IP address

Search at other sites:
.0872.26.98.207
Shodan(more info)
Passive DNS
Tags:
IP blacklists
blocklist.de SSH
2.26.98.207 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 10:05:00.357000
Was present on blacklist at: 2026-05-21 16:05, 2026-05-21 22:05, 2026-05-22 04:05, 2026-05-22 10:05, 2026-05-23 16:05, 2026-05-23 22:05, 2026-05-24 04:05, 2026-05-24 10:05
AbuseIPDB
2.26.98.207 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 04:00:00.619000
Was present on blacklist at: 2026-05-24 04:00
Echelon CMS enumeration
2.26.98.207 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-05-30 09:05:00.919000
Was present on blacklist at: 2026-05-24 09:05, 2026-05-25 09:05, 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05, 2026-05-29 09:05, 2026-05-30 09:05
Echelon admin panel hunt
2.26.98.207 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-05-30 09:05:00.989000
Was present on blacklist at: 2026-05-24 09:05, 2026-05-25 09:05, 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05, 2026-05-29 09:05, 2026-05-30 09:05
Echelon database admin hunt
2.26.98.207 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-30 09:10:00.273000
Was present on blacklist at: 2026-05-24 09:10, 2026-05-25 09:10, 2026-05-26 09:10, 2026-05-27 09:10, 2026-05-28 09:10, 2026-05-29 09:10, 2026-05-30 09:10
Echelon directory traversal
2.26.98.207 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-30 09:15:00.256000
Was present on blacklist at: 2026-05-24 09:15, 2026-05-25 09:15, 2026-05-26 09:15, 2026-05-27 09:15, 2026-05-28 09:15, 2026-05-29 09:15, 2026-05-30 09:15
Echelon web crawler
2.26.98.207 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-05-30 09:50:00.356000
Was present on blacklist at: 2026-05-24 09:50, 2026-05-25 09:50, 2026-05-26 09:50, 2026-05-27 09:50, 2026-05-28 09:50, 2026-05-29 09:50, 2026-05-30 09:50
Spamhaus XBL CBL
2.26.98.207 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-04 11:12:00.284000
Was present on blacklist at: 2026-05-28 11:12

Threat categories

TLRoleCategoryDetails
72 src scan port: 22, 23, 80, 443, 2222, 2375, 6022, 8022
56 src login protocol: ssh, telnet
port: 22, 23
25 src
25 src exploit protocol: http
Warden events (30476)
2026-05-30
ReconScanning (node.9c1411): 29
2026-05-29
ReconScanning (node.9c1411): 43
2026-05-28
ReconScanning (node.9c1411): 28
2026-05-27
ReconScanning (node.9c1411): 15
2026-05-26
ReconScanning (node.9c1411): 1
2026-05-23
IntrusionUserCompromise (node.cfb4f7): 14675
ReconScanning (node.ce2b59): 27
2026-05-22
ReconScanning (node.ce2b59): 31
IntrusionUserCompromise (node.cfb4f7): 15599
IntrusionUserCompromise (node.d2ecc6): 1
AttemptLogin (node.d2ecc6): 1
2026-05-21
ReconScanning (node.ce2b59): 26
DShield reports (IP summary, reports)
2026-05-23
Number of reports: 250
Distinct targets: 20
2026-05-24
Number of reports: 250
Distinct targets: 20
Origin AS
AS215439 - PLAY2GO-NET
BGP Prefix
2.26.98.0/24
geo
Germany, Frankfurt am Main
🕑 Europe/Berlin
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
2.24.0.0 - 2.31.255.255
last_activity
2026-05-30 20:46:03
last_warden_event
2026-05-30 20:46:03
rep
0.0873144556904707
reserved_range
0
Shodan's InternetDB
Open ports: 22, 9091
Tags:
CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux
ts_added
2026-05-21 11:11:50.943000
ts_last_update
2026-06-04 11:12:00.376000

Warden event timeline

DShield event timeline

Presence on blacklists