IP address

Search at other sites:

.000104.250.164.117

Shodan(more info)

Passive DNS

IP blacklists

Spamhaus SBL

104.250.164.117 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 10:50:01.310000
Was present on blacklist at: 2025-08-27 10:38, 2025-09-03 10:39, 2025-09-10 10:39, 2025-09-17 10:39, 2025-09-24 10:39, 2025-10-01 10:39, 2025-10-08 10:50

Spamhaus DROP

104.250.164.117 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 10:50:01.310000
Was present on blacklist at: 2025-08-27 10:38, 2025-09-03 10:39, 2025-09-10 10:39, 2025-09-17 10:39, 2025-09-24 10:39, 2025-10-01 10:39, 2025-10-08 10:50

UCEPROTECT L1

104.250.164.117 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-09-19 07:45:00.772000
Was present on blacklist at: 2025-08-27 23:45, 2025-08-28 07:45, 2025-08-28 15:45, 2025-08-28 23:45, 2025-08-29 07:45, 2025-08-29 15:45, 2025-08-29 23:45, 2025-08-30 07:45, 2025-08-30 15:45, 2025-08-30 23:45, 2025-08-31 07:45, 2025-08-31 15:45, 2025-08-31 23:45, 2025-09-01 07:45, 2025-09-01 15:45, 2025-09-01 23:45, 2025-09-02 07:45, 2025-09-02 15:45, 2025-09-02 23:45, 2025-09-03 07:45, 2025-09-03 15:45, 2025-09-03 23:45, 2025-09-04 07:45, 2025-09-04 15:45, 2025-09-04 23:45, 2025-09-05 07:45, 2025-09-05 15:45, 2025-09-05 23:45, 2025-09-06 07:45, 2025-09-06 15:45, 2025-09-06 23:45, 2025-09-07 07:45, 2025-09-07 15:45, 2025-09-07 23:45, 2025-09-08 07:45, 2025-09-08 15:45, 2025-09-08 23:45, 2025-09-09 07:45, 2025-09-09 15:45, 2025-09-09 23:45, 2025-09-10 07:45, 2025-09-10 15:45, 2025-09-10 23:45, 2025-09-11 07:45, 2025-09-11 15:45, 2025-09-11 23:45, 2025-09-12 07:45, 2025-09-12 15:45, 2025-09-12 23:45, 2025-09-13 07:45, 2025-09-13 15:45, 2025-09-13 23:45, 2025-09-14 07:45, 2025-09-14 15:45, 2025-09-14 23:45, 2025-09-15 07:45, 2025-09-15 15:45, 2025-09-15 23:45, 2025-09-16 07:45, 2025-09-16 15:45, 2025-09-16 23:45, 2025-09-17 07:45, 2025-09-17 15:45, 2025-09-17 23:45, 2025-09-18 07:45, 2025-09-18 15:45, 2025-09-18 23:45, 2025-09-19 07:45

AbuseIPDB

104.250.164.117 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-10-14 04:00:00.603000
Was present on blacklist at: 2025-08-28 04:00, 2025-08-29 04:00, 2025-08-30 04:00, 2025-08-31 04:00, 2025-09-01 04:00, 2025-09-02 04:00, 2025-09-03 04:00, 2025-09-04 04:00, 2025-09-05 04:00, 2025-09-06 04:00, 2025-09-07 04:00, 2025-09-08 04:00, 2025-09-09 04:00, 2025-09-10 04:00, 2025-09-11 04:00, 2025-09-12 04:00, 2025-09-13 04:00, 2025-09-14 04:00, 2025-09-15 04:00, 2025-09-16 04:00, 2025-09-17 04:00, 2025-09-18 04:00, 2025-09-19 04:00, 2025-09-20 04:00, 2025-09-21 04:00, 2025-09-22 04:00, 2025-09-23 04:00, 2025-09-24 04:00, 2025-09-25 04:00, 2025-09-27 04:00, 2025-09-28 04:00, 2025-09-29 04:00, 2025-09-30 04:00, 2025-10-01 04:00, 2025-10-02 04:00, 2025-10-03 04:00, 2025-10-04 04:00, 2025-10-05 04:00, 2025-10-06 04:00, 2025-10-07 04:00, 2025-10-08 04:00, 2025-10-09 04:00, 2025-10-10 04:00, 2025-10-11 04:00, 2025-10-12 04:00, 2025-10-13 04:00, 2025-10-14 04:00

Turris greylist

104.250.164.117 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-09-12 21:15:00.253000
Was present on blacklist at: 2025-08-28 21:15, 2025-08-29 21:15, 2025-08-30 21:15, 2025-08-31 21:15, 2025-09-01 21:15, 2025-09-03 21:15, 2025-09-04 21:15, 2025-09-05 21:15, 2025-09-06 21:15, 2025-09-07 21:15, 2025-09-08 21:15, 2025-09-09 21:15, 2025-09-10 21:15, 2025-09-11 21:15, 2025-09-12 21:15

Spamhaus XBL CBL

104.250.164.117 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 10:50:01.310000
Was present on blacklist at: 2025-09-03 10:39, 2025-09-10 10:39, 2025-09-17 10:39

Warden events (4813)

2025-09-11

ReconScanning (node.4dc198): 245

ReconScanning (node.368407): 249

AttemptLogin (node.03e7a9): 3

AnomalyTraffic (node.ffe95c): 1

AttemptLogin (node.985fb4): 1

AttemptLogin (node.b17ef8): 1

2025-09-10

AnomalyTraffic (node.ffe95c): 5

ReconScanning (node.4dc198): 173

ReconScanning (node.368407): 177

ReconScanning (node.9c1411): 1

AttemptLogin (node.03e7a9): 3

2025-09-09

AnomalyTraffic (node.ffe95c): 4

ReconScanning (node.4dc198): 79

ReconScanning (node.368407): 82

ReconScanning (node.9c1411): 4

2025-09-08

ReconScanning (node.4dc198): 82

ReconScanning (node.368407): 82

2025-09-07

ReconScanning (node.368407): 94

ReconScanning (node.4dc198): 94

2025-09-06

ReconScanning (node.4dc198): 93

ReconScanning (node.368407): 94

2025-09-05

ReconScanning (node.4dc198): 244

ReconScanning (node.368407): 248

AnomalyTraffic (node.ffe95c): 1

AttemptLogin (node.03e7a9): 3

2025-09-04

AnomalyTraffic (node.ffe95c): 4

ReconScanning (node.368407): 178

ReconScanning (node.4dc198): 172

AttemptLogin (node.03e7a9): 3

AttemptLogin (node.985fb4): 1

AttemptLogin (node.b17ef8): 1

2025-09-03

ReconScanning (node.368407): 82

ReconScanning (node.4dc198): 82

2025-09-02

AnomalyTraffic (node.ffe95c): 4

ReconScanning (node.4dc198): 80

ReconScanning (node.368407): 82

2025-09-01

ReconScanning (node.4dc198): 241

ReconScanning (node.368407): 247

2025-08-31

ReconScanning (node.4dc198): 175

ReconScanning (node.368407): 175

2025-08-30

ReconScanning (node.368407): 82

ReconScanning (node.4dc198): 82

2025-08-29

ReconScanning (node.4dc198): 223

ReconScanning (node.368407): 225

AnomalyTraffic (node.ffe95c): 1

2025-08-28

AnomalyTraffic (node.ffe95c): 4

ReconScanning (node.368407): 198

ReconScanning (node.4dc198): 198

2025-08-27

ReconScanning (node.4dc198): 105

AnomalyTraffic (node.ffe95c): 3

ReconScanning (node.368407): 100

AttemptLogin (node.03e7a9): 1

AttemptLogin (node.985fb4): 1

DShield reports (IP summary, reports)

2025-08-27

Number of reports: 2821

Distinct targets: 2110

2025-08-28

Number of reports: 8235

Distinct targets: 5471

2025-08-29

Number of reports: 11328

Distinct targets: 7829

2025-08-30

Number of reports: 11484

Distinct targets: 7922

2025-08-31

Number of reports: 11537

Distinct targets: 7790

2025-09-01

Number of reports: 11071

Distinct targets: 7527

2025-09-02

Number of reports: 11512

Distinct targets: 8029

2025-09-03

Number of reports: 5768

Distinct targets: 5134

2025-09-05

Number of reports: 6119

Distinct targets: 5537

2025-09-06

Number of reports: 10371

Distinct targets: 7033

2025-09-07

Number of reports: 10607

Distinct targets: 7205

2025-09-08

Number of reports: 10873

Distinct targets: 7393

2025-09-09

Number of reports: 10998

Distinct targets: 7422

2025-09-10

Number of reports: 10897

Distinct targets: 7510

2025-09-11

Number of reports: 9901

Distinct targets: 6768

2025-09-12

Number of reports: 5548

Distinct targets: 3644

OTX pulses

[68b2ee4485b3f901222c20ef] 2025-08-30 12:27:48.178000 | RDP honeypot logs for 2025/08/30

Author name:	jnazario
Pulse modified:	2025-08-30 12:27:48.178000
Indicator created:	2025-08-30 12:27:49
Indicator role:	None
Indicator title:
Indicator expiration:	2025-09-29 12:00:00

[68bad70c24d017161f126923] 2025-09-05 12:26:52.210000 | RDP honeypot logs for 2025/09/05

Author name:	jnazario
Pulse modified:	2025-09-05 12:26:52.210000
Indicator created:	2025-09-05 12:26:53
Indicator role:	None
Indicator title:
Indicator expiration:	2025-10-05 12:00:00

[68c01cd2cb907639831f340e] 2025-09-09 12:25:54.900000 | RDP honeypot logs for 2025/09/09

Author name:	jnazario
Pulse modified:	2025-09-09 12:25:54.900000
Indicator created:	2025-09-09 12:25:55
Indicator role:	None
Indicator title:
Indicator expiration:	2025-10-09 12:00:00

[68c41204abbcd85d50df8358] 2025-09-12 12:28:52.151000 | RDP honeypot logs for 2025/09/12

Author name:	jnazario
Pulse modified:	2025-09-12 12:28:52.151000
Indicator created:	2025-09-12 12:28:54
Indicator role:	None
Indicator title:
Indicator expiration:	2025-10-12 12:00:00

Origin AS

AS213790 - LimitedNetwork-AS

AS9009 - M247

BGP Prefix

104.250.164.0/24

geo

United States

🕑 America/Chicago

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

104.250.160.0 - 104.250.191.255

last_activity

2025-09-12 16:08:56.796000

last_warden_event

2025-09-11 20:36:48

rep

0.0

reserved_range

0

ts_added

2025-08-27 10:38:50.042000

ts_last_update

2025-10-14 04:26:53.448000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses