255
last_activity
2025-12-22 04:38:58.572000
last_warden_event
2025-12-22 04:01:33
rep
0.2952340262276786
reserved_range
0
Shodan's InternetDB
Open ports: 22, 80, 443, 8065, 8080
Tags: eol-product
CPEs: cpe:/a:jenkins:mattermost, cpe:/a:openbsd:openssh:9.9, cpe:/a:golang:go, cpe:/a:f5:nginx:1.26.3, cpe:/a:openssl:openssl:3.2.2, cpe:/a:facebook:react, cpe:/a:apache:http_server:2.4.63
ts_added
2025-12-19 18:00:40.769000
ts_last_update
2025-12-22 05:06:31.028000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses