IP address

Passive DNS

Tags: IP in hostname Scanner

IP blacklists

AbuseIPDB

139.162.155.225 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. IPs performing malicious activity(DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-04-30 04:00:00.501000
Was present on blacklist at: 2024-04-19 04:00, 2024-04-24 04:00, 2024-04-25 04:00, 2024-04-26 04:00, 2024-04-30 04:00

DataPlane SSH conn

139.162.155.225 is listed on the DataPlane SSH conn blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IP addresses that has been seen initiating an SSH connection to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-29 06:10:01.937000
Was present on blacklist at: 2024-04-23 02:10, 2024-04-23 06:10, 2024-04-23 14:10, 2024-04-23 18:10, 2024-04-25 02:10, 2024-04-25 06:10, 2024-04-25 14:10, 2024-04-25 18:10, 2024-04-27 18:10, 2024-04-28 06:10, 2024-04-28 14:10, 2024-04-28 18:10, 2024-04-29 02:10, 2024-04-29 06:10

CI Army

139.162.155.225 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-05-01 02:50:00.978000
Was present on blacklist at: 2024-04-23 02:50, 2024-04-24 02:50, 2024-04-25 02:50, 2024-04-26 02:50, 2024-04-27 02:50, 2024-04-28 02:50, 2024-04-29 02:50, 2024-04-30 02:50, 2024-05-01 02:50

DataPlane TELNET login

139.162.155.225 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs performing login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2024-05-02 14:10:07.205000
Was present on blacklist at: 2024-04-23 06:10, 2024-04-23 10:10, 2024-04-23 14:10, 2024-04-23 18:10, 2024-04-24 18:10, 2024-04-24 22:10, 2024-04-25 02:10, 2024-04-25 06:10, 2024-04-25 10:10, 2024-04-25 14:10, 2024-04-25 18:10, 2024-04-25 22:10, 2024-04-26 02:10, 2024-04-26 06:10, 2024-04-26 10:10, 2024-04-26 14:10, 2024-04-26 18:10, 2024-04-26 22:10, 2024-04-27 02:10, 2024-04-27 06:10, 2024-04-27 10:10, 2024-04-27 14:10, 2024-04-27 18:10, 2024-04-27 22:10, 2024-04-28 02:10, 2024-04-28 06:10, 2024-04-28 10:10, 2024-04-28 14:10, 2024-04-28 18:10, 2024-04-28 22:10, 2024-04-29 02:10, 2024-04-29 06:10, 2024-04-29 10:10, 2024-04-29 14:10, 2024-04-29 18:10, 2024-04-30 02:10, 2024-04-30 06:10, 2024-04-30 10:10, 2024-04-30 14:10, 2024-04-30 18:10, 2024-04-30 22:10, 2024-05-01 02:10, 2024-05-01 06:10, 2024-05-01 10:10, 2024-05-01 14:10, 2024-05-01 18:10, 2024-05-01 22:10, 2024-05-02 02:10, 2024-05-02 06:10, 2024-05-02 10:10, 2024-05-02 14:10

Turris greylist

139.162.155.225 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-27 21:15:00.183000
Was present on blacklist at: 2024-04-24 21:15, 2024-04-25 21:15, 2024-04-26 21:15, 2024-04-27 21:15

blocklist.de SSH

139.162.155.225 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-26 22:05:00.511000
Was present on blacklist at: 2024-04-25 04:05, 2024-04-25 10:05, 2024-04-25 16:05, 2024-04-25 22:05, 2024-04-26 04:05, 2024-04-26 10:05, 2024-04-26 16:05, 2024-04-26 22:05

Spamhaus XBL CBL

139.162.155.225 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-05-03 04:01:10.798000
Was present on blacklist at: 2024-04-26 04:01

Warden events (562)

2024-04-26: ReconScanning (node.7d83c0): 10; ReconScanning (node.bd32ad): 19
2024-04-25: ReconScanning (node.7d83c0): 52; ReconScanning (node.bd32ad): 58
2024-04-24: ReconScanning (node.7d83c0): 56; ReconScanning (node.bd32ad): 77
2024-04-23: ReconScanning (node.7d83c0): 61; ReconScanning (node.bd32ad): 164
2024-04-22: ReconScanning (node.7d83c0): 12; ReconScanning (node.bd32ad): 53

DShield reports (IP summary, reports)

2024-04-22: Number of reports: 98; Distinct targets: 47
2024-04-23: Number of reports: 338; Distinct targets: 204
2024-04-24: Number of reports: 355; Distinct targets: 207
2024-04-25: Number of reports: 331; Distinct targets: 222
2024-04-26: Number of reports: 50; Distinct targets: 33

Origin AS: AS63949 - LINODE-AP
BGP Prefix: 139.162.128.0/19
geo: Germany, Frankfurt am Main; 🕑 Europe/Berlin
hostname: 139-162-155-225.ip.linodeusercontent.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 139.162.0.0 - 139.162.255.255
last_activity: 2024-04-26 04:08:09
last_warden_event: 2024-04-26 04:08:09
rep: 0.07142857142857142
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80; Tags: cloud; CPEs: cpe:/a:lighttpd:lighttpd:1.4.59, cpe:/a:openbsd:openssh:8.4p1, cpe:/o:linux:linux_kernel, cpe:/o:debian:debian_linux
ts_added: 2024-04-19 04:01:06.595000
ts_last_update: 2024-05-06 04:01:10.617000

Warden event timeline

DShield event timeline

Presence on blacklists