IP address

Passive DNS

Tags: Scanner

IP blacklists

DataPlane TELNET login

50.114.56.166 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-09 02:10:04.710000
Was present on blacklist at: 2024-09-03 06:10, 2024-09-03 10:10, 2024-09-03 14:10, 2024-09-03 18:10, 2024-09-03 22:10, 2024-09-04 02:10, 2024-09-04 06:10, 2024-09-04 10:10, 2024-09-04 14:10, 2024-09-04 18:10, 2024-09-04 22:10, 2024-09-05 02:10, 2024-09-05 06:10, 2024-09-06 06:10, 2024-09-06 14:10, 2024-09-06 18:10, 2024-09-07 06:10, 2024-09-07 14:10, 2024-09-08 02:10, 2024-09-08 06:10, 2024-09-08 14:10, 2024-09-09 02:10

Turris greylist

50.114.56.166 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-18 21:15:00.203000
Was present on blacklist at: 2024-09-04 21:15, 2024-09-05 21:15, 2024-09-09 21:15, 2024-09-10 21:15, 2024-09-12 21:15, 2024-09-14 21:15, 2024-09-15 21:15, 2024-09-16 21:15, 2024-09-18 21:15

Spamhaus XBL CBL

50.114.56.166 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-09-17 01:53:30.530000
Was present on blacklist at: 2024-09-10 01:53, 2024-09-17 01:53

Mirai tracker

50.114.56.166 is listed on the Mirai tracker blacklist.

Description: IPs scanning the internet in a specific way known to be used by Mirai malware and its variants.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-15 23:40:00.431000
Was present on blacklist at: 2024-09-13 23:40, 2024-09-14 23:40, 2024-09-15 23:40

AbuseIPDB

50.114.56.166 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-09-19 04:00:00.477000
Was present on blacklist at: 2024-09-16 04:00, 2024-09-19 04:00

Warden events (134)

2024-09-16: ReconScanning (node.ce2b59): 23
2024-09-15: ReconScanning (node.ce2b59): 21
2024-09-14: ReconScanning (node.ce2b59): 17
2024-09-13: ReconScanning (node.ce2b59): 8
2024-09-10: ReconScanning (node.ce2b59): 5
2024-09-09: ReconScanning (node.ce2b59): 17
2024-09-08: ReconScanning (node.ce2b59): 21
2024-09-04: ReconScanning (node.ce2b59): 2
2024-09-03: ReconScanning (node.ce2b59): 20

DShield reports (IP summary, reports)

2024-09-03: Number of reports: 70; Distinct targets: 24
2024-09-04: Number of reports: 11; Distinct targets: 5
2024-09-08: Number of reports: 47; Distinct targets: 21
2024-09-09: Number of reports: 27; Distinct targets: 14
2024-09-13: Number of reports: 35; Distinct targets: 15
2024-09-14: Number of reports: 44; Distinct targets: 19
2024-09-15: Number of reports: 27; Distinct targets: 12
2024-09-18: Number of reports: 13; Distinct targets: 7

Origin AS: AS396073 - MAJESTIC-HOSTING-01
BGP Prefix: 50.114.56.0/24
geo: United States, Ashburn; 🕑 America/New_York
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 50.114.0.0 - 50.114.255.255
last_activity: 2024-09-16 17:12:54
last_warden_event: 2024-09-16 17:12:54
rep: 0.23720190865652901
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 8080; Tags: –; CPEs: cpe:/o:debian:debian_linux, cpe:/a:openbsd:openssh:9.2p1, cpe:/o:linux:linux_kernel
ts_added: 2024-09-03 01:53:24.393000
ts_last_update: 2024-09-19 05:02:55.330000

Warden event timeline

DShield event timeline

Presence on blacklists