IP address

Search at other sites:
--81.70.199.152
Shodan(more info)
Passive DNS
Tags:
IP blacklists
Turris greylist
81.70.199.152 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-02-26 22:15:00.290000
Was present on blacklist at: 2025-02-13 22:15, 2025-02-14 22:15, 2025-02-16 22:15, 2025-02-17 22:15, 2025-02-18 22:15, 2025-02-19 22:15, 2025-02-21 22:15, 2025-02-22 22:15, 2025-02-23 22:15, 2025-02-25 22:15, 2025-02-26 22:15
CI Army
81.70.199.152 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-02-26 03:50:01.096000
Was present on blacklist at: 2025-02-13 03:50, 2025-02-14 03:50, 2025-02-17 03:50, 2025-02-19 03:50, 2025-02-25 03:50, 2025-02-26 03:50
UCEPROTECT L1
81.70.199.152 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-02-18 00:45:00.779000
Was present on blacklist at: 2025-02-13 00:45, 2025-02-13 08:45, 2025-02-13 16:45, 2025-02-14 00:45, 2025-02-14 08:45, 2025-02-14 16:45, 2025-02-15 00:45, 2025-02-15 08:45, 2025-02-15 16:45, 2025-02-16 00:45, 2025-02-16 08:45, 2025-02-16 16:45, 2025-02-17 00:45, 2025-02-17 08:45, 2025-02-17 16:45, 2025-02-18 00:45
Spamhaus XBL CBL
81.70.199.152 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-07 22:16:31.974000
Was present on blacklist at: 2025-02-12 22:16, 2025-02-19 22:17, 2025-02-26 22:16
DShield reports (IP summary, reports)
2025-02-13
Number of reports: 28
Distinct targets: 12
2025-02-14
Number of reports: 22
Distinct targets: 6
2025-02-15
Number of reports: 53
Distinct targets: 22
2025-02-16
Number of reports: 43
Distinct targets: 13
2025-02-17
Number of reports: 12
Distinct targets: 6
2025-02-18
Number of reports: 24
Distinct targets: 8
2025-02-20
Number of reports: 75
Distinct targets: 10
2025-02-21
Number of reports: 48
Distinct targets: 22
2025-02-22
Number of reports: 15
Distinct targets: 9
2025-02-24
Number of reports: 12
Distinct targets: 6
2025-02-25
Number of reports: 39
Distinct targets: 14
OTX pulses
[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day
Author name:david3
Pulse modified:2025-03-27 19:55:23.352000
Indicator created:2025-02-25 23:05:18
Indicator role:scanning_host
Indicator title:404 NOT FOUND
Indicator expiration:2025-05-26 00:00:00
Origin AS
AS45090 - CNNIC-TENCENT-NET-AP
BGP Prefix
81.70.192.0/18
geo
China, Beijing
🕑 Asia/Shanghai
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
81.68.0.0 - 81.71.255.255
last_activity
2025-03-27 20:01:09.468000
reserved_range
0
Shodan's InternetDB
Open ports: 22, 80, 5601, 5672, 6379, 8085, 9001, 9090, 9200, 27017
Tags: cloud, eol-product, database, compromised, eol-os
CPEs: cpe:/a:elastic:elasticsearch:7.17.3, cpe:/a:openbsd:openssh:7.4, cpe:/a:minio:minio, cpe:/a:f5:nginx:1.22.1, cpe:/a:mongodb:mongodb:4.4.29, cpe:/a:openssl:openssl:1.1.1f, cpe:/a:vmware:rabbitmq:3.9.11, cpe:/a:redislabs:redis:7.4.1
ts_added
2025-02-05 22:16:22.945000
ts_last_update
2025-05-13 22:16:31.021000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses