IP address

Passive DNS

Tags: IP in hostname Scanner

IP blacklists

FireHOL anonymizers

198.144.189.90 is listed on the FireHOL anonymizers blacklist.

Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed: secondary (feed detail page)

Last checked at: 2025-12-20 12:05:09
Was present on blacklist at: 2025-11-27 12:05, 2025-11-28 12:05, 2025-11-29 12:05, 2025-11-30 12:05, 2025-12-01 12:05, 2025-12-02 12:05, 2025-12-03 12:05, 2025-12-04 12:05, 2025-12-05 12:05, 2025-12-06 12:05, 2025-12-07 12:05, 2025-12-08 12:05, 2025-12-09 12:05, 2025-12-10 12:05, 2025-12-11 12:05, 2025-12-12 12:05, 2025-12-13 12:05, 2025-12-14 12:05, 2025-12-15 12:05, 2025-12-16 12:05, 2025-12-17 12:05, 2025-12-18 12:05, 2025-12-19 12:05, 2025-12-20 12:05

CI Army

198.144.189.90 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence database that provides scores for IPs. Source of unspecified malicious attacks most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-12-20 03:50:00.995000
Was present on blacklist at: 2025-11-28 03:50, 2025-11-29 03:50, 2025-11-30 03:50, 2025-12-01 03:50, 2025-12-02 03:50, 2025-12-03 03:50, 2025-12-04 03:50, 2025-12-05 03:50, 2025-12-06 03:50, 2025-12-07 03:50, 2025-12-17 03:50, 2025-12-18 03:50, 2025-12-19 03:50, 2025-12-20 03:50

AbuseIPDB

198.144.189.90 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-12-20 05:00:00.692000
Was present on blacklist at: 2025-11-28 05:00, 2025-11-29 05:00, 2025-12-02 05:00, 2025-12-03 05:00, 2025-12-04 05:00, 2025-12-09 05:00, 2025-12-18 05:00, 2025-12-19 05:00, 2025-12-20 05:00

Spamhaus XBL CBL

198.144.189.90 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-12-18 14:36:50.060000
Was present on blacklist at: 2025-12-04 14:36, 2025-12-11 14:36, 2025-12-18 14:36

UCEPROTECT L1

198.144.189.90 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-11 16:45:00.536000
Was present on blacklist at: 2025-12-05 00:45, 2025-12-05 08:45, 2025-12-05 16:45, 2025-12-06 00:45, 2025-12-06 08:45, 2025-12-06 16:45, 2025-12-07 00:45, 2025-12-07 08:45, 2025-12-07 16:45, 2025-12-08 00:45, 2025-12-08 08:45, 2025-12-08 16:45, 2025-12-09 00:45, 2025-12-09 08:45, 2025-12-09 16:45, 2025-12-10 00:45, 2025-12-10 08:45, 2025-12-10 16:45, 2025-12-11 00:45, 2025-12-11 08:45, 2025-12-11 16:45

ThreatFox

198.144.189.90 is listed on the ThreatFox blacklist.

Description: ThreatFox is a free platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-20 07:10:00.213000
Was present on blacklist at: 2025-12-16 03:10, 2025-12-16 07:10, 2025-12-16 11:10, 2025-12-16 15:10, 2025-12-16 19:10, 2025-12-16 23:10, 2025-12-17 03:10, 2025-12-17 07:10, 2025-12-17 11:10, 2025-12-17 15:10, 2025-12-17 19:10, 2025-12-17 23:10, 2025-12-18 11:10, 2025-12-18 15:10, 2025-12-18 19:10, 2025-12-18 23:10, 2025-12-19 03:10, 2025-12-19 07:10, 2025-12-19 11:10, 2025-12-19 15:10, 2025-12-19 19:10, 2025-12-19 23:10, 2025-12-20 03:10, 2025-12-20 07:10

Warden events (1771)

2025-12-20: ReconScanning (node.4dc198): 144; ReconScanning (node.368407): 141
2025-12-19: ReconScanning (node.4dc198): 156; ReconScanning (node.368407): 68
2025-12-18: ReconScanning (node.368407): 26
2025-12-17: ReconScanning (node.4dc198): 168; ReconScanning (node.368407): 75
2025-12-16: ReconScanning (node.368407): 3; ReconScanning (node.4dc198): 7
2025-12-03: ReconScanning (node.4dc198): 118; ReconScanning (node.368407): 117
2025-12-02: ReconScanning (node.368407): 145; ReconScanning (node.4dc198): 156; AnomalyTraffic (node.ffe95c): 2
2025-12-01: ReconScanning (node.4dc198): 21; ReconScanning (node.368407): 15; AnomalyTraffic (node.ffe95c): 1
2025-11-29: ReconScanning (node.368407): 78; ReconScanning (node.4dc198): 77
2025-11-28: ReconScanning (node.4dc198): 60; ReconScanning (node.368407): 65; AnomalyTraffic (node.ffe95c): 1
2025-11-27: ReconScanning (node.4dc198): 60; ReconScanning (node.368407): 63; AnomalyTraffic (node.ffe95c): 4

DShield reports (IP summary, reports)

2025-11-27: Number of reports: 156; Distinct targets: 113
2025-11-28: Number of reports: 196; Distinct targets: 149
2025-11-29: Number of reports: 196; Distinct targets: 149
2025-12-01: Number of reports: 38; Distinct targets: 34
2025-12-02: Number of reports: 38; Distinct targets: 34
2025-12-03: Number of reports: 350; Distinct targets: 235
2025-12-04: Number of reports: 168; Distinct targets: 115
2025-12-17: Number of reports: 352; Distinct targets: 167
2025-12-18: Number of reports: 352; Distinct targets: 167
2025-12-19: Number of reports: 420; Distinct targets: 190

Origin AS: AS36352 - AS-COLOCROSSING
BGP Prefix: 198.144.189.0/24
geo: United States, Buffalo; 🕑 America/New_York
hostname: 198-144-189-90-host.colocrossing.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 198.144.176.0 - 198.144.191.255
last_activity: 2025-12-20 14:31:07
last_warden_event: 2025-12-20 14:31:07
rep: 0.39993024553571427
reserved_range: 0
Shodan's InternetDB: Open ports: 22; Tags: –; CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.2p1
ts_added: 2025-11-27 14:36:44.611000
ts_last_update: 2025-12-20 14:36:50.236000

Warden event timeline

DShield event timeline

Presence on blacklists