IP address

Passive DNS

Tags:

IP blacklists

DataPlane SSH conn

167.99.137.204 is listed on the DataPlane SSH conn blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IP addresses that<br>has been seen initiating an unsolicited SSH connection to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2025-02-13 11:10:01.822000
Was present on blacklist at: 2025-02-03 07:10, 2025-02-03 11:10, 2025-02-03 15:10, 2025-02-03 19:10, 2025-02-03 23:10, 2025-02-04 03:10, 2025-02-04 07:10, 2025-02-04 11:10, 2025-02-04 15:10, 2025-02-04 19:10, 2025-02-04 23:10, 2025-02-05 03:10, 2025-02-05 07:10, 2025-02-05 11:10, 2025-02-05 15:10, 2025-02-05 19:10, 2025-02-05 23:10, 2025-02-06 03:10, 2025-02-06 07:10, 2025-02-06 11:10, 2025-02-06 15:10, 2025-02-06 19:10, 2025-02-06 23:10, 2025-02-07 03:10, 2025-02-07 07:10, 2025-02-07 11:10, 2025-02-07 15:10, 2025-02-07 19:10, 2025-02-07 23:10, 2025-02-08 03:10, 2025-02-08 07:10, 2025-02-08 11:10, 2025-02-08 15:10, 2025-02-08 19:10, 2025-02-08 23:10, 2025-02-09 03:10, 2025-02-09 07:10, 2025-02-09 11:10, 2025-02-09 15:10, 2025-02-09 19:10, 2025-02-09 23:10, 2025-02-10 03:10, 2025-02-10 07:10, 2025-02-10 11:10, 2025-02-10 15:10, 2025-02-10 19:10, 2025-02-10 23:10, 2025-02-11 03:10, 2025-02-11 07:10, 2025-02-11 11:10, 2025-02-11 15:10, 2025-02-11 19:10, 2025-02-11 23:10, 2025-02-12 03:10, 2025-02-12 07:10, 2025-02-12 11:10, 2025-02-12 15:10, 2025-02-12 19:10, 2025-02-12 23:10, 2025-02-13 03:10, 2025-02-13 07:10, 2025-02-13 11:10

AbuseIPDB

167.99.137.204 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-02-06 05:00:00.458000
Was present on blacklist at: 2025-02-05 05:00, 2025-02-06 05:00

UCEPROTECT L1

167.99.137.204 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-02-10 16:45:00.612000
Was present on blacklist at: 2025-02-03 08:45, 2025-02-03 16:45, 2025-02-04 00:45, 2025-02-04 08:45, 2025-02-04 16:45, 2025-02-05 00:45, 2025-02-05 08:45, 2025-02-05 16:45, 2025-02-06 00:45, 2025-02-06 08:45, 2025-02-06 16:45, 2025-02-07 00:45, 2025-02-07 08:45, 2025-02-07 16:45, 2025-02-08 00:45, 2025-02-08 08:45, 2025-02-08 16:45, 2025-02-09 00:45, 2025-02-09 08:45, 2025-02-09 16:45, 2025-02-10 00:45, 2025-02-10 08:45, 2025-02-10 16:45

Turris greylist

167.99.137.204 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-02-07 22:15:00.164000
Was present on blacklist at: 2025-02-03 22:15, 2025-02-04 22:15, 2025-02-05 22:15, 2025-02-06 22:15, 2025-02-07 22:15

Spamhaus SBL CSS

167.99.137.204 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-03 06:11:20.153000
Was present on blacklist at: 2025-02-08 06:11, 2025-02-15 06:11

Spamhaus XBL CBL

167.99.137.204 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-03 06:11:20.153000
Was present on blacklist at: 2025-02-08 06:11, 2025-02-15 06:11

Warden events (654)

2025-02-06: IntrusionUserCompromise (node.cfb4f7): 165
2025-02-05: IntrusionUserCompromise (node.cfb4f7): 216
2025-02-04: IntrusionUserCompromise (node.cfb4f7): 138
2025-02-03: IntrusionUserCompromise (node.cfb4f7): 135

DShield reports (IP summary, reports)

2025-02-03: Number of reports: 168; Distinct targets: 44
2025-02-04: Number of reports: 195; Distinct targets: 47
2025-02-05: Number of reports: 136; Distinct targets: 49
2025-02-06: Number of reports: 87; Distinct targets: 18

OTX pulses

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2025-03-03 07:55:24.322000
Indicator created:	2025-02-01 11:45:22
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-05-02 00:00:00

Origin AS: AS14061 - DIGITALOCEAN-ASN
BGP Prefix: 167.99.128.0/20
geo: Germany, Frankfurt am Main; 🕑 Europe/Berlin
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 167.99.0.0 - 167.99.255.255
last_activity: 2025-03-03 08:02:25.024000
last_warden_event: 2025-02-06 09:22:36
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 23, 25, 26, 79, 80, 88, 102, 104, 110, 113, 122, 135, 221, 222, 311, 314, 443, 502, 503, 515, 522, 541, 631, 636, 806, 902, 1023, 1024, 1028, 1200, 1224, 1234, 1311, 1337, 1414, 1433, 1443, 1515, 1521, 1604, 1741, 1800, 1801, 1911, 1922, 1925, 1926, 1935, 2000, 2002, 2003, 2008, 2010, 2020, 2030, 2109, 2121, 2122, 2222, 2233, 2323, 2332, 2404, 2423, 2525, 2628, 3001, 3013, 3017, 3018, 3101, 3116, 3118, 3120, 3121, 3122, 3127, 3130, 3138, 3301, 3307, 3310, 3333, 3337, 3403, 3406, 3409, 3412, 3540, 3541, 3542, 3622, 4000, 4022, 4040, 4117, 4242, 4321, 4433, 4434, 4506, 4524, 4840, 4911, 5000, 5001, 5005, 5006, 5007, 5009, 5010, 5025, 5201, 5222, 5235, 5432, 5435, 5500, 5601, 5605, 5614, 5620, 5800, 5801, 5822, 5900, 5901, 5911, 5918, 5919, 5938, 6000, 6001, 6002, 6510, 6601, 6633, 7001, 7007, 7218, 7415, 7441, 7443, 7603, 7634, 8000, 8001, 8002, 8003, 8004, 8007, 8008, 8009, 8010, 8012, 8014, 8016, 8017, 8019, 8021, 8035, 8080, 8101, 8104, 8107, 8110, 8112, 8113, 8115, 8123, 8126, 8130, 8134, 8139, 8140, 8200, 8203, 8237, 8241, 8317, 8333, 8334, 8404, 8418, 8426, 8430, 8513, 8515, 8528, 8623, 8800, 8802, 8812, 8813, 8826, 8828, 8834, 8837, 9000, 9002, 9005, 9009, 9010, 9011, 9039, 9042, 9100, 9104, 9110, 9130, 9200, 9203, 9210, 9212, 9222, 9226, 9303, 9304, 9306, 9333, 9418, 9529, 9530, 9600, 9633, 9710, 9800, 10000, 10001, 10019, 10134, 10909, 10911, 11000, 11112, 11210, 11211, 11300, 11434; Tags: cloud; CPEs: cpe:/a:openbsd:openssh:8.2p1, cpe:/o:canonical:ubuntu_linux
ts_added: 2025-02-01 06:11:18.281000
ts_last_update: 2025-05-04 06:11:20.879000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses