IP address

Passive DNS

Tags: Scanner

IP blacklists

CI Army

123.56.160.54 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-04-07 02:50:01.024000
Was present on blacklist at: 2024-03-24 03:50, 2024-03-25 03:50, 2024-03-26 03:50, 2024-03-27 03:50, 2024-03-28 03:50, 2024-03-29 03:50, 2024-03-30 03:50, 2024-03-31 02:50, 2024-04-01 02:50, 2024-04-03 02:50, 2024-04-04 02:50, 2024-04-05 02:50, 2024-04-06 02:50, 2024-04-07 02:50

DataPlane TELNET login

123.56.160.54 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs performing login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-12 06:10:03.330000
Was present on blacklist at: 2024-03-28 03:10, 2024-03-28 07:10, 2024-03-28 11:10, 2024-03-28 15:10, 2024-03-28 19:10, 2024-03-28 23:10, 2024-03-29 03:10, 2024-03-29 07:10, 2024-03-29 11:10, 2024-03-29 15:10, 2024-03-29 19:10, 2024-03-29 23:10, 2024-03-30 03:10, 2024-03-30 07:10, 2024-03-30 11:10, 2024-03-30 15:10, 2024-03-30 19:10, 2024-03-30 23:10, 2024-03-31 02:10, 2024-03-31 06:10, 2024-03-31 10:10, 2024-03-31 14:10, 2024-03-31 18:10, 2024-03-31 22:10, 2024-04-01 02:10, 2024-04-01 06:10, 2024-04-01 10:10, 2024-04-01 14:10, 2024-04-01 18:10, 2024-04-01 22:10, 2024-04-02 02:10, 2024-04-02 06:10, 2024-04-02 10:10, 2024-04-02 14:10, 2024-04-02 18:10, 2024-04-02 22:10, 2024-04-03 02:10, 2024-04-03 06:10, 2024-04-03 10:10, 2024-04-03 14:10, 2024-04-03 18:10, 2024-04-03 22:10, 2024-04-04 02:10, 2024-04-04 06:10, 2024-04-04 10:10, 2024-04-04 14:10, 2024-04-04 18:10, 2024-04-04 22:10, 2024-04-05 02:10, 2024-04-05 06:10, 2024-04-05 10:10, 2024-04-05 14:10, 2024-04-05 18:10, 2024-04-05 22:10, 2024-04-06 02:10, 2024-04-06 06:10, 2024-04-06 10:10, 2024-04-06 14:10, 2024-04-06 18:10, 2024-04-06 22:10, 2024-04-07 02:10, 2024-04-07 06:10, 2024-04-07 10:10, 2024-04-07 14:10, 2024-04-07 18:10, 2024-04-07 22:10, 2024-04-08 02:10, 2024-04-08 06:10, 2024-04-08 10:10, 2024-04-08 14:10, 2024-04-08 18:10, 2024-04-08 22:10, 2024-04-09 02:10, 2024-04-09 06:10, 2024-04-09 10:10, 2024-04-09 14:10, 2024-04-09 18:10, 2024-04-09 22:10, 2024-04-10 02:10, 2024-04-10 06:10, 2024-04-10 10:10, 2024-04-10 14:10, 2024-04-10 18:10, 2024-04-10 22:10, 2024-04-11 02:10, 2024-04-11 06:10, 2024-04-11 10:10, 2024-04-11 14:10, 2024-04-11 18:10, 2024-04-11 22:10, 2024-04-12 02:10, 2024-04-12 06:10

Mirai tracker

123.56.160.54 is listed on the Mirai tracker blacklist.

Description: IPs scanning the internet in a specific way known to be used by Mirai malware and its variants.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-02 23:40:01.136000
Was present on blacklist at: 2024-03-29 00:40, 2024-03-30 00:40, 2024-03-31 00:40, 2024-03-31 23:40, 2024-04-01 23:40, 2024-04-02 23:40

Turris greylist

123.56.160.54 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-05 21:15:00.181000
Was present on blacklist at: 2024-03-29 22:15, 2024-03-30 22:15, 2024-03-31 21:15, 2024-04-01 21:15, 2024-04-02 21:15, 2024-04-03 21:15, 2024-04-04 21:15, 2024-04-05 21:15

AbuseIPDB

123.56.160.54 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. IPs performing malicious activity(DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-04-05 04:00:00.544000
Was present on blacklist at: 2024-03-30 05:00, 2024-04-01 04:00, 2024-04-02 04:00, 2024-04-03 04:00, 2024-04-05 04:00

Spamhaus XBL CBL

123.56.160.54 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-05-12 03:56:00.417000
Was present on blacklist at: 2024-03-31 03:56, 2024-04-07 03:56

Warden events (158)

2024-04-05: ReconScanning (node.7d83c0): 9
2024-04-04: ReconScanning (node.7d83c0): 24
2024-04-03: ReconScanning (node.7d83c0): 32; ReconScanning (node.8cbf96): 1
2024-04-02: ReconScanning (node.7d83c0): 30; ReconScanning (node.8cbf96): 1
2024-04-01: ReconScanning (node.7d83c0): 19; ReconScanning (node.bd32ad): 1
2024-03-31: ReconScanning (node.7d83c0): 15; ReconScanning (node.bd32ad): 1
2024-03-30: ReconScanning (node.7d83c0): 12
2024-03-29: ReconScanning (node.7d83c0): 7
2024-03-28: ReconScanning (node.7d83c0): 5
2024-03-25: ReconScanning (node.bd32ad): 1

DShield reports (IP summary, reports)

2024-03-24: Number of reports: 13; Distinct targets: 9
2024-03-25: Number of reports: 23; Distinct targets: 14
2024-03-28: Number of reports: 84; Distinct targets: 30
2024-03-29: Number of reports: 94; Distinct targets: 31
2024-03-30: Number of reports: 77; Distinct targets: 35
2024-03-31: Number of reports: 64; Distinct targets: 36
2024-04-01: Number of reports: 78; Distinct targets: 30
2024-04-02: Number of reports: 86; Distinct targets: 42
2024-04-03: Number of reports: 91; Distinct targets: 43
2024-04-04: Number of reports: 92; Distinct targets: 35
2024-04-05: Number of reports: 51; Distinct targets: 16

OTX pulses

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2024-05-04 15:52:04.129000
Indicator created:	2024-04-04 17:39:46
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2024-05-04 17:00:00

Origin AS: AS37963 - CNNIC-ALIBABA-CN-NET-AP
BGP Prefix: 123.56.0.0/16
geo: China, Beijing; 🕑 Asia/Shanghai
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 123.56.0.0 - 123.57.255.255
last_activity: 2024-05-04 16:03:55.287000
last_warden_event: 2024-04-05 07:48:15
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22; Tags: –; CPEs: cpe:/a:openbsd:openssh
ts_added: 2024-03-24 03:55:57.573000
ts_last_update: 2024-05-16 03:56:00.423000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses