IP address

Passive DNS

Tags: IP in hostname

IP blacklists

CI Army

198.12.68.106 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-03-10 03:50:01.111000
Was present on blacklist at: 2025-01-31 03:50, 2025-02-01 03:50, 2025-02-02 03:50, 2025-02-03 03:50, 2025-02-04 03:50, 2025-02-05 03:50, 2025-02-06 03:50, 2025-02-07 03:50, 2025-02-08 03:50, 2025-02-09 03:50, 2025-02-10 03:50, 2025-02-11 03:50, 2025-02-12 03:50, 2025-02-13 03:50, 2025-02-14 03:50, 2025-02-15 03:50, 2025-02-16 03:50, 2025-02-17 03:50, 2025-02-18 03:50, 2025-02-19 03:50, 2025-02-20 03:50, 2025-02-21 03:50, 2025-02-22 03:50, 2025-02-23 03:50, 2025-02-24 03:50, 2025-02-25 03:50, 2025-02-26 03:50, 2025-02-27 03:50, 2025-02-28 03:50, 2025-03-01 03:50, 2025-03-02 03:50, 2025-03-03 03:50, 2025-03-04 03:50, 2025-03-05 03:50, 2025-03-06 03:50, 2025-03-07 03:50, 2025-03-08 03:50, 2025-03-09 03:50, 2025-03-10 03:50

UCEPROTECT L1

198.12.68.106 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-03-17 00:45:00.704000
Was present on blacklist at: 2025-01-31 00:45, 2025-01-31 08:45, 2025-01-31 16:45, 2025-02-01 00:45, 2025-02-01 08:45, 2025-02-01 16:45, 2025-02-02 00:45, 2025-02-02 08:45, 2025-02-02 16:45, 2025-02-03 00:45, 2025-02-03 08:45, 2025-02-03 16:45, 2025-02-04 00:45, 2025-02-04 08:45, 2025-02-04 16:45, 2025-02-05 00:45, 2025-02-05 08:45, 2025-02-05 16:45, 2025-02-06 00:45, 2025-02-06 08:45, 2025-02-06 16:45, 2025-02-07 00:45, 2025-02-07 08:45, 2025-02-07 16:45, 2025-02-08 00:45, 2025-02-08 08:45, 2025-02-08 16:45, 2025-02-09 00:45, 2025-02-09 08:45, 2025-02-09 16:45, 2025-02-10 00:45, 2025-02-10 08:45, 2025-02-10 16:45, 2025-02-11 00:45, 2025-02-11 08:45, 2025-02-11 16:45, 2025-02-12 00:45, 2025-02-12 08:45, 2025-02-12 16:45, 2025-02-13 00:45, 2025-02-13 08:45, 2025-02-13 16:45, 2025-02-14 00:45, 2025-02-14 08:45, 2025-02-14 16:45, 2025-02-15 00:45, 2025-02-15 08:45, 2025-02-15 16:45, 2025-02-16 00:45, 2025-02-16 08:45, 2025-02-16 16:45, 2025-02-17 00:45, 2025-02-17 08:45, 2025-02-17 16:45, 2025-02-18 00:45, 2025-02-18 08:45, 2025-02-18 16:45, 2025-02-19 00:45, 2025-02-19 08:45, 2025-02-19 16:45, 2025-02-20 00:45, 2025-02-20 08:45, 2025-02-20 16:45, 2025-02-21 00:45, 2025-02-21 08:45, 2025-02-21 16:45, 2025-02-22 00:45, 2025-02-22 08:45, 2025-02-22 16:45, 2025-02-23 00:45, 2025-02-23 08:45, 2025-02-23 16:45, 2025-02-24 00:45, 2025-02-24 08:45, 2025-02-24 16:45, 2025-02-25 00:45, 2025-02-25 08:45, 2025-02-25 16:45, 2025-02-26 00:45, 2025-02-26 08:45, 2025-02-26 16:45, 2025-02-27 00:45, 2025-02-27 08:45, 2025-02-27 16:45, 2025-02-28 00:45, 2025-02-28 08:45, 2025-02-28 16:45, 2025-03-01 00:45, 2025-03-01 08:45, 2025-03-01 16:45, 2025-03-02 00:45, 2025-03-02 08:45, 2025-03-02 16:45, 2025-03-03 00:45, 2025-03-03 08:45, 2025-03-03 16:45, 2025-03-04 00:45, 2025-03-04 08:45, 2025-03-04 16:45, 2025-03-05 00:45, 2025-03-05 08:45, 2025-03-05 16:45, 2025-03-06 00:45, 2025-03-06 08:45, 2025-03-06 16:45, 2025-03-07 00:45, 2025-03-07 08:45, 2025-03-07 16:45, 2025-03-08 00:45, 2025-03-08 08:45, 2025-03-08 16:45, 2025-03-09 00:45, 2025-03-09 08:45, 2025-03-09 16:45, 2025-03-10 00:45, 2025-03-10 08:45, 2025-03-10 16:45, 2025-03-11 00:45, 2025-03-11 08:45, 2025-03-11 16:45, 2025-03-12 00:45, 2025-03-12 08:45, 2025-03-12 16:45, 2025-03-13 00:45, 2025-03-13 08:45, 2025-03-13 16:45, 2025-03-14 00:45, 2025-03-14 08:45, 2025-03-14 16:45, 2025-03-15 00:45, 2025-03-15 08:45, 2025-03-15 16:45, 2025-03-16 00:45, 2025-03-16 08:45, 2025-03-16 16:45, 2025-03-17 00:45

AbuseIPDB

198.12.68.106 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-03-11 05:00:00.466000
Was present on blacklist at: 2025-01-31 05:00, 2025-02-01 05:00, 2025-02-02 05:00, 2025-02-03 05:00, 2025-02-04 05:00, 2025-02-05 05:00, 2025-02-06 05:00, 2025-02-07 05:00, 2025-02-08 05:00, 2025-02-09 05:00, 2025-02-10 05:00, 2025-02-11 05:00, 2025-02-12 05:00, 2025-02-13 05:00, 2025-02-14 05:00, 2025-02-15 05:00, 2025-02-16 05:00, 2025-02-17 05:00, 2025-02-18 05:00, 2025-02-19 05:00, 2025-02-20 05:00, 2025-02-21 05:00, 2025-02-22 05:00, 2025-02-23 05:00, 2025-02-24 05:00, 2025-02-25 05:00, 2025-02-26 05:00, 2025-02-27 05:00, 2025-02-28 05:00, 2025-03-01 05:00, 2025-03-02 05:00, 2025-03-03 05:00, 2025-03-05 05:00, 2025-03-06 05:00, 2025-03-07 05:00, 2025-03-08 05:00, 2025-03-09 05:00, 2025-03-10 05:00, 2025-03-11 05:00

Turris greylist

198.12.68.106 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-03-07 22:15:00.184000
Was present on blacklist at: 2025-02-07 22:15, 2025-02-08 22:15, 2025-02-11 22:15, 2025-02-20 22:15, 2025-02-26 22:15, 2025-03-03 22:15, 2025-03-04 22:15, 2025-03-06 22:15, 2025-03-07 22:15

Warden events (5735)

2025-03-10: ReconScanning (node.368407): 12; ReconScanning (node.4dc198): 12
2025-03-09: ReconScanning (node.368407): 84; ReconScanning (node.4dc198): 29
2025-03-08: ReconScanning (node.368407): 23; ReconScanning (node.4dc198): 11
2025-03-07: ReconScanning (node.4dc198): 149; ReconScanning (node.368407): 146
2025-03-06: ReconScanning (node.4dc198): 121; ReconScanning (node.368407): 125
2025-03-05: ReconScanning (node.4dc198): 35; ReconScanning (node.368407): 45
2025-03-04: ReconScanning (node.4dc198): 21; ReconScanning (node.368407): 21
2025-03-03: ReconScanning (node.4dc198): 50; ReconScanning (node.368407): 61
2025-03-02: ReconScanning (node.368407): 221
2025-03-01: ReconScanning (node.368407): 143
2025-02-28: ReconScanning (node.368407): 54
2025-02-27: ReconScanning (node.368407): 81
2025-02-26: ReconScanning (node.368407): 60; ReconScanning (node.4dc198): 64
2025-02-25: ReconScanning (node.368407): 197; ReconScanning (node.4dc198): 198
2025-02-24: ReconScanning (node.368407): 142; ReconScanning (node.4dc198): 25; ReconScanning (node.5f02e7): 1
2025-02-23: ReconScanning (node.368407): 172; ReconScanning (node.4dc198): 82
2025-02-22: ReconScanning (node.368407): 57
2025-02-21: ReconScanning (node.368407): 122
2025-02-20: ReconScanning (node.368407): 13
2025-02-19: ReconScanning (node.368407): 158; ReconScanning (node.4dc198): 117; ReconScanning (node.5f02e7): 1
2025-02-18: ReconScanning (node.368407): 44
2025-02-17: ReconScanning (node.4dc198): 99; ReconScanning (node.368407): 147
2025-02-16: ReconScanning (node.4dc198): 166; ReconScanning (node.368407): 211; ReconScanning (node.5f02e7): 1
2025-02-15: ReconScanning (node.368407): 79; ReconScanning (node.4dc198): 21
2025-02-14: ReconScanning (node.368407): 53
2025-02-13: ReconScanning (node.368407): 62
2025-02-12: ReconScanning (node.4dc198): 18; ReconScanning (node.368407): 45
2025-02-11: ReconScanning (node.368407): 66; ReconScanning (node.4dc198): 54
2025-02-10: ReconScanning (node.368407): 75; ReconScanning (node.4dc198): 46
2025-02-09: ReconScanning (node.4dc198): 88; ReconScanning (node.368407): 154
2025-02-08: ReconScanning (node.368407): 125; ReconScanning (node.4dc198): 81
2025-02-07: ReconScanning (node.4dc198): 39; ReconScanning (node.368407): 42
2025-02-06: ReconScanning (node.4dc198): 82; ReconScanning (node.368407): 94
2025-02-05: ReconScanning (node.4dc198): 65; ReconScanning (node.368407): 70
2025-02-04: ReconScanning (node.4dc198): 49; ReconScanning (node.368407): 48
2025-02-03: ReconScanning (node.4dc198): 63; ReconScanning (node.368407): 63
2025-02-02: ReconScanning (node.368407): 60; ReconScanning (node.4dc198): 60
2025-02-01: ReconScanning (node.4dc198): 91; ReconScanning (node.368407): 91
2025-01-31: ReconScanning (node.4dc198): 99; ReconScanning (node.368407): 95
2025-01-30: ReconScanning (node.368407): 68; ReconScanning (node.4dc198): 68

DShield reports (IP summary, reports)

2025-01-30: Number of reports: 526; Distinct targets: 291
2025-01-31: Number of reports: 751; Distinct targets: 342
2025-02-01: Number of reports: 6812; Distinct targets: 4034
2025-02-02: Number of reports: 7061; Distinct targets: 4356
2025-02-03: Number of reports: 3681; Distinct targets: 2153
2025-02-04: Number of reports: 4459; Distinct targets: 2400
2025-02-05: Number of reports: 6319; Distinct targets: 5451
2025-02-06: Number of reports: 3036; Distinct targets: 1972
2025-02-07: Number of reports: 9811; Distinct targets: 7492
2025-02-08: Number of reports: 4503; Distinct targets: 3196
2025-02-09: Number of reports: 2851; Distinct targets: 1805
2025-02-10: Number of reports: 2965; Distinct targets: 1830
2025-02-11: Number of reports: 2757; Distinct targets: 1430
2025-02-12: Number of reports: 758; Distinct targets: 331
2025-02-13: Number of reports: 646; Distinct targets: 319
2025-02-14: Number of reports: 1369; Distinct targets: 734
2025-02-15: Number of reports: 1405; Distinct targets: 680
2025-02-16: Number of reports: 3978; Distinct targets: 2456
2025-02-17: Number of reports: 3268; Distinct targets: 1976
2025-02-18: Number of reports: 458; Distinct targets: 312
2025-02-19: Number of reports: 3241; Distinct targets: 1505
2025-02-20: Number of reports: 152; Distinct targets: 89
2025-02-21: Number of reports: 6949; Distinct targets: 4260
2025-02-22: Number of reports: 4310; Distinct targets: 2728
2025-02-24: Number of reports: 3977; Distinct targets: 2499
2025-02-25: Number of reports: 3640; Distinct targets: 1930
2025-02-26: Number of reports: 1026; Distinct targets: 540
2025-02-27: Number of reports: 1529; Distinct targets: 741
2025-02-28: Number of reports: 5779; Distinct targets: 3394
2025-03-01: Number of reports: 714; Distinct targets: 315
2025-03-02: Number of reports: 2905; Distinct targets: 2405
2025-03-03: Number of reports: 1513; Distinct targets: 850
2025-03-04: Number of reports: 4233; Distinct targets: 2635
2025-03-05: Number of reports: 4740; Distinct targets: 2476
2025-03-06: Number of reports: 7126; Distinct targets: 4076
2025-03-07: Number of reports: 1297; Distinct targets: 338
2025-03-08: Number of reports: 226; Distinct targets: 138
2025-03-09: Number of reports: 843; Distinct targets: 324
2025-03-10: Number of reports: 182; Distinct targets: 132

OTX pulses

[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot

Author name:	georgengelmann
Pulse modified:	2025-03-19 07:00:13.536000
Indicator created:	2025-02-17 10:10:12
Indicator role:	bruteforce
Indicator title:	RDP intrusion attempt from 198-12-68-106-host.colocrossing.com port 25194
Indicator expiration:	2025-03-19 10:00:00

[674dcfbd030383dc044d751f] 2024-12-02 15:18:21.453000 | RDP honeypot logs for 2024/12/02

Author name:	jnazario
Pulse modified:	2024-12-02 15:18:21.453000
Indicator created:	2024-12-02 15:18:22
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-01 15:00:00

[67585d806b6cb29a9b9397ab] 2024-12-10 15:25:52.622000 | RDP honeypot logs for 2024/12/10

Author name:	jnazario
Pulse modified:	2024-12-10 15:25:52.622000
Indicator created:	2024-12-10 15:25:53
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-09 15:00:00

[675da2c863043c9440a7149a] 2024-12-14 15:22:48.030000 | RDP honeypot logs for 2024/12/14

Author name:	jnazario
Pulse modified:	2024-12-14 15:22:48.030000
Indicator created:	2024-12-14 15:22:48
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-13 15:00:00

[675ef4c8b100a9f1bb1a3461] 2024-12-15 15:24:56.543000 | RDP honeypot logs for 2024/12/15

Author name:	jnazario
Pulse modified:	2024-12-15 15:24:56.543000
Indicator created:	2024-12-15 15:24:57
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-14 15:00:00

[6762e7b8f082aeca6bac78f4] 2024-12-18 15:18:16.481000 | RDP honeypot logs for 2024/12/18

Author name:	jnazario
Pulse modified:	2024-12-18 15:18:16.481000
Indicator created:	2024-12-18 15:18:17
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-17 15:00:00

[677461ee8f5102bbb70df5e3] 2024-12-31 21:28:14.950000 | RDP honeypot logs for 2024/12/31

Author name:	jnazario
Pulse modified:	2024-12-31 21:28:14.950000
Indicator created:	2024-12-31 21:28:15
Indicator role:	None
Indicator title:
Indicator expiration:	2025-01-30 21:00:00

[6776b0068fa5a1eab5cff0fa] 2025-01-02 15:25:58.617000 | RDP honeypot logs for 2025/01/02

Author name:	jnazario
Pulse modified:	2025-01-02 15:25:58.617000
Indicator created:	2025-01-02 15:25:59
Indicator role:	None
Indicator title:
Indicator expiration:	2025-02-01 15:00:00

[67911063fc78745ed6a5fb9b] 2025-01-22 15:36:03.116000 | RDP honeypot logs for 2025/01/22

Author name:	jnazario
Pulse modified:	2025-01-22 15:36:03.116000
Indicator created:	2025-01-22 15:36:03
Indicator role:	None
Indicator title:
Indicator expiration:	2025-02-21 15:00:00

[679cd01fc63d837ede724e5f] 2025-01-31 13:29:03.404000 | RDP honeypot logs for 2025/01/31

Author name:	jnazario
Pulse modified:	2025-01-31 13:29:03.404000
Indicator created:	2025-01-31 13:29:04
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-02 13:00:00

[67ab4f78c4005262a520c98a] 2025-02-11 13:24:08.823000 | RDP honeypot logs for 2025/02/11

Author name:	jnazario
Pulse modified:	2025-02-11 13:24:08.823000
Indicator created:	2025-02-11 13:24:09
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-13 13:00:00

[67b1e6b160c5dcdaf00a60e9] 2025-02-16 13:22:57.633000 | RDP honeypot logs for 2025/02/16

Author name:	jnazario
Pulse modified:	2025-02-16 13:22:57.633000
Indicator created:	2025-02-16 13:22:58
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-18 13:00:00

[67b337d9c4b92d7c17a605dc] 2025-02-17 13:21:29.847000 | RDP honeypot logs for 2025/02/17

Author name:	jnazario
Pulse modified:	2025-02-17 13:21:29.847000
Indicator created:	2025-02-17 13:21:30
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-19 13:00:00

[67bb20d34aec603e956d652f] 2025-02-23 13:21:23.049000 | RDP honeypot logs for 2025/02/23

Author name:	jnazario
Pulse modified:	2025-02-23 13:21:23.049000
Indicator created:	2025-02-23 13:21:23
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-25 13:00:00

[67bc732a4ab1433a4f551a1d] 2025-02-24 13:24:58.264000 | RDP honeypot logs for 2025/02/24

Author name:	jnazario
Pulse modified:	2025-02-24 13:24:58.264000
Indicator created:	2025-02-24 13:24:59
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-26 13:00:00

[67bdc5d272adc2104c59b595] 2025-02-25 13:29:54.880000 | RDP honeypot logs for 2025/02/25

Author name:	jnazario
Pulse modified:	2025-02-25 13:29:54.880000
Indicator created:	2025-02-25 13:29:55
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-27 13:00:00

[67bf1c4059d6d3e181900dcd] 2025-02-26 13:50:56.777000 | RDP honeypot logs for 2025/02/26

Author name:	jnazario
Pulse modified:	2025-02-26 13:50:56.777000
Indicator created:	2025-02-26 13:50:58
Indicator role:	None
Indicator title:
Indicator expiration:	2025-03-28 13:00:00

[67cede99cc4f0f33ee1f9979] 2025-03-10 12:44:09.568000 | RDP honeypot logs for 2025/03/10

Author name:	jnazario
Pulse modified:	2025-03-10 12:44:09.568000
Indicator created:	2025-03-10 12:44:10
Indicator role:	None
Indicator title:
Indicator expiration:	2025-04-09 12:00:00

Origin AS: AS36352 - AS-COLOCROSSING
BGP Prefix: 198.12.68.0/23
fmp: {'general': 0.25250881910324097}
geo: United States; 🕑 America/Chicago
hostname: 198-12-68-106-host.colocrossing.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 198.12.64.0 - 198.12.127.255
last_activity: 2025-03-19 08:36:21.787000
last_warden_event: 2025-03-10 16:42:28
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 135, 137, 445, 3389, 5985, 8000; Tags: self-signed, scanner; CPEs: cpe:/a:apache:http_server:2.4.54, cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux, cpe:/a:openssl:openssl:1.1.1p
ts_added: 2023-10-06 19:18:31.377000
ts_last_update: 2025-04-30 19:18:40.653000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses