125.138.58.161 Threat Intelligence and Host Information

Oct 25, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 125.138.58.161 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1021.004 - SSH, T1110 - Brute Force

  • Tags: attack, Bruteforce, cowrie, cyber security, initiator ip, ioc, login, malicious, Nextray, phishing, scanner, ssh, SSH, Telnet, UK

  • JARM: 15d3fd16d29d29d00042d43d000000fe02290512647416dcf0a400ccbc0b6b

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua

  • Country: South Korea
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10022 11000 2000 21 22 3306 443 5001 5002 5005 5006 5007 5009 5010 5060 53 7001 80 8291 9999

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487 CVE-2025-50077 CVE-2025-50078 CVE-2025-50079 CVE-2025-50080 CVE-2025-50081 CVE-2025-50082 CVE-2025-50083 CVE-2025-50084 CVE-2025-50085 CVE-2025-50086 CVE-2025-50087 CVE-2025-50091 CVE-2025-50092 CVE-2025-50093 CVE-2025-50094 CVE-2025-50095 CVE-2025-50096 CVE-2025-50097 CVE-2025-50098 CVE-2025-50099 CVE-2025-50100 CVE-2025-50101 CVE-2025-50102 CVE-2025-50103 CVE-2025-50104

Map

Whois Information

  • query : 125.138.58.161
  • IPv4주소 : 125.128.0.0 - 125.159.255.255 (/11)
  • 기관명 : 주식회사 케이티
  • 서비스명 : KORNET
  • 주소 : 경기도 성남시 분당구 불정로 90
  • 우편번호 : 13606
  • 할당일자 : 20050822
  • 이름 : IP주소 담당자
  • 전화번호 : +82-2-500-6630
  • 전자우편 : kornet_ip@kt.com
  • IPv4주소 : 125.138.58.0 - 125.138.58.255 (/24)
  • 기관명 : (주) 케이티
  • 네트워크 구분 : CUSTOMER
  • 주소 : 대전광역시 서구 둔산2동
  • 우편번호 : 302122
  • 할당내역 등록일 : 20150925
  • 이름 : IP주소 담당자
  • 전화번호 : +82-2-500-6631
  • 전자우편 : kornet_ip@kt.com
  • IPv4 Address : 125.128.0.0 - 125.159.255.255 (/11)
  • Organization Name : Korea Telecom
  • Service Name : KORNET
  • Address : Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90
  • Zip Code : 13606
  • Registration Date : 20050822
  • Name : IP Manager
  • Phone : +82-2-500-6630
  • E-Mail : kornet_ip@kt.com
  • IPv4 Address : 125.138.58.0 - 125.138.58.255 (/24)
  • Organization Name : KT
  • Network Type : CUSTOMER
  • Address : Dunsan2-Dong Seo-Gu Daejeongwangyeok-Si
  • Zip Code : 302122
  • Registration Date : 20150925
  • Name : IP Manager
  • Phone : +82-2-500-6631
  • E-Mail : kornet_ip@kt.com

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2023-01-29 vultrparis-ssh-bruteforce-ip-list-2023-02-05 ****** vultrparis-ssh-bruteforce-ip-list-2023-02-13 ****** ******

Share on: