IP address

Search at other sites:

.23597.107.140.120prod04.academyforinternetresearch.org

Shodan(more info)

Passive DNS

IP blacklists

CI Army

97.107.140.120 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-04-28 02:50:01.132000
Was present on blacklist at: 2025-03-30 02:50, 2025-03-31 02:50, 2025-04-01 02:50, 2025-04-02 02:50, 2025-04-03 02:50, 2025-04-04 02:50, 2025-04-05 02:50, 2025-04-06 02:50, 2025-04-07 02:50, 2025-04-08 02:50, 2025-04-10 02:50, 2025-04-11 02:50, 2025-04-12 02:50, 2025-04-13 02:50, 2025-04-14 02:50, 2025-04-15 02:50, 2025-04-16 02:50, 2025-04-17 02:50, 2025-04-18 02:50, 2025-04-19 02:50, 2025-04-20 02:50, 2025-04-21 02:50, 2025-04-22 02:50, 2025-04-23 02:50, 2025-04-24 02:50, 2025-04-25 02:50, 2025-04-26 02:50, 2025-04-27 02:50, 2025-04-28 02:50

Turris greylist

97.107.140.120 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-26 21:15:00.150000
Was present on blacklist at: 2025-03-30 21:15, 2025-04-01 21:15, 2025-04-03 21:15, 2025-04-04 21:15, 2025-04-06 21:15, 2025-04-07 21:15, 2025-04-09 21:15, 2025-04-10 21:15, 2025-04-11 21:15, 2025-04-12 21:15, 2025-04-16 21:15, 2025-04-18 21:15, 2025-04-21 21:15, 2025-04-26 21:15

Spamhaus SBL CSS

97.107.140.120 is listed on the Spamhaus SBL CSS blacklist.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-25 21:54:31.320000
Was present on blacklist at: 2025-04-11 21:54, 2025-04-18 21:54, 2025-04-25 21:54

DataPlane SMTP greeting

97.107.140.120 is listed on the DataPlane SMTP greeting blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs that are<br>identified as SMTP clients issuing unsolicited HELO or EHLO commands.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-28 18:10:00.893000
Was present on blacklist at: 2025-04-14 22:10, 2025-04-15 02:10, 2025-04-15 06:10, 2025-04-15 10:10, 2025-04-15 14:10, 2025-04-15 18:10, 2025-04-15 22:10, 2025-04-16 02:10, 2025-04-16 06:10, 2025-04-16 10:10, 2025-04-16 14:10, 2025-04-16 18:10, 2025-04-16 22:10, 2025-04-17 02:10, 2025-04-17 06:10, 2025-04-17 10:10, 2025-04-17 14:10, 2025-04-17 18:10, 2025-04-17 22:10, 2025-04-18 02:10, 2025-04-18 06:10, 2025-04-18 10:10, 2025-04-18 14:10, 2025-04-18 18:10, 2025-04-18 22:10, 2025-04-19 02:10, 2025-04-19 06:10, 2025-04-19 10:10, 2025-04-19 14:10, 2025-04-19 18:10, 2025-04-19 22:10, 2025-04-20 02:10, 2025-04-20 06:10, 2025-04-20 10:10, 2025-04-20 14:10, 2025-04-20 18:10, 2025-04-20 22:10, 2025-04-21 02:10, 2025-04-21 06:10, 2025-04-21 10:10, 2025-04-21 14:10, 2025-04-21 18:10, 2025-04-21 22:10, 2025-04-22 02:10, 2025-04-22 06:10, 2025-04-22 10:10, 2025-04-22 14:10, 2025-04-22 18:10, 2025-04-22 22:10, 2025-04-23 02:10, 2025-04-23 06:10, 2025-04-23 10:10, 2025-04-23 14:10, 2025-04-23 18:10, 2025-04-23 22:10, 2025-04-24 02:10, 2025-04-24 06:10, 2025-04-24 10:10, 2025-04-24 14:10, 2025-04-24 18:10, 2025-04-24 22:10, 2025-04-25 02:10, 2025-04-25 06:10, 2025-04-25 10:10, 2025-04-25 14:10, 2025-04-25 18:10, 2025-04-25 22:10, 2025-04-26 02:10, 2025-04-26 06:10, 2025-04-26 10:10, 2025-04-26 14:10, 2025-04-26 18:10, 2025-04-26 22:10, 2025-04-27 02:10, 2025-04-27 06:10, 2025-04-27 10:10, 2025-04-27 14:10, 2025-04-27 18:10, 2025-04-27 22:10, 2025-04-28 02:10, 2025-04-28 06:10, 2025-04-28 10:10, 2025-04-28 14:10, 2025-04-28 18:10

DataPlane TELNET login

97.107.140.120 is listed on the DataPlane TELNET login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login via TELNET password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-28 18:10:02.894000
Was present on blacklist at: 2025-04-16 14:10, 2025-04-16 18:10, 2025-04-17 02:10, 2025-04-17 06:10, 2025-04-17 14:10, 2025-04-17 18:10, 2025-04-18 02:10, 2025-04-18 06:10, 2025-04-18 14:10, 2025-04-18 18:10, 2025-04-19 02:10, 2025-04-19 06:10, 2025-04-19 14:10, 2025-04-19 18:10, 2025-04-19 22:10, 2025-04-20 02:10, 2025-04-20 06:10, 2025-04-20 14:10, 2025-04-20 18:10, 2025-04-21 02:10, 2025-04-21 06:10, 2025-04-21 14:10, 2025-04-21 18:10, 2025-04-22 02:10, 2025-04-22 06:10, 2025-04-22 14:10, 2025-04-22 18:10, 2025-04-23 02:10, 2025-04-23 06:10, 2025-04-23 14:10, 2025-04-23 18:10, 2025-04-24 02:10, 2025-04-24 06:10, 2025-04-24 14:10, 2025-04-24 18:10, 2025-04-25 02:10, 2025-04-25 06:10, 2025-04-25 14:10, 2025-04-25 18:10, 2025-04-26 02:10, 2025-04-26 06:10, 2025-04-26 14:10, 2025-04-26 18:10, 2025-04-27 02:10, 2025-04-27 06:10, 2025-04-27 14:10, 2025-04-27 18:11, 2025-04-28 02:10, 2025-04-28 06:10, 2025-04-28 14:10, 2025-04-28 18:10

Spamhaus XBL CBL

97.107.140.120 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-25 21:54:31.320000
Was present on blacklist at: 2025-04-18 21:54, 2025-04-25 21:54

Warden events (165)

2025-04-26

IntrusionUserCompromise (node.cfb4f7): 3

2025-04-25

IntrusionUserCompromise (node.cfb4f7): 8

2025-04-23

IntrusionUserCompromise (node.cfb4f7): 2

2025-04-20

ReconScanning (node.f90c6b): 2

2025-04-19

IntrusionUserCompromise (node.cfb4f7): 6

2025-04-18

IntrusionUserCompromise (node.cfb4f7): 3

2025-04-15

IntrusionUserCompromise (node.cfb4f7): 6

2025-04-14

IntrusionUserCompromise (node.cfb4f7): 8

2025-04-12

IntrusionUserCompromise (node.cfb4f7): 3

2025-04-11

IntrusionUserCompromise (node.cfb4f7): 16

2025-04-09

IntrusionUserCompromise (node.cfb4f7): 3

2025-04-07

IntrusionUserCompromise (node.cfb4f7): 8

2025-04-06

IntrusionUserCompromise (node.cfb4f7): 16

2025-04-04

IntrusionUserCompromise (node.cfb4f7): 12

2025-04-03

IntrusionUserCompromise (node.cfb4f7): 25

2025-04-02

IntrusionUserCompromise (node.cfb4f7): 10

2025-03-31

IntrusionUserCompromise (node.cfb4f7): 23

2025-03-29

IntrusionUserCompromise (node.cfb4f7): 8

2025-03-28

IntrusionUserCompromise (node.cfb4f7): 3

DShield reports (IP summary, reports)

2025-03-29

Number of reports: 610

Distinct targets: 241

2025-03-30

Number of reports: 1026

Distinct targets: 349

2025-03-31

Number of reports: 847

Distinct targets: 232

2025-04-01

Number of reports: 754

Distinct targets: 117

2025-04-02

Number of reports: 935

Distinct targets: 454

2025-04-03

Number of reports: 1105

Distinct targets: 466

2025-04-04

Number of reports: 1254

Distinct targets: 393

2025-04-05

Number of reports: 314

Distinct targets: 117

2025-04-06

Number of reports: 1408

Distinct targets: 502

2025-04-07

Number of reports: 1346

Distinct targets: 346

2025-04-08

Number of reports: 1080

Distinct targets: 342

2025-04-09

Number of reports: 841

Distinct targets: 355

2025-04-10

Number of reports: 498

Distinct targets: 233

2025-04-11

Number of reports: 1241

Distinct targets: 348

2025-04-12

Number of reports: 618

Distinct targets: 117

2025-04-14

Number of reports: 190

Distinct targets: 10

2025-04-15

Number of reports: 1095

Distinct targets: 240

2025-04-16

Number of reports: 331

Distinct targets: 124

2025-04-17

Number of reports: 31

Distinct targets: 5

2025-04-18

Number of reports: 777

Distinct targets: 294

2025-04-19

Number of reports: 199

Distinct targets: 54

2025-04-20

Number of reports: 1992

Distinct targets: 552

2025-04-22

Number of reports: 744

Distinct targets: 234

2025-04-25

Number of reports: 763

Distinct targets: 239

2025-04-26

Number of reports: 626

Distinct targets: 117

2025-04-27

Number of reports: 312

Distinct targets: 117

OTX pulses

[5a7e3e70c44e7b48947593a7] 2018-02-10 00:36:00.396000 | Webscanners 2018-02-09 thru current day

Author name:	david3
Pulse modified:	2025-04-28 19:55:23.220000
Indicator created:	2025-04-25 10:35:19
Indicator role:	scanning_host
Indicator title:	404 NOT FOUND
Indicator expiration:	2025-07-24 00:00:00

Origin AS

AS63949 - LINODE-AP

BGP Prefix

97.107.128.0/20

geo

United States, Cedar Knolls

🕑 America/New_York

hostname

prod04.academyforinternetresearch.org

Address block ('inetnum' or 'NetRange' in whois database)

97.107.128.0 - 97.107.143.255

last_activity

2025-04-28 20:33:11.265000

last_warden_event

2025-04-26 00:27:22

rep

0.2348772321428571

reserved_range

0

Shodan's InternetDB

Open ports: 22, 25, 8126, 10250

Tags: devops, cloud

CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:8.9p1

ts_added

2025-03-28 21:54:25.048000

ts_last_update

2025-04-28 20:33:11.277000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses