IP address

Passive DNS

Tags: Scanner

IP blacklists

CI Army

89.248.168.239 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-07-10 02:50:00.860000
Was present on blacklist at: 2025-04-30 02:50, 2025-05-02 02:50, 2025-05-03 02:50, 2025-05-04 02:50, 2025-05-06 02:50, 2025-05-07 02:50, 2025-05-08 02:50, 2025-05-09 02:50, 2025-05-10 02:50, 2025-05-13 02:50, 2025-05-14 02:50, 2025-05-16 02:50, 2025-05-17 02:50, 2025-05-18 02:50, 2025-05-19 02:50, 2025-05-21 02:50, 2025-05-22 02:50, 2025-05-23 02:50, 2025-05-24 02:50, 2025-05-25 02:50, 2025-05-26 02:50, 2025-05-27 02:50, 2025-05-28 02:50, 2025-05-29 02:50, 2025-06-06 02:50, 2025-06-14 02:50, 2025-06-15 02:50, 2025-06-16 02:50, 2025-06-17 02:50, 2025-06-18 02:50, 2025-06-19 02:50, 2025-06-20 02:50, 2025-06-26 02:50, 2025-06-27 02:50, 2025-06-28 02:50, 2025-06-29 02:50, 2025-06-30 02:50, 2025-07-01 02:50, 2025-07-02 02:50, 2025-07-03 02:50, 2025-07-04 02:50, 2025-07-05 02:50, 2025-07-06 02:50, 2025-07-07 02:50, 2025-07-08 02:50, 2025-07-09 02:50, 2025-07-10 02:50

UCEPROTECT L1

89.248.168.239 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-06-20 07:45:00.563000
Was present on blacklist at: 2025-06-13 15:45, 2025-06-13 23:45, 2025-06-14 07:45, 2025-06-14 15:45, 2025-06-14 23:45, 2025-06-15 07:45, 2025-06-15 15:45, 2025-06-15 23:45, 2025-06-16 07:45, 2025-06-16 15:45, 2025-06-16 23:45, 2025-06-17 07:45, 2025-06-17 15:45, 2025-06-17 23:45, 2025-06-18 07:45, 2025-06-18 15:45, 2025-06-18 23:45, 2025-06-19 07:45, 2025-06-19 15:45, 2025-06-19 23:45, 2025-06-20 07:45

AbuseIPDB

89.248.168.239 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-07-06 04:00:00.753000
Was present on blacklist at: 2025-06-14 04:00, 2025-06-15 04:00, 2025-06-16 04:00, 2025-06-27 04:00, 2025-07-06 04:00

Spamhaus XBL CBL

89.248.168.239 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-07-16 03:13:20.594000
Was present on blacklist at: 2025-06-18 03:13, 2025-06-25 03:13

Warden events (1410)

2025-07-09: ReconScanning (node.4dc198): 5
2025-07-08: ReconScanning (node.4dc198): 102
2025-07-05: ReconScanning (node.4dc198): 1; ReconScanning (node.9c1411): 2
2025-07-03: ReconScanning (node.9c1411): 1
2025-07-02: ReconScanning (node.4dc198): 3
2025-06-15: ReconScanning (node.4dc198): 276; ReconScanning (node.368407): 274; ReconScanning (node.9c1411): 75
2025-06-14: ReconScanning (node.9c1411): 65; ReconScanning (node.4dc198): 287; ReconScanning (node.368407): 284
2025-06-13: ReconScanning (node.9c1411): 5; ReconScanning (node.4dc198): 14; ReconScanning (node.368407): 14
2025-06-12: ReconScanning (node.9c1411): 2

DShield reports (IP summary, reports)

2025-04-29: Number of reports: 138; Distinct targets: 129
2025-05-01: Number of reports: 224; Distinct targets: 142
2025-05-05: Number of reports: 219; Distinct targets: 139
2025-05-07: Number of reports: 226; Distinct targets: 142
2025-05-12: Number of reports: 227; Distinct targets: 141
2025-05-15: Number of reports: 188; Distinct targets: 151
2025-05-20: Number of reports: 116; Distinct targets: 68
2025-05-21: Number of reports: 131; Distinct targets: 61
2025-05-24: Number of reports: 244; Distinct targets: 146
2025-06-05: Number of reports: 226; Distinct targets: 134
2025-06-12: Number of reports: 40; Distinct targets: 23
2025-06-13: Number of reports: 178; Distinct targets: 133
2025-06-14: Number of reports: 360; Distinct targets: 313
2025-06-15: Number of reports: 331; Distinct targets: 292
2025-06-25: Number of reports: 114; Distinct targets: 97
2025-06-27: Number of reports: 97; Distinct targets: 55
2025-07-01: Number of reports: 197; Distinct targets: 118
2025-07-02: Number of reports: 59; Distinct targets: 24
2025-07-05: Number of reports: 70; Distinct targets: 64
2025-07-06: Number of reports: 230; Distinct targets: 150
2025-07-07: Number of reports: 140; Distinct targets: 97
2025-07-08: Number of reports: 121; Distinct targets: 87

Origin AS: AS202425 - INT-NETWORK
BGP Prefix: 89.248.168.0/24
geo: Netherlands, Amsterdam; 🕑 Europe/Amsterdam
hostname: no-reverse-dns-configured.com
Address block ('inetnum' or 'NetRange' in whois database): 89.248.160.0 - 89.248.175.255
last_activity: 2025-07-09 00:22:59
last_warden_event: 2025-07-09 00:22:59
rep: 0.04836309523809524
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 8888; Tags: scanner; CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.2p1
ts_added: 2025-04-30 03:13:12.421000
ts_last_update: 2025-07-18 03:13:20.157000

Warden event timeline

DShield event timeline

Presence on blacklists