IP address

Search at other sites:
.00064.89.160.230
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
Spamhaus SBL
64.89.160.230 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-16 05:02:51.114000
Was present on blacklist at: 2026-01-26 05:02, 2026-02-02 05:02, 2026-02-09 05:02, 2026-02-16 05:02
Spamhaus DROP
64.89.160.230 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-16 05:02:51.114000
Was present on blacklist at: 2026-01-26 05:02, 2026-02-02 05:02, 2026-02-09 05:02, 2026-02-16 05:02
AbuseIPDB
64.89.160.230 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-02-04 05:00:00.652000
Was present on blacklist at: 2026-01-28 05:00, 2026-01-29 05:00, 2026-01-30 05:00, 2026-01-31 05:00, 2026-02-01 05:00, 2026-02-02 05:00, 2026-02-04 05:00
Turris greylist
64.89.160.230 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-03 22:15:00.141000
Was present on blacklist at: 2026-01-29 22:15, 2026-01-30 22:15, 2026-02-01 22:15, 2026-02-02 22:15, 2026-02-03 22:15
Spamhaus XBL CBL
64.89.160.230 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-16 05:02:51.114000
Was present on blacklist at: 2026-02-02 05:02, 2026-02-09 05:02

Threat categories

TLRoleCategoryDetails
50 src login protocol: telnet
Warden events (1735)
2026-02-02
ReconScanning (node.368407): 39
ReconScanning (node.4dc198): 262
2026-02-01
ReconScanning (node.4dc198): 288
ReconScanning (node.368407): 285
2026-01-31
ReconScanning (node.368407): 57
ReconScanning (node.4dc198): 58
2026-01-30
ReconScanning (node.4dc198): 1
2026-01-29
ReconScanning (node.4dc198): 197
ReconScanning (node.368407): 6
2026-01-28
ReconScanning (node.368407): 266
ReconScanning (node.4dc198): 276
DShield reports (IP summary, reports)
2026-01-25
Number of reports: 12
Distinct targets: 8
2026-01-26
Number of reports: 12
Distinct targets: 8
OTX pulses
[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors
Author name:Kapppppa
Pulse modified:2026-02-16 23:56:37.856000
Indicator created:2026-02-01 15:21:01
Indicator role:bruteforce
Indicator title:Telnet Login attempt
Indicator expiration:2026-03-03 15:00:00
[697f536a2af805684e7a7210] 2026-02-01 13:21:46.329000 | Telnet honeypot logs for 2026-02-01
Author name:jnazario
Pulse modified:2026-02-01 13:21:46.329000
Indicator created:2026-02-01 13:21:47
Indicator role:None
Indicator title:
Indicator expiration:2026-03-03 13:00:00
Origin AS
AS205759 - GHOSTYNETWORKS
BGP Prefix
64.89.160.0/24
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
64.89.160.0 - 64.89.163.255
last_activity
2026-02-17 00:01:12.728000
last_warden_event
2026-02-02 22:16:49
rep
0.0
reserved_range
0
ts_added
2026-01-26 05:02:45.227000
ts_last_update
2026-02-17 00:01:12.741000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses