IP address

Search at other sites:
.00459.0.168.49
Shodan(more info)
Passive DNS
Tags: Login attempts
IP blacklists
UCEPROTECT L1
59.0.168.49 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-04-03 07:45:01.109000
Was present on blacklist at: 2026-03-25 00:45, 2026-03-25 08:45, 2026-03-25 16:45, 2026-03-26 00:45, 2026-03-26 08:45, 2026-03-26 16:45, 2026-03-27 00:45, 2026-03-27 08:45, 2026-03-27 16:45, 2026-03-28 00:45, 2026-03-28 08:45, 2026-03-28 16:45, 2026-03-29 00:45, 2026-03-29 07:45, 2026-03-29 15:45, 2026-03-29 23:45, 2026-03-30 07:45, 2026-03-30 15:45, 2026-03-30 23:45, 2026-03-31 07:45, 2026-03-31 15:45, 2026-03-31 23:45, 2026-04-01 07:45, 2026-04-01 15:45, 2026-04-01 23:45, 2026-04-02 07:45, 2026-04-02 15:45, 2026-04-02 23:45, 2026-04-03 07:45
blocklist.de IMAP
59.0.168.49 is listed on the blocklist.de IMAP blacklist.

Description: Blocklist.de feed is a free and voluntary service<br>provided by a Fraud/Abuse-specialist. IPs performing attacks<br>on the Service imap, sasl, pop3.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-29 10:05:00.321000
Was present on blacklist at: 2026-03-27 17:05, 2026-03-27 23:05, 2026-03-28 05:05, 2026-03-28 11:05, 2026-03-28 17:05, 2026-03-28 23:05, 2026-03-29 04:05, 2026-03-29 10:05
blocklist.de mail
59.0.168.49 is listed on the blocklist.de mail blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing Mail attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-03-29 10:05:00.419000
Was present on blacklist at: 2026-03-27 17:05, 2026-03-27 23:05, 2026-03-28 05:05, 2026-03-28 11:05, 2026-03-28 17:05, 2026-03-28 23:05, 2026-03-29 04:05, 2026-03-29 10:05
Spamhaus XBL CBL
59.0.168.49 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-04-07 05:04:19.148000
Was present on blacklist at: 2026-03-31 05:05

Threat categories

TLRoleCategoryDetails
50 src scan
47 src login protocol: ssh
port: 22
42 src
Warden events (13)
2026-03-25
AttemptLogin (node.ce2b59): 4
2026-03-24
AttemptLogin (node.ce2b59): 6
2026-03-23
AttemptLogin (node.ce2b59): 3
DShield reports (IP summary, reports)
2026-03-23
Number of reports: 11
Distinct targets: 6
2026-03-24
Number of reports: 11
Distinct targets: 6
2026-03-25
Number of reports: 14
Distinct targets: 8
2026-03-26
Number of reports: 14
Distinct targets: 8
Origin AS
AS4766 - KIXS-AS-KR KIXS-AS-KR-KR
BGP Prefix
59.0.0.0/13
geo
South Korea, Dong-gu
🕑 Asia/Seoul
hostname
(null)
Address block ('inetnum' or 'NetRange' in whois database)
59.0.0.0 - 59.31.255.255
last_activity
2026-03-25 17:15:21
last_warden_event
2026-03-25 17:15:21
rep
0.004464285714285714
reserved_range
0
Shodan's InternetDB
Open ports: 22
Tags:
CPEs: cpe:/o:linux:linux_kernel, cpe:/o:debian:debian_linux, cpe:/a:openbsd:openssh:3.8.1p1
ts_added
2026-03-24 05:03:11.543000
ts_last_update
2026-04-07 05:04:19.256000

Warden event timeline

DShield event timeline

Presence on blacklists