IP address

Passive DNS

Tags: Scanner

IP blacklists

Spamhaus PBL

45.55.40.172 is listed on the Spamhaus PBL blacklist.

Description: The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-05-02 15:16:30.508000
Was present on blacklist at: 2024-03-28 15:16, 2024-04-04 15:16, 2024-04-11 15:16, 2024-04-18 15:16, 2024-04-25 15:16, 2024-05-02 15:16

AbuseIPDB

45.55.40.172 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>IPs performing malicious activity(DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-04-06 04:00:00.467000
Was present on blacklist at: 2024-03-29 05:00, 2024-03-30 05:00, 2024-03-31 04:00, 2024-04-01 04:00, 2024-04-02 04:00, 2024-04-03 04:00, 2024-04-04 04:00, 2024-04-05 04:00, 2024-04-06 04:00

Haley SSH

45.55.40.172 is listed on the Haley SSH blacklist.

Description: IPs launching SSH dictionary attacks attacks against the server of Charles B. Haley.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-05 10:10:01.590000
Was present on blacklist at: 2024-03-29 15:10, 2024-03-29 19:10, 2024-03-29 23:10, 2024-03-30 03:10, 2024-03-30 07:10, 2024-03-30 11:10, 2024-03-30 15:10, 2024-03-30 19:10, 2024-03-30 23:10, 2024-03-31 02:10, 2024-03-31 06:10, 2024-03-31 10:10, 2024-03-31 14:10, 2024-03-31 18:10, 2024-03-31 22:10, 2024-04-01 02:10, 2024-04-01 06:10, 2024-04-01 10:10, 2024-04-01 14:10, 2024-04-01 18:10, 2024-04-01 22:10, 2024-04-02 02:10, 2024-04-02 06:10, 2024-04-02 10:10, 2024-04-02 14:10, 2024-04-02 18:10, 2024-04-02 22:10, 2024-04-03 02:10, 2024-04-03 06:10, 2024-04-03 10:10, 2024-04-03 14:10, 2024-04-03 18:10, 2024-04-03 22:10, 2024-04-04 02:10, 2024-04-04 06:10, 2024-04-04 10:10, 2024-04-04 14:10, 2024-04-04 18:10, 2024-04-04 22:10, 2024-04-05 02:10, 2024-04-05 06:10, 2024-04-05 10:10

blocklist.de SSH

45.55.40.172 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-02 10:05:00.437000
Was present on blacklist at: 2024-03-29 17:05, 2024-03-29 23:05, 2024-03-30 05:05, 2024-03-30 11:05, 2024-03-30 17:05, 2024-03-30 23:05, 2024-03-31 04:05, 2024-03-31 10:05, 2024-03-31 16:05, 2024-03-31 22:05, 2024-04-01 04:05, 2024-04-01 10:05, 2024-04-01 16:05, 2024-04-01 22:05, 2024-04-02 04:05, 2024-04-02 10:05

UCEPROTECT L1

45.55.40.172 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-04-07 07:45:01.210000
Was present on blacklist at: 2024-03-31 15:45, 2024-03-31 23:45, 2024-04-01 07:45, 2024-04-01 15:45, 2024-04-01 23:45, 2024-04-02 07:45, 2024-04-02 15:45, 2024-04-02 23:45, 2024-04-03 07:45, 2024-04-03 15:45, 2024-04-03 23:45, 2024-04-04 07:45, 2024-04-04 15:45, 2024-04-04 23:45, 2024-04-05 07:45, 2024-04-05 15:45, 2024-04-05 23:45, 2024-04-06 07:45, 2024-04-06 15:45, 2024-04-06 23:45, 2024-04-07 07:45

Warden events (1005)

2024-04-01: ReconScanning (node.7d83c0): 37; ReconScanning (node.8cbf96): 69; ReconScanning (node.bd32ad): 2; AttemptLogin (node.6b3af4): 1
2024-03-31: ReconScanning (node.8cbf96): 147; ReconScanning (node.7d83c0): 92; ReconScanning (node.bd32ad): 50
2024-03-30: ReconScanning (node.8cbf96): 87; ReconScanning (node.7d83c0): 91; ReconScanning (node.bd32ad): 3
2024-03-29: ReconScanning (node.bd32ad): 146; ReconScanning (node.7d83c0): 93; ReconScanning (node.8cbf96): 82
2024-03-28: ReconScanning (node.7d83c0): 35; ReconScanning (node.bd32ad): 69; ReconScanning (node.8cbf96): 1

DShield reports (IP summary, reports)

2024-03-28: Number of reports: 166; Distinct targets: 93
2024-03-29: Number of reports: 659; Distinct targets: 245
2024-03-30: Number of reports: 719; Distinct targets: 235
2024-03-31: Number of reports: 813; Distinct targets: 270
2024-04-01: Number of reports: 394; Distinct targets: 142

OTX pulses

[6606cd401b35904906fc878b] 2024-03-29 14:16:32.659000 | SSH honeypot logs for 2024-03-29

Author name:	jnazario
Pulse modified:	2024-03-29 14:16:32.659000
Indicator created:	2024-03-29 14:16:33
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-28 14:00:00

[66097067d4dfbc925a090bfe] 2024-03-31 14:17:11.026000 | SSH honeypot logs for 2024-03-31

Author name:	jnazario
Pulse modified:	2024-03-31 14:17:11.026000
Indicator created:	2024-03-31 14:17:12
Indicator role:	None
Indicator title:
Indicator expiration:	2024-04-30 14:00:00

Origin AS: AS14061 - DIGITALOCEAN-ASN; AS46652 - SERVERSTACK-ASN; AS62567 - DIGITALOCEAN-ASN-NY2
BGP Prefix: 45.55.32.0/19
geo: United States, Clifton; 🕑 America/New_York
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 45.55.0.0 - 45.55.255.255
last_activity: 2024-04-01 09:23:28
last_warden_event: 2024-04-01 09:23:28
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 443; Tags: self-signed, cloud; CPEs: cpe:/a:openbsd:openssh:9.2p1, cpe:/o:debian:debian_linux, cpe:/o:linux:linux_kernel
ts_added: 2024-03-28 15:16:28.076000
ts_last_update: 2024-05-04 15:16:30.396000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses