IP address

Search at other sites:

.000138.197.144.54

Shodan(more info)

Passive DNS

IP blacklists

DataPlane VNC RFB

138.197.144.54 is listed on the DataPlane VNC RFB blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs initiating<br>an unsolicited VNC remote frame buffer (RFB) session to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-19 07:10:01.043000
Was present on blacklist at: 2025-11-02 03:10, 2025-11-02 07:10, 2025-11-02 15:10, 2025-11-02 19:10, 2025-11-03 03:10, 2025-11-03 07:10, 2025-11-03 15:10, 2025-11-03 19:10, 2025-11-04 03:10, 2025-11-04 07:10, 2025-11-04 15:10, 2025-11-04 19:10, 2025-11-05 03:10, 2025-11-05 07:10, 2025-11-05 15:10, 2025-11-05 19:10, 2025-11-06 03:10, 2025-11-06 07:10, 2025-11-06 15:10, 2025-11-06 19:10, 2025-11-07 03:10, 2025-11-07 07:10, 2025-11-07 19:10, 2025-11-08 03:10, 2025-11-08 07:10, 2025-11-08 15:10, 2025-11-08 19:10, 2025-11-09 03:10, 2025-11-09 07:10, 2025-11-09 15:10, 2025-11-09 19:10, 2025-11-10 03:10, 2025-11-10 07:10, 2025-11-10 15:10, 2025-11-10 19:10, 2025-11-11 03:10, 2025-11-11 07:10, 2025-11-11 15:10, 2025-11-11 19:10, 2025-11-12 03:10, 2025-11-12 15:10, 2025-11-12 19:10, 2025-11-13 03:10, 2025-11-13 07:10, 2025-11-13 15:10, 2025-11-13 19:10, 2025-11-14 03:10, 2025-11-14 07:10, 2025-11-14 15:10, 2025-11-14 19:10, 2025-11-15 03:10, 2025-11-15 07:10, 2025-11-15 15:10, 2025-11-15 19:10, 2025-11-16 03:10, 2025-11-16 07:10, 2025-11-16 15:10, 2025-11-16 19:10, 2025-11-17 03:10, 2025-11-17 07:10, 2025-11-17 15:10, 2025-11-17 19:10, 2025-11-18 03:10, 2025-11-18 07:10, 2025-11-18 15:10, 2025-11-18 19:10, 2025-11-19 03:10, 2025-11-19 07:10, 2025-11-19 15:10, 2025-11-19 19:10, 2025-11-20 03:10, 2025-11-20 07:10, 2025-11-20 19:10, 2025-11-21 03:10, 2025-11-21 07:10, 2025-11-21 15:10, 2025-11-21 19:10, 2025-11-22 03:10, 2025-11-22 07:10, 2025-11-22 15:10, 2025-11-22 19:10, 2025-11-23 07:10, 2025-11-23 15:10, 2025-11-23 19:10, 2025-11-24 03:10, 2025-11-24 07:10, 2025-11-24 15:10, 2025-11-24 19:10, 2025-11-25 03:10, 2025-11-25 07:10, 2025-11-25 15:10, 2025-11-25 19:10, 2025-11-26 03:10, 2025-11-26 07:10, 2025-11-26 15:10, 2025-11-26 19:10, 2025-11-27 03:10, 2025-11-27 07:10, 2025-11-27 15:10, 2025-11-27 19:10, 2025-11-28 03:10, 2025-11-28 07:10, 2025-11-28 15:10, 2025-11-28 19:10, 2025-11-29 03:10, 2025-11-29 07:10, 2025-11-29 15:10, 2025-11-29 19:10, 2025-11-30 03:10, 2025-11-30 07:10, 2025-11-30 15:10, 2025-11-30 19:10, 2025-12-01 03:10, 2025-12-01 07:10, 2025-12-01 15:10, 2025-12-01 19:10, 2025-12-02 03:10, 2025-12-02 07:10, 2025-12-02 15:10, 2025-12-02 19:10, 2025-12-03 03:10, 2025-12-03 07:10, 2025-12-03 15:10, 2025-12-03 19:10, 2025-12-04 03:10, 2025-12-04 07:10, 2025-12-04 15:10, 2025-12-04 19:10, 2025-12-05 03:10, 2025-12-05 07:10, 2025-12-05 15:10, 2025-12-05 19:10, 2025-12-06 03:10, 2025-12-06 07:10, 2025-12-06 15:10, 2025-12-06 19:10, 2025-12-07 03:10, 2025-12-07 07:10, 2025-12-07 15:10, 2025-12-07 19:10, 2025-12-08 03:10, 2025-12-08 07:10, 2025-12-08 15:10, 2025-12-08 19:10, 2025-12-09 03:10, 2025-12-09 07:10, 2025-12-09 19:10, 2025-12-10 03:10, 2025-12-10 07:10, 2025-12-10 15:10, 2025-12-10 19:10, 2025-12-11 03:10, 2025-12-11 07:10, 2025-12-11 15:10, 2025-12-11 19:10, 2025-12-12 03:10, 2025-12-12 07:10, 2025-12-12 15:10, 2025-12-12 19:10, 2025-12-13 03:10, 2025-12-13 07:10, 2025-12-13 15:10, 2025-12-13 19:10, 2025-12-14 03:10, 2025-12-14 07:10, 2025-12-14 15:10, 2025-12-14 19:10, 2025-12-15 03:10, 2025-12-15 15:10, 2025-12-15 19:10, 2025-12-16 03:10, 2025-12-16 15:10, 2025-12-17 03:10, 2025-12-17 07:10, 2025-12-17 15:10, 2025-12-17 19:10, 2025-12-18 03:10, 2025-12-18 15:10, 2025-12-18 19:10, 2025-12-19 03:10, 2025-12-19 07:10

UCEPROTECT L1

138.197.144.54 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-03 08:45:00.583000
Was present on blacklist at: 2025-11-16 00:45, 2025-11-16 08:45, 2025-11-16 16:45, 2025-11-17 00:45, 2025-11-17 08:45, 2025-11-17 16:45, 2025-11-18 00:45, 2025-11-18 08:45, 2025-11-18 16:45, 2025-11-19 00:45, 2025-11-19 08:45, 2025-11-19 16:45, 2025-11-20 00:45, 2025-11-20 08:45, 2025-11-20 16:45, 2025-11-21 00:45, 2025-11-21 08:45, 2025-11-21 16:45, 2025-11-22 00:45, 2025-11-22 08:45, 2025-11-22 16:45, 2025-11-23 00:45, 2025-11-23 08:45, 2025-11-23 16:45, 2025-11-24 00:45, 2025-11-24 08:45, 2025-11-24 16:45, 2025-11-25 00:45, 2025-11-25 08:45, 2025-11-25 16:45, 2025-11-26 00:45, 2025-11-26 08:45, 2025-11-26 16:45, 2025-11-27 00:45, 2025-11-27 08:45, 2025-11-27 16:45, 2025-11-28 00:45, 2025-11-28 08:45, 2025-11-28 16:45, 2025-11-29 00:45, 2025-11-29 08:45, 2025-11-29 16:45, 2025-11-30 00:45, 2025-11-30 08:45, 2025-11-30 16:45, 2025-12-01 00:45, 2025-12-01 08:45, 2025-12-01 16:45, 2025-12-02 00:45, 2025-12-02 08:45, 2025-12-02 16:45, 2025-12-03 00:45, 2025-12-03 08:45

CI Army

138.197.144.54 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-12-19 03:50:01.033000
Was present on blacklist at: 2025-11-27 03:50, 2025-11-28 03:50, 2025-12-03 03:50, 2025-12-04 03:50, 2025-12-05 03:50, 2025-12-09 03:50, 2025-12-10 03:50, 2025-12-11 03:50, 2025-12-15 03:50, 2025-12-16 03:50, 2025-12-17 03:50, 2025-12-19 03:50

Warden events (3)

2025-10-24

ReconScanning (node.9c1411): 3

DShield reports (IP summary, reports)

2025-11-26

Number of reports: 32

Distinct targets: 21

2025-12-03

Number of reports: 30

Distinct targets: 20

2025-12-08

Number of reports: 30

Distinct targets: 20

2025-12-14

Number of reports: 23

Distinct targets: 17

OTX pulses

[6919d085b7cfd548429151be] 2025-11-16 13:24:21.002000 | VNC honeypot logs for 2025/11/16

Author name:	jnazario
Pulse modified:	2025-11-16 13:24:21.002000
Indicator created:	2025-11-16 13:24:22
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-16 13:00:00

[691b2211ce0502719227ebcc] 2025-11-17 13:24:33.817000 | VNC honeypot logs for 2025/11/17

Author name:	jnazario
Pulse modified:	2025-11-17 13:24:33.817000
Indicator created:	2025-11-17 13:24:35
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-17 13:00:00

[691c738f7944fac309c4ff01] 2025-11-18 13:24:31.342000 | VNC honeypot logs for 2025/11/18

Author name:	jnazario
Pulse modified:	2025-11-18 13:24:31.342000
Indicator created:	2025-11-18 13:24:32
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-18 13:00:00

[691dc50eb315b09dc89c026b] 2025-11-19 13:24:30.605000 | VNC honeypot logs for 2025/11/19

Author name:	jnazario
Pulse modified:	2025-11-19 13:24:30.605000
Indicator created:	2025-11-19 13:24:31
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-19 13:00:00

[69230b02dade461546f6af0a] 2025-11-23 13:24:18.491000 | VNC honeypot logs for 2025/11/23

Author name:	jnazario
Pulse modified:	2025-11-23 13:24:18.491000
Indicator created:	2025-11-23 13:24:19
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-23 13:00:00

[69245c9ba7079448ccddced3] 2025-11-24 13:24:43.596000 | VNC honeypot logs for 2025/11/24

Author name:	jnazario
Pulse modified:	2025-11-24 13:24:43.596000
Indicator created:	2025-11-24 13:24:44
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-24 13:00:00

[6925ae1cba49695485c6421b] 2025-11-25 13:24:44.665000 | VNC honeypot logs for 2025/11/25

Author name:	jnazario
Pulse modified:	2025-11-25 13:24:44.665000
Indicator created:	2025-11-25 13:24:45
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-25 13:00:00

[6926ff9a783fbcc707887bc7] 2025-11-26 13:24:41.981000 | VNC honeypot logs for 2025/11/26

Author name:	jnazario
Pulse modified:	2025-11-26 13:24:41.981000
Indicator created:	2025-11-26 13:24:42
Indicator role:	None
Indicator title:
Indicator expiration:	2025-12-26 13:00:00

Origin AS

AS14061 - DIGITALOCEAN-ASN

BGP Prefix

138.197.144.0/20

geo

Canada, Toronto

🕑 America/Toronto

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

138.197.0.0 - 138.197.255.255

last_activity

2025-11-26 16:37:39.812000

last_warden_event

2025-10-24 04:41:54

rep

0.0

reserved_range

0

Shodan's InternetDB

Open ports: 22

Tags: cloud

CPEs: cpe:/o:linux:linux_kernel, cpe:/o:debian:debian_linux, cpe:/a:openbsd:openssh:9.2p1

ts_added

2025-10-24 03:56:56.715000

ts_last_update

2025-12-19 07:10:22.819000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses