IP address

Search at other sites:

.159172.120.164.90

Shodan(more info)

Passive DNS

IP blacklists

Echelon TLS/SSL crawler

172.120.164.90 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:40:00.409000
Was present on blacklist at: 2026-05-22 09:40, 2026-05-24 09:40, 2026-05-25 09:40, 2026-05-26 09:40, 2026-05-27 09:40, 2026-05-28 09:40

Echelon router exploit

172.120.164.90 is listed on the Echelon router exploit blacklist.

Description: Attempting router firmware exploits (Netgear, D-Link, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-04 09:30:00.275000
Was present on blacklist at: 2026-05-27 09:30, 2026-05-28 09:30, 2026-05-29 09:30, 2026-05-30 09:30, 2026-05-31 09:30, 2026-06-01 09:30, 2026-06-02 09:30, 2026-06-03 09:30, 2026-06-04 09:30

Threat categories

TL	Role	Category	Details
37	src	scan
25	src	exploit

---

DShield reports (IP summary, reports)

2026-06-02

Number of reports: 14

Distinct targets: 4

2026-06-03

Number of reports: 14

Distinct targets: 4

Origin AS

AS214238 - iwihost

AS44559 - ITHOSTLINE

BGP Prefix

172.120.164.0/24

geo

United States

🕑 America/Chicago

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

172.120.0.0 - 172.121.255.255

rep

0.159116834637116

reserved_range

0

Shodan's InternetDB

Open ports: 24442

Tags: –

CPEs: cpe:/o:linux:linux_kernel, cpe:/a:openbsd:openssh:9.2p1, cpe:/o:debian:debian_linux

ts_added

2026-05-22 09:40:09.789000

ts_last_update

2026-06-04 09:40:14.214000

Warden event timeline

DShield event timeline

Presence on blacklists