IP address
Tags:
IP in hostname
Scanner
- IP blacklists
UCEPROTECT L1
198.12.85.87 is listed on the UCEPROTECT L1 blacklist.
Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-04-17 23:45:00.486000
Was present on blacklist at:
2025-02-14 00:45,
2025-02-14 08:45,
2025-02-14 16:45,
2025-02-15 00:45,
2025-02-15 08:45,
2025-02-15 16:45,
2025-02-16 00:45,
2025-02-16 08:45,
2025-02-16 16:45,
2025-02-17 00:45,
2025-02-17 08:45,
2025-02-17 16:45,
2025-02-18 00:45,
2025-02-18 08:45,
2025-02-18 16:45,
2025-02-19 00:45,
2025-02-19 08:45,
2025-02-19 16:45,
2025-02-20 00:45,
2025-02-20 08:45,
2025-02-20 16:45,
2025-02-21 00:45,
2025-02-21 08:45,
2025-02-21 16:45,
2025-02-22 00:45,
2025-02-22 08:45,
2025-02-22 16:45,
2025-02-23 00:45,
2025-02-23 08:45,
2025-02-23 16:45,
2025-02-24 00:45,
2025-02-24 08:45,
2025-02-24 16:45,
2025-02-25 00:45,
2025-02-25 08:45,
2025-02-28 00:45,
2025-02-28 08:45,
2025-02-28 16:45,
2025-03-01 00:45,
2025-03-01 08:45,
2025-03-01 16:45,
2025-03-02 00:45,
2025-03-02 08:45,
2025-03-02 16:45,
2025-03-03 00:45,
2025-03-03 08:45,
2025-03-03 16:45,
2025-03-04 00:45,
2025-03-04 08:45,
2025-03-04 16:45,
2025-03-05 00:45,
2025-03-05 08:45,
2025-03-05 16:45,
2025-03-06 00:45,
2025-03-06 08:45,
2025-03-06 16:45,
2025-03-14 00:45,
2025-03-14 08:45,
2025-03-14 16:45,
2025-03-15 00:45,
2025-03-15 08:45,
2025-03-15 16:45,
2025-03-16 00:45,
2025-03-16 08:45,
2025-03-16 16:45,
2025-03-17 00:45,
2025-03-17 08:45,
2025-03-17 16:45,
2025-03-18 00:45,
2025-03-18 08:45,
2025-03-18 16:45,
2025-03-19 00:45,
2025-03-19 08:45,
2025-03-19 16:45,
2025-03-20 00:45,
2025-03-20 08:45,
2025-03-20 16:45,
2025-03-21 00:45,
2025-03-21 08:45,
2025-03-21 16:45,
2025-03-22 00:45,
2025-03-22 08:45,
2025-03-22 16:45,
2025-03-23 00:45,
2025-03-23 08:45,
2025-03-23 16:45,
2025-03-24 00:45,
2025-03-24 08:45,
2025-03-24 16:45,
2025-03-25 00:45,
2025-03-25 08:45,
2025-03-25 16:45,
2025-03-30 00:45,
2025-03-30 07:45,
2025-03-30 15:45,
2025-03-30 23:45,
2025-03-31 07:45,
2025-03-31 15:45,
2025-03-31 23:45,
2025-04-01 07:45,
2025-04-01 15:45,
2025-04-01 23:45,
2025-04-02 07:45,
2025-04-02 15:45,
2025-04-02 23:45,
2025-04-03 07:45,
2025-04-03 15:45,
2025-04-03 23:45,
2025-04-04 07:45,
2025-04-04 15:45,
2025-04-04 23:45,
2025-04-05 07:45,
2025-04-05 15:45,
2025-04-05 23:45,
2025-04-06 07:45,
2025-04-06 15:45,
2025-04-06 23:45,
2025-04-07 07:45,
2025-04-07 15:45,
2025-04-07 23:45,
2025-04-08 07:45,
2025-04-08 15:45,
2025-04-08 23:45,
2025-04-09 07:45,
2025-04-09 15:45,
2025-04-09 23:45,
2025-04-10 07:45,
2025-04-10 15:45,
2025-04-10 23:45,
2025-04-11 07:45,
2025-04-11 15:45,
2025-04-11 23:45,
2025-04-12 07:45,
2025-04-12 15:45,
2025-04-12 23:45,
2025-04-13 07:45,
2025-04-13 15:45,
2025-04-13 23:45,
2025-04-14 07:45,
2025-04-14 15:45,
2025-04-14 23:45,
2025-04-15 07:45,
2025-04-15 15:45,
2025-04-15 23:45,
2025-04-16 07:45,
2025-04-16 15:45,
2025-04-16 23:45,
2025-04-17 07:45,
2025-04-17 15:45,
2025-04-17 23:45
FireHOL anonymizers
198.12.85.87 is listed on the FireHOL anonymizers blacklist.
Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed:
secondary (
feed detail page)
Last checked at:
2025-05-02 00:05:08
Was present on blacklist at:
2025-02-14 00:11,
2025-02-15 00:09,
2025-02-16 00:11,
2025-02-17 00:11,
2025-02-18 00:09,
2025-02-19 00:11,
2025-02-20 00:11,
2025-02-21 00:11,
2025-02-22 00:10,
2025-02-23 00:10,
2025-02-24 00:09,
2025-02-25 00:11,
2025-02-26 00:07,
2025-02-27 00:08,
2025-02-28 00:09,
2025-03-01 00:10,
2025-03-02 00:10,
2025-03-03 00:08,
2025-03-04 00:11,
2025-03-05 00:08,
2025-03-06 00:09,
2025-03-07 00:10,
2025-03-08 00:08,
2025-03-09 00:08,
2025-03-10 00:11,
2025-03-11 00:08,
2025-03-12 00:09,
2025-03-13 00:08,
2025-03-14 00:11,
2025-03-15 00:09,
2025-03-16 00:09,
2025-03-17 00:08,
2025-03-18 00:09,
2025-03-19 00:09,
2025-03-20 00:09,
2025-03-21 00:11,
2025-03-22 00:08,
2025-03-23 00:10,
2025-03-24 00:11,
2025-03-25 00:09,
2025-03-26 00:09,
2025-03-27 00:09,
2025-03-28 00:08,
2025-03-29 00:11,
2025-03-30 00:09,
2025-03-31 00:08,
2025-04-01 00:09,
2025-04-02 00:12,
2025-04-03 00:08,
2025-04-04 00:07,
2025-04-05 00:08,
2025-04-06 00:11,
2025-04-07 00:09,
2025-04-08 00:10,
2025-04-09 00:09,
2025-04-10 00:13,
2025-04-11 00:09,
2025-04-12 00:13,
2025-04-13 00:11,
2025-04-14 00:08,
2025-04-15 00:11,
2025-04-16 00:08,
2025-04-17 00:11,
2025-04-18 00:11,
2025-04-19 00:11,
2025-04-20 00:08,
2025-04-21 00:05,
2025-04-22 00:05,
2025-04-23 00:05,
2025-04-24 00:05,
2025-04-25 00:05,
2025-04-26 00:05,
2025-04-27 00:05,
2025-04-28 00:05,
2025-04-29 00:05,
2025-04-30 00:05,
2025-05-01 00:05,
2025-05-02 00:05
AbuseIPDB
198.12.85.87 is listed on the AbuseIPDB blacklist.
Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed:
primary (
feed detail page)
Last checked at:
2025-04-10 04:00:00.488000
Was present on blacklist at:
2025-02-16 05:00,
2025-02-17 05:00,
2025-02-21 05:00,
2025-02-22 05:00,
2025-02-26 05:00,
2025-02-27 05:00,
2025-03-03 05:00,
2025-03-11 05:00,
2025-03-12 05:00,
2025-03-13 05:00,
2025-03-16 05:00,
2025-03-18 05:00,
2025-03-28 05:00,
2025-04-02 04:00,
2025-04-03 04:00,
2025-04-09 04:00,
2025-04-10 04:00
CI Army
198.12.85.87 is listed on the CI Army blacklist.
Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed:
primary (
feed detail page)
Last checked at:
2025-04-06 02:50:00.990000
Was present on blacklist at:
2025-02-17 03:50,
2025-02-18 03:50,
2025-02-19 03:50,
2025-02-20 03:50,
2025-02-21 03:50,
2025-03-05 03:50,
2025-03-06 03:50,
2025-03-07 03:50,
2025-03-18 03:50,
2025-03-19 03:50,
2025-03-20 03:50,
2025-03-29 03:50,
2025-04-03 02:50,
2025-04-04 02:50,
2025-04-05 02:50,
2025-04-06 02:50
- Warden events (1601)
- 2025-04-09
-
-
ReconScanning (node.368407): 20
- 2025-04-08
-
-
ReconScanning (node.368407): 61
- 2025-04-02
-
-
ReconScanning (node.368407): 122
-
ReconScanning (node.4dc198): 102
- 2025-04-01
-
-
ReconScanning (node.4dc198): 32
-
ReconScanning (node.368407): 42
- 2025-03-27
-
-
ReconScanning (node.368407): 84
- 2025-03-17
-
-
ReconScanning (node.368407): 72
-
ReconScanning (node.4dc198): 72
- 2025-03-12
-
-
ReconScanning (node.368407): 125
-
ReconScanning (node.4dc198): 119
- 2025-03-10
-
-
ReconScanning (node.4dc198): 26
- 2025-03-09
-
-
ReconScanning (node.4dc198): 1
- 2025-03-03
-
-
ReconScanning (node.4dc198): 169
-
ReconScanning (node.368407): 167
- 2025-03-02
-
-
ReconScanning (node.4dc198): 83
-
ReconScanning (node.368407): 83
- 2025-02-26
-
-
ReconScanning (node.4dc198): 59
- 2025-02-25
-
-
ReconScanning (node.4dc198): 50
- 2025-02-21
-
-
ReconScanning (node.4dc198): 45
- 2025-02-20
-
-
ReconScanning (node.4dc198): 54
- 2025-02-16
-
-
ReconScanning (node.4dc198): 2
- 2025-02-15
-
-
ReconScanning (node.4dc198): 11
- DShield reports (IP summary, reports)
- 2025-02-15
- Number of reports: 44
- Distinct targets: 27
- 2025-02-16
- Number of reports: 262
- Distinct targets: 138
- 2025-02-17
- Number of reports: 297
- Distinct targets: 183
- 2025-02-18
- Number of reports: 20
- Distinct targets: 13
- 2025-02-20
- Number of reports: 33
- Distinct targets: 20
- 2025-02-21
- Number of reports: 60
- Distinct targets: 36
- 2025-02-22
- Number of reports: 111
- Distinct targets: 66
- 2025-02-25
- Number of reports: 32
- Distinct targets: 20
- 2025-02-26
- Number of reports: 240
- Distinct targets: 141
- 2025-02-27
- Number of reports: 35
- Distinct targets: 30
- 2025-03-02
- Number of reports: 59
- Distinct targets: 56
- 2025-03-03
- Number of reports: 636
- Distinct targets: 369
- 2025-03-04
- Number of reports: 985
- Distinct targets: 600
- 2025-03-05
- Number of reports: 33
- Distinct targets: 19
- 2025-03-10
- Number of reports: 18
- Distinct targets: 10
- 2025-03-12
- Number of reports: 320
- Distinct targets: 166
- 2025-03-17
- Number of reports: 186
- Distinct targets: 135
- 2025-03-18
- Number of reports: 266
- Distinct targets: 152
- 2025-03-27
- Number of reports: 94
- Distinct targets: 79
- 2025-03-28
- Number of reports: 371
- Distinct targets: 286
- 2025-04-01
- Number of reports: 16
- Distinct targets: 11
- 2025-04-02
- Number of reports: 350
- Distinct targets: 202
- 2025-04-03
- Number of reports: 237
- Distinct targets: 150
- 2025-04-08
- Number of reports: 47
- Distinct targets: 37
- 2025-04-09
- Number of reports: 255
- Distinct targets: 132
- OTX pulses
-
[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot
| Author name: | georgengelmann |
| Pulse modified: | 2025-04-02 04:27:03.054000 |
| Indicator created: | 2025-03-12 15:10:05 |
| Indicator role: | bruteforce |
| Indicator title: | RDP intrusion attempt from 198-12-85-87-host.colocrossing.com port 46264 |
| Indicator expiration: | 2025-04-11 15:00:00 |
[67f121bf724daa702b11e193] 2025-04-05 12:27:43.634000 | RDP honeypot logs for 2025/04/05
| Author name: | jnazario |
| Pulse modified: | 2025-04-05 12:27:43.634000 |
| Indicator created: | 2025-04-05 12:27:45 |
| Indicator role: | None |
| Indicator title: | |
| Indicator expiration: | 2025-05-05 12:00:00 |
- Origin AS
- AS36352 - AS-COLOCROSSING
- BGP Prefix
- 198.12.85.0/24
- geo
-
United States, Buffalo
- 🕑 America/New_York
- hostname
- 198-12-85-87-host.colocrossing.com
- hostname_class
- ['ip_in_hostname']
- Address block ('inetnum' or 'NetRange' in whois database)
- 198.12.64.0 - 198.12.127.255
- last_activity
- 2025-04-09 01:35:56
- last_warden_event
- 2025-04-09 01:35:56
- rep
- 0.0
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 22, 445, 3389, 5985, 47001
- Tags: scanner, self-signed, eol-os
- CPEs: cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux
- ts_added
- 2025-02-14 00:58:45.975000
- ts_last_update
- 2025-05-02 00:58:51.970000
Warden event timeline
DShield event timeline
Presence on blacklists
OTX pulses
