IP address

Search at other sites:
.54264.89.161.198
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
Spamhaus SBL
64.89.161.198 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-13 19:39:50.575000
Was present on blacklist at: 2026-01-23 19:39, 2026-01-30 19:39, 2026-02-06 19:39, 2026-02-13 19:39
Spamhaus DROP
64.89.161.198 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-13 19:39:50.575000
Was present on blacklist at: 2026-01-23 19:39, 2026-01-30 19:39, 2026-02-06 19:39, 2026-02-13 19:39
Spamhaus XBL CBL
64.89.161.198 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-13 19:39:50.575000
Was present on blacklist at: 2026-01-30 19:39, 2026-02-06 19:39, 2026-02-13 19:39
AbuseIPDB
64.89.161.198 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 05:00:00.294000
Was present on blacklist at: 2026-01-31 05:00, 2026-02-03 05:00, 2026-02-07 05:00, 2026-02-08 05:00, 2026-02-12 05:00, 2026-02-13 05:00, 2026-02-14 05:00, 2026-02-15 05:00, 2026-02-16 05:00, 2026-02-17 05:00
blocklist.de bots
64.89.161.198 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-04 23:05:00.448000
Was present on blacklist at: 2026-02-03 05:05, 2026-02-03 11:05, 2026-02-03 17:05, 2026-02-03 23:05, 2026-02-04 05:05, 2026-02-04 11:05, 2026-02-04 17:05, 2026-02-04 23:05
blocklist.de SSH
64.89.161.198 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 23:05:00.224000
Was present on blacklist at: 2026-02-11 23:05, 2026-02-12 05:05, 2026-02-12 11:05, 2026-02-12 17:05, 2026-02-12 23:05, 2026-02-13 05:05, 2026-02-13 11:05, 2026-02-13 17:05, 2026-02-15 23:05, 2026-02-16 05:05, 2026-02-16 11:05, 2026-02-16 17:05, 2026-02-16 23:05, 2026-02-17 05:05, 2026-02-17 11:05, 2026-02-17 17:05, 2026-02-17 23:05
DataPlane SSH conn
64.89.161.198 is listed on the DataPlane SSH conn blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IP addresses that<br>has been seen initiating an unsolicited SSH connection to a remote host.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 23:10:06.143000
Was present on blacklist at: 2026-02-11 23:10, 2026-02-12 03:10, 2026-02-12 07:10, 2026-02-12 11:10, 2026-02-12 15:10, 2026-02-12 19:10, 2026-02-12 23:10, 2026-02-13 03:10, 2026-02-13 07:10, 2026-02-13 11:10, 2026-02-13 15:10, 2026-02-13 19:10, 2026-02-13 23:10, 2026-02-14 03:10, 2026-02-14 07:10, 2026-02-14 11:10, 2026-02-14 15:10, 2026-02-14 19:10, 2026-02-14 23:10, 2026-02-15 03:10, 2026-02-15 07:10, 2026-02-15 15:10, 2026-02-15 19:10, 2026-02-16 03:10, 2026-02-16 07:10, 2026-02-16 15:10, 2026-02-16 19:10, 2026-02-16 23:10, 2026-02-17 03:10, 2026-02-17 07:10, 2026-02-17 11:10, 2026-02-17 15:10, 2026-02-17 19:10, 2026-02-17 23:10
Blocklist.net.ua
64.89.161.198 is listed on the Blocklist.net.ua blacklist.

Description: BlockList contains IP addresses that perform attacks,<br>send spam or brute force passwords to the blocking list.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 19:15:02.204000
Was present on blacklist at: 2026-02-15 19:15, 2026-02-15 23:15, 2026-02-16 03:15, 2026-02-16 07:15, 2026-02-16 11:15, 2026-02-16 15:15, 2026-02-16 19:15, 2026-02-16 23:15, 2026-02-17 03:15, 2026-02-17 07:15, 2026-02-17 11:15, 2026-02-17 15:15, 2026-02-17 19:15
BruteForceBlocker
64.89.161.198 is listed on the BruteForceBlocker blacklist.

Description: Daniel Gerzo's BruteForceBlocker. The list is made by perl script,<br>that works along with pf - OpenBSD's firewall and it's main<br>purpose is to block SSH bruteforce attacks via firewall.
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 03:52:00.203000
Was present on blacklist at: 2026-02-16 03:52, 2026-02-17 03:52

Threat categories

TLRoleCategoryDetails
50 src scan
49 src login protocol: ssh
port: 22
Warden events (837)
2026-02-17
ReconScanning (node.368407): 61
ReconScanning (node.4dc198): 63
IntrusionUserCompromise (node.70e749): 42
AttemptLogin (node.70e749): 8
AttemptLogin (node.368407): 13
2026-02-16
ReconScanning (node.4dc198): 26
ReconScanning (node.368407): 22
AttemptLogin (node.368407): 3
IntrusionUserCompromise (node.40929a): 16
2026-02-15
ReconScanning (node.4dc198): 16
ReconScanning (node.368407): 5
IntrusionUserCompromise (node.40929a): 24
AttemptLogin (node.40929a): 1
2026-02-14
ReconScanning (node.4dc198): 22
ReconScanning (node.368407): 23
2026-02-11
ReconScanning (node.4dc198): 15
ReconScanning (node.368407): 13
IntrusionUserCompromise (node.40929a): 4
2026-02-09
ReconScanning (node.4dc198): 51
ReconScanning (node.368407): 50
2026-02-07
ReconScanning (node.4dc198): 56
ReconScanning (node.368407): 55
2026-02-03
ReconScanning (node.4dc198): 11
ReconScanning (node.368407): 11
2026-02-02
ReconScanning (node.368407): 8
ReconScanning (node.4dc198): 11
2026-02-01
ReconScanning (node.4dc198): 15
ReconScanning (node.368407): 14
2026-01-31
ReconScanning (node.4dc198): 60
ReconScanning (node.368407): 59
2026-01-30
ReconScanning (node.4dc198): 29
ReconScanning (node.368407): 28
2026-01-23
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
Origin AS
AS205759 - GHOSTYNETWORKS
BGP Prefix
64.89.161.0/24
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
64.89.160.0 - 64.89.163.255
last_activity
2026-02-17 23:42:29
last_warden_event
2026-02-17 23:42:29
rep
0.5416666666666666
reserved_range
0
ts_added
2026-01-23 19:39:40.112000
ts_last_update
2026-02-17 23:42:40.231000

Warden event timeline

DShield event timeline

Presence on blacklists