IP address

Passive DNS

Tags: IP in hostname

IP blacklists

AbuseIPDB

3.16.139.8 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc. Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-05-13 04:00:00.619000
Was present on blacklist at: 2025-05-13 04:00

UCEPROTECT L1

3.16.139.8 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-19 23:45:00.611000
Was present on blacklist at: 2025-05-13 07:45, 2025-05-13 15:45, 2025-05-13 23:45, 2025-05-14 07:45, 2025-05-14 15:45, 2025-05-14 23:45, 2025-05-15 07:45, 2025-05-15 15:45, 2025-05-15 23:45, 2025-05-16 07:45, 2025-05-16 15:45, 2025-05-16 23:45, 2025-05-17 07:45, 2025-05-17 15:45, 2025-05-17 23:45, 2025-05-18 07:45, 2025-05-18 15:45, 2025-05-18 23:45, 2025-05-19 07:45, 2025-05-19 15:45, 2025-05-19 23:45

blocklist.de SSH

3.16.139.8 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-15 10:05:05.430000
Was present on blacklist at: 2025-05-13 16:05, 2025-05-13 22:05, 2025-05-14 04:05, 2025-05-14 10:05, 2025-05-14 16:05, 2025-05-14 22:05, 2025-05-15 04:05, 2025-05-15 10:05

DataPlane TELNET login

3.16.139.8 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. IPs trying an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-20 06:10:02.412000
Was present on blacklist at: 2025-05-13 18:10, 2025-05-14 02:10, 2025-05-14 06:10, 2025-05-14 14:10, 2025-05-14 18:10, 2025-05-15 02:10, 2025-05-15 14:10, 2025-05-15 18:10, 2025-05-16 02:10, 2025-05-16 06:10, 2025-05-16 14:10, 2025-05-16 18:10, 2025-05-17 02:10, 2025-05-17 06:10, 2025-05-17 14:10, 2025-05-17 18:10, 2025-05-18 02:10, 2025-05-18 06:10, 2025-05-18 14:10, 2025-05-18 18:10, 2025-05-19 02:10, 2025-05-19 06:10, 2025-05-19 14:10, 2025-05-19 18:10, 2025-05-20 02:10, 2025-05-20 06:10

Turris greylist

3.16.139.8 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC, which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-14 21:15:00.172000
Was present on blacklist at: 2025-05-13 21:15, 2025-05-14 21:15

Warden events (948)

2025-05-13: IntrusionUserCompromise (node.cfb4f7): 948

DShield reports (IP summary, reports)

2025-05-12: Number of reports: 478; Distinct targets: 76
2025-05-13: Number of reports: 3557; Distinct targets: 538

OTX pulses

[602bc528f447d628d41494f2] 2021-02-16 13:14:16.945000 | Ka's Honeypot visitors

Author name:	Kapppppa
Pulse modified:	2025-06-11 22:03:46.081000
Indicator created:	2025-05-13 03:20:15
Indicator role:	bruteforce
Indicator title:	Telnet Login attempt
Indicator expiration:	2025-06-12 03:00:00

Origin AS: AS16509 - AMAZON-02
BGP Prefix: 3.16.0.0/14
geo: United States, Columbus; 🕑 America/New_York
hostname: ec2-3-16-139-8.us-east-2.compute.amazonaws.com
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 3.0.0.0 - 3.127.255.255
last_activity: 2025-06-12 00:02:11.136000
last_warden_event: 2025-05-13 05:15:49
rep: 0.0
reserved_range: 0
ts_added: 2025-05-13 03:30:12.509000
ts_last_update: 2025-06-21 03:30:20.281000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses