IP address

Search at other sites:

.558220.78.78.97

Shodan(more info)

Passive DNS

IP blacklists

blocklist.de SSH

220.78.78.97 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-04-07 10:05:00.433000
Was present on blacklist at: 2026-03-13 05:05, 2026-03-13 11:05, 2026-03-13 17:05, 2026-03-13 23:05, 2026-03-14 05:05, 2026-03-14 11:05, 2026-03-14 23:05, 2026-03-15 05:05, 2026-03-15 11:05, 2026-03-16 17:05, 2026-03-16 23:05, 2026-03-17 05:05, 2026-03-17 11:05, 2026-03-17 17:05, 2026-03-17 23:05, 2026-03-18 05:05, 2026-03-18 11:05, 2026-03-18 17:05, 2026-03-18 23:05, 2026-03-24 23:05, 2026-03-25 05:05, 2026-03-25 11:05, 2026-03-25 23:05, 2026-03-26 05:05, 2026-03-26 11:05, 2026-03-26 17:05, 2026-04-07 04:05, 2026-04-07 10:05

AbuseIPDB

220.78.78.97 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-04-06 04:00:00.569000
Was present on blacklist at: 2026-03-14 05:00, 2026-03-16 05:00, 2026-03-20 05:00, 2026-03-23 05:00, 2026-03-24 05:00, 2026-03-28 05:00, 2026-03-30 04:00, 2026-04-01 04:00, 2026-04-06 04:00

blocklist.de web-login

220.78.78.97 is listed on the blocklist.de web-login blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs that attacks Joomla, Wordpress and<br>other Web-Logins with Brute-Force Logins.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-22 17:05:00.134000
Was present on blacklist at: 2026-03-20 23:05, 2026-03-21 05:05, 2026-03-21 11:05, 2026-03-21 17:05, 2026-03-21 23:05, 2026-03-22 05:05, 2026-03-22 11:05, 2026-03-22 17:05

blocklist.de Apache

220.78.78.97 is listed on the blocklist.de Apache blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the service<br>Apache, Apache-DDOS, RFI-Attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-22 17:05:00.416000
Was present on blacklist at: 2026-03-20 23:05, 2026-03-21 05:05, 2026-03-21 11:05, 2026-03-21 17:05, 2026-03-21 23:05, 2026-03-22 05:05, 2026-03-22 11:05, 2026-03-22 17:05

Threat categories

TL	Role	Category	Details
56	src	scan	port: 22
29	src	login	protocol: ssh port: 22
25	src	—
25	src	botnet_drone

---

Warden events (157)

2026-04-07

ReconScanning (node.ce2b59): 16

2026-04-06

ReconScanning (node.ce2b59): 30

AttemptLogin (node.40929a): 1

2026-04-05

ReconScanning (node.ce2b59): 2

2026-04-04

ReconScanning (node.ce2b59): 6

AttemptLogin (node.40929a): 1

2026-04-03

ReconScanning (node.ce2b59): 30

AttemptLogin (node.40929a): 1

2026-04-02

ReconScanning (node.ce2b59): 1

2026-04-01

ReconScanning (node.ce2b59): 13

AttemptLogin (node.40929a): 1

2026-03-31

ReconScanning (node.ce2b59): 1

2026-03-30

ReconScanning (node.ce2b59): 14

AttemptLogin (node.40929a): 1

2026-03-29

ReconScanning (node.ce2b59): 2

2026-03-28

ReconScanning (node.ce2b59): 8

AttemptLogin (node.40929a): 1

2026-03-27

ReconScanning (node.ce2b59): 15

IntrusionUserCompromise (node.985fb4): 2

Malware (node.985fb4): 1

AttemptLogin (node.985fb4): 1

2026-03-24

AttemptLogin (node.40929a): 1

2026-03-23

AttemptLogin (node.40929a): 1

2026-03-20

AttemptLogin (node.40929a): 1

2026-03-19

AttemptLogin (node.40929a): 1

2026-03-17

AttemptLogin (node.40929a): 1

2026-03-16

AttemptLogin (node.40929a): 1

2026-03-14

AttemptLogin (node.40929a): 1

2026-03-13

AttemptLogin (node.40929a): 1

2026-03-12

AttemptLogin (node.40929a): 1

DShield reports (IP summary, reports)

2026-03-12

Number of reports: 18

Distinct targets: 4

2026-03-13

Number of reports: 18

Distinct targets: 4

2026-03-16

Number of reports: 14

Distinct targets: 7

2026-03-23

Number of reports: 28

Distinct targets: 6

2026-03-24

Number of reports: 28

Distinct targets: 6

2026-03-30

Number of reports: 21

Distinct targets: 7

2026-03-31

Number of reports: 21

Distinct targets: 7

2026-04-01

Number of reports: 21

Distinct targets: 4

2026-04-03

Number of reports: 15

Distinct targets: 5

2026-04-06

Number of reports: 27

Distinct targets: 9

Origin AS

AS4766 - KIXS-AS-KR KIXS-AS-KR-KR

BGP Prefix

220.72.0.0/13

geo

South Korea, Yongin-si

🕑 Asia/Seoul

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

220.72.0.0 - 220.79.255.255

last_activity

2026-04-07 11:03:00

last_warden_event

2026-04-07 11:03:00

rep

0.5576578367324102

reserved_range

0

ts_added

2026-03-13 05:00:41.281000

ts_last_update

2026-04-07 11:41:10.244000

Warden event timeline

DShield event timeline

Presence on blacklists