IP address
Tags:
Scanner
Login attempts
- IP blacklists
UCEPROTECT L1
81.92.203.135 is listed on the UCEPROTECT L1 blacklist.
Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed:
primary (
feed detail page)
Last checked at:
2026-03-18 00:45:00.845000
Was present on blacklist at:
2026-03-11 08:45,
2026-03-11 16:45,
2026-03-12 00:45,
2026-03-12 08:45,
2026-03-12 16:45,
2026-03-13 00:45,
2026-03-13 08:45,
2026-03-13 16:45,
2026-03-14 00:45,
2026-03-14 08:45,
2026-03-14 16:45,
2026-03-15 00:45,
2026-03-15 08:45,
2026-03-15 16:45,
2026-03-16 00:45,
2026-03-16 08:45,
2026-03-16 16:45,
2026-03-17 00:45,
2026-03-17 08:45,
2026-03-17 16:45,
2026-03-18 00:45
Echelon SSH connection attempt
81.92.203.135 is listed on the Echelon SSH connection attempt blacklist.
Description: SSH connection attempt detected on port 22 or 2222
Type of feed:
primary (
feed detail page)
Last checked at:
2026-03-22 10:35:00.363000
Was present on blacklist at:
2026-03-15 10:35,
2026-03-16 10:35,
2026-03-17 10:35,
2026-03-18 10:35,
2026-03-19 10:35,
2026-03-20 10:35,
2026-03-21 10:35,
2026-03-22 10:35
Echelon TLS/SSL crawler
81.92.203.135 is listed on the Echelon TLS/SSL crawler blacklist.
Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed:
primary (
feed detail page)
Last checked at:
2026-03-22 10:40:00.533000
Was present on blacklist at:
2026-03-15 10:40,
2026-03-16 10:40,
2026-03-17 10:40,
2026-03-18 10:40,
2026-03-19 10:40,
2026-03-20 10:40,
2026-03-21 10:40,
2026-03-22 10:40
Echelon web crawler
81.92.203.135 is listed on the Echelon web crawler blacklist.
Description: HTTP web crawling activity detected on web honeypots
Type of feed:
primary (
feed detail page)
Last checked at:
2026-03-27 10:50:00.538000
Was present on blacklist at:
2026-03-20 10:50,
2026-03-21 10:50,
2026-03-22 10:50,
2026-03-23 10:50,
2026-03-24 10:50,
2026-03-25 10:50,
2026-03-26 10:50,
2026-03-27 10:50
CI Army
81.92.203.135 is listed on the CI Army blacklist.
Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed:
primary (
feed detail page)
Last checked at:
2026-03-22 03:50:01.147000
Was present on blacklist at:
2026-03-21 03:50,
2026-03-22 03:50
Threat categories
| TL | Role | Category | Details |
|---|
| 55 |
src |
scan |
port: many
|
| 25 |
src |
— |
|
- Warden events (10)
- 2026-04-04
-
-
AnomalyTraffic (node.6a1878): 1
- 2026-04-01
-
-
ReconScanning (node.9c1411): 1
- 2026-03-31
-
-
ReconScanning (node.ce2b59): 3
-
ReconScanning (node.4dc198): 2
- 2026-03-20
-
-
ReconScanning (node.368407): 1
-
AttemptLogin (node.985fb4): 1
- 2026-03-11
-
-
AnomalyTraffic (node.ffe95c): 1
- DShield reports (IP summary, reports)
- 2026-03-01
- Number of reports: 197
- Distinct targets: 12
- 2026-03-09
- Number of reports: 14
- Distinct targets: 14
- 2026-03-14
- Number of reports: 12
- Distinct targets: 12
- 2026-03-15
- Number of reports: 25
- Distinct targets: 16
- 2026-03-19
- Number of reports: 15
- Distinct targets: 9
- 2026-03-20
- Number of reports: 114
- Distinct targets: 83
- 2026-03-25
- Number of reports: 35
- Distinct targets: 4
- 2026-03-26
- Number of reports: 35
- Distinct targets: 4
- 2026-04-01
- Number of reports: 488
- Distinct targets: 3
- 2026-04-06
- Number of reports: 501
- Distinct targets: 5
- Origin AS
- AS9009 - M247
- BGP Prefix
- 81.92.200.0/22
- geo
-
United Kingdom, Poplar
- 🕑 Europe/London
- hostname
- (null)
- Address block ('inetnum' or 'NetRange' in whois database)
- 81.92.200.0 - 81.92.207.255
- last_activity
- 2026-04-04 19:03:50
- last_warden_event
- 2026-04-04 19:03:50
- rep
- 0.08199404761904763
- reserved_range
- 0
- ts_added
- 2026-03-02 05:06:50.453000
- ts_last_update
- 2026-04-08 05:10:19.404000
Warden event timeline
DShield event timeline
Presence on blacklists
