IP address

Search at other sites:

.019147.90.12.32

Shodan(more info)

Passive DNS

IP blacklists

CI Army

147.90.12.32 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-19 02:50:00.812000
Was present on blacklist at: 2026-05-19 02:50

Echelon config file hunt

147.90.12.32 is listed on the Echelon config file hunt blacklist.

Description: Scanning for exposed configuration files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-25 09:10:00.630000
Was present on blacklist at: 2026-05-19 09:10, 2026-05-20 09:10, 2026-05-21 09:10, 2026-05-22 09:10, 2026-05-24 09:10, 2026-05-25 09:10

Echelon directory traversal

147.90.12.32 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-25 09:15:00.239000
Was present on blacklist at: 2026-05-19 09:15, 2026-05-20 09:15, 2026-05-21 09:15, 2026-05-22 09:15, 2026-05-24 09:15, 2026-05-25 09:15

Echelon TLS/SSL crawler

147.90.12.32 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-05-25 09:40:00.446000
Was present on blacklist at: 2026-05-19 09:40, 2026-05-20 09:40, 2026-05-21 09:40, 2026-05-22 09:40, 2026-05-24 09:40, 2026-05-25 09:40

Echelon web crawler

147.90.12.32 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-05-25 09:50:00.415000
Was present on blacklist at: 2026-05-19 09:50, 2026-05-20 09:50, 2026-05-21 09:50, 2026-05-22 09:50, 2026-05-24 09:50, 2026-05-25 09:50

Spamhaus XBL CBL

147.90.12.32 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-01 06:06:20.331000
Was present on blacklist at: 2026-05-25 06:06

Threat categories

TL	Role	Category	Details
67	src	scan	port: 80, 443, 5601, 8081, 8888, 9000, 9200
25	src	exploit	protocol: http

---

Warden events (105)

2026-05-25

ReconScanning (node.9c1411): 27

2026-05-24

ReconScanning (node.9c1411): 30

2026-05-23

ReconScanning (node.9c1411): 9

2026-05-19

ReconScanning (node.ce2b59): 22

ReconScanning (node.4dc198): 7

2026-05-18

ReconScanning (node.ce2b59): 4

ReconScanning (node.4dc198): 6

DShield reports (IP summary, reports)

2026-05-18

Number of reports: 14

Distinct targets: 12

2026-05-19

Number of reports: 14

Distinct targets: 12

2026-05-20

Number of reports: 112

Distinct targets: 79

Origin AS

AS57043 - HOSTKEY-AS

BGP Prefix

147.90.12.0/24

geo

Netherlands

🕑 Europe/Amsterdam

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

147.90.0.0 - 147.90.255.255

last_activity

2026-05-25 17:06:42

last_warden_event

2026-05-25 17:06:42

rep

0.019352303885338484

reserved_range

0

Shodan's InternetDB

Open ports: 22, 80, 1080, 3128

Tags: proxy

CPEs: cpe:/a:f5:nginx:1.29.8, cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux

ts_added

2026-05-18 06:06:12.393000

ts_last_update

2026-06-04 06:06:20.409000

Warden event timeline

DShield event timeline

Presence on blacklists