IP address

Passive DNS

Tags: Login attempts

IP blacklists

Blocklist.net.ua

123.58.224.11 is listed on the Blocklist.net.ua blacklist.

Description: BlockList contains IP addresses that perform attacks, send spam or brute force passwords to the blocking list.
Type of feed: primary (feed detail page)

Last checked at: 2025-11-11 07:15:03.026000
Was present on blacklist at: 2025-11-02 07:15, 2025-11-02 11:15, 2025-11-02 15:15, 2025-11-02 19:15, 2025-11-02 23:15, 2025-11-03 03:15, 2025-11-10 11:15, 2025-11-10 15:15, 2025-11-10 19:15, 2025-11-10 23:15, 2025-11-11 03:15, 2025-11-11 07:15

CI Army

123.58.224.11 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-12-15 03:50:01.114000
Was present on blacklist at: 2025-11-03 03:50, 2025-11-04 03:50, 2025-11-05 03:50, 2025-11-06 03:50, 2025-11-07 03:50, 2025-11-08 03:50, 2025-11-09 03:50, 2025-11-10 03:50, 2025-11-11 03:50, 2025-11-12 03:50, 2025-11-14 03:50, 2025-11-15 03:50, 2025-11-16 03:50, 2025-11-17 03:50, 2025-11-18 03:50, 2025-11-19 03:50, 2025-11-20 03:50, 2025-11-21 03:50, 2025-11-22 03:50, 2025-11-23 03:50, 2025-11-25 03:50, 2025-11-26 03:50, 2025-11-28 03:50, 2025-11-29 03:50, 2025-12-01 03:50, 2025-12-02 03:50, 2025-12-04 03:50, 2025-12-05 03:50, 2025-12-06 03:50, 2025-12-07 03:50, 2025-12-08 03:50, 2025-12-09 03:50, 2025-12-10 03:50, 2025-12-11 03:50, 2025-12-12 03:50, 2025-12-13 03:50, 2025-12-15 03:50

DataPlane SSH login

123.58.224.11 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs trying an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-15 15:10:02.139000
Was present on blacklist at: 2025-11-04 15:10, 2025-11-04 19:10, 2025-11-05 03:10, 2025-11-05 07:10, 2025-11-05 15:10, 2025-11-05 19:10, 2025-11-06 03:10, 2025-11-06 07:10, 2025-11-06 15:10, 2025-11-06 19:10, 2025-11-07 03:10, 2025-11-07 07:10, 2025-11-07 19:10, 2025-11-08 03:10, 2025-11-08 07:10, 2025-11-08 15:10, 2025-11-08 19:10, 2025-11-09 03:10, 2025-11-09 07:10, 2025-11-09 15:10, 2025-11-09 19:10, 2025-11-10 03:10, 2025-11-10 07:10, 2025-11-10 15:10, 2025-11-10 19:10, 2025-11-11 03:10, 2025-11-11 07:10, 2025-11-11 15:10, 2025-11-11 19:10, 2025-11-24 19:10, 2025-11-25 03:10, 2025-11-25 07:10, 2025-11-25 15:10, 2025-11-25 19:10, 2025-11-26 03:10, 2025-11-26 07:10, 2025-11-26 15:10, 2025-11-26 19:10, 2025-11-27 03:10, 2025-11-27 07:10, 2025-11-27 15:10, 2025-11-27 19:10, 2025-11-28 03:10, 2025-11-28 07:10, 2025-11-28 15:10, 2025-11-28 19:10, 2025-11-29 03:10, 2025-11-29 07:10, 2025-11-29 15:10, 2025-11-29 19:10, 2025-11-30 03:10, 2025-11-30 07:10, 2025-11-30 15:10, 2025-11-30 19:10, 2025-12-01 03:10, 2025-12-01 07:10, 2025-12-01 15:10, 2025-12-01 19:10, 2025-12-09 03:10, 2025-12-09 07:10, 2025-12-09 15:10, 2025-12-09 19:10, 2025-12-10 03:10, 2025-12-10 07:10, 2025-12-10 15:10, 2025-12-10 19:10, 2025-12-11 03:10, 2025-12-11 07:10, 2025-12-11 15:10, 2025-12-11 19:10, 2025-12-12 03:10, 2025-12-12 07:10, 2025-12-12 15:10, 2025-12-12 19:10, 2025-12-13 03:10, 2025-12-13 07:10, 2025-12-13 15:10, 2025-12-13 19:10, 2025-12-14 03:10, 2025-12-14 07:10, 2025-12-14 15:10, 2025-12-14 19:10, 2025-12-15 03:10, 2025-12-15 07:10, 2025-12-15 15:10

AbuseIPDB

123.58.224.11 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-12-14 05:00:00.671000
Was present on blacklist at: 2025-11-08 05:00, 2025-11-09 05:00, 2025-11-11 05:00, 2025-11-12 05:00, 2025-11-13 05:00, 2025-11-14 05:00, 2025-11-16 05:00, 2025-11-19 05:00, 2025-11-22 05:00, 2025-11-23 05:00, 2025-11-24 05:00, 2025-11-25 05:00, 2025-11-28 05:00, 2025-11-29 05:00, 2025-11-30 05:00, 2025-12-01 05:00, 2025-12-02 05:00, 2025-12-04 05:00, 2025-12-05 05:00, 2025-12-06 05:00, 2025-12-07 05:00, 2025-12-10 05:00, 2025-12-11 05:00, 2025-12-12 05:00, 2025-12-14 05:00

Warden events (24)

2025-12-13: AttemptLogin (node.4dc198): 2
2025-12-12: IntrusionUserCompromise (node.40929a): 9
2025-11-23: IntrusionUserCompromise (node.40929a): 9
2025-11-09: AttemptLogin (node.4dc198): 4

DShield reports (IP summary, reports)

2025-11-03: Number of reports: 19; Distinct targets: 15
2025-11-04: Number of reports: 19; Distinct targets: 15
2025-11-05: Number of reports: 62; Distinct targets: 48
2025-11-06: Number of reports: 62; Distinct targets: 48
2025-11-07: Number of reports: 84; Distinct targets: 67
2025-11-08: Number of reports: 83; Distinct targets: 66
2025-11-09: Number of reports: 108; Distinct targets: 87
2025-11-10: Number of reports: 73; Distinct targets: 53
2025-11-11: Number of reports: 73; Distinct targets: 53
2025-11-12: Number of reports: 85; Distinct targets: 66
2025-11-13: Number of reports: 186; Distinct targets: 133
2025-11-14: Number of reports: 100; Distinct targets: 69
2025-11-15: Number of reports: 94; Distinct targets: 71
2025-11-16: Number of reports: 94; Distinct targets: 71
2025-11-17: Number of reports: 80; Distinct targets: 63
2025-11-18: Number of reports: 80; Distinct targets: 63
2025-11-19: Number of reports: 86; Distinct targets: 73
2025-11-20: Number of reports: 86; Distinct targets: 73
2025-11-21: Number of reports: 121; Distinct targets: 90
2025-11-22: Number of reports: 106; Distinct targets: 78
2025-11-23: Number of reports: 93; Distinct targets: 73
2025-11-24: Number of reports: 94; Distinct targets: 71
2025-11-25: Number of reports: 94; Distinct targets: 71
2025-11-26: Number of reports: 96; Distinct targets: 77
2025-11-27: Number of reports: 81; Distinct targets: 61
2025-11-28: Number of reports: 101; Distinct targets: 77
2025-11-29: Number of reports: 101; Distinct targets: 77
2025-11-30: Number of reports: 83; Distinct targets: 62
2025-12-01: Number of reports: 89; Distinct targets: 73
2025-12-02: Number of reports: 89; Distinct targets: 73
2025-12-03: Number of reports: 120; Distinct targets: 95
2025-12-04: Number of reports: 117; Distinct targets: 101
2025-12-05: Number of reports: 79; Distinct targets: 74
2025-12-06: Number of reports: 20; Distinct targets: 17
2025-12-07: Number of reports: 20; Distinct targets: 17
2025-12-08: Number of reports: 59; Distinct targets: 44
2025-12-09: Number of reports: 93; Distinct targets: 71
2025-12-10: Number of reports: 63; Distinct targets: 47
2025-12-11: Number of reports: 38; Distinct targets: 35
2025-12-12: Number of reports: 38; Distinct targets: 35
2025-12-13: Number of reports: 37; Distinct targets: 31
2025-12-14: Number of reports: 39; Distinct targets: 32

Origin AS: AS4847 - CNIX-AP
BGP Prefix: 123.58.224.0/21
geo: China; 🕑 Asia/Shanghai
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 123.58.224.0 - 123.58.239.255
last_activity: 2025-12-13 03:19:59
last_warden_event: 2025-12-13 03:19:59
rep: 0.09513578869047619
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 443, 3001, 3306, 6379, 6881; Tags: compromised, database, eol-product; CPEs: cpe:/o:linux:linux_kernel, cpe:/a:redislabs:redis:7.4.5, cpe:/a:f5:nginx:1.18.0, cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.9p1, cpe:/a:oracle:mysql:8.4.5
ts_added: 2025-11-02 07:44:36.916000
ts_last_update: 2025-12-15 15:13:14.755000

Warden event timeline

DShield event timeline

Presence on blacklists