IP address

Search at other sites:
--36.105.166.131
Shodan(more info)
Passive DNS
Tags:
IP blacklists
CI Army
36.105.166.131 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-12-13 03:50:01.120000
Was present on blacklist at: 2025-12-12 03:50, 2025-12-13 03:50
DShield reports (IP summary, reports)
2025-12-11
Number of reports: 19
Distinct targets: 15
2025-12-12
Number of reports: 19
Distinct targets: 15
OTX pulses
[692ee8926e7a49bdce4ef28e] 2025-12-02 13:24:34.394000 | RDP honeypot logs for 2025/12/02
Author name:jnazario
Pulse modified:2025-12-02 13:24:34.394000
Indicator created:2025-12-02 13:24:35
Indicator role:None
Indicator title:
Indicator expiration:2026-01-01 13:00:00
[69303a24ea69a262c1dbb80b] 2025-12-03 13:24:52.418000 | RDP honeypot logs for 2025/12/03
Author name:jnazario
Pulse modified:2025-12-03 13:24:52.418000
Indicator created:2025-12-03 13:24:53
Indicator role:None
Indicator title:
Indicator expiration:2026-01-02 13:00:00
[69318b9cc1aee4fc1986472a] 2025-12-04 13:24:44.225000 | RDP honeypot logs for 2025/12/04
Author name:jnazario
Pulse modified:2025-12-04 13:24:44.225000
Indicator created:2025-12-04 13:24:45
Indicator role:None
Indicator title:
Indicator expiration:2026-01-03 13:00:00
[6932dd27b372189b84264e2d] 2025-12-05 13:24:55.931000 | RDP honeypot logs for 2025/12/05
Author name:jnazario
Pulse modified:2025-12-05 13:24:55.931000
Indicator created:2025-12-05 13:24:57
Indicator role:None
Indicator title:
Indicator expiration:2026-01-04 13:00:00
[69342ee9541aa3b2654801c2] 2025-12-06 13:26:01.541000 | RDP honeypot logs for 2025/12/06
Author name:jnazario
Pulse modified:2025-12-06 13:26:01.541000
Indicator created:2025-12-06 13:26:02
Indicator role:None
Indicator title:
Indicator expiration:2026-01-05 13:00:00
[69358059ce601f01106e87ad] 2025-12-07 13:25:45.598000 | RDP honeypot logs for 2025/12/07
Author name:jnazario
Pulse modified:2025-12-07 13:25:45.598000
Indicator created:2025-12-07 13:25:46
Indicator role:None
Indicator title:
Indicator expiration:2026-01-06 13:00:00
[693c178d0ef137aa7803cc29] 2025-12-12 13:24:29.409000 | RDP honeypot logs for 2025/12/12
Author name:jnazario
Pulse modified:2025-12-12 13:24:29.409000
Indicator created:2025-12-12 13:24:30
Indicator role:None
Indicator title:
Indicator expiration:2026-01-11 13:00:00
Origin AS
AS137695 - CHINATELECOM-XINJIANG-WULUMUQI-MAN
BGP Prefix
36.105.164.0/22
geo
China
🕑 Asia/Shanghai
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
36.96.0.0 - 36.127.255.255
last_activity
2025-12-12 16:37:18.209000
reserved_range
0
Shodan's InternetDB
Open ports: 3389, 5357, 5985
Tags: self-signed
CPEs:
ts_added
2025-12-02 16:37:13.292000
ts_last_update
2025-12-20 16:37:21.485000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses