IP address

Search at other sites:

.21382.223.104.216

Shodan(more info)

Passive DNS

IP blacklists

UCEPROTECT L1

82.223.104.216 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 15:45:00.548000
Was present on blacklist at: 2026-05-25 23:45, 2026-05-26 07:45, 2026-05-26 15:45, 2026-05-26 23:45, 2026-05-27 07:45, 2026-05-27 15:45, 2026-05-27 23:45, 2026-05-28 07:45, 2026-05-28 15:45, 2026-05-28 23:45, 2026-05-29 15:45, 2026-05-29 23:45, 2026-05-30 07:45, 2026-05-30 15:45, 2026-05-30 23:45, 2026-05-31 07:45, 2026-05-31 15:45, 2026-05-31 23:45, 2026-06-01 07:45, 2026-06-01 15:45

CI Army

82.223.104.216 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-27 02:50:00.828000
Was present on blacklist at: 2026-05-26 02:50, 2026-05-27 02:50

AbuseIPDB

82.223.104.216 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-26 04:00:00.695000
Was present on blacklist at: 2026-05-26 04:00

blocklist.de SSH

82.223.104.216 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-05 04:05:00.466000
Was present on blacklist at: 2026-05-26 04:05, 2026-05-26 10:05, 2026-05-26 16:05, 2026-05-26 22:05, 2026-05-27 04:05, 2026-05-27 10:05, 2026-05-27 16:05, 2026-05-27 22:05, 2026-05-28 04:05, 2026-06-04 22:05, 2026-06-05 04:05

Echelon CMS enumeration

82.223.104.216 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 09:05:02.031000
Was present on blacklist at: 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05, 2026-05-29 09:05, 2026-05-30 09:05, 2026-05-31 09:05, 2026-06-01 09:05

Echelon admin panel hunt

82.223.104.216 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 09:05:05.120000
Was present on blacklist at: 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05, 2026-05-29 09:05, 2026-05-30 09:05, 2026-05-31 09:05, 2026-06-01 09:05

Echelon database admin hunt

82.223.104.216 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 09:10:00.599000
Was present on blacklist at: 2026-05-26 09:10, 2026-05-27 09:10, 2026-05-28 09:10, 2026-05-29 09:10, 2026-05-30 09:10, 2026-05-31 09:10, 2026-06-01 09:10

Echelon directory traversal

82.223.104.216 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 09:15:00.296000
Was present on blacklist at: 2026-05-26 09:15, 2026-05-27 09:15, 2026-05-28 09:15, 2026-05-29 09:15, 2026-05-30 09:15, 2026-05-31 09:15, 2026-06-01 09:15

Echelon SSH connection attempt

82.223.104.216 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-06-02 09:35:00.367000
Was present on blacklist at: 2026-05-26 09:35, 2026-05-27 09:35, 2026-05-28 09:35, 2026-05-29 09:35, 2026-05-30 09:35, 2026-05-31 09:35, 2026-06-01 09:35, 2026-06-02 09:35

Echelon web crawler

82.223.104.216 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-06-01 09:50:00.309000
Was present on blacklist at: 2026-05-26 09:50, 2026-05-27 09:50, 2026-05-28 09:50, 2026-05-29 09:50, 2026-05-30 09:50, 2026-05-31 09:50, 2026-06-01 09:50

Spamhaus XBL CBL

82.223.104.216 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-01 15:19:01.312000
Was present on blacklist at: 2026-06-01 15:19

Threat categories

TL	Role	Category	Details
53	src	scan	port: 22, 23, 80, 443, 2222, 2375
41	src	—
30	src	login	protocol: ssh, telnet port: 22, 23, 2222
25	src	exploit	protocol: http

---

Warden events (266)

2026-05-26

ReconScanning (node.ce2b59): 14

IntrusionUserCompromise (node.cfb4f7): 110

AttemptLogin (node.c26a5f): 1

ReconScanning (node.4dc198): 13

2026-05-25

ReconScanning (node.ce2b59): 18

ReconScanning (node.4dc198): 11

IntrusionUserCompromise (node.cfb4f7): 97

AttemptLogin (node.ee25b8): 1

AttemptLogin (node.ce2b59): 1

DShield reports (IP summary, reports)

2026-05-26

Number of reports: 30

Distinct targets: 23

2026-05-27

Number of reports: 30

Distinct targets: 23

Origin AS

AS8560 - ONEANDONE-AS

BGP Prefix

82.223.0.0/16

geo

Spain

🕑 Europe/Madrid

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

82.223.0.0 - 82.223.255.255

last_activity

2026-05-26 10:04:42

last_warden_event

2026-05-26 10:04:42

rep

0.21321855982125792

reserved_range

0

ts_added

2026-05-25 15:18:58.397000

ts_last_update

2026-06-05 04:11:48.369000

Warden event timeline

DShield event timeline

Presence on blacklists