138.204.176.18 Threat Intelligence and Host Information

Sep 05, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 138.204.176.18 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 25/100

Host and Network Information

Tags: Malicious IP, Nextray, blacklist, botnet, bruteforce, cyber security, digital ocean, ioc, malicious, mirai, mssql, nmap, phishing, port-scan, scan, smb, tcp, vultr
View other sources: Spamhaus VirusTotal
Contained within other IP sets: turris_greylist

Country: Brazil
Network: AS263912 pixel telecomunicaes
Noticed: 1 times
Protcols Attacked: mssql
Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Singapore, Spain, Turkey, Ukraine, United Kingdom, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: 138.204.176.18

Malware Detected on Host

Count: 1 c29eb6c46412c31012ae0149593b8d649ac27c16cc23cd336c7dd7b398ed7f8a

Open Ports Detected

135 137 139 21 3306 3389 445 5985 8010 8080

Map

Whois Information

NetRange: 138.204.0.0 - 138.204.255.255
CIDR: 138.204.0.0/16
NetName: LACNIC-ERX-138-204-0-0
NetHandle: NET-138-204-0-0-1
Parent: NET138 (NET-138-0-0-0-0)
NetType: Transferred to LACNIC
OriginAS:
Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
RegDate: 2010-11-19
Updated: 2010-11-19
Comment: This IP address range is under LACNIC responsibility
Comment: for further allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details,
Ref: https://rdap.arin.net/registry/ip/138.204.0.0
OrgName: Latin American and Caribbean IP address Regional Registry
OrgId: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
RegDate: 2002-07-27
Updated: 2018-03-15
Ref: https://rdap.arin.net/registry/entity/LACNIC
OrgAbuseHandle: LWI100-ARIN
OrgAbuseName: LACNIC Whois Info
OrgAbusePhone: +598-2604-2222
OrgAbuseEmail: abuse@lacnic.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone: +598-2604-2222
OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN
inetnum: 138.204.176.0/22
aut-num: AS263912
abuse-c: CAALE40
owner: PIXEL TELECOMUNICA��ES
ownerid: 12.801.550/0001-99
responsible: CARLOS ALESSANDRO SANTOS MAIA
owner-c: CAALE40
tech-c: CAALE40
inetrev: 138.204.176.0/24
nserver: aut01.pixeltelecom.com.br
nsstat: 20230904 AA
nslastaa: 20230904
nserver: aut02.pixeltelecom.com.br [lame - not published]
nsstat: 20230904 TIMEOUT
nslastaa: 20180405
created: 20150807
changed: 20150807
nic-hdl-br: CAALE40
person: CARLOS ALESSANDRO
created: 20100612
changed: 20230821

Links to attack logs

nmap-scanning-list-2022-10-11 dosing-mssql-bruteforce-ip-list-2021-09-21 vultrmadrid-mssql-bruteforce-ip-list-2022-10-12 dosing-mssql-bruteforce-ip-list-2022-10-07 dolondon-mssql-bruteforce-ip-list-2022-10-02 vultrmadrid-mssql-bruteforce-ip-list-2022-09-01 nmap-scanning-list-2022-10-03 dolondon-mssql-bruteforce-ip-list-2022-03-17 awsau-mssql-bruteforce-ip-list-2021-11-12

Share on: