IP address

Search at other sites:
.18667.215.241.9267-215-241-92-host.colocrossing.com
Shodan(more info)
Passive DNS
Tags: IP in hostname Scanner
IP blacklists
CI Army
67.215.241.92 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-14 02:50:00.853000
Was present on blacklist at: 2026-04-19 02:50, 2026-05-08 02:50, 2026-05-10 02:50, 2026-05-11 02:50, 2026-05-12 02:50, 2026-05-14 02:50
Echelon VNC login
67.215.241.92 is listed on the Echelon VNC login blacklist.

Description: VNC remote desktop login attempt on port 5900/5901
Type of feed: primary (feed detail page)

Last checked at: 2026-05-18 09:45:00.256000
Was present on blacklist at: 2026-04-19 09:45, 2026-04-20 09:45, 2026-04-21 09:45, 2026-04-22 09:45, 2026-04-23 09:45, 2026-05-04 09:45, 2026-05-05 09:45, 2026-05-07 09:45, 2026-05-08 09:45, 2026-05-09 09:45, 2026-05-10 09:45, 2026-05-11 09:45, 2026-05-12 09:45, 2026-05-18 09:45
AbuseIPDB
67.215.241.92 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-02 04:00:00.612000
Was present on blacklist at: 2026-06-02 04:00
UCEPROTECT L1
67.215.241.92 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-03 23:45:00.613000
Was present on blacklist at: 2026-06-02 15:45, 2026-06-02 23:45, 2026-06-03 07:45, 2026-06-03 15:45, 2026-06-03 23:45

Threat categories

TLRoleCategoryDetails
50 src scan
44 src
Warden events (191)
2026-05-11
ReconScanning (node.368407): 29
ReconScanning (node.4dc198): 27
ReconScanning (node.f90c6b): 10
2026-05-05
ReconScanning (node.368407): 57
ReconScanning (node.ce2b59): 4
AnomalyTraffic (node.ce2b59): 43
ReconScanning (node.4dc198): 6
2026-04-18
ReconScanning (node.368407): 10
ReconScanning (node.f90c6b): 5
DShield reports (IP summary, reports)
2026-04-19
Number of reports: 2147
Distinct targets: 1541
2026-04-20
Number of reports: 185
Distinct targets: 132
2026-05-06
Number of reports: 201
Distinct targets: 201
2026-05-07
Number of reports: 315
Distinct targets: 315
2026-05-08
Number of reports: 315
Distinct targets: 315
2026-05-10
Number of reports: 410
Distinct targets: 410
2026-05-11
Number of reports: 151
Distinct targets: 101
2026-05-12
Number of reports: 303
Distinct targets: 202
2026-05-14
Number of reports: 41
Distinct targets: 41
2026-05-16
Number of reports: 303
Distinct targets: 202
2026-05-17
Number of reports: 303
Distinct targets: 202
2026-06-02
Number of reports: 343
Distinct targets: 242
OTX pulses
[69f891ddf80e4dc4814248e6] 2026-05-04 12:32:29.134000 | VNC honeypot logs for 2026/05/04
Author name:jnazario
Pulse modified:2026-05-04 12:32:29.134000
Indicator created:2026-05-04 12:32:30
Indicator role:None
Indicator title:
Indicator expiration:2026-06-03 12:00:00
[69fc848b7463145d50d1b59b] 2026-05-07 12:24:43.043000 | VNC honeypot logs for 2026/05/07
Author name:jnazario
Pulse modified:2026-05-07 12:24:43.043000
Indicator created:2026-05-07 12:24:44
Indicator role:None
Indicator title:
Indicator expiration:2026-06-06 12:00:00
[69fdd909be96f6d482e764c5] 2026-05-08 12:37:29.790000 | VNC honeypot logs for 2026/05/08
Author name:jnazario
Pulse modified:2026-05-08 12:37:29.790000
Indicator created:2026-05-08 12:37:30
Indicator role:None
Indicator title:
Indicator expiration:2026-06-07 12:00:00
[6a031c24e8d7d12b739a58d4] 2026-05-12 12:25:07.583000 | VNC honeypot logs for 2026/05/12
Author name:jnazario
Pulse modified:2026-05-12 12:25:07.583000
Indicator created:2026-05-12 12:25:09
Indicator role:None
Indicator title:
Indicator expiration:2026-06-11 12:00:00
[69ff2785d82758d5905b8462] 2026-05-09 12:24:37.005000 | VNC honeypot logs for 2026/05/09
Author name:jnazario
Pulse modified:2026-05-09 12:24:37.005000
Indicator created:2026-05-09 12:24:38
Indicator role:None
Indicator title:
Indicator expiration:2026-06-08 12:00:00
Origin AS
AS36352 - AS-COLOCROSSING
BGP Prefix
67.215.241.0/24
geo
United States
🕑 America/Chicago
hostname
67-215-241-92-host.colocrossing.com
hostname_class
['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database)
67.215.240.0 - 67.215.247.255
last_activity
2026-05-12 18:02:26.796000
last_warden_event
2026-05-11 06:50:09
rep
0.18632502559531716
reserved_range
0
Shodan's InternetDB
Open ports: 22, 80
Tags:
CPEs: cpe:/a:f5:nginx, cpe:/o:linux:linux_kernel, cpe:/a:openbsd:openssh:9.2p1, cpe:/o:debian:debian_linux
ts_added
2026-04-18 10:12:27.585000
ts_last_update
2026-06-04 00:01:43.353000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses