IP address

Search at other sites:
.000116.99.50.13
Shodan(more info)
Passive DNS
Tags: DSL Dynamic IP
IP blacklists
Spamhaus PBL
116.99.50.13 is listed on the Spamhaus PBL blacklist.

Description: The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-29 18:23:50.782000
Was present on blacklist at: 2026-05-04 18:23, 2026-05-11 18:23, 2026-05-18 18:23, 2026-05-25 18:23, 2026-06-01 18:23, 2026-06-22 18:23, 2026-06-29 18:23
blocklist.de SSH
116.99.50.13 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-16 22:05:05.094000
Was present on blacklist at: 2026-05-05 04:05, 2026-05-05 10:05, 2026-05-05 16:05, 2026-05-06 04:05, 2026-05-06 10:05, 2026-05-06 16:05, 2026-05-06 22:05, 2026-05-13 16:05, 2026-05-13 22:05, 2026-05-14 04:05, 2026-05-14 10:05, 2026-05-14 16:05, 2026-05-14 22:05, 2026-05-15 04:05, 2026-05-15 10:05, 2026-05-15 16:05, 2026-05-15 22:05, 2026-05-16 04:05, 2026-05-16 10:05, 2026-05-16 16:05, 2026-05-16 22:05
AbuseIPDB
116.99.50.13 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-31 04:00:00.611000
Was present on blacklist at: 2026-05-06 04:00, 2026-05-08 04:00, 2026-05-10 04:00, 2026-05-13 04:00, 2026-05-14 04:00, 2026-05-15 04:00, 2026-05-16 04:00, 2026-05-17 04:00, 2026-05-18 04:00, 2026-05-19 04:00, 2026-05-20 04:00, 2026-05-21 04:00, 2026-05-22 04:00, 2026-05-24 04:00, 2026-05-25 04:00, 2026-05-26 04:00, 2026-05-27 04:00, 2026-05-28 04:00, 2026-05-29 04:00, 2026-05-30 04:00, 2026-05-31 04:00
blocklist.de web-login
116.99.50.13 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-18 22:05:00.109000
Was present on blacklist at: 2026-05-07 04:05, 2026-05-07 10:05, 2026-05-07 16:05, 2026-05-07 22:05, 2026-05-08 04:05, 2026-05-17 04:05, 2026-05-17 10:05, 2026-05-17 16:05, 2026-05-17 22:05, 2026-05-18 04:05, 2026-05-18 10:05, 2026-05-18 16:05, 2026-05-18 22:05
blocklist.de Apache
116.99.50.13 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-18 22:05:00.340000
Was present on blacklist at: 2026-05-07 04:05, 2026-05-07 10:05, 2026-05-07 16:05, 2026-05-07 22:05, 2026-05-08 04:05, 2026-05-17 04:05, 2026-05-17 10:05, 2026-05-17 16:05, 2026-05-17 22:05, 2026-05-18 04:05, 2026-05-18 10:05, 2026-05-18 16:05, 2026-05-18 22:05
Echelon SSH bruteforce
116.99.50.13 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-20 09:35:00.475000
Was present on blacklist at: 2026-05-07 09:35, 2026-05-08 09:35, 2026-05-09 09:35, 2026-05-10 09:35, 2026-05-11 09:35, 2026-05-12 09:35, 2026-05-18 09:35, 2026-05-19 09:35, 2026-05-20 09:35
CI Army
116.99.50.13 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-16 02:50:00.792000
Was present on blacklist at: 2026-05-08 02:50, 2026-05-09 02:50, 2026-05-10 02:50, 2026-05-11 02:50, 2026-05-12 02:50, 2026-05-13 02:50, 2026-05-14 02:50, 2026-05-15 02:50, 2026-05-16 02:50
Echelon admin panel hunt
116.99.50.13 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 09:05:07.820000
Was present on blacklist at: 2026-05-08 09:05, 2026-05-09 09:05, 2026-05-10 09:05, 2026-05-11 09:05, 2026-05-12 09:05, 2026-05-13 09:05
Echelon CMS enumeration
116.99.50.13 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 09:05:08.607000
Was present on blacklist at: 2026-05-08 09:05, 2026-05-09 09:05, 2026-05-10 09:05, 2026-05-11 09:05, 2026-05-12 09:05, 2026-05-13 09:05
Echelon database admin hunt
116.99.50.13 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 09:10:03.170000
Was present on blacklist at: 2026-05-08 09:10, 2026-05-09 09:10, 2026-05-10 09:10, 2026-05-11 09:10, 2026-05-12 09:10, 2026-05-13 09:10
Echelon directory traversal
116.99.50.13 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-13 09:15:03.216000
Was present on blacklist at: 2026-05-08 09:15, 2026-05-09 09:15, 2026-05-10 09:15, 2026-05-11 09:15, 2026-05-12 09:15, 2026-05-13 09:15
Echelon web crawler
116.99.50.13 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-05-12 09:50:02.739000
Was present on blacklist at: 2026-05-08 09:50, 2026-05-09 09:50, 2026-05-10 09:50, 2026-05-11 09:50, 2026-05-12 09:50
blocklist.de bots
116.99.50.13 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-02 22:05:00.108000
Was present on blacklist at: 2026-05-08 10:05, 2026-05-08 16:05, 2026-05-08 22:05, 2026-05-09 04:05, 2026-05-09 10:05, 2026-05-09 16:05, 2026-05-09 22:05, 2026-05-10 04:05, 2026-05-12 10:05, 2026-05-12 16:05, 2026-05-12 22:05, 2026-05-13 04:05, 2026-05-13 10:05, 2026-05-19 16:05, 2026-05-19 22:05, 2026-05-20 04:05, 2026-05-20 10:05, 2026-05-20 16:05, 2026-05-20 22:05, 2026-05-21 04:05, 2026-05-21 10:05, 2026-05-21 16:05, 2026-05-21 22:05, 2026-05-22 04:05, 2026-05-22 10:05, 2026-06-01 04:05, 2026-06-01 10:05, 2026-06-01 16:05, 2026-06-01 22:05, 2026-06-02 04:05, 2026-06-02 10:05, 2026-06-02 16:05, 2026-06-02 22:05
Spamhaus XBL CBL
116.99.50.13 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-29 18:23:50.782000
Was present on blacklist at: 2026-05-11 18:23, 2026-05-18 18:23, 2026-05-25 18:23
Echelon TLS/SSL crawler
116.99.50.13 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-05-20 09:40:00.282000
Was present on blacklist at: 2026-05-13 09:40, 2026-05-19 09:40, 2026-05-20 09:40
Echelon SSH connection attempt
116.99.50.13 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-05-20 09:35:00.311000
Was present on blacklist at: 2026-05-18 09:35, 2026-05-19 09:35, 2026-05-20 09:35
Echelon telnet bruteforce
116.99.50.13 is listed on the Echelon telnet bruteforce blacklist.

Description: Multiple telnet authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-20 09:45:00.359000
Was present on blacklist at: 2026-05-18 09:45, 2026-05-19 09:45, 2026-05-20 09:45
UCEPROTECT L1
116.99.50.13 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-27 07:45:00.589000
Was present on blacklist at: 2026-05-20 15:45, 2026-05-20 23:45, 2026-05-21 07:45, 2026-05-21 15:45, 2026-05-22 07:45, 2026-05-23 15:45, 2026-05-23 23:45, 2026-05-24 07:45, 2026-05-24 15:45, 2026-05-24 23:45, 2026-05-25 07:45, 2026-05-25 15:45, 2026-05-25 23:45, 2026-05-26 07:45, 2026-05-26 15:45, 2026-05-26 23:45, 2026-05-27 07:45

Threat categories

TLRoleCategoryDetails
No threat category tags assigned
Warden events (88094)
2026-05-20
IntrusionUserCompromise (node.cfb4f7): 20383
ReconScanning (node.ce2b59): 23
2026-05-19
ReconScanning (node.ce2b59): 30
IntrusionUserCompromise (node.cfb4f7): 15152
2026-05-18
ReconScanning (node.ce2b59): 32
IntrusionUserCompromise (node.cfb4f7): 7228
2026-05-17
IntrusionUserCompromise (node.cfb4f7): 4037
ReconScanning (node.ce2b59): 30
2026-05-16
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 5206
2026-05-15
IntrusionUserCompromise (node.cfb4f7): 3420
ReconScanning (node.ce2b59): 31
2026-05-14
IntrusionUserCompromise (node.cfb4f7): 7451
ReconScanning (node.ce2b59): 31
2026-05-13
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 3658
2026-05-12
ReconScanning (node.ce2b59): 30
IntrusionUserCompromise (node.cfb4f7): 279
2026-05-11
ReconScanning (node.ce2b59): 31
2026-05-10
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 3
2026-05-09
ReconScanning (node.ce2b59): 32
IntrusionUserCompromise (node.cfb4f7): 3
2026-05-08
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 2
2026-05-07
ReconScanning (node.ce2b59): 32
IntrusionUserCompromise (node.cfb4f7): 4
2026-05-06
IntrusionUserCompromise (node.cfb4f7): 13118
ReconScanning (node.ce2b59): 31
2026-05-05
AttemptLogin (node.ce2b59): 2
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 6243
2026-05-04
ReconScanning (node.ce2b59): 10
IntrusionUserCompromise (node.cfb4f7): 1406
AttemptLogin (node.ce2b59): 1
DShield reports (IP summary, reports)
2026-05-06
Number of reports: 180
Distinct targets: 14
2026-05-07
Number of reports: 71
Distinct targets: 9
2026-05-08
Number of reports: 71
Distinct targets: 9
2026-05-09
Number of reports: 20
Distinct targets: 8
2026-05-10
Number of reports: 63
Distinct targets: 10
2026-05-12
Number of reports: 33
Distinct targets: 10
2026-05-13
Number of reports: 71
Distinct targets: 9
2026-05-14
Number of reports: 135
Distinct targets: 11
2026-05-15
Number of reports: 243
Distinct targets: 16
2026-05-16
Number of reports: 18
Distinct targets: 6
2026-05-17
Number of reports: 18
Distinct targets: 6
2026-05-18
Number of reports: 88
Distinct targets: 8
2026-05-19
Number of reports: 88
Distinct targets: 8
2026-05-20
Number of reports: 117
Distinct targets: 12
2026-05-21
Number of reports: 10
Distinct targets: 6
OTX pulses
[6a0ca36a3571d3fbd4cd92bc] 2026-05-19 17:52:42.274000 | 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
Author name:AlienVault
Pulse modified:2026-05-21 00:19:43.890000
Indicator created:2026-05-19 17:52:43
Indicator role:None
Indicator title:
Indicator expiration:2026-06-18 17:00:00
Origin AS
AS7552 - VIETEL-AS-AP
BGP Prefix
116.99.48.0/21
geo
Vietnam, Hanoi
🕑 Asia/Bangkok
hostname
(null)
hostname_class
['dsl', 'dynamic']
Address block ('inetnum' or 'NetRange' in whois database)
116.96.0.0 - 116.111.255.255
last_activity
2026-05-29 10:05:06.141000
last_warden_event
2026-05-20 17:25:27
rep
0.0
reserved_range
0
ts_added
2026-05-04 18:23:40.224000
ts_last_update
2026-06-30 18:23:50.199000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses