IP address

Search at other sites:
.78264.89.163.140
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
CI Army
64.89.163.140 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-01-31 03:50:00.985000
Was present on blacklist at: 2026-01-22 03:50, 2026-01-23 03:50, 2026-01-24 03:50, 2026-01-25 03:50, 2026-01-26 03:50, 2026-01-27 03:50, 2026-01-28 03:50, 2026-01-29 03:50, 2026-01-30 03:50, 2026-01-31 03:50
DShield Block
64.89.163.140 was recently listed on the DShield Block blacklist, but currently it is not.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking<br>class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2026-02-17 04:50:00
Was present on blacklist at: 2026-01-23 04:50
AbuseIPDB
64.89.163.140 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-02-17 05:00:00.294000
Was present on blacklist at: 2026-01-24 05:00, 2026-01-26 05:00, 2026-01-27 05:00, 2026-01-28 05:00, 2026-02-01 05:00, 2026-02-03 05:00, 2026-02-06 05:00, 2026-02-10 05:00, 2026-02-13 05:00, 2026-02-14 05:00, 2026-02-17 05:00
Spamhaus SBL
64.89.163.140 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-11 21:07:30.068000
Was present on blacklist at: 2026-01-28 21:07, 2026-02-04 21:07, 2026-02-11 21:07
Spamhaus DROP
64.89.163.140 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-02-11 21:07:30.068000
Was present on blacklist at: 2026-01-28 21:07, 2026-02-04 21:07, 2026-02-11 21:07

Threat categories

TLRoleCategoryDetails
48 src scan
33 src login protocol: mysql
port: 3306
33 src exploit protocol: mysql
Warden events (192)
2026-02-17
ReconScanning (node.368407): 2
ReconScanning (node.4dc198): 3
2026-02-16
ReconScanning (node.368407): 3
ReconScanning (node.4dc198): 4
2026-02-15
ReconScanning (node.4dc198): 3
IntrusionUserCompromise+AttemptExploit (node.0b69da): 2
ReconScanning (node.368407): 2
2026-02-14
ReconScanning (node.4dc198): 7
IntrusionUserCompromise+AttemptExploit (node.0b69da): 1
ReconScanning (node.368407): 3
2026-02-13
ReconScanning (node.4dc198): 4
ReconScanning (node.368407): 4
IntrusionUserCompromise+AttemptExploit (node.0b69da): 1
2026-02-12
ReconScanning (node.4dc198): 3
IntrusionUserCompromise+AttemptExploit (node.0b69da): 1
ReconScanning (node.368407): 5
IntrusionUserCompromise+AttemptExploit (node.2373ce): 2
2026-02-11
ReconScanning (node.368407): 4
IntrusionUserCompromise+AttemptExploit (node.2373ce): 1
ReconScanning (node.4dc198): 6
IntrusionUserCompromise+AttemptExploit (node.0b69da): 1
2026-02-10
ReconScanning (node.4dc198): 10
ReconScanning (node.368407): 5
IntrusionUserCompromise+AttemptExploit (node.2373ce): 1
2026-02-09
ReconScanning (node.4dc198): 4
ReconScanning (node.368407): 12
2026-02-08
ReconScanning (node.4dc198): 2
2026-02-06
ReconScanning (node.4dc198): 9
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.368407): 8
2026-02-05
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.4dc198): 2
ReconScanning (node.368407): 3
2026-02-04
ReconScanning (node.368407): 2
ReconScanning (node.4dc198): 2
2026-02-03
ReconScanning (node.368407): 7
2026-02-02
ReconScanning (node.368407): 1
2026-02-01
ReconScanning (node.368407): 6
2026-01-31
ReconScanning (node.368407): 2
ReconScanning (node.4dc198): 1
2026-01-30
ReconScanning (node.4dc198): 3
ReconScanning (node.368407): 8
2026-01-29
ReconScanning (node.368407): 2
ReconScanning (node.4dc198): 4
AnomalyTraffic (node.ffe95c): 1
2026-01-28
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 2
2026-01-27
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.4dc198): 1
2026-01-26
ReconScanning (node.368407): 3
AnomalyTraffic (node.ffe95c): 3
ReconScanning (node.4dc198): 6
2026-01-25
ReconScanning (node.4dc198): 3
ReconScanning (node.368407): 3
2026-01-24
IntrusionUserCompromise+AttemptExploit (node.5bdc26): 1
ReconScanning (node.368407): 3
2026-01-23
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
2026-01-22
ReconScanning (node.4dc198): 1
ReconScanning (node.368407): 1
2026-01-21
ReconScanning (node.368407): 1
DShield reports (IP summary, reports)
2026-01-22
Number of reports: 14
Distinct targets: 14
2026-01-23
Number of reports: 40
Distinct targets: 25
2026-01-24
Number of reports: 40
Distinct targets: 25
2026-01-25
Number of reports: 68
Distinct targets: 44
2026-01-26
Number of reports: 68
Distinct targets: 44
Origin AS
AS401626 - NETIFACE-TORONTO
BGP Prefix
64.89.163.0/24
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
64.89.160.0 - 64.89.163.255
last_activity
2026-02-17 20:33:23
last_warden_event
2026-02-17 20:33:23
rep
0.7818956238882883
reserved_range
0
ts_added
2026-01-21 21:07:21.303000
ts_last_update
2026-02-17 21:07:30.114000

Warden event timeline

DShield event timeline

Presence on blacklists