IP address
Tags:
IP in hostname
Scanner
- IP blacklists
AbuseIPDB
51.159.109.208 is listed on the AbuseIPDB blacklist.
Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed:
primary (
feed detail page)
Last checked at:
2026-05-09 04:00:00.571000
Was present on blacklist at:
2026-05-06 04:00,
2026-05-09 04:00
CI Army
51.159.109.208 is listed on the CI Army blacklist.
Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed:
primary (
feed detail page)
Last checked at:
2026-05-09 02:50:00.788000
Was present on blacklist at:
2026-05-07 02:50,
2026-05-08 02:50,
2026-05-09 02:50
Echelon web crawler
51.159.109.208 is listed on the Echelon web crawler blacklist.
Description: HTTP web crawling activity detected on web honeypots
Type of feed:
primary (
feed detail page)
Last checked at:
2026-05-12 09:50:02.739000
Was present on blacklist at:
2026-05-09 09:50,
2026-05-10 09:50,
2026-05-11 09:50,
2026-05-12 09:50
blocklist.de Apache
51.159.109.208 is listed on the blocklist.de Apache blacklist.
Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed:
primary (
feed detail page)
Last checked at:
2026-05-11 04:05:05.109000
Was present on blacklist at:
2026-05-09 10:05,
2026-05-09 16:05,
2026-05-09 22:05,
2026-05-10 04:05,
2026-05-10 10:05,
2026-05-10 16:05,
2026-05-10 22:05,
2026-05-11 04:05
Spamhaus XBL CBL
51.159.109.208 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.
Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed:
secondary (DNSBL) (
feed detail page)
Last checked at:
2026-05-19 07:55:20.425000
Was present on blacklist at:
2026-05-12 07:55
Threat categories
| TL | Role | Category | Details |
|---|
| 46 |
src |
scan |
port: 80
|
| 25 |
src |
— |
|
- Warden events (200)
- 2026-05-12
-
-
ReconScanning (node.ce2b59): 1
- 2026-05-09
-
-
ReconScanning (node.ce2b59): 20
- 2026-05-08
-
-
ReconScanning (node.ce2b59): 15
-
AnomalyTraffic (node.6a1878): 2
-
ReconScanning (node.4dc198): 3
-
ReconScanning (node.368407): 1
- 2026-05-07
-
-
ReconScanning (node.ce2b59): 7
-
ReconScanning (node.4dc198): 11
-
ReconScanning (node.368407): 12
-
AnomalyTraffic (node.6a1878): 4
- 2026-05-06
-
-
ReconScanning (node.4dc198): 20
-
ReconScanning (node.368407): 38
-
ReconScanning (node.ce2b59): 12
- 2026-05-05
-
-
ReconScanning (node.ce2b59): 44
-
ReconScanning (node.4dc198): 2
-
ReconScanning (node.368407): 8
- DShield reports (IP summary, reports)
- 2026-05-06
- Number of reports: 203
- Distinct targets: 116
- 2026-05-07
- Number of reports: 359
- Distinct targets: 95
- 2026-05-08
- Number of reports: 359
- Distinct targets: 95
- 2026-05-09
- Number of reports: 510
- Distinct targets: 108
- 2026-05-10
- Number of reports: 168
- Distinct targets: 107
- Origin AS
- AS12876 - AS12876
- BGP Prefix
- 51.158.0.0/15
- geo
-
France, Paris
- 🕑 Europe/Paris
- hostname
- 51-159-109-208.rev.poneytelecom.eu
- hostname_class
- ['ip_in_hostname']
- Address block ('inetnum' or 'NetRange' in whois database)
- 51.158.0.0 - 51.159.255.255
- last_activity
- 2026-05-12 07:17:00
- last_warden_event
- 2026-05-12 07:17:00
- rep
- 0.0003736034792970466
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 22, 80, 443, 5432, 6379
- Tags: self-signed
- CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux
- ts_added
- 2026-05-05 07:55:15.021000
- ts_last_update
- 2026-05-24 07:55:20.682000
Warden event timeline
DShield event timeline
Presence on blacklists
