IP address
Tags:
Static IP
IP in hostname
- IP blacklists
DataPlane TELNET login
95.216.226.56 is listed on the DataPlane TELNET login blacklist.
Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-18 15:10:04.063000
Was present on blacklist at:
2025-12-11 23:10,
2025-12-12 03:10,
2025-12-12 07:10,
2025-12-12 11:10,
2025-12-12 15:10,
2025-12-12 19:10,
2025-12-12 23:10,
2025-12-13 03:10,
2025-12-13 07:10,
2025-12-13 11:10,
2025-12-13 15:10,
2025-12-13 19:10,
2025-12-13 23:10,
2025-12-14 03:10,
2025-12-14 07:10,
2025-12-14 11:10,
2025-12-14 15:10,
2025-12-14 19:10,
2025-12-14 23:10,
2025-12-15 03:10,
2025-12-15 07:10,
2025-12-15 11:10,
2025-12-15 15:10,
2025-12-15 19:10,
2025-12-15 23:10,
2025-12-16 03:10,
2025-12-16 07:10,
2025-12-16 11:10,
2025-12-16 15:10,
2025-12-16 19:10,
2025-12-16 23:10,
2025-12-17 03:10,
2025-12-17 07:10,
2025-12-17 11:10,
2025-12-17 15:10,
2025-12-17 19:10,
2025-12-17 23:10,
2025-12-18 03:10,
2025-12-18 07:10,
2025-12-18 11:10,
2025-12-18 15:10
AbuseIPDB
95.216.226.56 is listed on the AbuseIPDB blacklist.
Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-12 05:00:00.773000
Was present on blacklist at:
2025-12-12 05:00
Turris greylist
95.216.226.56 is listed on the Turris greylist blacklist.
Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed:
primary (
feed detail page)
Last checked at:
2025-12-12 22:15:00.155000
Was present on blacklist at:
2025-12-12 22:15
Spamhaus XBL CBL
95.216.226.56 is listed on the Spamhaus XBL CBL blacklist.
Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed:
secondary (DNSBL) (
feed detail page)
Last checked at:
2025-12-18 17:01:50.080000
Was present on blacklist at:
2025-12-18 17:01
- Warden events (6)
- 2025-12-11
-
-
ReconScanning (node.4dc198): 6
- DShield reports (IP summary, reports)
- 2025-12-11
- Number of reports: 58
- Distinct targets: 27
- 2025-12-12
- Number of reports: 58
- Distinct targets: 27
- Origin AS
- AS24940 - HETZNER-AS
- BGP Prefix
- 95.216.0.0/16
- geo
-
Finland, Helsinki
- 🕑 Europe/Helsinki
- hostname
- static.56.226.216.95.clients.your-server.de
- hostname_class
- ['ip_in_hostname', 'static']
- Address block ('inetnum' or 'NetRange' in whois database)
- 95.216.0.0 - 95.217.255.255
- last_activity
- 2025-12-11 17:51:39
- last_warden_event
- 2025-12-11 17:51:39
- rep
- 0.028125
- reserved_range
- 0
- Shodan's InternetDB
- Open ports: 22, 110, 179, 195, 311, 503, 587, 631, 789, 873, 998, 1741, 1973, 2058, 2122, 2332, 2375, 2555, 2567, 3000, 3001, 3002, 3053, 3260, 3389, 3561, 4043, 4488, 4500, 4782, 4840, 5000, 5006, 5190, 5222, 5431, 6002, 6510, 6666, 7001, 7510, 7700, 7777, 7989, 8001, 8060, 8080, 8152, 8171, 8189, 8406, 8418, 8460, 8500, 8515, 8880, 8883, 9029, 9042, 9058, 9090, 9092, 9100, 9222, 9345, 9400, 9443, 9445, 9633, 9998, 10034, 10040, 10093, 10892, 11602, 12108, 12172, 12357, 12479, 12570, 14147, 14344, 14406, 14875, 16016, 18036, 18037, 18079, 18110, 32400, 35522, 44021, 49152, 50070, 50160, 50500, 52010, 53400, 60001, 60129, 63260
- Tags: eol-product, self-signed
- CPEs: cpe:/a:openbsd:openssh:9.6p1, cpe:/o:canonical:ubuntu_linux, cpe:/a:facebook:react, cpe:/o:linux:linux_kernel, cpe:/a:zeit:next.js, cpe:/a:f5:nginx:1.24.0
- ts_added
- 2025-12-11 17:01:45.716000
- ts_last_update
- 2025-12-19 17:01:50.397000
Warden event timeline
DShield event timeline
Presence on blacklists
