IP address: 216.144.254.138

Host rating:

2.0

out of 12 votes

Last update: 2020-02-26

Host details

138-254-144-216.static.reverse.lstn.net.
United States
Dallas
AS46475 Limestone Networks, Inc.
See comments

Reported breaches

  • Port scan
Report breach

Whois record

The publicly-available Whois record found at whois.arin.net server.

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#


Private Customer LSN-DLLSTX-1 (NET-216-144-254-136-1) 216.144.254.136 - 216.144.254.139
Limestone Networks, Inc. LSN-DLLSTX-7 (NET-216-144-240-0-1) 216.144.240.0 - 216.144.255.255



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#

User comments

12 security incident(s) reported by users

BHD Honeypot
Port scan
2020-02-26

In the last 24h, the attacker (216.144.254.138) attempted to scan 66 ports.
The following ports have been scanned: 9018/tcp, 4018/tcp (Talarian Mcast), 9019/tcp, 5008/tcp (Synapsis EDGE), 4002/tcp (pxc-spvr-ft), 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9098/tcp, 3013/tcp (Gilat Sky Surfer), 24464/tcp, 2098/tcp (Dialog Port), 9017/tcp, 1016/tcp, 8202/tcp, 9007/tcp, 5006/tcp (wsm server), 8998/tcp, 8003/tcp (Mulberry Connect Reporting Service), 805/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 4003/tcp (pxc-splr-ft), 2097/tcp (Jet Form Preview), 1010/tcp (surf), 4004/tcp (pxc-roid), 4017/tcp (Talarian Mcast), 8030/tcp, 8084/tcp, 50000/tcp, 1111/tcp (LM Social Server), 4019/tcp (Talarian Mcast), 7020/tcp (DP Serve), 2099/tcp (H.225.0 Annex G), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 1017/tcp, 2800/tcp (ACC RAID), 3014/tcp (Broker Service), 8004/tcp, 8997/tcp, 9099/tcp, 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-25

In the last 24h, the attacker (216.144.254.138) attempted to scan 183 ports.
The following ports have been scanned: 9097/tcp, 1006/tcp, 3019/tcp (Resource Manager), 8012/tcp, 9005/tcp, 9096/tcp, 5013/tcp (FileMaker, Inc. - Proprietary transport), 1003/tcp, 1012/tcp, 9006/tcp, 3012/tcp (Trusted Web Client), 8014/tcp, 4002/tcp (pxc-spvr-ft), 9011/tcp, 2093/tcp (NBX CC), 4014/tcp (TAICLOCK), 8093/tcp, 5555/tcp (Personal Agent), 442/tcp (cvc_hostd), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9095/tcp, 8095/tcp, 9098/tcp, 1004/tcp, 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 4013/tcp (ACL Manager), 8013/tcp, 8443/tcp (PCsync HTTPS), 9017/tcp, 1016/tcp, 3018/tcp (Service Registry), 4012/tcp (PDA Gate), 7019/tcp, 4000/tcp (Terabase), 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 10001/tcp (SCP Configuration), 8001/tcp (VCOM Tunnel), 9007/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 9012/tcp, 2094/tcp (NBX AU), 5000/tcp (commplex-main), 8009/tcp, 8037/tcp, 8995/tcp, 8585/tcp, 9014/tcp, 8038/tcp, 7014/tcp (Microtalon Communications), 8305/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 8015/tcp, 444/tcp (Simple Network Paging Protocol), 9015/tcp, 4017/tcp (Talarian Mcast), 4020/tcp (TRAP Port), 8016/tcp, 1014/tcp, 7017/tcp, 1008/tcp, 8036/tcp, 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7018/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 50000/tcp, 8010/tcp, 7777/tcp (cbt), 4019/tcp (Talarian Mcast), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1011/tcp, 2900/tcp (QUICKSUITE), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 2800/tcp (ACC RAID), 2096/tcp (NBX DIR), 8306/tcp, 1015/tcp, 4011/tcp (Alternate Service Boot), 5012/tcp (NetOnTap Service), 3007/tcp (Lotus Mail Tracking Agent Protocol), 8996/tcp, 9999/tcp (distinct), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 8094/tcp, 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-24

In the last 24h, the attacker (216.144.254.138) attempted to scan 601 ports.
The following ports have been scanned: 9097/tcp, 8005/tcp (MXI Generation II for z/OS), 4010/tcp (Samsung Unidex), 1006/tcp, 3019/tcp (Resource Manager), 3005/tcp (Genius License Manager), 8012/tcp, 9018/tcp, 9093/tcp, 4018/tcp (Talarian Mcast), 9009/tcp (Pichat Server), 9092/tcp (Xml-Ipc Server Reg), 9096/tcp, 2012/tcp (ttyinfo), 1000/tcp (cadlock2), 2222/tcp (EtherNet/IP I/O), 7008/tcp (server-to-server updater), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 5013/tcp (FileMaker, Inc. - Proprietary transport), 4006/tcp (pxc-spvr), 1003/tcp, 1012/tcp, 9696/tcp, 9019/tcp, 2082/tcp (Infowave Mobility Server), 3012/tcp (Trusted Web Client), 8014/tcp, 3017/tcp (Event Listener), 5008/tcp (Synapsis EDGE), 2013/tcp (raid-am), 2001/tcp (dc), 9011/tcp, 16001/tcp (Administration Server Connector), 8098/tcp, 2093/tcp (NBX CC), 2083/tcp (Secure Radius Service), 2002/tcp (globe), 4008/tcp (NetCheque accounting), 4014/tcp (TAICLOCK), 9001/tcp (ETL Service Manager), 8093/tcp, 442/tcp (cvc_hostd), 5010/tcp (TelepathStart), 8082/tcp (Utilistor (Client)), 82/tcp (XFER Utility), 9293/tcp (StorView Client), 8090/tcp, 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9095/tcp, 8095/tcp, 9898/tcp (MonkeyCom), 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 441/tcp (decvms-sysmgt), 24464/tcp, 3008/tcp (Midnight Technologies), 7009/tcp (remote cache manager service), 8008/tcp (HTTP Alternate), 4001/tcp (NewOak), 4013/tcp (ACL Manager), 7011/tcp (Talon Discovery Port), 5009/tcp (Microsoft Windows Filesystem), 8013/tcp, 8443/tcp (PCsync HTTPS), 9017/tcp, 1016/tcp, 3018/tcp (Service Registry), 99/tcp (Metagram Relay), 9094/tcp, 8304/tcp, 1020/tcp, 4012/tcp (PDA Gate), 7019/tcp, 1002/tcp, 8089/tcp, 5011/tcp (TelepathAttack), 4000/tcp (Terabase), 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 8083/tcp (Utilistor (Server)), 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 16000/tcp (Administration Server Access), 100/tcp ([unauthorized use]), 8001/tcp (VCOM Tunnel), 9595/tcp (Ping Discovery Service), 8006/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8101/tcp (Logical Domains Migration), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 8096/tcp, 8998/tcp, 9012/tcp, 2094/tcp (NBX AU), 7013/tcp (Microtalon Discovery), 8003/tcp (Mulberry Connect Reporting Service), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 805/tcp, 8009/tcp, 8037/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 9014/tcp, 16002/tcp (GoodSync Mediation Service), 8038/tcp, 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 8210/tcp, 8305/tcp, 1001/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 1010/tcp (surf), 9494/tcp, 81/tcp, 9797/tcp, 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 8015/tcp, 444/tcp (Simple Network Paging Protocol), 9015/tcp, 8028/tcp, 4017/tcp (Talarian Mcast), 9010/tcp (Secure Data Replicator Protocol), 4020/tcp (TRAP Port), 8016/tcp, 8106/tcp, 1014/tcp, 7017/tcp, 1008/tcp, 8036/tcp, 3003/tcp (CGMS), 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 8030/tcp, 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7012/tcp (Talon Engine), 7018/tcp, 8084/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1019/tcp, 3333/tcp (DEC Notes), 1011/tcp, 2900/tcp (QUICKSUITE), 98/tcp (TAC News), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 8484/tcp, 1017/tcp, 8000/tcp (iRDMI), 2800/tcp (ACC RAID), 8007/tcp, 2096/tcp (NBX DIR), 8282/tcp, 3014/tcp (Broker Service), 8306/tcp, 8301/tcp (Amberon PPC/PPS), 3015/tcp (NATI DSTP), 1015/tcp, 8097/tcp (SAC Port Id), 4011/tcp (Alternate Service Boot), 8004/tcp, 5012/tcp (NetOnTap Service), 2003/tcp (Brutus Server), 8303/tcp, 3007/tcp (Lotus Mail Tracking Agent Protocol), 9002/tcp (DynamID authentication), 3004/tcp (Csoft Agent), 8383/tcp (M2m Services), 8996/tcp, 9999/tcp (distinct), 8099/tcp, 3002/tcp (RemoteWare Server), 8302/tcp, 8997/tcp, 4007/tcp (pxc-splr), 9191/tcp (Sun AppSvr JPDA), 7010/tcp (onlinet uninterruptable power supplies), 9099/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 8094/tcp, 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-23

In the last 24h, the attacker (216.144.254.138) attempted to scan 141 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 9005/tcp, 9093/tcp, 2012/tcp (ttyinfo), 1000/tcp (cadlock2), 8069/tcp, 2222/tcp (EtherNet/IP I/O), 7008/tcp (server-to-server updater), 4006/tcp (pxc-spvr), 1003/tcp, 9006/tcp, 16001/tcp (Administration Server Connector), 5555/tcp (Personal Agent), 9293/tcp (StorView Client), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 3013/tcp (Gilat Sky Surfer), 8008/tcp (HTTP Alternate), 5009/tcp (Microsoft Windows Filesystem), 3000/tcp (RemoteWare Client), 99/tcp (Metagram Relay), 9094/tcp, 8060/tcp, 1002/tcp, 16000/tcp (Administration Server Access), 10001/tcp (SCP Configuration), 100/tcp ([unauthorized use]), 9007/tcp, 5006/tcp (wsm server), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8081/tcp (Sun Proxy Admin Service), 5000/tcp (commplex-main), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 8995/tcp, 16002/tcp (GoodSync Mediation Service), 3016/tcp (Notify Server), 4003/tcp (pxc-splr-ft), 1001/tcp, 8445/tcp, 4004/tcp (pxc-roid), 9010/tcp (Secure Data Replicator Protocol), 3003/tcp (CGMS), 5002/tcp (radio free ethernet), 8010/tcp, 7777/tcp (cbt), 4019/tcp (Talarian Mcast), 2099/tcp (H.225.0 Annex G), 98/tcp (TAC News), 9004/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 8000/tcp (iRDMI), 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 8097/tcp (SAC Port Id), 9003/tcp, 8039/tcp, 8099/tcp, 3002/tcp (RemoteWare Server), 4007/tcp (pxc-splr), 9191/tcp (Sun AppSvr JPDA), 4005/tcp (pxc-pin), 10002/tcp (EMC-Documentum Content Server Product).
      
BHD Honeypot
Port scan
2020-02-23

Port scan from IP: 216.144.254.138 detected by psad.
BHD Honeypot
Port scan
2020-02-15

In the last 24h, the attacker (216.144.254.138) attempted to scan 131 ports.
The following ports have been scanned: 8005/tcp (MXI Generation II for z/OS), 1006/tcp, 3019/tcp (Resource Manager), 9018/tcp, 2005/tcp (berknet), 4018/tcp (Talarian Mcast), 2012/tcp (ttyinfo), 8181/tcp, 9090/tcp (WebSM), 9696/tcp, 9019/tcp, 3012/tcp (Trusted Web Client), 5008/tcp (Synapsis EDGE), 4002/tcp (pxc-spvr-ft), 2013/tcp (raid-am), 92/tcp (Network Printing Protocol), 8093/tcp, 5010/tcp (TelepathStart), 8090/tcp, 9898/tcp (MonkeyCom), 3013/tcp (Gilat Sky Surfer), 4001/tcp (NewOak), 5009/tcp (Microsoft Windows Filesystem), 8055/tcp (Senomix Timesheets Server [1 year assignment]), 7019/tcp, 8089/tcp, 4000/tcp (Terabase), 5006/tcp (wsm server), 5001/tcp (commplex-link), 2092/tcp (Descent 3), 8101/tcp (Logical Domains Migration), 8003/tcp (Mulberry Connect Reporting Service), 5000/tcp (commplex-main), 8040/tcp (Ampify Messaging Protocol), 8201/tcp (TRIVNET), 16002/tcp (GoodSync Mediation Service), 8038/tcp, 8210/tcp, 8305/tcp, 1010/tcp (surf), 9797/tcp, 444/tcp (Simple Network Paging Protocol), 2086/tcp (GNUnet), 2007/tcp (dectalk), 8028/tcp, 4017/tcp (Talarian Mcast), 4020/tcp (TRAP Port), 2090/tcp (Load Report Protocol), 8036/tcp, 3003/tcp (CGMS), 1005/tcp, 3020/tcp (CIFS), 2014/tcp (troff), 8889/tcp (Desktop Data TCP 1), 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 3006/tcp (Instant Internet Admin), 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 4019/tcp (Talarian Mcast), 91/tcp (MIT Dover Spooler), 7020/tcp (DP Serve), 1011/tcp, 2091/tcp (PRP), 8888/tcp (NewsEDGE server TCP (TCP 1)), 3014/tcp (Broker Service), 8306/tcp, 8301/tcp (Amberon PPC/PPS), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 8004/tcp, 2085/tcp (ADA Control), 3004/tcp (Csoft Agent), 8302/tcp, 8086/tcp (Distributed SCADA Networking Rendezvous Port), 2084/tcp (SunCluster Geographic), 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2020-02-14

In the last 24h, the attacker (216.144.254.138) attempted to scan 223 ports.
The following ports have been scanned: 9097/tcp, 9005/tcp, 9009/tcp (Pichat Server), 1000/tcp (cadlock2), 8069/tcp, 7008/tcp (server-to-server updater), 5013/tcp (FileMaker, Inc. - Proprietary transport), 4006/tcp (pxc-spvr), 9006/tcp, 2082/tcp (Infowave Mobility Server), 3017/tcp (Event Listener), 8049/tcp, 2001/tcp (dc), 16001/tcp (Administration Server Connector), 8204/tcp (LM Perfworks), 2083/tcp (Secure Radius Service), 2002/tcp (globe), 2011/tcp (raid), 8205/tcp (LM Instmgr), 4014/tcp (TAICLOCK), 8993/tcp, 5555/tcp (Personal Agent), 442/tcp (cvc_hostd), 90/tcp (DNSIX Securit Attribute Token Map), 8048/tcp, 8082/tcp (Utilistor (Client)), 9293/tcp (StorView Client), 6666/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 2098/tcp (Dialog Port), 8443/tcp (PCsync HTTPS), 2080/tcp (Autodesk NLM (FLEXlm)), 8027/tcp, 9017/tcp, 3000/tcp (RemoteWare Client), 3018/tcp (Service Registry), 9094/tcp, 8304/tcp, 1020/tcp, 86/tcp (Micro Focus Cobol), 4012/tcp (PDA Gate), 2009/tcp (news), 5011/tcp (TelepathAttack), 8202/tcp, 8083/tcp (Utilistor (Server)), 4016/tcp (Talarian Mcast), 16000/tcp (Administration Server Access), 8001/tcp (VCOM Tunnel), 9595/tcp (Ping Discovery Service), 8006/tcp, 9007/tcp, 5006/tcp (wsm server), 8025/tcp (CA Audit Distribution Agent), 7015/tcp (Talon Webserver), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8442/tcp (CyBro A-bus Protocol), 9016/tcp, 8998/tcp, 9012/tcp, 84/tcp (Common Trace Facility), 7013/tcp (Microtalon Discovery), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8037/tcp, 89/tcp (SU/MIT Telnet Gateway), 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 9014/tcp, 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 2087/tcp (ELI - Event Logging Integration), 2081/tcp (KME PRINTER TRAP PORT), 4003/tcp (pxc-splr-ft), 1001/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9494/tcp, 9013/tcp, 8002/tcp (Teradata ORDBMS), 3011/tcp (Trusted Web), 9015/tcp, 4004/tcp (pxc-roid), 7017/tcp, 8102/tcp, 8030/tcp, 7018/tcp, 2079/tcp (IDWARE Router Port), 7777/tcp (cbt), 88/tcp (Kerberos), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 1019/tcp, 8029/tcp, 2099/tcp (H.225.0 Annex G), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 7016/tcp, 8484/tcp, 8007/tcp, 8035/tcp, 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 2020/tcp (xinupageserver), 2088/tcp (IP Busy Lamp Field), 4011/tcp (Alternate Service Boot), 5012/tcp (NetOnTap Service), 85/tcp (MIT ML Device), 2003/tcp (Brutus Server), 8383/tcp (M2m Services), 8039/tcp, 2089/tcp (Security Encapsulation Protocol - SEP), 8099/tcp, 3002/tcp (RemoteWare Server), 8997/tcp, 9191/tcp (Sun AppSvr JPDA), 14464/tcp, 4005/tcp (pxc-pin), 2010/tcp (search), 2000/tcp (Cisco SCCP), 10002/tcp (EMC-Documentum Content Server Product), 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2020-02-13

In the last 24h, the attacker (216.144.254.138) attempted to scan 339 ports.
The following ports have been scanned: 9097/tcp, 4010/tcp (Samsung Unidex), 1006/tcp, 3019/tcp (Resource Manager), 8012/tcp, 9005/tcp, 9093/tcp, 4018/tcp (Talarian Mcast), 9009/tcp (Pichat Server), 9092/tcp (Xml-Ipc Server Reg), 8018/tcp, 9096/tcp, 2222/tcp (EtherNet/IP I/O), 9000/tcp (CSlistener), 1003/tcp, 9006/tcp, 9019/tcp, 8014/tcp, 3017/tcp (Event Listener), 5008/tcp (Synapsis EDGE), 2001/tcp (dc), 9011/tcp, 8098/tcp, 2002/tcp (globe), 4014/tcp (TAICLOCK), 9001/tcp (ETL Service Manager), 442/tcp (cvc_hostd), 5010/tcp (TelepathStart), 83/tcp (MIT ML Device), 82/tcp (XFER Utility), 1018/tcp, 5003/tcp (FileMaker, Inc. - Proprietary transport), 9020/tcp (TAMBORA), 9095/tcp, 9098/tcp, 1004/tcp, 3013/tcp (Gilat Sky Surfer), 441/tcp (decvms-sysmgt), 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 7011/tcp (Talon Discovery Port), 5009/tcp (Microsoft Windows Filesystem), 8019/tcp (QB DB Dynamic Port), 8013/tcp, 1016/tcp, 3018/tcp (Service Registry), 9094/tcp, 1020/tcp, 4012/tcp (PDA Gate), 8060/tcp, 1002/tcp, 5011/tcp (TelepathAttack), 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 2095/tcp (NBX SER), 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 10001/tcp (SCP Configuration), 9007/tcp, 5006/tcp (wsm server), 8992/tcp, 2017/tcp (cypress-stat), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 8101/tcp (Logical Domains Migration), 8442/tcp (CyBro A-bus Protocol), 84/tcp (Common Trace Facility), 5000/tcp (commplex-main), 805/tcp, 8995/tcp, 8686/tcp (Sun App Server - JMX/RMI), 9008/tcp (Open Grid Services Server), 8585/tcp, 3016/tcp (Notify Server), 1001/tcp, 2097/tcp (Jet Form Preview), 1010/tcp (surf), 81/tcp, 8015/tcp, 8445/tcp, 8028/tcp, 4017/tcp (Talarian Mcast), 9010/tcp (Secure Data Replicator Protocol), 4020/tcp (TRAP Port), 8016/tcp, 8106/tcp, 1014/tcp, 1008/tcp, 1005/tcp, 1007/tcp, 2004/tcp (mailbox), 5002/tcp (radio free ethernet), 7012/tcp (Talon Engine), 8084/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 8010/tcp, 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 2008/tcp (conf), 4444/tcp (NV Video default), 4015/tcp (Talarian Mcast), 1019/tcp, 8045/tcp, 3333/tcp (DEC Notes), 2900/tcp (QUICKSUITE), 9004/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 8484/tcp, 1017/tcp, 8046/tcp, 8991/tcp (webmail HTTPS service), 2800/tcp (ACC RAID), 2018/tcp (terminaldb), 2096/tcp (NBX DIR), 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 1015/tcp, 8097/tcp (SAC Port Id), 8047/tcp, 4011/tcp (Alternate Service Boot), 2003/tcp (Brutus Server), 9003/tcp, 9002/tcp (DynamID authentication), 8383/tcp (M2m Services), 8996/tcp, 9999/tcp (distinct), 8099/tcp, 8997/tcp, 9099/tcp, 2000/tcp (Cisco SCCP), 8017/tcp, 2019/tcp (whosockami), 5007/tcp (wsm server ssl), 1009/tcp.
      
BHD Honeypot
Port scan
2020-02-12

Port scan from IP: 216.144.254.138 detected by psad.
BHD Honeypot
Port scan
2020-02-08

In the last 24h, the attacker (216.144.254.138) attempted to scan 123 ports.
The following ports have been scanned: 9097/tcp, 8005/tcp (MXI Generation II for z/OS), 4010/tcp (Samsung Unidex), 3005/tcp (Genius License Manager), 9018/tcp, 9005/tcp, 4018/tcp (Talarian Mcast), 9096/tcp, 2222/tcp (EtherNet/IP I/O), 9000/tcp (CSlistener), 8181/tcp, 9090/tcp (WebSM), 4006/tcp (pxc-spvr), 1003/tcp, 1012/tcp, 9006/tcp, 9019/tcp, 3017/tcp (Event Listener), 2001/tcp (dc), 8098/tcp, 2002/tcp (globe), 4014/tcp (TAICLOCK), 8093/tcp, 82/tcp (XFER Utility), 8090/tcp, 1018/tcp, 9095/tcp, 8095/tcp, 9898/tcp (MonkeyCom), 9098/tcp, 3013/tcp (Gilat Sky Surfer), 24464/tcp, 3008/tcp (Midnight Technologies), 8008/tcp (HTTP Alternate), 4013/tcp (ACL Manager), 9017/tcp, 1016/tcp, 1020/tcp, 4012/tcp (PDA Gate), 7019/tcp, 1002/tcp, 8089/tcp, 8989/tcp (Sun Web Server SSL Admin Service), 8112/tcp, 4016/tcp (Talarian Mcast), 9091/tcp (xmltec-xmlmail), 9007/tcp, 2017/tcp (cypress-stat), 9016/tcp, 8096/tcp, 8003/tcp (Mulberry Connect Reporting Service), 805/tcp, 8037/tcp, 8995/tcp, 8686/tcp (Sun App Server - JMX/RMI), 8585/tcp, 8038/tcp, 3016/tcp (Notify Server), 2087/tcp (ELI - Event Logging Integration), 2081/tcp (KME PRINTER TRAP PORT), 4003/tcp (pxc-splr-ft), 1001/tcp, 81/tcp, 9797/tcp, 2086/tcp (GNUnet), 9015/tcp, 4004/tcp (pxc-roid), 4017/tcp (Talarian Mcast), 8106/tcp, 2090/tcp (Load Report Protocol), 8036/tcp, 3003/tcp (CGMS), 2014/tcp (troff), 2004/tcp (mailbox), 8084/tcp, 3006/tcp (Instant Internet Admin), 1013/tcp, 2079/tcp (IDWARE Router Port), 50000/tcp, 8020/tcp (Intuit Entitlement Service and Discovery), 1111/tcp (LM Social Server), 4009/tcp (Chimera HWM), 4444/tcp (NV Video default), 4019/tcp (Talarian Mcast), 4015/tcp (Talarian Mcast), 7020/tcp (DP Serve), 1019/tcp, 3333/tcp (DEC Notes), 1011/tcp, 2091/tcp (PRP), 2900/tcp (QUICKSUITE), 8484/tcp, 1017/tcp, 2800/tcp (ACC RAID), 2018/tcp (terminaldb), 8282/tcp, 3015/tcp (NATI DSTP), 10000/tcp (Network Data Management Protocol), 2020/tcp (xinupageserver), 1015/tcp, 8097/tcp (SAC Port Id), 2088/tcp (IP Busy Lamp Field), 4011/tcp (Alternate Service Boot), 8004/tcp, 2085/tcp (ADA Control), 2003/tcp (Brutus Server), 3007/tcp (Lotus Mail Tracking Agent Protocol), 3004/tcp (Csoft Agent), 8383/tcp (M2m Services), 9999/tcp (distinct), 2089/tcp (Security Encapsulation Protocol - SEP), 3002/tcp (RemoteWare Server), 4007/tcp (pxc-splr), 14464/tcp, 4005/tcp (pxc-pin), 9099/tcp, 2000/tcp (Cisco SCCP), 8086/tcp (Distributed SCADA Networking Rendezvous Port), 2019/tcp (whosockami), 8094/tcp, 2084/tcp (SunCluster Geographic).
      
BHD Honeypot
Port scan
2020-02-07

In the last 24h, the attacker (216.144.254.138) attempted to scan 62 ports.
The following ports have been scanned: 9093/tcp, 2012/tcp (ttyinfo), 8069/tcp, 9696/tcp, 3012/tcp (Trusted Web Client), 4002/tcp (pxc-spvr-ft), 2013/tcp (raid-am), 9011/tcp, 16001/tcp (Administration Server Connector), 8082/tcp (Utilistor (Client)), 6666/tcp, 4001/tcp (NewOak), 7011/tcp (Talon Discovery Port), 2098/tcp (Dialog Port), 3000/tcp (RemoteWare Client), 99/tcp (Metagram Relay), 9094/tcp, 8060/tcp, 2009/tcp (news), 4000/tcp (Terabase), 8202/tcp, 8083/tcp (Utilistor (Server)), 2095/tcp (NBX SER), 16000/tcp (Administration Server Access), 10001/tcp (SCP Configuration), 100/tcp ([unauthorized use]), 8998/tcp, 9012/tcp, 2094/tcp (NBX AU), 8081/tcp (Sun Proxy Admin Service), 8080/tcp (HTTP Alternate (see port 80)), 3001/tcp, 8040/tcp (Ampify Messaging Protocol), 8009/tcp, 2016/tcp (bootserver), 9014/tcp, 16002/tcp (GoodSync Mediation Service), 7014/tcp (Microtalon Communications), 3009/tcp (PXC-NTFY), 8210/tcp, 3010/tcp (Telerate Workstation), 2097/tcp (Jet Form Preview), 9013/tcp, 3011/tcp (Trusted Web), 444/tcp (Simple Network Paging Protocol), 8445/tcp, 2007/tcp (dectalk), 9010/tcp (Secure Data Replicator Protocol), 3020/tcp (CIFS), 7012/tcp (Talon Engine), 7018/tcp, 8010/tcp, 2008/tcp (conf), 2099/tcp (H.225.0 Annex G), 8000/tcp (iRDMI), 2096/tcp (NBX DIR), 8306/tcp, 10000/tcp (Network Data Management Protocol), 8039/tcp, 8302/tcp, 9191/tcp (Sun AppSvr JPDA).
      
BHD Honeypot
Port scan
2020-02-07

Port scan from IP: 216.144.254.138 detected by psad.

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Similar hosts

Hosts with the same ASN

Report breach!

Rate host 216.144.254.138