IP address

Passive DNS

Tags: Scanner

IP blacklists

DataPlane SIP query

20.15.201.255 is listed on the DataPlane SIP query blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IP addresses that has been seen initiating an unsolicited SIP OPTIONS query to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-06 18:10:01.417000
Was present on blacklist at: 2025-04-25 02:10, 2025-04-25 06:10, 2025-04-25 14:10, 2025-04-25 18:10, 2025-04-26 02:10, 2025-04-26 06:10, 2025-04-26 14:10, 2025-04-26 18:10, 2025-04-27 02:10, 2025-04-27 06:10, 2025-04-27 14:10, 2025-04-27 18:10, 2025-04-28 02:10, 2025-04-28 06:10, 2025-04-28 14:10, 2025-04-28 18:10, 2025-04-29 02:10, 2025-04-29 06:10, 2025-04-29 14:10, 2025-04-29 18:10, 2025-04-29 22:10, 2025-04-30 02:10, 2025-04-30 06:10, 2025-04-30 14:10, 2025-04-30 18:10, 2025-04-30 22:10, 2025-05-01 02:10, 2025-05-01 06:10, 2025-05-01 10:10, 2025-05-01 14:10, 2025-05-01 18:10, 2025-05-01 22:10, 2025-05-02 02:10, 2025-05-02 06:10, 2025-05-02 14:10, 2025-05-02 18:10, 2025-05-03 14:10, 2025-05-03 18:10, 2025-05-04 02:10, 2025-05-04 06:10, 2025-05-04 14:10, 2025-05-04 18:10, 2025-05-05 02:10, 2025-05-05 06:10, 2025-05-05 14:10, 2025-05-05 18:10, 2025-05-06 02:10, 2025-05-06 06:10, 2025-05-06 14:10, 2025-05-06 18:10

CI Army

20.15.201.255 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-05-06 02:50:01.028000
Was present on blacklist at: 2025-04-26 02:50, 2025-04-27 02:50, 2025-04-28 02:50, 2025-04-29 02:50, 2025-04-30 02:50, 2025-05-01 02:50, 2025-05-02 02:50, 2025-05-03 02:50, 2025-05-04 02:50, 2025-05-05 02:50, 2025-05-06 02:50

DataPlane SMTP greeting

20.15.201.255 is listed on the DataPlane SMTP greeting blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs that are identified as SMTP clients issuing unsolicited HELO or EHLO commands.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-03 06:10:00.788000
Was present on blacklist at: 2025-04-26 10:10, 2025-04-26 14:10, 2025-04-26 18:10, 2025-04-26 22:10, 2025-04-27 02:10, 2025-04-27 06:10, 2025-04-27 10:10, 2025-04-27 14:10, 2025-04-27 18:10, 2025-04-27 22:10, 2025-04-28 02:10, 2025-04-28 06:10, 2025-04-28 10:10, 2025-04-28 14:10, 2025-04-28 18:10, 2025-04-28 22:10, 2025-04-29 02:10, 2025-04-29 06:10, 2025-04-29 10:10, 2025-04-29 14:10, 2025-04-29 18:10, 2025-04-29 22:10, 2025-04-30 02:10, 2025-04-30 06:10, 2025-04-30 10:10, 2025-04-30 14:10, 2025-04-30 18:10, 2025-04-30 22:10, 2025-05-01 02:10, 2025-05-01 06:10, 2025-05-01 10:10, 2025-05-01 14:10, 2025-05-01 18:10, 2025-05-01 22:10, 2025-05-02 02:10, 2025-05-02 06:10, 2025-05-02 10:10, 2025-05-02 14:10, 2025-05-02 18:10, 2025-05-02 22:10, 2025-05-03 02:10, 2025-05-03 06:10

AbuseIPDB

20.15.201.255 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-05-05 04:00:00.633000
Was present on blacklist at: 2025-04-28 04:00, 2025-04-29 04:00, 2025-05-01 04:00, 2025-05-03 04:00, 2025-05-05 04:00

Turris greylist

20.15.201.255 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-04 21:15:00.216000
Was present on blacklist at: 2025-04-29 21:15, 2025-05-02 21:15, 2025-05-04 21:15

Spamhaus XBL CBL

20.15.201.255 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-02 00:49:00.504000
Was present on blacklist at: 2025-05-02 00:49

Warden events (40)

2025-05-06: ReconScanning (node.368407): 2; ReconScanning (node.4dc198): 1
2025-05-05: ReconScanning (node.4dc198): 1; ReconScanning (node.368407): 1
2025-05-04: ReconScanning (node.4dc198): 2; ReconScanning (node.368407): 3
2025-05-03: ReconScanning (node.4dc198): 1; ReconScanning (node.368407): 1
2025-05-02: ReconScanning (node.4dc198): 2; ReconScanning (node.368407): 2
2025-04-30: ReconScanning (node.368407): 1
2025-04-28: ReconScanning (node.4dc198): 6; ReconScanning (node.368407): 2
2025-04-27: ReconScanning (node.368407): 2
2025-04-26: ReconScanning (node.4dc198): 2; ReconScanning (node.368407): 1
2025-04-25: ReconScanning (node.368407): 6; ReconScanning (node.4dc198): 2; AnomalyTraffic (node.ffe95c): 2

DShield reports (IP summary, reports)

2025-04-24: Number of reports: 12; Distinct targets: 8
2025-04-25: Number of reports: 101; Distinct targets: 88
2025-04-26: Number of reports: 61; Distinct targets: 55
2025-04-27: Number of reports: 75; Distinct targets: 51
2025-04-28: Number of reports: 137; Distinct targets: 81
2025-04-29: Number of reports: 65; Distinct targets: 53
2025-04-30: Number of reports: 123; Distinct targets: 81
2025-05-01: Number of reports: 62; Distinct targets: 45
2025-05-02: Number of reports: 66; Distinct targets: 46
2025-05-03: Number of reports: 81; Distinct targets: 68
2025-05-04: Number of reports: 47; Distinct targets: 42
2025-05-05: Number of reports: 86; Distinct targets: 63

Origin AS: AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK
BGP Prefix: 20.0.0.0/11
geo: United States, Des Moines; 🕑 America/Chicago
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 20.0.0.0 - 20.31.255.255
last_activity: 2025-05-06 10:45:51
last_warden_event: 2025-05-06 10:45:51
rep: 0.4956415085565476
reserved_range: 0
ts_added: 2025-04-25 00:48:55.400000
ts_last_update: 2025-05-06 18:10:43.332000

Warden event timeline

DShield event timeline

Presence on blacklists