138.204.188.51 Threat Intelligence and Host Information

Sep 01, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 138.204.188.51 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: Bruteforce, Brute-Force, cowrie, digital ocean, scanners, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Brazil
  • Network:
  • Noticed: 40 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, United Kingdom

Open Ports Detected

3000

Map

Whois Information

  • NetRange: 138.204.0.0 - 138.204.255.255
  • CIDR: 138.204.0.0/16
  • NetName: LACNIC-ERX-138-204-0-0
  • NetHandle: NET-138-204-0-0-1
  • Parent: NET138 (NET-138-0-0-0-0)
  • NetType: Transferred to LACNIC
  • OriginAS:
  • Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
  • RegDate: 2010-11-19
  • Updated: 2010-11-19
  • Comment: This IP address range is under LACNIC responsibility
  • Comment: for further allocations to users in LACNIC region.
  • Comment: Please see http://www.lacnic.net/ for further details,
  • Ref: https://rdap.arin.net/registry/ip/138.204.0.0
  • OrgName: Latin American and Caribbean IP address Regional Registry
  • OrgId: LACNIC
  • Address: Rambla Republica de Mexico 6125
  • City: Montevideo
  • StateProv:
  • PostalCode: 11400
  • Country: UY
  • RegDate: 2002-07-27
  • Updated: 2018-03-15
  • Ref: https://rdap.arin.net/registry/entity/LACNIC
  • OrgAbuseHandle: LWI100-ARIN
  • OrgAbuseName: LACNIC Whois Info
  • OrgAbusePhone: +598-2604-2222
  • OrgAbuseEmail: abuse@lacnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
  • OrgTechHandle: LACNIC-ARIN
  • OrgTechName: LACNIC Whois Info
  • OrgTechPhone: +598-2604-2222
  • OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN
  • inetnum: 138.204.188.0/22
  • aut-num: AS263918
  • abuse-c: NOWTE
  • owner: WS TELECOMUNICACOES LTDA EPP
  • ownerid: 11.872.576/0001-65
  • responsible: Rodrigo Lorenz
  • country: BR
  • owner-c: WTLME13
  • tech-c: NOWTE
  • inetrev: 138.204.188.0/22
  • nserver: nsa1.primeisp.com.br
  • nsstat: 20250830 AA
  • nslastaa: 20250830
  • nserver: nsa2.primeisp.com.br
  • nsstat: 20250830 AA
  • nslastaa: 20250830
  • dsinetrev: 138.204.188.0/24
  • dsrecord: 3512 ECDSA-SHA-256 0855F29466D4FA23EB09DD101831785838778ED7CB858DCA652B39AF211F1A72
  • dsstatus: 20250830 OK
  • dslastok: 20250830
  • dsinetrev: 138.204.189.0/24
  • dsrecord: 18728 ECDSA-SHA-256 8C24CAD475F861BAE507EE6D1A6B1904716BA0855650C028E41512BC4CF9F3B8
  • dsstatus: 20250830 OK
  • dslastok: 20250830
  • dsinetrev: 138.204.190.0/24
  • dsrecord: 15316 ECDSA-SHA-256 B94AA70EAE0C0246C112158C5763A521041A3A4954913B115DF64B0F433E36E0
  • dsstatus: 20250830 OK
  • dslastok: 20250830
  • dsinetrev: 138.204.191.0/24
  • dsrecord: 34768 ECDSA-SHA-256 A82484906BD426C5E1A1317036B6C28944A22D7C238CA84E7D6044A3B1557C32
  • dsstatus: 20250830 OK
  • dslastok: 20250830
  • created: 20150812
  • changed: 20150812
  • nic-hdl-br: WTLME13
  • person: ws telecomunicoes ltda me
  • e-mail: comercial@wstelecom.net
  • country: BR
  • created: 20130806
  • changed: 20180711
  • nic-hdl-br: NOWTE
  • person: N.O.C - WS Telecomunica��o
  • e-mail: noc@wstelecom.net
  • country: BR
  • created: 20150812
  • changed: 20200525

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2023-07-04 ****** bruteforce-ip-list-2023-07-09 ****** dolondon-ssh-bruteforce-ip-list-2023-06-30 ****** dotoronto-ssh-bruteforce-ip-list-2023-07-05

Share on: