IP address

Passive DNS

Tags: Scanner

IP blacklists

UCEPROTECT L1

194.247.12.155 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-21 08:45:00.514000
Was present on blacklist at: 2025-11-22 00:45, 2025-11-22 08:45, 2025-11-22 16:45, 2025-11-23 00:45, 2025-11-23 08:45, 2025-11-23 16:45, 2025-11-24 00:45, 2025-11-24 08:45, 2025-11-24 16:45, 2025-11-25 00:45, 2025-11-25 08:45, 2025-11-25 16:45, 2025-11-26 00:45, 2025-11-26 08:45, 2025-11-26 16:45, 2025-11-27 00:45, 2025-11-27 08:45, 2025-11-27 16:45, 2025-11-28 00:45, 2025-11-28 08:45, 2025-11-28 16:45, 2025-11-29 00:45, 2025-11-29 08:45, 2025-11-29 16:45, 2025-11-30 00:45, 2025-11-30 08:45, 2025-11-30 16:45, 2025-12-01 00:45, 2025-12-01 08:45, 2025-12-01 16:45, 2025-12-02 00:45, 2025-12-02 08:45, 2025-12-02 16:45, 2025-12-03 00:45, 2025-12-03 08:45, 2025-12-03 16:45, 2025-12-04 00:45, 2025-12-04 08:45, 2025-12-04 16:45, 2025-12-05 00:45, 2025-12-05 08:45, 2025-12-05 16:45, 2025-12-06 00:45, 2025-12-06 08:45, 2025-12-06 16:45, 2025-12-07 00:45, 2025-12-07 08:45, 2025-12-07 16:45, 2025-12-08 00:45, 2025-12-08 08:45, 2025-12-08 16:45, 2025-12-09 00:45, 2025-12-09 08:45, 2025-12-09 16:45, 2025-12-10 00:45, 2025-12-10 08:45, 2025-12-10 16:45, 2025-12-11 00:45, 2025-12-11 08:45, 2025-12-11 16:45, 2025-12-12 00:45, 2025-12-12 08:45, 2025-12-12 16:45, 2025-12-13 00:45, 2025-12-13 08:45, 2025-12-13 16:45, 2025-12-14 00:45, 2025-12-14 08:45, 2025-12-14 16:45, 2025-12-15 00:45, 2025-12-15 08:45, 2025-12-15 16:45, 2025-12-16 00:45, 2025-12-16 08:45, 2025-12-16 16:45, 2025-12-17 00:45, 2025-12-17 08:45, 2025-12-17 16:45, 2025-12-18 00:45, 2025-12-18 08:45, 2025-12-18 16:45, 2025-12-19 00:45, 2025-12-19 08:45, 2025-12-19 16:45, 2025-12-20 00:45, 2025-12-20 08:45, 2025-12-20 16:45, 2025-12-21 00:45, 2025-12-21 08:45

FireHOL anonymizers

194.247.12.155 is listed on the FireHOL anonymizers blacklist.

Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed: secondary (feed detail page)

Last checked at: 2025-12-21 00:05:10
Was present on blacklist at: 2025-11-22 00:05, 2025-11-23 00:05, 2025-11-24 00:05, 2025-11-25 00:05, 2025-11-26 00:05, 2025-11-27 00:05, 2025-11-28 00:05, 2025-11-29 00:05, 2025-11-30 00:05, 2025-12-01 00:05, 2025-12-02 00:05, 2025-12-03 00:05, 2025-12-04 00:05, 2025-12-05 00:05, 2025-12-06 00:05, 2025-12-07 00:05, 2025-12-08 00:05, 2025-12-09 00:05, 2025-12-10 00:05, 2025-12-11 00:05, 2025-12-12 00:05, 2025-12-13 00:05, 2025-12-14 00:05, 2025-12-15 00:05, 2025-12-16 00:05, 2025-12-17 00:05, 2025-12-18 00:05, 2025-12-19 00:05, 2025-12-20 00:05, 2025-12-21 00:05

AbuseIPDB

194.247.12.155 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-12-07 05:00:00.856000
Was present on blacklist at: 2025-11-28 05:00, 2025-11-29 05:00, 2025-12-07 05:00

Warden events (72)

2025-12-15: ReconScanning (node.9c1411): 3
2025-12-14: ReconScanning (node.9c1411): 6
2025-12-13: ReconScanning (node.9c1411): 4
2025-12-12: ReconScanning (node.9c1411): 8
2025-12-11: ReconScanning (node.9c1411): 8
2025-12-10: ReconScanning (node.9c1411): 4
2025-12-09: ReconScanning (node.9c1411): 6
2025-12-08: ReconScanning (node.9c1411): 3
2025-12-07: ReconScanning (node.9c1411): 1
2025-12-02: ReconScanning (node.9c1411): 2
2025-12-01: ReconScanning (node.9c1411): 2
2025-11-27: ReconScanning (node.9c1411): 6
2025-11-26: ReconScanning (node.9c1411): 7
2025-11-25: ReconScanning (node.9c1411): 10
2025-11-24: ReconScanning (node.9c1411): 2

OTX pulses

[6932dd27b372189b84264e2d] 2025-12-05 13:24:55.931000 | RDP honeypot logs for 2025/12/05

Author name:	jnazario
Pulse modified:	2025-12-05 13:24:55.931000
Indicator created:	2025-12-05 13:24:57
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-04 13:00:00

[69342ee9541aa3b2654801c2] 2025-12-06 13:26:01.541000 | RDP honeypot logs for 2025/12/06

Author name:	jnazario
Pulse modified:	2025-12-06 13:26:01.541000
Indicator created:	2025-12-06 13:26:02
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-05 13:00:00

[693ac6086c532a243a4436ed] 2025-12-11 13:24:24.868000 | RDP honeypot logs for 2025/12/11

Author name:	jnazario
Pulse modified:	2025-12-11 13:24:24.868000
Indicator created:	2025-12-11 13:24:25
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-10 13:00:00

[693d6904473d7aed9fd511a1] 2025-12-13 13:24:20.334000 | RDP honeypot logs for 2025/12/13

Author name:	jnazario
Pulse modified:	2025-12-13 13:24:20.334000
Indicator created:	2025-12-13 13:24:21
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-12 13:00:00

[693eba853b555b71144a38ef] 2025-12-14 13:24:21.746000 | RDP honeypot logs for 2025/12/14

Author name:	jnazario
Pulse modified:	2025-12-14 13:24:21.746000
Indicator created:	2025-12-14 13:24:22
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-13 13:00:00

[69400bfe4424d4041e41a819] 2025-12-15 13:24:14.285000 | RDP honeypot logs for 2025/12/15

Author name:	jnazario
Pulse modified:	2025-12-15 13:24:14.285000
Indicator created:	2025-12-15 13:24:15
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-14 13:00:00

[6942af1fbef80b5a8b982765] 2025-12-17 13:24:47.163000 | RDP honeypot logs for 2025/12/17

Author name:	jnazario
Pulse modified:	2025-12-17 13:24:47.163000
Indicator created:	2025-12-17 13:24:48
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-16 13:00:00

[6946a39459ad902a65fe770a] 2025-12-20 13:24:36.498000 | RDP honeypot logs for 2025/12/20

Author name:	jnazario
Pulse modified:	2025-12-20 13:24:36.498000
Indicator created:	2025-12-20 13:24:37
Indicator role:	None
Indicator title:
Indicator expiration:	2026-01-19 13:00:00

Origin AS: AS200000 - Ukraine-AS
BGP Prefix: 194.247.12.0/23
geo: Ukraine; 🕑 Europe/Kyiv
hostname: d37.default-host.net
Address block ('inetnum' or 'NetRange' in whois database): 194.247.12.0 - 194.247.13.255
last_activity: 2025-12-20 16:39:14.829000
last_warden_event: 2025-12-15 11:58:41
rep: 0.16255580357142857
reserved_range: 0
Shodan's InternetDB: Open ports: 135, 139, 445, 3306, 3389, 33060; Tags: self-signed, database; CPEs: cpe:/a:oracle:mysql
ts_added: 2025-11-22 01:01:38.742000
ts_last_update: 2025-12-21 08:53:53.596000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses