IP address: 216.144.254.138

Host rating:

2.0

out of 17 votes

Last update: 2020-03-03

Host details

138-254-144-216.static.reverse.lstn.net.
United States
Dallas
AS46475 Limestone Networks, Inc.
See comments

Reported breaches

  • Port scan
Report breach

Whois record

The publicly-available Whois record found at whois.arin.net server.

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#


NetRange:       216.144.240.0 - 216.144.255.255
CIDR:           216.144.240.0/20
NetName:        LSN-DLLSTX-7
NetHandle:      NET-216-144-240-0-1
Parent:         NET216 (NET-216-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS46475
Organization:   Limestone Networks, Inc. (LIMES-2)
RegDate:        2011-08-17
Updated:        2012-02-24
Comment:        http://www.limestonenetworks.com
Ref:            https://rdap.arin.net/registry/ip/216.144.240.0


OrgName:        Limestone Networks, Inc.
OrgId:          LIMES-2
Address:        400 S. Akard Street
Address:        Suite 200
City:           Dallas
StateProv:      TX
PostalCode:     75202
Country:        US
RegDate:        2007-12-04
Updated:        2017-01-28
Comment:        http://limestonenetworks.com/
Ref:            https://rdap.arin.net/registry/entity/LIMES-2

ReferralServer:  rwhois://rwhois.limestonenetworks.com:4321

OrgAbuseHandle: ABUSE1804-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-214-242-3600 
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE1804-ARIN

OrgTechHandle: NOC2791-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-214-242-3600 
OrgTechEmail:  [email protected]
OrgTechRef:    https://rdap.arin.net/registry/entity/NOC2791-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2021, American Registry for Internet Numbers, Ltd.
#

User comments

17 security incident(s) reported by users

BHD Honeypot
Port scan
2020-03-03

In the last 24h, the attacker (216.144.254.138) attempted to scan 47 ports.
The following ports have been scanned: 9097/tcp, 1006/tcp, 9005/tcp, 9096/tcp, 4002/tcp (pxc-spvr-ft), 4014/tcp (TAICLOCK), 442/tcp (cvc_hostd), 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9095/tcp, 8095/tcp, 9098/tcp, 4001/tcp (NewOak), 7019/tcp, 4000/tcp (Terabase), 9007/tcp, 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 2094/tcp (NBX AU), 8003/tcp (Mulberry Connect Reporting Service), 5000/tcp (commplex-main), 8995/tcp, 8038/tcp, 2097/tcp (Jet Form Preview), 1010/tcp (surf), 8016/tcp, 1014/tcp, 7017/tcp, 1008/tcp, 3020/tcp (CIFS), 1007/tcp, 5002/tcp (radio free ethernet), 7018/tcp, 1013/tcp, 7777/tcp (cbt), 4019/tcp (Talarian Mcast), 7020/tcp (DP Serve), 9004/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 2096/tcp (NBX DIR), 8282/tcp, 3014/tcp (Broker Service), 1015/tcp, 8996/tcp, 8997/tcp, 8094/tcp.
      
BHD Honeypot
Port scan
2020-03-02

In the last 24h, the attacker (216.144.254.138) attempted to scan 53 ports.
The following ports have been scanned: 3019/tcp (Resource Manager), 4018/tcp (Talarian Mcast), 8181/tcp, 5013/tcp (FileMaker, Inc. - Proprietary transport), 1003/tcp, 1012/tcp, 3012/tcp (Trusted Web Client), 8014/tcp, 9001/tcp (ETL Service Manager), 8093/tcp, 6666/tcp, 24464/tcp, 3008/tcp (Midnight Technologies), 8013/tcp, 1016/tcp, 3018/tcp (Service Registry), 9094/tcp, 4012/tcp (PDA Gate), 8202/tcp, 5001/tcp (commplex-link), 2092/tcp (Descent 3), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8442/tcp (CyBro A-bus Protocol), 5000/tcp (commplex-main), 7014/tcp (Microtalon Communications), 8305/tcp, 3010/tcp (Telerate Workstation), 9797/tcp, 3011/tcp (Trusted Web), 8015/tcp, 8036/tcp, 1005/tcp, 2014/tcp (troff), 8030/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 3006/tcp (Instant Internet Admin), 1011/tcp, 7016/tcp, 1017/tcp, 8306/tcp, 4011/tcp (Alternate Service Boot), 5012/tcp (NetOnTap Service), 3007/tcp (Lotus Mail Tracking Agent Protocol), 9003/tcp, 9002/tcp (DynamID authentication), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 1009/tcp.
      
BHD Honeypot
Port scan
2020-03-01

In the last 24h, the attacker (216.144.254.138) attempted to scan 77 ports.
The following ports have been scanned: 4010/tcp (Samsung Unidex), 3019/tcp (Resource Manager), 3005/tcp (Genius License Manager), 8012/tcp, 9018/tcp, 9092/tcp (Xml-Ipc Server Reg), 2012/tcp (ttyinfo), 1000/tcp (cadlock2), 9090/tcp (WebSM), 5013/tcp (FileMaker, Inc. - Proprietary transport), 9696/tcp, 9019/tcp, 2082/tcp (Infowave Mobility Server), 3017/tcp (Event Listener), 5008/tcp (Synapsis EDGE), 2013/tcp (raid-am), 2001/tcp (dc), 16001/tcp (Administration Server Connector), 2083/tcp (Secure Radius Service), 2002/tcp (globe), 4008/tcp (NetCheque accounting), 5010/tcp (TelepathStart), 9293/tcp (StorView Client), 8090/tcp, 7011/tcp (Talon Discovery Port), 5009/tcp (Microsoft Windows Filesystem), 9017/tcp, 3018/tcp (Service Registry), 8304/tcp, 1002/tcp, 8089/tcp, 5011/tcp (TelepathAttack), 8112/tcp, 8083/tcp (Utilistor (Server)), 9091/tcp (xmltec-xmlmail), 9595/tcp (Ping Discovery Service), 8101/tcp (Logical Domains Migration), 8998/tcp, 7013/tcp (Microtalon Discovery), 8585/tcp, 16002/tcp (GoodSync Mediation Service), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 4003/tcp (pxc-splr-ft), 1001/tcp, 9494/tcp, 8445/tcp, 4004/tcp (pxc-roid), 8028/tcp, 4020/tcp (TRAP Port), 8106/tcp, 3003/tcp (CGMS), 7012/tcp (Talon Engine), 8020/tcp (Intuit Entitlement Service and Discovery), 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 8007/tcp, 3014/tcp (Broker Service), 8301/tcp (Amberon PPC/PPS), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 5012/tcp (NetOnTap Service), 2003/tcp (Brutus Server), 8303/tcp, 3004/tcp (Csoft Agent), 8099/tcp, 3002/tcp (RemoteWare Server), 8302/tcp, 4007/tcp (pxc-splr), 7010/tcp (onlinet uninterruptable power supplies), 9099/tcp, 2000/tcp (Cisco SCCP).
      
BHD Honeypot
Port scan
2020-02-29

In the last 24h, the attacker (216.144.254.138) attempted to scan 39 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 8069/tcp, 2222/tcp (EtherNet/IP I/O), 7008/tcp (server-to-server updater), 4006/tcp (pxc-spvr), 5008/tcp (Synapsis EDGE), 8098/tcp, 5010/tcp (TelepathStart), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 3013/tcp (Gilat Sky Surfer), 7009/tcp (remote cache manager service), 2098/tcp (Dialog Port), 5009/tcp (Microsoft Windows Filesystem), 3000/tcp (RemoteWare Client), 1020/tcp, 16000/tcp (Administration Server Access), 8006/tcp, 5006/tcp (wsm server), 9016/tcp, 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 8686/tcp (Sun App Server - JMX/RMI), 3016/tcp (Notify Server), 8210/tcp, 81/tcp, 9015/tcp, 2099/tcp (H.225.0 Annex G), 3333/tcp (DEC Notes), 3015/tcp (NATI DSTP), 8097/tcp (SAC Port Id), 8039/tcp, 9191/tcp (Sun AppSvr JPDA), 10002/tcp (EMC-Documentum Content Server Product), 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2020-02-29

Port scan from IP: 216.144.254.138 detected by psad.
BHD Honeypot
Port scan
2020-02-26

In the last 24h, the attacker (216.144.254.138) attempted to scan 66 ports.
The following ports have been scanned: 9018/tcp, 4018/tcp (Talarian Mcast), 9019/tcp, 5008/tcp (Synapsis EDGE), 4002/tcp (pxc-spvr-ft), 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9098/tcp, 3013/tcp (Gilat Sky Surfer), 24464/tcp, 2098/tcp (Dialog Port), 9017/tcp, 1016/tcp, 8202/tcp, 9007/tcp, 5006/tcp (wsm server), 8998/tcp, 8003/tcp (Mulberry Connect Reporting Service), 805/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 4003/tcp (pxc-splr-ft), 2097/tcp (Jet Form Preview), 1010/tcp (surf), 4004/tcp (pxc-roid), 4017/tcp (Talarian Mcast), 8030/tcp, 8084/tcp, 50000/tcp, 1111/tcp (LM Social Server), 4019/tcp (Talarian Mcast), 7020/tcp (DP Serve), 2099/tcp (H.225.0 Annex G), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 1017/tcp, 2800/tcp (ACC RAID), 3014/tcp (Broker Service), 8004/tcp, 8997/tcp, 9099/tcp, 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-25

In the last 24h, the attacker (216.144.254.138) attempted to scan 183 ports.
The following ports have been scanned: 9097/tcp, 1006/tcp, 3019/tcp (Resource Manager), 8012/tcp, 9005/tcp, 9096/tcp, 5013/tcp (FileMaker, Inc. - Proprietary transport), 1003/tcp, 1012/tcp, 9006/tcp, 3012/tcp (Trusted Web Client), 8014/tcp, 4002/tcp (pxc-spvr-ft), 9011/tcp, 2093/tcp (NBX CC), 4014/tcp (TAICLOCK), 8093/tcp, 5555/tcp (Personal Agent), 442/tcp (cvc_hostd), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9095/tcp, 8095/tcp, 9098/tcp, 1004/tcp, 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 4013/tcp (ACL Manager), 8013/tcp, 8443/tcp (PCsync HTTPS), 9017/tcp, 1016/tcp, 3018/tcp (Service Registry), 4012/tcp (PDA Gate), 7019/tcp, 4000/tcp (Terabase), 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 10001/tcp (SCP Configuration), 8001/tcp (VCOM Tunnel), 9007/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 9012/tcp, 2094/tcp (NBX AU), 5000/tcp (commplex-main), 8009/tcp, 8037/tcp, 8995/tcp, 8585/tcp, 9014/tcp, 8038/tcp, 7014/tcp (Microtalon Communications), 8305/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 8015/tcp, 444/tcp (Simple Network Paging Protocol), 9015/tcp, 4017/tcp (Talarian Mcast), 4020/tcp (TRAP Port), 8016/tcp, 1014/tcp, 7017/tcp, 1008/tcp, 8036/tcp, 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7018/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 50000/tcp, 8010/tcp, 7777/tcp (cbt), 4019/tcp (Talarian Mcast), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1011/tcp, 2900/tcp (QUICKSUITE), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 2800/tcp (ACC RAID), 2096/tcp (NBX DIR), 8306/tcp, 1015/tcp, 4011/tcp (Alternate Service Boot), 5012/tcp (NetOnTap Service), 3007/tcp (Lotus Mail Tracking Agent Protocol), 8996/tcp, 9999/tcp (distinct), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 8094/tcp, 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-24

In the last 24h, the attacker (216.144.254.138) attempted to scan 601 ports.
The following ports have been scanned: 9097/tcp, 8005/tcp (MXI Generation II for z/OS), 4010/tcp (Samsung Unidex), 1006/tcp, 3019/tcp (Resource Manager), 3005/tcp (Genius License Manager), 8012/tcp, 9018/tcp, 9093/tcp, 4018/tcp (Talarian Mcast), 9009/tcp (Pichat Server), 9092/tcp (Xml-Ipc Server Reg), 9096/tcp, 2012/tcp (ttyinfo), 1000/tcp (cadlock2), 2222/tcp (EtherNet/IP I/O), 7008/tcp (server-to-server updater), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 5013/tcp (FileMaker, Inc. - Proprietary transport), 4006/tcp (pxc-spvr), 1003/tcp, 1012/tcp, 9696/tcp, 9019/tcp, 2082/tcp (Infowave Mobility Server), 3012/tcp (Trusted Web Client), 8014/tcp, 3017/tcp (Event Listener), 5008/tcp (Synapsis EDGE), 2013/tcp (raid-am), 2001/tcp (dc), 9011/tcp, 16001/tcp (Administration Server Connector), 8098/tcp, 2093/tcp (NBX CC), 2083/tcp (Secure Radius Service), 2002/tcp (globe), 4008/tcp (NetCheque accounting), 4014/tcp (TAICLOCK), 9001/tcp (ETL Service Manager), 8093/tcp, 442/tcp (cvc_hostd), 5010/tcp (TelepathStart), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 9293/tcp (StorView Client), 8090/tcp, 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9095/tcp, 8095/tcp, 9898/tcp (MonkeyCom), 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 441/tcp (decvms-sysmgt), 24464/tcp, 3008/tcp (Midnight Technologies), 7009/tcp (remote cache manager service), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 4013/tcp (ACL Manager), 7011/tcp (Talon Discovery Port), 5009/tcp (Microsoft Windows Filesystem), 8013/tcp, 8443/tcp (PCsync HTTPS), 9017/tcp, 1016/tcp, 3018/tcp (Service Registry), 99/tcp (Metagram Relay), 9094/tcp, 8304/tcp, 1020/tcp, 4012/tcp (PDA Gate), 7019/tcp, 1002/tcp, 8089/tcp, 5011/tcp (TelepathAttack), 4000/tcp (Terabase), 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 8083/tcp (Utilistor (Server)), 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 16000/tcp (Administration Server Access), 100/tcp ([unauthorized use]), 8001/tcp (VCOM Tunnel), 9595/tcp (Ping Discovery Service), 8006/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8101/tcp (Logical Domains Migration), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 8096/tcp, 8998/tcp, 9012/tcp, 2094/tcp (NBX AU), 7013/tcp (Microtalon Discovery), 8003/tcp (Mulberry Connect Reporting Service), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 805/tcp, 8009/tcp, 8037/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 9014/tcp, 16002/tcp (GoodSync Mediation Service), 8038/tcp, 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 8210/tcp, 8305/tcp, 1001/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 1010/tcp (surf), 9494/tcp, 81/tcp, 9797/tcp, 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 8015/tcp, 444/tcp (Simple Network Paging Protocol), 9015/tcp, 8028/tcp, 4017/tcp (Talarian Mcast), 9010/tcp (Secure Data Replicator Protocol), 4020/tcp (TRAP Port), 8016/tcp, 8106/tcp, 1014/tcp, 7017/tcp, 1008/tcp, 8036/tcp, 3003/tcp (CGMS), 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 8030/tcp, 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7012/tcp (Talon Engine), 7018/tcp, 8084/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1019/tcp, 3333/tcp (DEC Notes), 1011/tcp, 2900/tcp (QUICKSUITE), 98/tcp (TAC News), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 8484/tcp, 1017/tcp, 8000/tcp (iRDMI), 2800/tcp (ACC RAID), 8007/tcp, 2096/tcp (NBX DIR), 8282/tcp, 3014/tcp (Broker Service), 8306/tcp, 8301/tcp (Amberon PPC/PPS), 3015/tcp (NATI DSTP), 1015/tcp, 8097/tcp (SAC Port Id), 4011/tcp (Alternate Service Boot), 8004/tcp, 5012/tcp (NetOnTap Service), 2003/tcp (Brutus Server), 8303/tcp, 3007/tcp (Lotus Mail Tracking Agent Protocol), 9002/tcp (DynamID authentication), 3004/tcp (Csoft Agent), 8383/tcp (M2m Services), 8996/tcp, 9999/tcp (distinct), 8099/tcp, 3002/tcp (RemoteWare Server), 8302/tcp, 8997/tcp, 4007/tcp (pxc-splr), 9191/tcp (Sun AppSvr JPDA), 7010/tcp (onlinet uninterruptable power supplies), 9099/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 8094/tcp, 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-23

In the last 24h, the attacker (216.144.254.138) attempted to scan 141 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 9005/tcp, 9093/tcp, 2012/tcp (ttyinfo), 1000/tcp (cadlock2), 8069/tcp, 2222/tcp (EtherNet/IP I/O), 7008/tcp (server-to-server updater), 4006/tcp (pxc-spvr), 1003/tcp, 9006/tcp, 16001/tcp (Administration Server Connector), 5555/tcp (Personal Agent), 9293/tcp (StorView Client), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 3013/tcp (Gilat Sky Surfer), 8008/tcp (HTTP Alternate), 5009/tcp (Microsoft Windows Filesystem), 3000/tcp (RemoteWare Client), 99/tcp (Metagram Relay), 9094/tcp, 8060/tcp, 1002/tcp, 16000/tcp (Administration Server Access), 10001/tcp (SCP Configuration), 100/tcp ([unauthorized use]), 9007/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 8995/tcp, 16002/tcp (GoodSync Mediation Service), 3016/tcp (Notify Server), 4003/tcp (pxc-splr-ft), 1001/tcp, 8445/tcp, 4004/tcp (pxc-roid), 9010/tcp (Secure Data Replicator Protocol), 3003/tcp (CGMS), 5002/tcp (radio free ethernet), 8010/tcp, 7777/tcp (cbt), 4019/tcp (Talarian Mcast), 2099/tcp (H.225.0 Annex G), 98/tcp (TAC News), 9004/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 8000/tcp (iRDMI), 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 8097/tcp (SAC Port Id), 9003/tcp, 8039/tcp, 8099/tcp, 3002/tcp (RemoteWare Server), 4007/tcp (pxc-splr), 9191/tcp (Sun AppSvr JPDA), 4005/tcp (pxc-pin), 10002/tcp (EMC-Documentum Content Server Product).
      
BHD Honeypot
Port scan
2020-02-23

Port scan from IP: 216.144.254.138 detected by psad.
BHD Honeypot
Port scan
2020-02-15

In the last 24h, the attacker (216.144.254.138) attempted to scan 131 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 1006/tcp, 3019/tcp (Resource Manager), 9018/tcp, 2005/tcp (berknet), 4018/tcp (Talarian Mcast), 2012/tcp (ttyinfo), 8181/tcp, 9090/tcp (WebSM), 9696/tcp, 9019/tcp, 3012/tcp (Trusted Web Client), 5008/tcp (Synapsis EDGE), 4002/tcp (pxc-spvr-ft), 2013/tcp (raid-am), 92/tcp (Network Printing Protocol), 8093/tcp, 5010/tcp (TelepathStart), 8090/tcp, 9898/tcp (MonkeyCom), 3013/tcp (Gilat Sky Surfer), 4001/tcp (NewOak), 5009/tcp (Microsoft Windows Filesystem), 8055/tcp (Senomix Timesheets Server [1 year assignment]), 7019/tcp, 8089/tcp, 4000/tcp (Terabase), 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 8101/tcp (Logical Domains Migration), 8003/tcp (Mulberry Connect Reporting Service), 5000/tcp (commplex-main), 8040/tcp (Ampify Messaging Protocol), 8201/tcp (TRIVNET), 16002/tcp (GoodSync Mediation Service), 8038/tcp, 8210/tcp, 8305/tcp, 1010/tcp (surf), 9797/tcp, 444/tcp (Simple Network Paging Protocol), 2086/tcp (GNUnet), 2007/tcp (dectalk), 8028/tcp, 4017/tcp (Talarian Mcast), 4020/tcp (TRAP Port), 2090/tcp (Load Report Protocol), 8036/tcp, 3003/tcp (CGMS), 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 8889/tcp (Desktop Data TCP 1), 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 3006/tcp (Instant Internet Admin), 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 4019/tcp (Talarian Mcast), 91/tcp (MIT Dover Spooler), 7020/tcp (DP Serve), 1011/tcp, 2091/tcp (PRP), 8888/tcp (NewsEDGE server TCP (TCP 1)), 3014/tcp (Broker Service), 8306/tcp, 8301/tcp (Amberon PPC/PPS), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 8004/tcp, 2085/tcp (ADA Control), 3004/tcp (Csoft Agent), 8302/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port), 2084/tcp (SunCluster Geographic), 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2020-02-14

In the last 24h, the attacker (216.144.254.138) attempted to scan 223 ports.
The following ports have been scanned: 9097/tcp, 9005/tcp, 9009/tcp (Pichat Server), 1000/tcp (cadlock2), 8069/tcp, 7008/tcp (server-to-server updater), 5013/tcp (FileMaker, Inc. - Proprietary transport), 4006/tcp (pxc-spvr), 9006/tcp, 2082/tcp (Infowave Mobility Server), 3017/tcp (Event Listener), 8049/tcp, 2001/tcp (dc), 16001/tcp (Administration Server Connector), 8204/tcp (LM Perfworks), 2083/tcp (Secure Radius Service), 2002/tcp (globe), 2011/tcp (raid), 8205/tcp (LM Instmgr), 4014/tcp (TAICLOCK), 8993/tcp, 5555/tcp (Personal Agent), 442/tcp (cvc_hostd), 90/tcp (DNSIX Securit Attribute Token Map), 8048/tcp, 8082/tcp (Utilistor (Client)), 9293/tcp (StorView Client), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 2098/tcp (Dialog Port), 8443/tcp (PCsync HTTPS), 2080/tcp (Autodesk NLM (FLEXlm)), 8027/tcp, 9017/tcp, 3000/tcp (RemoteWare Client), 3018/tcp (Service Registry), 9094/tcp, 8304/tcp, 1020/tcp, 86/tcp (Micro Focus Cobol), 4012/tcp (PDA Gate), 2009/tcp (news), 5011/tcp (TelepathAttack), 8202/tcp, 8083/tcp (Utilistor (Server)), 4016/tcp (Talarian Mcast), 16000/tcp (Administration Server Access), 8001/tcp (VCOM Tunnel), 9595/tcp (Ping Discovery Service), 8006/tcp, 9007/tcp, 5006/tcp (wsm server), 8025/tcp (CA Audit Distribution Agent), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 8998/tcp, 9012/tcp, 84/tcp (Common Trace Facility), 7013/tcp (Microtalon Discovery), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8037/tcp, 89/tcp (SU/MIT Telnet Gateway), 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 9014/tcp, 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 2087/tcp (ELI - Event Logging Integration), 2081/tcp (KME PRINTER TRAP PORT), 4003/tcp (pxc-splr-ft), 1001/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9494/tcp, 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 9015/tcp, 4004/tcp (pxc-roid), 7017/tcp, 8102/tcp, 8030/tcp, 7018/tcp, 2079/tcp (IDWARE Router Port), 7777/tcp (cbt), 88/tcp (Kerberos), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 1019/tcp, 8029/tcp, 2099/tcp (H.225.0 Annex G), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 8484/tcp, 8007/tcp, 8035/tcp, 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 2020/tcp (xinupageserver), 2088/tcp (IP Busy Lamp Field), 4011/tcp (Alternate Service Boot), 5012/tcp (NetOnTap Service), 85/tcp (MIT ML Device), 2003/tcp (Brutus Server), 8383/tcp (M2m Services), 8039/tcp, 2089/tcp (Security Encapsulation Protocol - SEP), 8099/tcp, 3002/tcp (RemoteWare Server), 8997/tcp, 9191/tcp (Sun AppSvr JPDA), 14464/tcp, 4005/tcp (pxc-pin), 2010/tcp (search), 2000/tcp (Cisco SCCP), 10002/tcp (EMC-Documentum Content Server Product), 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2020-02-13

In the last 24h, the attacker (216.144.254.138) attempted to scan 339 ports.
The following ports have been scanned: 9097/tcp, 4010/tcp (Samsung Unidex), 1006/tcp, 3019/tcp (Resource Manager), 8012/tcp, 9005/tcp, 9093/tcp, 4018/tcp (Talarian Mcast), 9009/tcp (Pichat Server), 9092/tcp (Xml-Ipc Server Reg), 8018/tcp, 9096/tcp, 2222/tcp (EtherNet/IP I/O), 9000/tcp (CSlistener), 1003/tcp, 9006/tcp, 9019/tcp, 8014/tcp, 3017/tcp (Event Listener), 5008/tcp (Synapsis EDGE), 2001/tcp (dc), 9011/tcp, 8098/tcp, 2002/tcp (globe), 4014/tcp (TAICLOCK), 9001/tcp (ETL Service Manager), 442/tcp (cvc_hostd), 5010/tcp (TelepathStart), 83/tcp (MIT ML Device), 82/tcp (XFER Utility), 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9020/tcp (TAMBORA), 9095/tcp, 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 441/tcp (decvms-sysmgt), 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 7011/tcp (Talon Discovery Port), 5009/tcp (Microsoft Windows Filesystem), 8019/tcp (QB DB Dynamic Port), 8013/tcp, 1016/tcp, 3018/tcp (Service Registry), 9094/tcp, 1020/tcp, 4012/tcp (PDA Gate), 8060/tcp, 1002/tcp, 5011/tcp (TelepathAttack), 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 10001/tcp (SCP Configuration), 9007/tcp, 5006/tcp (wsm server), 8992/tcp, 2017/tcp (cypress-stat), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8101/tcp (Logical Domains Migration), 8442/tcp (CyBro A-bus Protocol), 84/tcp (Common Trace Facility), 5000/tcp (commplex-main), 805/tcp, 8995/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 3016/tcp (Notify Server), 1001/tcp, 2097/tcp (Jet Form Preview), 1010/tcp (surf), 81/tcp, 8015/tcp, 8445/tcp, 8028/tcp, 4017/tcp (Talarian Mcast), 9010/tcp (Secure Data Replicator Protocol), 4020/tcp (TRAP Port), 8016/tcp, 8106/tcp, 1014/tcp, 1008/tcp, 1005/tcp, 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7012/tcp (Talon Engine), 8084/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 8010/tcp, 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 2008/tcp (conf), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 1019/tcp, 8045/tcp, 3333/tcp (DEC Notes), 2900/tcp (QUICKSUITE), 9004/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 8484/tcp, 1017/tcp, 8046/tcp, 8991/tcp (webmail HTTPS service), 2800/tcp (ACC RAID), 2018/tcp (terminaldb), 2096/tcp (NBX DIR), 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 1015/tcp, 8097/tcp (SAC Port Id), 8047/tcp, 4011/tcp (Alternate Service Boot), 2003/tcp (Brutus Server), 9003/tcp, 9002/tcp (DynamID authentication), 8383/tcp (M2m Services), 8996/tcp, 9999/tcp (distinct), 8099/tcp, 8997/tcp, 9099/tcp, 2000/tcp (Cisco SCCP), 8017/tcp, 2019/tcp (whosockami), 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-12

Port scan from IP: 216.144.254.138 detected by psad.
BHD Honeypot
Port scan
2020-02-08

In the last 24h, the attacker (216.144.254.138) attempted to scan 123 ports.
The following ports have been scanned: 9097/tcp, 8005/tcp (MXI Generation II for z/OS), 4010/tcp (Samsung Unidex), 3005/tcp (Genius License Manager), 9018/tcp, 9005/tcp, 4018/tcp (Talarian Mcast), 9096/tcp, 2222/tcp (EtherNet/IP I/O), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 4006/tcp (pxc-spvr), 1003/tcp, 1012/tcp, 9006/tcp, 9019/tcp, 3017/tcp (Event Listener), 2001/tcp (dc), 8098/tcp, 2002/tcp (globe), 4014/tcp (TAICLOCK), 8093/tcp, 82/tcp (XFER Utility), 8090/tcp, 1018/tcp, 9095/tcp, 8095/tcp, 9898/tcp (MonkeyCom), 9098/tcp, 3013/tcp (Gilat Sky Surfer), 24464/tcp, 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 9017/tcp, 1016/tcp, 1020/tcp, 4012/tcp (PDA Gate), 7019/tcp, 1002/tcp, 8089/tcp, 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 9007/tcp, 2017/tcp (cypress-stat), 9016/tcp, 8096/tcp, 8003/tcp (Mulberry Connect Reporting Service), 805/tcp, 8037/tcp, 8995/tcp, 8686/tcp (Sun App Server - JMX/RMI), 8585/tcp, 8038/tcp, 3016/tcp (Notify Server), 2087/tcp (ELI - Event Logging Integration), 2081/tcp (KME PRINTER TRAP PORT), 4003/tcp (pxc-splr-ft), 1001/tcp, 81/tcp, 9797/tcp, 2086/tcp (GNUnet), 9015/tcp, 4004/tcp (pxc-roid), 4017/tcp (Talarian Mcast), 8106/tcp, 2090/tcp (Load Report Protocol), 8036/tcp, 3003/tcp (CGMS), 2014/tcp (troff), 2004/tcp (mailbox), 8084/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 2079/tcp (IDWARE Router Port), 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 4019/tcp (Talarian Mcast), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1019/tcp, 3333/tcp (DEC Notes), 1011/tcp, 2091/tcp (PRP), 2900/tcp (QUICKSUITE), 8484/tcp, 1017/tcp, 2800/tcp (ACC RAID), 2018/tcp (terminaldb), 8282/tcp, 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 2020/tcp (xinupageserver), 1015/tcp, 8097/tcp (SAC Port Id), 2088/tcp (IP Busy Lamp Field), 4011/tcp (Alternate Service Boot), 8004/tcp, 2085/tcp (ADA Control), 2003/tcp (Brutus Server), 3007/tcp (Lotus Mail Tracking Agent Protocol), 3004/tcp (Csoft Agent), 8383/tcp (M2m Services), 9999/tcp (distinct), 2089/tcp (Security Encapsulation Protocol - SEP), 3002/tcp (RemoteWare Server), 4007/tcp (pxc-splr), 14464/tcp, 4005/tcp (pxc-pin), 9099/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 2019/tcp (whosockami), 8094/tcp, 2084/tcp (SunCluster Geographic).
      
BHD Honeypot
Port scan
2020-02-07

In the last 24h, the attacker (216.144.254.138) attempted to scan 62 ports.
The following ports have been scanned: 9093/tcp, 2012/tcp (ttyinfo), 8069/tcp, 9696/tcp, 3012/tcp (Trusted Web Client), 4002/tcp (pxc-spvr-ft), 2013/tcp (raid-am), 9011/tcp, 16001/tcp (Administration Server Connector), 8082/tcp (Utilistor (Client)), 6666/tcp, 4001/tcp (NewOak), 7011/tcp (Talon Discovery Port), 2098/tcp (Dialog Port), 3000/tcp (RemoteWare Client), 99/tcp (Metagram Relay), 9094/tcp, 8060/tcp, 2009/tcp (news), 4000/tcp (Terabase), 8202/tcp, 8083/tcp (Utilistor (Server)), 2095/tcp (NBX SER), 16000/tcp (Administration Server Access), 10001/tcp (SCP Configuration), 100/tcp ([unauthorized use]), 8998/tcp, 9012/tcp, 2094/tcp (NBX AU), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 8009/tcp, 2016/tcp (bootserver), 9014/tcp, 16002/tcp (GoodSync Mediation Service), 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 8210/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9013/tcp, 3011/tcp (Trusted Web), 444/tcp (Simple Network Paging Protocol), 8445/tcp, 2007/tcp (dectalk), 9010/tcp (Secure Data Replicator Protocol), 3020/tcp (CIFS), 7012/tcp (Talon Engine), 7018/tcp, 8010/tcp, 2008/tcp (conf), 2099/tcp (H.225.0 Annex G), 8000/tcp (iRDMI), 2096/tcp (NBX DIR), 8306/tcp, 10000/tcp (Network Data Management Protocol), 8039/tcp, 8302/tcp, 9191/tcp (Sun AppSvr JPDA).
      
BHD Honeypot
Port scan
2020-02-07

Port scan from IP: 216.144.254.138 detected by psad.

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Similar hosts

Hosts with the same ASN

Emerging threats

The most commonly reported IP addresses in the last 24 hours

Report breach!

Rate host 216.144.254.138