IP address


.96980.75.212.9tube-hosting.com
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
blocklist.de Apache
80.75.212.9 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-16 10:05:00.435000
Was present on blacklist at: 2024-09-13 16:05, 2024-09-13 22:05, 2024-09-14 04:05, 2024-09-14 10:05, 2024-09-14 16:05, 2024-09-14 22:05, 2024-09-15 04:05, 2024-09-15 10:05, 2024-09-15 16:05, 2024-09-15 22:05, 2024-09-16 04:05, 2024-09-16 10:05
CI Army
80.75.212.9 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2024-10-11 02:50:01.073000
Was present on blacklist at: 2024-09-14 02:50, 2024-09-15 02:50, 2024-09-16 02:50, 2024-09-17 02:50, 2024-09-18 02:50, 2024-09-19 02:50, 2024-09-20 02:50, 2024-09-21 02:50, 2024-09-22 02:50, 2024-09-23 02:50, 2024-09-24 02:50, 2024-09-25 02:50, 2024-09-26 02:50, 2024-09-27 02:50, 2024-09-28 02:50, 2024-09-29 02:50, 2024-09-30 02:50, 2024-10-01 02:50, 2024-10-02 02:50, 2024-10-03 02:50, 2024-10-04 02:50, 2024-10-05 02:50, 2024-10-06 02:50, 2024-10-07 02:50, 2024-10-08 02:50, 2024-10-09 02:50, 2024-10-10 02:50, 2024-10-11 02:50
AbuseIPDB
80.75.212.9 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2024-10-11 04:00:00.375000
Was present on blacklist at: 2024-09-14 04:00, 2024-09-15 04:00, 2024-09-19 04:00, 2024-09-20 04:00, 2024-09-21 04:00, 2024-09-22 04:00, 2024-09-23 04:00, 2024-09-24 04:00, 2024-09-25 04:00, 2024-09-26 04:00, 2024-09-27 04:00, 2024-09-28 04:00, 2024-09-29 04:00, 2024-09-30 04:00, 2024-10-01 04:00, 2024-10-02 04:00, 2024-10-03 04:00, 2024-10-04 04:00, 2024-10-05 04:00, 2024-10-06 04:00, 2024-10-07 04:00, 2024-10-08 04:00, 2024-10-09 04:00, 2024-10-10 04:00, 2024-10-11 04:00
UCEPROTECT L1
80.75.212.9 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-09-30 23:45:00.717000
Was present on blacklist at: 2024-09-19 07:45, 2024-09-19 15:45, 2024-09-19 23:45, 2024-09-20 07:45, 2024-09-20 15:45, 2024-09-20 23:45, 2024-09-21 07:45, 2024-09-21 15:45, 2024-09-21 23:45, 2024-09-22 07:45, 2024-09-22 15:45, 2024-09-22 23:45, 2024-09-23 07:45, 2024-09-23 15:45, 2024-09-24 07:45, 2024-09-24 15:45, 2024-09-24 23:45, 2024-09-25 15:45, 2024-09-25 23:45, 2024-09-26 07:45, 2024-09-26 15:45, 2024-09-26 23:45, 2024-09-27 07:45, 2024-09-27 15:45, 2024-09-27 23:45, 2024-09-28 07:45, 2024-09-28 15:45, 2024-09-28 23:45, 2024-09-29 07:45, 2024-09-29 15:45, 2024-09-29 23:45, 2024-09-30 07:45, 2024-09-30 15:45, 2024-09-30 23:45
Turris greylist
80.75.212.9 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2024-10-11 21:15:00.300000
Was present on blacklist at: 2024-09-19 21:15, 2024-09-21 21:15, 2024-09-23 21:15, 2024-09-25 21:15, 2024-09-27 21:15, 2024-09-28 21:15, 2024-09-30 21:15, 2024-10-01 21:15, 2024-10-02 21:15, 2024-10-04 21:15, 2024-10-05 21:15, 2024-10-07 21:15, 2024-10-08 21:15, 2024-10-09 21:15, 2024-10-10 21:15, 2024-10-11 21:15
DShield Block
80.75.212.9 was recently listed on the DShield Block blacklist, but currently it is not.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking<br>class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2024-10-11 04:50:00
Was present on blacklist at: 2024-09-20 04:50, 2024-09-21 04:50, 2024-09-22 04:50, 2024-09-23 04:50, 2024-09-24 04:50, 2024-09-25 04:50, 2024-09-26 04:50, 2024-09-27 04:50
Spamhaus XBL CBL
80.75.212.9 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2024-10-11 11:58:30.286000
Was present on blacklist at: 2024-09-27 11:58, 2024-10-11 11:58
Warden events (8764)
2024-10-11
ReconScanning (node.cfb4f7): 250
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.5f02e7): 4
ReconScanning (node.368407): 50
ReconScanning (node.4dc198): 49
2024-10-10
ReconScanning (node.368407): 22
ReconScanning (node.4dc198): 21
ReconScanning (node.5f02e7): 6
ReconScanning (node.cfb4f7): 1892
AnomalyTraffic (node.ffe95c): 1
2024-10-09
ReconScanning (node.4dc198): 39
ReconScanning (node.368407): 42
ReconScanning (node.cfb4f7): 15
AnomalyTraffic (node.ffe95c): 3
ReconScanning (node.5f02e7): 3
2024-10-08
ReconScanning (node.368407): 78
ReconScanning (node.4dc198): 78
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.cfb4f7): 191
ReconScanning (node.5f02e7): 13
2024-10-07
ReconScanning (node.368407): 29
ReconScanning (node.4dc198): 28
ReconScanning (node.cfb4f7): 59
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.5f02e7): 5
2024-10-06
ReconScanning (node.368407): 19
ReconScanning (node.4dc198): 18
ReconScanning (node.5f02e7): 11
ReconScanning (node.cfb4f7): 141
AnomalyTraffic (node.ffe95c): 1
2024-10-05
ReconScanning (node.cfb4f7): 91
ReconScanning (node.5f02e7): 10
ReconScanning (node.4dc198): 59
ReconScanning (node.368407): 57
AnomalyTraffic (node.ffe95c): 5
2024-10-04
ReconScanning (node.368407): 83
ReconScanning (node.4dc198): 82
ReconScanning (node.cfb4f7): 264
AnomalyTraffic (node.ffe95c): 5
ReconScanning (node.5f02e7): 10
2024-10-03
ReconScanning (node.4dc198): 62
ReconScanning (node.368407): 62
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.cfb4f7): 51
ReconScanning (node.5f02e7): 1
2024-10-02
ReconScanning (node.368407): 21
ReconScanning (node.4dc198): 21
ReconScanning (node.5f02e7): 1
ReconScanning (node.cfb4f7): 22
AnomalyTraffic (node.ffe95c): 1
2024-10-01
ReconScanning (node.4dc198): 125
ReconScanning (node.368407): 126
ReconScanning (node.cfb4f7): 70
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.5f02e7): 11
2024-09-30
ReconScanning (node.cfb4f7): 85
ReconScanning (node.5f02e7): 14
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.368407): 23
ReconScanning (node.4dc198): 23
2024-09-29
ReconScanning (node.cfb4f7): 242
AnomalyTraffic (node.ffe95c): 4
ReconScanning (node.368407): 93
ReconScanning (node.4dc198): 94
ReconScanning (node.5f02e7): 7
2024-09-28
AnomalyTraffic (node.ffe95c): 2
ReconScanning (node.cfb4f7): 69
ReconScanning (node.368407): 120
ReconScanning (node.4dc198): 121
ReconScanning (node.5f02e7): 9
2024-09-27
ReconScanning (node.cfb4f7): 90
ReconScanning (node.368407): 249
ReconScanning (node.4dc198): 272
ReconScanning (node.5f02e7): 6
AnomalyTraffic (node.ffe95c): 3
2024-09-26
ReconScanning (node.368407): 148
ReconScanning (node.4dc198): 147
ReconScanning (node.cfb4f7): 111
AnomalyTraffic (node.ffe95c): 4
ReconScanning (node.5f02e7): 10
2024-09-25
ReconScanning (node.368407): 90
ReconScanning (node.cfb4f7): 197
ReconScanning (node.4dc198): 90
AnomalyTraffic (node.ffe95c): 3
ReconScanning (node.5f02e7): 8
ReconScanning (node.ce2b59): 2
2024-09-24
ReconScanning (node.368407): 121
ReconScanning (node.4dc198): 117
AnomalyTraffic (node.ffe95c): 4
ReconScanning (node.cfb4f7): 145
ReconScanning (node.5f02e7): 11
2024-09-23
AnomalyTraffic (node.ffe95c): 4
ReconScanning (node.5f02e7): 11
ReconScanning (node.cfb4f7): 274
ReconScanning (node.4dc198): 50
ReconScanning (node.368407): 50
2024-09-22
AnomalyTraffic (node.ffe95c): 8
ReconScanning (node.5f02e7): 11
ReconScanning (node.368407): 61
ReconScanning (node.4dc198): 60
2024-09-21
ReconScanning (node.4dc198): 70
ReconScanning (node.368407): 70
AnomalyTraffic (node.ffe95c): 4
ReconScanning (node.5f02e7): 5
2024-09-20
AnomalyTraffic (node.ffe95c): 9
ReconScanning (node.4dc198): 134
ReconScanning (node.368407): 135
ReconScanning (node.5f02e7): 9
2024-09-19
ReconScanning (node.5f02e7): 10
AnomalyTraffic (node.ffe95c): 3
ReconScanning (node.4dc198): 151
ReconScanning (node.368407): 150
2024-09-18
ReconScanning (node.ce2b59): 4
ReconScanning (node.4dc198): 98
ReconScanning (node.368407): 98
ReconScanning (node.5f02e7): 4
2024-09-14
ReconScanning (node.368407): 42
ReconScanning (node.4dc198): 44
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.ce2b59): 9
ReconScanning (node.5f02e7): 3
2024-09-13
ReconScanning (node.ce2b59): 22
ReconScanning (node.4dc198): 50
ReconScanning (node.368407): 48
ReconScanning (node.5f02e7): 7
AnomalyTraffic (node.ffe95c): 2
DShield reports (IP summary, reports)
2024-09-13
Number of reports: 17840
Distinct targets: 11912
2024-09-14
Number of reports: 22803
Distinct targets: 13991
2024-09-18
Number of reports: 17631
Distinct targets: 3842
2024-09-19
Number of reports: 25982
Distinct targets: 6503
2024-09-20
Number of reports: 40315
Distinct targets: 6845
2024-09-21
Number of reports: 27994
Distinct targets: 16221
2024-09-22
Number of reports: 38436
Distinct targets: 16297
2024-09-23
Number of reports: 37585
Distinct targets: 18970
2024-09-24
Number of reports: 35814
Distinct targets: 8403
2024-09-25
Number of reports: 37473
Distinct targets: 23730
2024-09-26
Number of reports: 37701
Distinct targets: 24074
2024-09-27
Number of reports: 37639
Distinct targets: 19740
2024-09-28
Number of reports: 38013
Distinct targets: 19389
2024-09-29
Number of reports: 35033
Distinct targets: 22172
2024-09-30
Number of reports: 44868
Distinct targets: 26557
2024-10-01
Number of reports: 33746
Distinct targets: 7283
2024-10-02
Number of reports: 6159
Distinct targets: 4019
2024-10-03
Number of reports: 33534
Distinct targets: 4607
2024-10-04
Number of reports: 38817
Distinct targets: 25206
2024-10-05
Number of reports: 37192
Distinct targets: 23364
2024-10-06
Number of reports: 40700
Distinct targets: 24930
2024-10-07
Number of reports: 113763
Distinct targets: 65372
2024-10-08
Number of reports: 36754
Distinct targets: 23175
2024-10-09
Number of reports: 11902
Distinct targets: 4633
2024-10-10
Number of reports: 16487
Distinct targets: 10386
OTX pulses
[606d75c11c08ff94089a9430] 2021-04-07 09:05:05.353000 | Georgs Honeypot
Author name:georgengelmann
Pulse modified:2024-10-10 21:34:02.574000
Indicator created:2024-10-02 22:13:03
Indicator role:trojan
Indicator title:Millennium, Trojan from tube-hosting.com port 51870
Indicator expiration:2024-11-01 22:00:00
Origin AS
AS49581 - FerdinandZink
BGP Prefix
80.75.212.0/24
geo
Germany, Frankfurt am Main
🕑 Europe/Berlin
hostname
tube-hosting.com
Address block ('inetnum' or 'NetRange' in whois database)
80.75.212.0 - 80.75.212.255
last_activity
2024-10-11 14:01:13
last_warden_event
2024-10-11 14:01:13
rep
0.96875
reserved_range
0
Shodan's InternetDB
Open ports: 22, 80, 111, 443, 3128
Tags:
CPEs: cpe:/a:openbsd:openssh:9.2p1, cpe:/o:debian:debian_linux, cpe:/o:linux:linux_kernel, cpe:/a:f5:nginx
ts_added
2024-09-13 11:58:20.130000
ts_last_update
2024-10-11 21:17:37.043000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses