IP address

Passive DNS

Tags: Scanner

IP blacklists

DShield Block

89.248.163.173 was recently listed on the DShield Block blacklist, but currently it is not.

Description: Recommended Block List by DShield.org. It summarizes the top 20 attacking class C (/24) subnets over the last three days.
Type of feed: secondary (feed detail page)

Last checked at: 2025-07-14 04:50:00
Was present on blacklist at: 2025-05-17 04:50, 2025-05-18 04:50, 2025-05-19 04:50, 2025-05-20 04:50

CI Army

89.248.163.173 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-07-14 02:50:00.826000
Was present on blacklist at: 2025-05-23 02:50, 2025-05-24 02:50, 2025-05-25 02:50, 2025-05-26 02:50, 2025-05-27 02:50, 2025-05-28 02:50, 2025-05-29 02:50, 2025-05-30 02:50, 2025-05-31 02:50, 2025-06-01 02:50, 2025-06-02 02:50, 2025-06-03 02:50, 2025-06-04 02:50, 2025-06-05 02:50, 2025-06-06 02:50, 2025-06-07 02:50, 2025-06-08 02:50, 2025-06-09 02:50, 2025-06-10 02:50, 2025-06-11 02:50, 2025-06-12 02:50, 2025-06-13 02:50, 2025-06-14 02:50, 2025-06-15 02:50, 2025-06-16 02:50, 2025-06-17 02:50, 2025-06-18 02:50, 2025-06-21 02:50, 2025-06-22 02:50, 2025-06-23 02:50, 2025-06-24 02:50, 2025-06-25 02:50, 2025-06-26 02:50, 2025-06-27 02:50, 2025-06-28 02:50, 2025-06-29 02:50, 2025-06-30 02:50, 2025-07-01 02:50, 2025-07-02 02:50, 2025-07-05 02:50, 2025-07-06 02:50, 2025-07-07 02:50, 2025-07-08 02:50, 2025-07-09 02:50, 2025-07-11 02:50, 2025-07-12 02:50, 2025-07-13 02:50, 2025-07-14 02:50

DataPlane TELNET login

89.248.163.173 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs trying an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-07-06 14:10:03.275000
Was present on blacklist at: 2025-05-24 02:10, 2025-05-24 06:10, 2025-05-24 14:10, 2025-05-24 18:10, 2025-05-25 02:10, 2025-05-25 06:10, 2025-05-25 14:10, 2025-05-25 18:10, 2025-05-26 02:10, 2025-05-26 06:10, 2025-05-26 14:10, 2025-05-26 18:10, 2025-05-27 02:10, 2025-05-27 06:10, 2025-05-27 18:10, 2025-05-28 02:10, 2025-05-28 14:10, 2025-05-28 18:10, 2025-05-29 02:10, 2025-05-29 06:10, 2025-05-29 14:10, 2025-05-29 18:10, 2025-05-30 02:10, 2025-05-30 06:10, 2025-05-30 14:10, 2025-05-30 18:10, 2025-06-30 02:10, 2025-06-30 06:10, 2025-06-30 14:10, 2025-06-30 18:10, 2025-07-01 02:10, 2025-07-01 06:10, 2025-07-01 14:10, 2025-07-01 18:10, 2025-07-02 02:10, 2025-07-02 06:10, 2025-07-02 14:10, 2025-07-02 18:10, 2025-07-03 02:10, 2025-07-03 06:10, 2025-07-03 14:10, 2025-07-03 18:10, 2025-07-04 02:10, 2025-07-04 06:10, 2025-07-04 14:10, 2025-07-04 18:10, 2025-07-05 02:10, 2025-07-05 06:10, 2025-07-05 14:10, 2025-07-05 18:10, 2025-07-06 02:10, 2025-07-06 06:10, 2025-07-06 14:10

Spamhaus XBL CBL

89.248.163.173 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-07-12 05:24:47.829000
Was present on blacklist at: 2025-05-24 05:17, 2025-05-31 05:13, 2025-06-07 05:21, 2025-06-14 05:19, 2025-06-21 05:20, 2025-07-05 05:22, 2025-07-12 05:24

Turris greylist

89.248.163.173 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-07-14 21:15:00.179000
Was present on blacklist at: 2025-05-24 21:15, 2025-05-25 21:15, 2025-05-26 21:15, 2025-05-29 21:15, 2025-05-31 21:15, 2025-06-02 21:15, 2025-06-04 21:15, 2025-06-06 21:15, 2025-06-08 21:15, 2025-06-10 21:15, 2025-06-15 21:15, 2025-06-17 21:15, 2025-06-20 21:15, 2025-06-22 21:15, 2025-06-25 21:15, 2025-06-27 21:15, 2025-06-29 21:15, 2025-06-30 21:15, 2025-07-02 21:15, 2025-07-05 21:15, 2025-07-06 21:15, 2025-07-08 21:15, 2025-07-10 21:15, 2025-07-12 21:15, 2025-07-14 21:15

AbuseIPDB

89.248.163.173 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-07-08 04:00:00.641000
Was present on blacklist at: 2025-05-27 04:00, 2025-05-29 04:00, 2025-06-16 04:00, 2025-07-06 04:00, 2025-07-08 04:00

Warden events (55)

2025-07-02: ReconScanning (node.f90c6b): 7
2025-07-01: ReconScanning (node.f90c6b): 4
2025-05-23: IntrusionUserCompromise (node.cfb4f7): 44

DShield reports (IP summary, reports)

2025-05-16: Number of reports: 4006; Distinct targets: 2000
2025-05-17: Number of reports: 4004; Distinct targets: 2001
2025-05-18: Number of reports: 733; Distinct targets: 733
2025-05-19: Number of reports: 313; Distinct targets: 36
2025-05-20: Number of reports: 50; Distinct targets: 19
2025-05-21: Number of reports: 45; Distinct targets: 24
2025-05-23: Number of reports: 5817; Distinct targets: 1568
2025-05-24: Number of reports: 3333; Distinct targets: 2958
2025-05-25: Number of reports: 3207; Distinct targets: 2651
2025-05-26: Number of reports: 6579; Distinct targets: 3106
2025-05-28: Number of reports: 8249; Distinct targets: 8226
2025-05-29: Number of reports: 20847; Distinct targets: 16006
2025-05-30: Number of reports: 4645; Distinct targets: 4083
2025-05-31: Number of reports: 6745; Distinct targets: 5503
2025-06-01: Number of reports: 3077; Distinct targets: 3077
2025-06-02: Number of reports: 6125; Distinct targets: 5054
2025-06-03: Number of reports: 5998; Distinct targets: 5664
2025-06-04: Number of reports: 2521; Distinct targets: 1762
2025-06-05: Number of reports: 7869; Distinct targets: 4559
2025-06-06: Number of reports: 8603; Distinct targets: 5340
2025-06-07: Number of reports: 1609; Distinct targets: 1218
2025-06-09: Number of reports: 2500; Distinct targets: 1500
2025-06-10: Number of reports: 2000; Distinct targets: 1000
2025-06-11: Number of reports: 1181; Distinct targets: 576
2025-06-12: Number of reports: 1695; Distinct targets: 1675
2025-06-13: Number of reports: 1216; Distinct targets: 865
2025-06-14: Number of reports: 3720; Distinct targets: 3719
2025-06-15: Number of reports: 4972; Distinct targets: 4298
2025-06-16: Number of reports: 1740; Distinct targets: 1740
2025-06-17: Number of reports: 1511; Distinct targets: 1511
2025-06-18: Number of reports: 12375; Distinct targets: 9245
2025-06-19: Number of reports: 3582; Distinct targets: 2701
2025-06-20: Number of reports: 8913; Distinct targets: 6001
2025-06-21: Number of reports: 515; Distinct targets: 509
2025-06-22: Number of reports: 3038; Distinct targets: 2019
2025-06-23: Number of reports: 2857; Distinct targets: 2857
2025-06-24: Number of reports: 2762; Distinct targets: 2762
2025-06-25: Number of reports: 2778; Distinct targets: 2255
2025-06-27: Number of reports: 3955; Distinct targets: 3073
2025-06-28: Number of reports: 3203; Distinct targets: 2440
2025-06-29: Number of reports: 6971; Distinct targets: 3937
2025-06-30: Number of reports: 3000; Distinct targets: 3000
2025-07-01: Number of reports: 4437; Distinct targets: 3165
2025-07-02: Number of reports: 2570; Distinct targets: 1785
2025-07-03: Number of reports: 7255; Distinct targets: 4527
2025-07-04: Number of reports: 13896; Distinct targets: 8640
2025-07-05: Number of reports: 2895; Distinct targets: 2883
2025-07-06: Number of reports: 3202; Distinct targets: 3063
2025-07-07: Number of reports: 6481; Distinct targets: 4773
2025-07-08: Number of reports: 2027; Distinct targets: 1184
2025-07-09: Number of reports: 1084; Distinct targets: 1084
2025-07-10: Number of reports: 345; Distinct targets: 345
2025-07-11: Number of reports: 172; Distinct targets: 172
2025-07-12: Number of reports: 623; Distinct targets: 623
2025-07-13: Number of reports: 9285; Distinct targets: 6094

OTX pulses

[6839a4236bdb4980de5c3ca2] 2025-05-30 12:27:15.927000 | RDP honeypot logs for 2025/05/30

Author name:	jnazario
Pulse modified:	2025-05-30 12:27:15.927000
Indicator created:	2025-05-30 12:27:16
Indicator role:	None
Indicator title:
Indicator expiration:	2025-06-29 12:00:00

Origin AS: AS202425 - INT-NETWORK; AS35539 - INFOLINK-T-AS
BGP Prefix: 89.248.163.0/24
geo: Netherlands; 🕑 Europe/Amsterdam
hostname: recyber.net
Address block ('inetnum' or 'NetRange' in whois database): 89.248.160.0 - 89.248.175.255
last_activity: 2025-07-02 02:39:26
last_warden_event: 2025-07-02 02:39:26
rep: 0.013913690476190477
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80; Tags: eol-product; CPEs: cpe:/a:f5:nginx:1.18.0, cpe:/o:canonical:ubuntu_linux, cpe:/o:linux:linux_kernel, cpe:/a:openbsd:openssh:8.2p1
ts_added: 2025-05-17 05:08:59.482000
ts_last_update: 2025-07-14 21:16:39.200000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses