IP address

Search at other sites:
.000178.16.54.224
Shodan(more info)
Passive DNS
Tags: Scanner
IP blacklists
CI Army
178.16.54.224 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-08-31 02:50:00.950000
Was present on blacklist at: 2025-08-21 02:50, 2025-08-22 02:50, 2025-08-23 02:50, 2025-08-24 02:50, 2025-08-25 02:50, 2025-08-26 02:50, 2025-08-27 02:50, 2025-08-28 02:50, 2025-08-29 02:50, 2025-08-30 02:50, 2025-08-31 02:50
Turris greylist
178.16.54.224 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-09-19 21:15:00.255000
Was present on blacklist at: 2025-08-22 21:15, 2025-08-23 21:15, 2025-08-24 21:15, 2025-08-25 21:15, 2025-08-26 21:15, 2025-09-12 21:15, 2025-09-13 21:15, 2025-09-14 21:15, 2025-09-15 21:15, 2025-09-18 21:15, 2025-09-19 21:15
AbuseIPDB
178.16.54.224 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-09-15 04:00:00.648000
Was present on blacklist at: 2025-08-23 04:00, 2025-08-24 04:00, 2025-08-25 04:00, 2025-08-26 04:00, 2025-09-12 04:00, 2025-09-15 04:00
Spamhaus SBL
178.16.54.224 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 11:34:53.443000
Was present on blacklist at: 2025-08-27 11:34, 2025-09-03 11:34, 2025-09-10 11:34, 2025-09-17 11:34, 2025-09-24 11:34, 2025-10-01 11:34, 2025-10-08 11:34
Spamhaus XBL CBL
178.16.54.224 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 11:34:53.443000
Was present on blacklist at: 2025-08-27 11:34, 2025-09-17 11:34
Spamhaus DROP
178.16.54.224 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-10-08 11:34:53.443000
Was present on blacklist at: 2025-08-27 11:34, 2025-09-03 11:34, 2025-09-10 11:34, 2025-09-17 11:34, 2025-09-24 11:34, 2025-10-01 11:34, 2025-10-08 11:34
Warden events (1806)
2025-09-17
AnomalyTraffic (node.ffe95c): 1
ReconScanning (node.4dc198): 1
ReconScanning (node.9c1411): 1
IntrusionUserCompromise (node.cfb4f7): 1
2025-09-14
ReconScanning (node.4dc198): 39
AnomalyTraffic (node.ffe95c): 5
ReconScanning (node.368407): 37
ReconScanning (node.9c1411): 6
AnomalyTraffic (node.86dac8): 4
IntrusionUserCompromise (node.cfb4f7): 5
2025-09-13
AnomalyTraffic (node.ffe95c): 2
AnomalyTraffic (node.86dac8): 1
ReconScanning (node.4dc198): 1
ReconScanning (node.9c1411): 1
IntrusionUserCompromise (node.cfb4f7): 1
2025-09-12
ReconScanning (node.4dc198): 5
ReconScanning (node.368407): 5
ReconScanning (node.9c1411): 1
2025-09-11
ReconScanning (node.4dc198): 21
AnomalyTraffic (node.ffe95c): 1
AnomalyTraffic (node.86dac8): 1
ReconScanning (node.368407): 19
ReconScanning (node.9c1411): 4
IntrusionUserCompromise (node.cfb4f7): 3
2025-08-25
AnomalyTraffic (node.ffe95c): 16
AnomalyTraffic (node.86dac8): 3
ReconScanning (node.4dc198): 162
ReconScanning (node.368407): 163
2025-08-24
ReconScanning (node.368407): 185
ReconScanning (node.4dc198): 187
AnomalyTraffic (node.ffe95c): 47
AnomalyTraffic (node.86dac8): 1
2025-08-23
ReconScanning (node.4dc198): 274
ReconScanning (node.368407): 270
AnomalyTraffic (node.ffe95c): 44
2025-08-22
AnomalyTraffic (node.ffe95c): 33
ReconScanning (node.368407): 121
ReconScanning (node.4dc198): 121
2025-08-21
ReconScanning (node.4dc198): 4
ReconScanning (node.368407): 3
2025-08-20
ReconScanning (node.4dc198): 2
ReconScanning (node.368407): 2
AnomalyTraffic (node.ffe95c): 2
DShield reports (IP summary, reports)
2025-08-20
Number of reports: 20
Distinct targets: 11
2025-08-21
Number of reports: 42
Distinct targets: 20
2025-08-22
Number of reports: 4262
Distinct targets: 370
2025-08-23
Number of reports: 9879
Distinct targets: 439
2025-08-24
Number of reports: 3313
Distinct targets: 299
2025-08-28
Number of reports: 24
Distinct targets: 5
2025-09-11
Number of reports: 589
Distinct targets: 231
2025-09-12
Number of reports: 147
Distinct targets: 61
2025-09-13
Number of reports: 10
Distinct targets: 4
2025-09-14
Number of reports: 764
Distinct targets: 261
2025-09-17
Number of reports: 12
Distinct targets: 6
OTX pulses
[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors
Author name:Kapppppa
Pulse modified:2025-09-21 07:00:48.026000
Indicator created:2025-08-22 14:06:48
Indicator role:bruteforce
Indicator title:Telnet Login attempt
Indicator expiration:2025-09-21 14:00:00
Origin AS
AS209800 - metaspinner-asn
BGP Prefix
178.16.52.0/22
geo
Germany
🕑 Europe/Berlin
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
178.16.48.0 - 178.16.55.255
last_activity
2025-09-21 08:16:31.856000
last_warden_event
2025-09-17 14:25:02
rep
0.0
reserved_range
0
Shodan's InternetDB
Open ports: 22
Tags: scanner
CPEs: cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux
ts_added
2025-08-20 11:34:44.562000
ts_last_update
2025-10-14 11:34:50.869000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses