138.201.33.154 Threat Intelligence and Host Information

Mar 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 138.201.33.154 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

Tags: admin, blacklist, botnet, Malicious IP, mirai, RDP, scan, tcp, win, windows
View other sources: Spamhaus VirusTotal

Country: Germany
Network:
Noticed: 1 times
Protocols Attacked: Anonymous Proxy

Open Ports Detected

10050 11000 11065 11075 11084 11101 11112 11182 11210 11211 11288 11300 11371 11401 11434 11481 11601 11602 11681 11688 11920 12000 12001 12113 12124 12131 12137 12139 12143 12146 12157 12159 12161 12162 12167 12172 12176 12181 12186 12187 12188 12189 12190 12195 12199 12214 12223 12224 12226 12228 12229 12230 12233 12235 12239 12245 12247 12248 12252 12258 12260 12264 12265 12267 12269 12270 12271 12272 12273 12276 12277 12281 12285 12286 12289 12298 12303 12305 12311 12312 12318 12319 12320 12324 12330 12343 12349 12357 12359 12363 12366 12367 12376 12379 12382 12383 12384 12387 12392 12394 12396 12398 12412 12422 12423 12427 12428 12432 12436 12437 12444 12445 12449 12452 12453 12456 12457 12464 12466 12467 12474 12480 12489 12491 12493 12501 12502 12504 12507 12515 12518 12520 12521 12524 12528 12535 12540 12543 12544 12551 12557 12558 12560 12562 12569 12570 12572 12573 12578 12601 12615 13047 13128 13333 13380 14024 14026 14147 14265 14344 14400 14403 14404 14896 14900 15038 15082 15443 15502 15503 15588 16000 16005 16009 16010 16011 16016 16020 16025 16029 16030 16035 16053 16054 16058 16063 16070 16071 16072 16074 16075 16079 16083 16087 16088 161 16103 16402 16403 16993 17000 17084 17182 17775 17776 18001 18003 18010 18023 18032 18036 18038 18039 18045 18061 18064 18069 18078 18080 18081 18087 18108 18109 18443 18553 18802 19222 19443 19930 20000 20256 20547 21230 21259 21265 21268 21270 21289 21301 21306 22 25006 27015 80 8000 8200

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2021-3618 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-44487 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2024-6387

Map

Whois Information

NetRange: 138.199.128.0 - 138.201.255.255
CIDR: 138.199.128.0/17, 138.200.0.0/15
NetName: RIPE-ERX-138-198-0-0
NetHandle: NET-138-199-128-0-1
Parent: NET138 (NET-138-0-0-0-0)
NetType: Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2003-12-11
Updated: 2025-02-10
Ref: https://rdap.arin.net/registry/ip/138.199.128.0
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPE
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-01-24

Share on: