IP address

Search at other sites:

.048216.9.225.128

Shodan(more info)

Passive DNS

IP blacklists

Spamhaus SBL CSS

216.9.225.128 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-29 06:16:21.360000
Was present on blacklist at: 2025-03-25 06:16

Turris greylist

216.9.225.128 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-23 21:15:00.189000
Was present on blacklist at: 2025-03-26 22:15, 2025-03-27 22:15, 2025-03-28 22:15, 2025-03-29 22:15, 2025-03-30 21:15, 2025-03-31 21:15, 2025-04-01 21:15, 2025-04-02 21:15, 2025-04-03 21:15, 2025-04-04 21:15, 2025-04-05 21:15, 2025-04-06 21:15, 2025-04-07 21:15, 2025-04-08 21:15, 2025-04-09 21:15, 2025-04-10 21:15, 2025-04-11 21:15, 2025-04-12 21:15, 2025-04-13 21:15, 2025-04-14 21:15, 2025-04-15 21:15, 2025-04-16 21:15, 2025-04-17 21:15, 2025-04-18 21:15, 2025-04-21 21:15, 2025-04-22 21:15, 2025-04-23 21:15

AbuseIPDB

216.9.225.128 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-04-23 04:00:00.649000
Was present on blacklist at: 2025-03-29 05:00, 2025-03-31 04:00, 2025-04-01 04:00, 2025-04-02 04:00, 2025-04-03 04:00, 2025-04-04 04:00, 2025-04-05 04:00, 2025-04-06 04:00, 2025-04-07 04:00, 2025-04-08 04:00, 2025-04-09 04:00, 2025-04-10 04:00, 2025-04-11 04:00, 2025-04-12 04:00, 2025-04-13 04:00, 2025-04-14 04:00, 2025-04-15 04:00, 2025-04-16 04:00, 2025-04-21 04:00, 2025-04-23 04:00

Spamhaus SBL

216.9.225.128 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-29 06:16:21.360000
Was present on blacklist at: 2025-04-01 06:16, 2025-04-08 06:16, 2025-04-15 06:16, 2025-04-22 06:16, 2025-04-29 06:16

Warden events (1531)

2025-04-22

ReconScanning (node.4dc198): 20

2025-04-21

ReconScanning (node.4dc198): 83

2025-04-20

ReconScanning (node.9c1411): 32

ReconScanning (node.4dc198): 7

2025-04-17

ReconScanning (node.9c1411): 18

2025-04-16

ReconScanning (node.9c1411): 40

ReconScanning (node.4dc198): 6

2025-04-15

ReconScanning (node.9c1411): 46

2025-04-14

ReconScanning (node.9c1411): 43

ReconScanning (node.4dc198): 2

2025-04-13

ReconScanning (node.9c1411): 61

ReconScanning (node.4dc198): 1

2025-04-12

ReconScanning (node.9c1411): 58

2025-04-11

ReconScanning (node.9c1411): 57

2025-04-10

ReconScanning (node.9c1411): 41

ReconScanning (node.4dc198): 1

2025-04-09

ReconScanning (node.9c1411): 63

ReconScanning (node.4dc198): 4

2025-04-08

ReconScanning (node.9c1411): 61

ReconScanning (node.4dc198): 11

2025-04-07

ReconScanning (node.9c1411): 61

ReconScanning (node.4dc198): 16

2025-04-06

ReconScanning (node.9c1411): 66

ReconScanning (node.4dc198): 2

2025-04-05

ReconScanning (node.9c1411): 70

2025-04-04

ReconScanning (node.9c1411): 60

2025-04-03

ReconScanning (node.9c1411): 58

2025-04-02

ReconScanning (node.9c1411): 66

2025-04-01

ReconScanning (node.9c1411): 61

2025-03-31

ReconScanning (node.9c1411): 46

2025-03-30

ReconScanning (node.9c1411): 47

2025-03-29

ReconScanning (node.9c1411): 71

ReconScanning (node.368407): 1

2025-03-28

ReconScanning (node.9c1411): 49

2025-03-27

ReconScanning (node.9c1411): 54

ReconScanning (node.4dc198): 35

2025-03-26

ReconScanning (node.9c1411): 44

ReconScanning (node.4dc198): 3

2025-03-25

ReconScanning (node.9c1411): 37

ReconScanning (node.4dc198): 29

DShield reports (IP summary, reports)

2025-03-25

Number of reports: 199

Distinct targets: 104

2025-03-26

Number of reports: 305

Distinct targets: 151

2025-03-27

Number of reports: 275

Distinct targets: 139

2025-03-28

Number of reports: 290

Distinct targets: 135

2025-03-29

Number of reports: 483

Distinct targets: 196

2025-03-30

Number of reports: 532

Distinct targets: 196

2025-03-31

Number of reports: 452

Distinct targets: 160

2025-04-01

Number of reports: 584

Distinct targets: 172

2025-04-02

Number of reports: 551

Distinct targets: 180

2025-04-03

Number of reports: 511

Distinct targets: 159

2025-04-04

Number of reports: 439

Distinct targets: 173

2025-04-05

Number of reports: 613

Distinct targets: 205

2025-04-06

Number of reports: 564

Distinct targets: 172

2025-04-07

Number of reports: 679

Distinct targets: 202

2025-04-08

Number of reports: 429

Distinct targets: 175

2025-04-09

Number of reports: 538

Distinct targets: 190

2025-04-10

Number of reports: 299

Distinct targets: 123

2025-04-11

Number of reports: 538

Distinct targets: 204

2025-04-12

Number of reports: 496

Distinct targets: 199

2025-04-13

Number of reports: 361

Distinct targets: 162

2025-04-14

Number of reports: 271

Distinct targets: 137

2025-04-15

Number of reports: 286

Distinct targets: 136

2025-04-16

Number of reports: 375

Distinct targets: 139

2025-04-17

Number of reports: 63

Distinct targets: 21

2025-04-20

Number of reports: 369

Distinct targets: 136

2025-04-21

Number of reports: 388

Distinct targets: 134

2025-04-22

Number of reports: 185

Distinct targets: 95

2025-04-23

Number of reports: 11

Distinct targets: 4

OTX pulses

[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot

Author name:	georgengelmann
Pulse modified:	2025-04-24 11:00:51.456000
Indicator created:	2025-03-25 13:04:02
Indicator role:	bruteforce
Indicator title:	Telnet intrusion attempt from 001.com port 45496
Indicator expiration:	2025-04-24 13:00:00

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2025-05-02 19:47:20.841000
Indicator created:	2025-04-22 06:06:53
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2025-05-22 06:00:00

Origin AS

AS44382 - FIBA

BGP Prefix

216.9.225.0/24

geo

Turkey, Istanbul

🕑 Europe/Istanbul

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

216.9.224.0 - 216.9.227.255

last_activity

2025-05-02 20:37:27.768000

last_warden_event

2025-04-22 11:24:59

rep

0.04761902945382254

reserved_range

0

Shodan's InternetDB

Open ports: 22, 25

Tags: starttls, self-signed

CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:postfix:postfix, cpe:/a:openbsd:openssh:8.9p1

ts_added

2025-03-25 06:16:10.509000

ts_last_update

2025-05-02 20:37:27.778000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses