IP address

Search at other sites:

--192.166.225.27

Shodan(more info)

Passive DNS

IP blacklists

Spamhaus SBL CSS

192.166.225.27 is listed on the Spamhaus SBL CSS blacklist.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-04-28 20:42:10.812000
Was present on blacklist at: 2026-04-28 20:42

Spamhaus XBL CBL

192.166.225.27 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-04-28 20:42:10.812000
Was present on blacklist at: 2026-04-28 20:42

Echelon VNC login

192.166.225.27 is listed on the Echelon VNC login blacklist.

Description: VNC remote desktop login attempt on port 5900/5901
Type of feed: primary (feed detail page)

Last checked at: 2026-05-03 09:45:00.950000
Was present on blacklist at: 2026-04-29 09:45, 2026-04-30 09:45, 2026-05-01 09:45, 2026-05-03 09:45

Threat categories

TL	Role	Category	Details
35	src	login	protocol: vnc

---

OTX pulses

[69f0a6ec9f8ee85d314e3a7c] 2026-04-28 12:24:12.658000 | VNC honeypot logs for 2026/04/28

Author name:	jnazario
Pulse modified:	2026-04-28 12:24:12.658000
Indicator created:	2026-04-28 12:24:13
Indicator role:	None
Indicator title:
Indicator expiration:	2026-05-28 12:00:00

[69f1f811ffc015869c4b8d91] 2026-04-29 12:22:41.329000 | VNC honeypot logs for 2026/04/29

Author name:	jnazario
Pulse modified:	2026-04-29 12:22:41.329000
Indicator created:	2026-04-29 12:22:42
Indicator role:	None
Indicator title:
Indicator expiration:	2026-05-29 12:00:00

[69f4a00bb7db33ca896a10f8] 2026-05-01 12:43:55.923000 | VNC honeypot logs for 2026/05/01

Author name:	jnazario
Pulse modified:	2026-05-01 12:43:55.923000
Indicator created:	2026-05-01 12:43:56
Indicator role:	None
Indicator title:
Indicator expiration:	2026-05-31 12:00:00

[69f5edee279e4c418c4c830f] 2026-05-02 12:28:30.920000 | VNC honeypot logs for 2026/05/02

Author name:	jnazario
Pulse modified:	2026-05-02 12:28:30.920000
Indicator created:	2026-05-02 12:28:31
Indicator role:	None
Indicator title:
Indicator expiration:	2026-06-01 12:00:00

Origin AS

AS63023 - AS-GLOBALTELEHOST

BGP Prefix

192.166.225.0/24

geo

Netherlands

🕑 Europe/Amsterdam

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

192.166.224.0 - 192.166.227.255

last_activity

2026-05-02 17:07:19.449000

reserved_range

0

Shodan's InternetDB

Open ports: 21, 22, 25, 53, 80, 110, 143, 465, 587, 995, 8083

Tags: self-signed, starttls

CPEs: cpe:/a:litespeedtech:litespeed_web_server, cpe:/a:f5:nginx, cpe:/a:openbsd:openssh:9.6p1

ts_added

2026-04-28 20:42:10.331000

ts_last_update

2026-05-03 20:42:20.222000

Warden event timeline

DShield event timeline

Presence on blacklists

OTX pulses