IP address

Passive DNS

Tags:

IP blacklists: ThreatFox
45.156.25.5 is listed on the ThreatFox blacklist.

Description: ThreatFox is a free platform from abuse.ch with the goal of<br>sharing indicators of compromise (IOCs) associated with malware with the<br>infosec community, AV vendors and threat intelligence providers.
Type of feed: primary (feed detail page)

Last checked at: 2025-12-19 11:10:00.274000
Was present on blacklist at: 2025-12-17 15:10, 2025-12-17 19:10, 2025-12-17 23:10, 2025-12-18 03:10, 2025-12-18 07:10, 2025-12-18 11:10, 2025-12-18 15:10, 2025-12-18 19:10, 2025-12-18 23:10, 2025-12-19 03:10, 2025-12-19 07:10, 2025-12-19 11:10
Spamhaus PBL
45.156.25.5 is listed on the Spamhaus PBL blacklist.

Description: The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-12-17 15:10:00.504000
Was present on blacklist at: 2025-12-17 15:10

Origin AS: AS56971 - CloudBackbone
BGP Prefix: 45.156.25.0/24
geo: Netherlands, Amsterdam; 🕑 Europe/Amsterdam
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 45.156.24.0 - 45.156.27.255
reserved_range: 0
Shodan's InternetDB: Open ports: 22, 80, 443, 4443, 4444, 8080; Tags: c2, open-dir, self-signed; CPEs: cpe:/a:apache:http_server, cpe:/a:openbsd:openssh:9.2p1, cpe:/a:f5:nginx, cpe:/o:debian:debian_linux, cpe:/o:linux:linux_kernel, cpe:/a:python:python:3.11.2
ts_added: 2025-12-17 15:10:00.325000
ts_last_update: 2025-12-19 15:10:13.112000

Warden event timeline

DShield event timeline

Presence on blacklists