IP address

Passive DNS

Tags: Scanner

IP blacklists

blocklist.de web-login

144.172.116.56 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-15 10:05:05.294000
Was present on blacklist at: 2025-06-13 16:05, 2025-06-13 22:05, 2025-06-14 04:05, 2025-06-14 10:05, 2025-06-14 16:05, 2025-06-14 22:05, 2025-06-15 04:05, 2025-06-15 10:05

blocklist.de Apache

144.172.116.56 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing attacks on the service Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-15 10:05:05.392000
Was present on blacklist at: 2025-06-13 16:05, 2025-06-13 22:05, 2025-06-14 04:05, 2025-06-14 10:05, 2025-06-14 16:05, 2025-06-14 22:05, 2025-06-15 04:05, 2025-06-15 10:05

AbuseIPDB

144.172.116.56 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-06-15 04:00:00.617000
Was present on blacklist at: 2025-06-14 04:00, 2025-06-15 04:00

Turris greylist

144.172.116.56 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-15 21:15:00.182000
Was present on blacklist at: 2025-06-14 21:15, 2025-06-15 21:15

Spamhaus XBL CBL

144.172.116.56 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-06-27 09:32:10.220000
Was present on blacklist at: 2025-06-20 09:32

Warden events (376)

2025-06-14: ReconScanning (node.4dc198): 165; AnomalyTraffic (node.ffe95c): 57; AnomalyTraffic (node.86dac8): 5
2025-06-13: ReconScanning (node.4dc198): 121; AnomalyTraffic (node.ffe95c): 27; ReconScanning (node.368407): 1

DShield reports (IP summary, reports)

2025-06-13: Number of reports: 984; Distinct targets: 279
2025-06-14: Number of reports: 1260; Distinct targets: 269

OTX pulses

[684c18e5be517bfdc3067290] 2025-06-13 12:26:13.578000 | Apache honeypot logs for 13/Jun/2025

Author name:	jnazario
Pulse modified:	2025-06-13 12:26:13.578000
Indicator created:	2025-06-13 12:26:14
Indicator role:	None
Indicator title:
Indicator expiration:	2025-07-13 12:00:00

[684d6a5330934b45470c4960] 2025-06-14 12:25:55.798000 | Apache honeypot logs for 14/Jun/2025

Author name:	jnazario
Pulse modified:	2025-06-14 12:25:55.798000
Indicator created:	2025-06-14 12:25:57
Indicator role:	None
Indicator title:
Indicator expiration:	2025-07-14 12:00:00

Origin AS: AS14956 - ROUTERHOSTING
BGP Prefix: 144.172.116.0/24
geo: United States; 🕑 America/Chicago
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 144.172.64.0 - 144.172.127.255
last_activity: 2025-06-14 16:35:38
last_warden_event: 2025-06-14 16:35:38
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22; Tags: –; CPEs: cpe:/a:openbsd:openssh:8.4p1, cpe:/o:debian:debian_linux, cpe:/o:linux:linux_kernel
ts_added: 2025-06-13 09:32:02.584000
ts_last_update: 2025-07-01 09:32:10.358000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses