IP address
Shodan(more info)

Passive DNS

- Warden events (8)
- 2026-07-03
-
- ReconScanning (node.86eb21): 1
- 2026-07-01
-
- ReconScanning (node.86eb21): 1
- 2026-06-27
-
- ReconScanning (node.86eb21): 1
- 2026-06-24
-
- ReconScanning (node.86eb21): 1
- 2026-06-17
-
- ReconScanning (node.86eb21): 1
- 2026-06-14
-
- ReconScanning (node.86eb21): 1
- 2026-06-13
-
- ReconScanning (node.86eb21): 1
- 2026-06-08
-
- ReconScanning (node.86eb21): 1
- DShield reports (IP summary, reports)
- 2026-06-02
- Number of reports: 36
- Distinct targets: 6
- 2026-06-03
- Number of reports: 36
- Distinct targets: 6
- 2026-06-09
- Number of reports: 48
- Distinct targets: 7
- 2026-06-10
- Number of reports: 48
- Distinct targets: 7
- 2026-06-16
- Number of reports: 65
- Distinct targets: 10
- 2026-07-02
- Number of reports: 52
- Distinct targets: 8
Threat categories
| TL | Role | Category | Details |
|---|---|---|---|
| 31 | src | scan |
- Origin AS
- AS63023 - AS-GLOBALTELEHOST
- BGP Prefix
- 216.106.191.0/24
- geo
- United States
- 🕑 America/Chicago
- hostname
- 228-191-106-216.clients.gthost.com
- hostname_class
- ['ip_in_hostname']
- Address block ('inetnum' or 'NetRange' in whois database)
- 216.106.176.0 - 216.106.191.255
- last_activity
- 2026-07-03 02:33:45
- last_warden_event
- 2026-07-03 02:33:45
- rep
- 0.0065927542181623
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 19, 22, 24, 80, 110, 111, 113, 179, 427, 443, 502, 636, 789, 853, 902, 1080, 1099, 1414, 1433, 1554, 1604, 1741, 1801, 1833, 2083, 2222, 2248, 2320, 2506, 2562, 2568, 3000, 3050, 3078, 3102, 3108, 3112, 3200, 3268, 3310, 4064, 4150, 4443, 4899, 4911, 5006, 5061, 5201, 5432, 5696, 6379, 6664, 7011, 7779, 8126, 8140, 8333, 8334, 8407, 8445, 8655, 8819, 8862, 8884, 9000, 9045, 9090, 9152, 9155, 9157, 9797, 9888, 9943
- Tags: honeypot
- CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux
- ts_added
- 2026-06-03 05:04:56.604000
- ts_last_update
- 2026-07-04 05:06:24.295000
Warden event timeline
DShield event timeline

