IP address

Passive DNS

Tags: Scanner

IP blacklists

DataPlane SMTP greeting

104.248.131.100 is listed on the DataPlane SMTP greeting blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs that are<br>identified as SMTP clients issuing unsolicited HELO or EHLO commands.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-18 02:10:06.236000
Was present on blacklist at: 2025-04-06 14:10, 2025-04-06 18:10, 2025-04-06 22:10, 2025-04-07 02:10, 2025-04-07 06:10, 2025-04-07 10:10, 2025-04-07 14:10, 2025-04-07 18:10, 2025-04-07 22:10, 2025-04-08 02:10, 2025-04-08 06:10, 2025-04-08 10:10, 2025-04-08 14:10, 2025-04-08 18:10, 2025-04-08 22:10, 2025-04-09 02:10, 2025-04-09 06:10, 2025-04-09 10:10, 2025-04-09 14:10, 2025-04-09 18:10, 2025-04-09 22:10, 2025-04-10 02:10, 2025-04-10 06:10, 2025-04-10 10:10, 2025-04-10 14:10, 2025-04-10 18:10, 2025-04-10 22:10, 2025-04-11 02:10, 2025-04-11 06:10, 2025-04-11 10:10, 2025-04-11 14:10, 2025-04-11 18:10, 2025-04-11 22:10, 2025-04-12 02:10, 2025-04-12 06:10, 2025-04-12 10:10, 2025-04-12 14:10, 2025-04-12 18:10, 2025-04-12 22:10, 2025-04-13 02:10, 2025-04-13 06:10, 2025-04-13 14:10, 2025-04-13 18:10, 2025-04-13 22:10, 2025-04-14 02:10, 2025-04-14 06:10, 2025-04-14 10:10, 2025-04-14 14:10, 2025-04-14 18:10, 2025-04-14 22:10, 2025-04-15 02:10, 2025-04-15 06:10, 2025-04-15 10:10, 2025-04-15 14:10, 2025-04-15 18:10, 2025-04-15 22:10, 2025-04-16 02:10, 2025-04-16 06:10, 2025-04-16 10:10, 2025-04-16 14:10, 2025-04-16 18:10, 2025-04-16 22:10, 2025-04-17 02:10, 2025-04-17 06:10, 2025-04-17 10:10, 2025-04-17 14:10, 2025-04-17 18:10, 2025-04-17 22:10, 2025-04-18 02:10

UCEPROTECT L1

104.248.131.100 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-17 07:45:00.813000
Was present on blacklist at: 2025-04-06 15:45, 2025-04-06 23:45, 2025-04-07 07:45, 2025-04-07 15:45, 2025-04-07 23:45, 2025-04-08 07:45, 2025-04-08 15:45, 2025-04-08 23:45, 2025-04-09 07:45, 2025-04-09 15:45, 2025-04-09 23:45, 2025-04-10 07:45, 2025-04-10 15:45, 2025-04-10 23:45, 2025-04-11 07:45, 2025-04-11 15:45, 2025-04-11 23:45, 2025-04-12 07:45, 2025-04-12 15:45, 2025-04-12 23:45, 2025-04-13 07:45, 2025-04-13 15:45, 2025-04-13 23:45, 2025-04-14 07:45, 2025-04-14 15:45, 2025-04-14 23:45, 2025-04-15 07:45, 2025-04-15 15:45, 2025-04-15 23:45, 2025-04-16 07:45, 2025-04-16 15:45, 2025-04-16 23:45, 2025-04-17 07:45

AbuseIPDB

104.248.131.100 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-04-12 04:00:00.642000
Was present on blacklist at: 2025-04-07 04:00, 2025-04-09 04:00, 2025-04-10 04:00, 2025-04-11 04:00, 2025-04-12 04:00

Turris greylist

104.248.131.100 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-12 21:15:00.174000
Was present on blacklist at: 2025-04-07 21:15, 2025-04-08 21:15, 2025-04-09 21:15, 2025-04-10 21:15, 2025-04-11 21:15, 2025-04-12 21:15

Spamhaus SBL CSS

104.248.131.100 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-04 06:33:30.237000
Was present on blacklist at: 2025-04-13 06:33

Spamhaus XBL CBL

104.248.131.100 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-04 06:33:30.237000
Was present on blacklist at: 2025-04-13 06:33

Warden events (585)

2025-04-20: ReconScanning (node.9c1411): 2
2025-04-11: ReconScanning (node.9c1411): 4; IntrusionUserCompromise (node.cfb4f7): 12
2025-04-10: IntrusionUserCompromise (node.cfb4f7): 95; ReconScanning (node.9c1411): 30
2025-04-09: ReconScanning (node.9c1411): 24; IntrusionUserCompromise (node.cfb4f7): 69
2025-04-08: ReconScanning (node.9c1411): 47; IntrusionUserCompromise (node.cfb4f7): 105
2025-04-07: ReconScanning (node.9c1411): 24; IntrusionUserCompromise (node.cfb4f7): 69
2025-04-06: ReconScanning (node.9c1411): 20; IntrusionUserCompromise (node.cfb4f7): 84

DShield reports (IP summary, reports)

2025-04-06: Number of reports: 85; Distinct targets: 31
2025-04-07: Number of reports: 153; Distinct targets: 44
2025-04-08: Number of reports: 123; Distinct targets: 51
2025-04-09: Number of reports: 182; Distinct targets: 63
2025-04-10: Number of reports: 103; Distinct targets: 43

Origin AS: AS14061 - DIGITALOCEAN-ASN
BGP Prefix: 104.248.128.0/20
geo: Germany, Frankfurt am Main; 🕑 Europe/Berlin
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 104.248.0.0 - 104.248.255.255
last_activity: 2025-04-20 07:13:36
last_warden_event: 2025-04-20 07:13:36
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 106, 221, 427, 443, 502, 515, 1027, 1414, 5000, 5005, 6004, 6134, 6505, 8115, 8200, 8422, 9000, 9102; Tags: cloud; CPEs: cpe:/a:f5:nginx, cpe:/a:openbsd:openssh:8.2p1, cpe:/o:canonical:ubuntu_linux
ts_added: 2025-04-06 06:33:26.686000
ts_last_update: 2025-05-04 06:33:30.432000

Warden event timeline

DShield event timeline

Presence on blacklists