IP address

Search at other sites:

.000154.221.16.138

Shodan(more info)

Passive DNS

IP blacklists

blocklist.de SSH

154.221.16.138 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-18 16:05:05.316000
Was present on blacklist at: 2025-04-07 22:05, 2025-04-08 04:05, 2025-04-08 10:05, 2025-04-08 16:05, 2025-04-08 22:05, 2025-04-09 04:05, 2025-04-09 10:05, 2025-04-09 16:05, 2025-04-13 16:05, 2025-04-13 22:05, 2025-04-14 04:05, 2025-04-14 10:05, 2025-04-14 16:05, 2025-04-14 22:05, 2025-04-15 04:05, 2025-04-15 10:05, 2025-04-15 16:05, 2025-04-15 22:05, 2025-04-16 04:05, 2025-04-16 10:05, 2025-04-16 22:05, 2025-04-17 04:05, 2025-04-17 10:05, 2025-04-17 16:05, 2025-04-17 22:05, 2025-04-18 04:05, 2025-04-18 10:05, 2025-04-18 16:05

Spamhaus SBL CSS

154.221.16.138 was recently listed on the Spamhaus SBL CSS blacklist, but currently it is not.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-28 22:07:11.431000
Was present on blacklist at: 2025-04-07 22:07, 2025-04-14 22:07

Spamhaus XBL CBL

154.221.16.138 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-28 22:07:11.431000
Was present on blacklist at: 2025-04-07 22:07, 2025-04-14 22:07

DataPlane SSH login

154.221.16.138 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-04-25 10:10:01.585000
Was present on blacklist at: 2025-04-07 22:10, 2025-04-08 02:10, 2025-04-08 06:10, 2025-04-08 10:10, 2025-04-08 14:10, 2025-04-08 18:10, 2025-04-08 22:10, 2025-04-09 02:10, 2025-04-09 06:10, 2025-04-09 10:10, 2025-04-09 14:10, 2025-04-09 18:10, 2025-04-09 22:10, 2025-04-10 02:10, 2025-04-10 06:10, 2025-04-10 10:10, 2025-04-10 14:10, 2025-04-10 18:10, 2025-04-10 22:10, 2025-04-11 02:10, 2025-04-11 06:10, 2025-04-11 10:10, 2025-04-11 14:10, 2025-04-11 18:10, 2025-04-11 22:10, 2025-04-12 02:10, 2025-04-12 06:10, 2025-04-12 10:10, 2025-04-12 14:10, 2025-04-12 18:10, 2025-04-12 22:10, 2025-04-13 02:10, 2025-04-13 06:10, 2025-04-13 14:10, 2025-04-13 18:10, 2025-04-13 22:10, 2025-04-14 02:10, 2025-04-14 06:10, 2025-04-14 10:10, 2025-04-14 14:10, 2025-04-14 18:10, 2025-04-14 22:10, 2025-04-15 02:10, 2025-04-15 06:10, 2025-04-15 10:10, 2025-04-15 14:10, 2025-04-15 18:10, 2025-04-15 22:10, 2025-04-16 02:10, 2025-04-16 06:10, 2025-04-16 10:10, 2025-04-16 14:10, 2025-04-16 18:10, 2025-04-16 22:10, 2025-04-17 02:10, 2025-04-17 06:10, 2025-04-17 10:10, 2025-04-17 14:10, 2025-04-17 18:10, 2025-04-17 22:10, 2025-04-18 02:10, 2025-04-18 06:10, 2025-04-18 10:10, 2025-04-18 14:10, 2025-04-18 18:10, 2025-04-18 22:10, 2025-04-19 02:10, 2025-04-19 06:10, 2025-04-19 10:10, 2025-04-19 14:10, 2025-04-19 18:10, 2025-04-19 22:10, 2025-04-20 02:10, 2025-04-20 06:10, 2025-04-20 10:10, 2025-04-20 14:10, 2025-04-20 18:10, 2025-04-20 22:10, 2025-04-21 02:10, 2025-04-21 06:10, 2025-04-21 10:10, 2025-04-21 14:10, 2025-04-21 18:10, 2025-04-21 22:10, 2025-04-22 02:10, 2025-04-22 06:10, 2025-04-22 10:10, 2025-04-22 14:10, 2025-04-22 18:10, 2025-04-22 22:10, 2025-04-23 02:10, 2025-04-23 06:10, 2025-04-23 10:10, 2025-04-23 14:10, 2025-04-23 18:10, 2025-04-23 22:10, 2025-04-24 02:10, 2025-04-24 06:10, 2025-04-24 10:10, 2025-04-24 14:10, 2025-04-24 18:10, 2025-04-24 22:10, 2025-04-25 02:10, 2025-04-25 06:10, 2025-04-25 10:10

AbuseIPDB

154.221.16.138 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-04-18 04:00:00.574000
Was present on blacklist at: 2025-04-08 04:00, 2025-04-10 04:00, 2025-04-14 04:00, 2025-04-15 04:00, 2025-04-17 04:00, 2025-04-18 04:00

Warden events (4)

2025-04-11

AttemptLogin (node.ce2b59): 2

2025-04-10

AttemptLogin (node.ce2b59): 1

2025-04-09

AttemptLogin (node.ce2b59): 1

DShield reports (IP summary, reports)

2025-04-07

Number of reports: 81

Distinct targets: 3

2025-04-08

Number of reports: 140

Distinct targets: 3

2025-04-09

Number of reports: 388

Distinct targets: 6

2025-04-11

Number of reports: 262

Distinct targets: 7

2025-04-12

Number of reports: 526

Distinct targets: 9

2025-04-13

Number of reports: 51

Distinct targets: 4

2025-04-14

Number of reports: 115

Distinct targets: 6

2025-04-15

Number of reports: 39

Distinct targets: 3

2025-04-16

Number of reports: 151

Distinct targets: 3

Origin AS

AS142403 - YISUCLOUDLTD-HK

BGP Prefix

154.221.16.0/24

geo

Hong Kong, Hong Kong

🕑 Asia/Hong_Kong

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

154.192.0.0 - 154.223.255.255

last_activity

2025-04-11 09:23:37

last_warden_event

2025-04-11 09:23:37

rep

0.0

reserved_range

0

Shodan's InternetDB

Open ports: 22, 80, 135, 3389, 5985

Tags: self-signed, eol-os

CPEs: cpe:/a:jquery:jquery, cpe:/a:openbsd:openssh:8.9p1, cpe:/o:canonical:ubuntu_linux, cpe:/a:getbootstrap:bootstrap, cpe:/a:apache:http_server:2.4.52

ts_added

2025-04-07 22:07:07.740000

ts_last_update

2025-04-28 22:07:11.942000

Warden event timeline

DShield event timeline

Presence on blacklists