IP address

Search at other sites:
.000165.227.134.101
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
CI Army
165.227.134.101 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-11-18 03:50:01.144000
Was present on blacklist at: 2025-11-17 03:50, 2025-11-18 03:50
Spamhaus SBL CSS
165.227.134.101 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-12-15 03:55:54.840000
Was present on blacklist at: 2025-11-17 03:55, 2025-11-24 03:55
AbuseIPDB
165.227.134.101 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-11-19 05:00:00.697000
Was present on blacklist at: 2025-11-18 05:00, 2025-11-19 05:00
UCEPROTECT L1
165.227.134.101 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-24 08:45:00.660000
Was present on blacklist at: 2025-11-18 16:45, 2025-11-19 00:45, 2025-11-19 08:45, 2025-11-19 16:45, 2025-11-20 00:45, 2025-11-20 08:45, 2025-11-20 16:45, 2025-11-21 00:45, 2025-11-21 08:45, 2025-11-21 16:45, 2025-11-22 00:45, 2025-11-22 08:45, 2025-11-22 16:45, 2025-11-23 00:45, 2025-11-23 08:45, 2025-11-23 16:45, 2025-11-24 00:45, 2025-11-24 08:45
Turris greylist
165.227.134.101 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-23 22:15:00.172000
Was present on blacklist at: 2025-11-18 22:15, 2025-11-19 22:15, 2025-11-20 22:15, 2025-11-21 22:15, 2025-11-22 22:15, 2025-11-23 22:15
blocklist.de web-login
165.227.134.101 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-20 23:05:00.376000
Was present on blacklist at: 2025-11-19 05:05, 2025-11-19 11:05, 2025-11-19 17:05, 2025-11-19 23:05, 2025-11-20 05:05, 2025-11-20 11:05, 2025-11-20 17:05, 2025-11-20 23:05
blocklist.de Apache
165.227.134.101 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-20 23:05:05.315000
Was present on blacklist at: 2025-11-19 05:05, 2025-11-19 11:05, 2025-11-19 17:05, 2025-11-19 23:05, 2025-11-20 05:05, 2025-11-20 11:05, 2025-11-20 17:05, 2025-11-20 23:05
Spamhaus XBL CBL
165.227.134.101 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-12-15 03:55:54.840000
Was present on blacklist at: 2025-11-24 03:55
Warden events (683)
2025-11-27
ReconScanning (node.9c1411): 2
2025-11-26
ReconScanning (node.9c1411): 29
2025-11-25
ReconScanning (node.9c1411): 47
2025-11-24
ReconScanning (node.9c1411): 54
2025-11-23
ReconScanning (node.9c1411): 57
2025-11-22
ReconScanning (node.9c1411): 48
IntrusionUserCompromise (node.cfb4f7): 148
AttemptLogin (node.03e7a9): 1
2025-11-21
ReconScanning (node.9c1411): 48
IntrusionUserCompromise (node.cfb4f7): 97
AttemptLogin (node.03e7a9): 2
2025-11-20
ReconScanning (node.9c1411): 35
ReconScanning (node.ce9a39): 8
2025-11-19
ReconScanning (node.9c1411): 10
IntrusionUserCompromise (node.cfb4f7): 24
2025-11-18
IntrusionUserCompromise (node.cfb4f7): 29
ReconScanning (node.9c1411): 6
2025-11-17
IntrusionUserCompromise (node.cfb4f7): 38
DShield reports (IP summary, reports)
2025-11-17
Number of reports: 119
Distinct targets: 29
2025-11-18
Number of reports: 119
Distinct targets: 29
2025-11-19
Number of reports: 83
Distinct targets: 26
2025-11-20
Number of reports: 83
Distinct targets: 26
2025-11-21
Number of reports: 130
Distinct targets: 34
2025-11-22
Number of reports: 144
Distinct targets: 43
OTX pulses
[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors
Author name:Kapppppa
Pulse modified:2025-12-17 07:56:38.034000
Indicator created:2025-11-17 10:35:20
Indicator role:bruteforce
Indicator title:Telnet Login attempt
Indicator expiration:2025-12-17 10:00:00
Origin AS
AS14061 - DIGITALOCEAN-ASN
BGP Prefix
165.227.128.0/20
geo
Germany, Frankfurt am Main
🕑 Europe/Berlin
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
165.227.0.0 - 165.227.255.255
last_activity
2025-12-17 08:38:39.924000
last_warden_event
2025-11-27 03:18:24
rep
0.0
reserved_range
0
Shodan's InternetDB
Open ports: 80, 443, 3000, 4369
Tags: eol-product, cloud
CPEs: cpe:/o:linux:linux_kernel, cpe:/o:canonical:ubuntu_linux, cpe:/a:facebook:react, cpe:/a:zeit:next.js, cpe:/a:f5:nginx:1.24.0
ts_added
2025-11-17 03:55:44.912000
ts_last_update
2025-12-18 03:55:54.373000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses