IP address

Search at other sites:

.000159.89.127.165b4bcd7c472.scan.leakix.org

Shodan(more info)

Passive DNS

IP blacklists

AbuseIPDB

159.89.127.165 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-05-04 04:00:00.580000
Was present on blacklist at: 2025-02-13 05:00, 2025-02-24 05:00, 2025-02-25 05:00, 2025-02-26 05:00, 2025-02-28 05:00, 2025-03-01 05:00, 2025-03-02 05:00, 2025-03-03 05:00, 2025-03-05 05:00, 2025-03-06 05:00, 2025-03-07 05:00, 2025-03-08 05:00, 2025-03-09 05:00, 2025-03-10 05:00, 2025-03-11 05:00, 2025-03-15 05:00, 2025-03-16 05:00, 2025-04-12 04:00, 2025-04-28 04:00, 2025-05-04 04:00

CI Army

159.89.127.165 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-05-01 02:50:01.011000
Was present on blacklist at: 2025-02-25 03:50, 2025-02-26 03:50, 2025-02-27 03:50, 2025-02-28 03:50, 2025-03-01 03:50, 2025-03-02 03:50, 2025-03-03 03:50, 2025-03-04 03:50, 2025-03-05 03:50, 2025-03-06 03:50, 2025-03-07 03:50, 2025-03-08 03:50, 2025-03-09 03:50, 2025-03-10 03:50, 2025-03-12 03:50, 2025-03-13 03:50, 2025-03-14 03:50, 2025-03-15 03:50, 2025-03-16 03:50, 2025-03-17 03:50, 2025-03-18 03:50, 2025-03-19 03:50, 2025-03-20 03:50, 2025-03-21 03:50, 2025-03-22 03:50, 2025-04-12 02:50, 2025-04-13 02:50, 2025-04-24 02:50, 2025-04-25 02:50, 2025-04-26 02:50, 2025-04-27 02:50, 2025-04-28 02:50, 2025-04-30 02:50, 2025-05-01 02:50

blocklist.de Apache

159.89.127.165 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-03-03 05:05:05.384000
Was present on blacklist at: 2025-03-01 17:05, 2025-03-01 23:05, 2025-03-02 05:05, 2025-03-02 11:05, 2025-03-02 17:05, 2025-03-02 23:05, 2025-03-03 05:05

Spamhaus XBL CBL

159.89.127.165 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-30 00:32:10.321000
Was present on blacklist at: 2025-03-19 00:32

Turris greylist

159.89.127.165 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-13 21:15:00.196000
Was present on blacklist at: 2025-04-13 21:15

blocklist.de bots

159.89.127.165 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-26 04:05:05.278000
Was present on blacklist at: 2025-04-24 10:05, 2025-04-24 16:05, 2025-04-24 22:05, 2025-04-25 04:05, 2025-04-25 10:05, 2025-04-25 16:05, 2025-04-25 22:05, 2025-04-26 04:05

Warden events (709)

2025-04-12

ReconScanning (node.9c1411): 48

2025-04-11

ReconScanning (node.9c1411): 26

2025-04-03

ReconScanning (node.9c1411): 8

2025-03-17

ReconScanning (node.9c1411): 43

ReconScanning (node.4dc198): 1

2025-03-16

ReconScanning (node.9c1411): 70

ReconScanning (node.4dc198): 8

2025-03-15

ReconScanning (node.9c1411): 69

2025-03-14

ReconScanning (node.9c1411): 58

IntrusionUserCompromise (node.cfb4f7): 4

2025-03-13

ReconScanning (node.9c1411): 59

ReconScanning (node.4dc198): 3

2025-03-12

ReconScanning (node.9c1411): 59

2025-03-11

ReconScanning (node.9c1411): 54

ReconScanning (node.4dc198): 12

2025-03-10

ReconScanning (node.4dc198): 24

ReconScanning (node.9c1411): 32

2025-03-09

ReconScanning (node.4dc198): 46

2025-03-08

ReconScanning (node.4dc198): 5

2025-03-07

ReconScanning (node.4dc198): 3

2025-03-06

ReconScanning (node.4dc198): 3

2025-03-05

ReconScanning (node.4dc198): 23

2025-03-04

ReconScanning (node.4dc198): 21

2025-03-03

ReconScanning (node.4dc198): 5

2025-02-25

IntrusionUserCompromise (node.cfb4f7): 4

ReconScanning (node.4dc198): 17

2025-02-24

ReconScanning (node.4dc198): 4

DShield reports (IP summary, reports)

2025-02-24

Number of reports: 164

Distinct targets: 123

2025-02-25

Number of reports: 232

Distinct targets: 156

2025-02-26

Number of reports: 276

Distinct targets: 188

2025-02-27

Number of reports: 240

Distinct targets: 161

2025-02-28

Number of reports: 226

Distinct targets: 161

2025-03-01

Number of reports: 210

Distinct targets: 189

2025-03-02

Number of reports: 160

Distinct targets: 145

2025-03-03

Number of reports: 244

Distinct targets: 178

2025-03-04

Number of reports: 259

Distinct targets: 176

2025-03-05

Number of reports: 225

Distinct targets: 156

2025-03-06

Number of reports: 199

Distinct targets: 138

2025-03-07

Number of reports: 234

Distinct targets: 151

2025-03-08

Number of reports: 262

Distinct targets: 168

2025-03-09

Number of reports: 253

Distinct targets: 172

2025-03-10

Number of reports: 245

Distinct targets: 177

2025-03-11

Number of reports: 223

Distinct targets: 154

2025-03-12

Number of reports: 178

Distinct targets: 119

2025-03-13

Number of reports: 183

Distinct targets: 130

2025-03-14

Number of reports: 198

Distinct targets: 145

2025-03-15

Number of reports: 165

Distinct targets: 151

2025-03-16

Number of reports: 233

Distinct targets: 170

2025-03-17

Number of reports: 137

Distinct targets: 115

2025-04-03

Number of reports: 30

Distinct targets: 21

2025-04-11

Number of reports: 118

Distinct targets: 83

2025-04-12

Number of reports: 219

Distinct targets: 160

2025-04-22

Number of reports: 20

Distinct targets: 18

2025-04-23

Number of reports: 52

Distinct targets: 34

OTX pulses

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2025-03-13 20:00:21.058000
Indicator created:	2025-02-11 22:05:17
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-05-12 00:00:00

Origin AS

AS14061 - DIGITALOCEAN-ASN

BGP Prefix

159.89.112.0/20

geo

Canada, Toronto

🕑 America/Toronto

hostname

b4bcd7c472.scan.leakix.org

Address block ('inetnum' or 'NetRange' in whois database)

159.89.0.0 - 159.89.255.255

last_activity

2025-04-12 18:26:03

last_warden_event

2025-04-12 18:26:03

rep

0.0

reserved_range

0

Shodan's InternetDB

Open ports: 22, 80

Tags: cloud, scanner

CPEs: cpe:/a:openbsd:openssh:8.4p1, cpe:/a:lighttpd:lighttpd:1.4.59, cpe:/o:linux:linux_kernel, cpe:/o:debian:debian_linux

ts_added

2025-02-12 00:32:09.117000

ts_last_update

2025-05-05 00:32:10.471000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses