IP address

Passive DNS

Tags: Scanner

IP blacklists

DataPlane TELNET login

50.114.56.166 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-09 02:10:04.710000
Was present on blacklist at: 2024-09-03 06:10, 2024-09-03 10:10, 2024-09-03 14:10, 2024-09-03 18:10, 2024-09-03 22:10, 2024-09-04 02:10, 2024-09-04 06:10, 2024-09-04 10:10, 2024-09-04 14:10, 2024-09-04 18:10, 2024-09-04 22:10, 2024-09-05 02:10, 2024-09-05 06:10, 2024-09-06 06:10, 2024-09-06 14:10, 2024-09-06 18:10, 2024-09-07 06:10, 2024-09-07 14:10, 2024-09-08 02:10, 2024-09-08 06:10, 2024-09-08 14:10, 2024-09-09 02:10

Turris greylist

50.114.56.166 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-10-27 22:15:00.214000
Was present on blacklist at: 2024-09-04 21:15, 2024-09-05 21:15, 2024-09-09 21:15, 2024-09-10 21:15, 2024-09-12 21:15, 2024-09-14 21:15, 2024-09-15 21:15, 2024-09-16 21:15, 2024-09-18 21:15, 2024-09-19 21:15, 2024-09-20 21:15, 2024-09-21 21:15, 2024-09-22 21:15, 2024-09-23 21:15, 2024-09-24 21:15, 2024-09-25 21:15, 2024-09-26 21:15, 2024-09-27 21:15, 2024-09-29 21:15, 2024-09-30 21:15, 2024-10-01 21:15, 2024-10-02 21:15, 2024-10-03 21:15, 2024-10-04 21:15, 2024-10-05 21:15, 2024-10-06 21:15, 2024-10-07 21:15, 2024-10-08 21:15, 2024-10-10 21:15, 2024-10-11 21:15, 2024-10-12 21:15, 2024-10-13 21:15, 2024-10-14 21:15, 2024-10-15 21:15, 2024-10-16 21:15, 2024-10-17 21:15, 2024-10-18 21:15, 2024-10-19 21:15, 2024-10-21 21:15, 2024-10-22 21:15, 2024-10-23 21:15, 2024-10-24 21:15, 2024-10-25 21:15, 2024-10-26 21:15, 2024-10-27 22:15

Spamhaus XBL CBL

50.114.56.166 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-11-05 01:53:30.308000
Was present on blacklist at: 2024-09-10 01:53, 2024-09-17 01:53, 2024-09-24 01:53, 2024-10-01 01:53, 2024-10-08 01:53, 2024-10-22 01:53, 2024-10-29 01:53

Mirai tracker

50.114.56.166 is listed on the Mirai tracker blacklist.

Description: IPs scanning the internet in a specific way known to be used by Mirai malware and its variants.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-15 23:40:00.431000
Was present on blacklist at: 2024-09-13 23:40, 2024-09-14 23:40, 2024-09-15 23:40

AbuseIPDB

50.114.56.166 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-10-22 04:00:00.339000
Was present on blacklist at: 2024-09-16 04:00, 2024-09-19 04:00, 2024-09-24 04:00, 2024-10-05 04:00, 2024-10-10 04:00, 2024-10-12 04:00, 2024-10-22 04:00

Warden events (165)

2024-10-26: ReconScanning (node.ce2b59): 1
2024-10-25: ReconScanning (node.ce2b59): 6
2024-10-24: ReconScanning (node.ce2b59): 2
2024-10-22: ReconScanning (node.ce2b59): 1
2024-10-20: ReconScanning (node.ce2b59): 4
2024-10-19: ReconScanning (node.ce2b59): 2
2024-10-18: ReconScanning (node.ce2b59): 1
2024-10-17: ReconScanning (node.ce2b59): 2
2024-10-16: ReconScanning (node.ce2b59): 6
2024-10-15: ReconScanning (node.ce2b59): 5
2024-10-14: ReconScanning (node.ce2b59): 1
2024-09-16: ReconScanning (node.ce2b59): 23
2024-09-15: ReconScanning (node.ce2b59): 21
2024-09-14: ReconScanning (node.ce2b59): 17
2024-09-13: ReconScanning (node.ce2b59): 8
2024-09-10: ReconScanning (node.ce2b59): 5
2024-09-09: ReconScanning (node.ce2b59): 17
2024-09-08: ReconScanning (node.ce2b59): 21
2024-09-04: ReconScanning (node.ce2b59): 2
2024-09-03: ReconScanning (node.ce2b59): 20

DShield reports (IP summary, reports)

2024-09-03: Number of reports: 70; Distinct targets: 24
2024-09-04: Number of reports: 11; Distinct targets: 5
2024-09-08: Number of reports: 47; Distinct targets: 21
2024-09-09: Number of reports: 27; Distinct targets: 14
2024-09-13: Number of reports: 35; Distinct targets: 15
2024-09-14: Number of reports: 44; Distinct targets: 19
2024-09-15: Number of reports: 27; Distinct targets: 12
2024-09-18: Number of reports: 13; Distinct targets: 7
2024-09-19: Number of reports: 42; Distinct targets: 17
2024-09-20: Number of reports: 20; Distinct targets: 10
2024-09-21: Number of reports: 20; Distinct targets: 8
2024-09-22: Number of reports: 24; Distinct targets: 9
2024-09-23: Number of reports: 20; Distinct targets: 11
2024-09-24: Number of reports: 37; Distinct targets: 20
2024-09-25: Number of reports: 45; Distinct targets: 21
2024-09-28: Number of reports: 11; Distinct targets: 6
2024-09-29: Number of reports: 22; Distinct targets: 9
2024-09-30: Number of reports: 39; Distinct targets: 18
2024-10-01: Number of reports: 19; Distinct targets: 9
2024-10-04: Number of reports: 39; Distinct targets: 12
2024-10-05: Number of reports: 13; Distinct targets: 6
2024-10-06: Number of reports: 21; Distinct targets: 9
2024-10-07: Number of reports: 12; Distinct targets: 6
2024-10-09: Number of reports: 17; Distinct targets: 9
2024-10-10: Number of reports: 46; Distinct targets: 17
2024-10-11: Number of reports: 36; Distinct targets: 14
2024-10-12: Number of reports: 20; Distinct targets: 7
2024-10-13: Number of reports: 28; Distinct targets: 8
2024-10-14: Number of reports: 43; Distinct targets: 17
2024-10-15: Number of reports: 25; Distinct targets: 10
2024-10-16: Number of reports: 52; Distinct targets: 15
2024-10-17: Number of reports: 50; Distinct targets: 16
2024-10-18: Number of reports: 15; Distinct targets: 4
2024-10-19: Number of reports: 22; Distinct targets: 9
2024-10-20: Number of reports: 29; Distinct targets: 8
2024-10-21: Number of reports: 22; Distinct targets: 10
2024-10-22: Number of reports: 53; Distinct targets: 13
2024-10-23: Number of reports: 36; Distinct targets: 9
2024-10-24: Number of reports: 34; Distinct targets: 6
2024-10-25: Number of reports: 42; Distinct targets: 13

OTX pulses

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2024-11-05 11:16:29.870000
Indicator created:	2024-10-24 06:45:23
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2024-11-23 06:00:00

Origin AS: AS396073 - MAJESTIC-HOSTING-01
BGP Prefix: 50.114.56.0/24
geo: United States, Ashburn; 🕑 America/New_York
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 50.114.0.0 - 50.114.255.255
last_activity: 2024-11-05 12:40:44.216000
last_warden_event: 2024-10-26 01:23:03
rep: 0.030729166666666665
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 8080; Tags: –; CPEs: cpe:/o:linux:linux_kernel, cpe:/a:openbsd:openssh:9.2p1, cpe:/o:debian:debian_linux
ts_added: 2024-09-03 01:53:24.393000
ts_last_update: 2024-11-05 12:40:44.223000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses