138.59.17.40 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 138.59.17.40 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Tags: cve202229266, cyber security, description, description ip, indicator, indicator type, ioc, malicious, Nextray, phishing, TOR, VPN

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, haley_ssh, stopforumspam_365d

  • Known TOR node
  • Country: Costa Rica
  • Network: AS52423 data miners s.a
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: 0.datadog.pool.ntp.org 3.datadog.pool.ntp.org

Malware Detected on Host

Count: 48 e51954acb3762d4468daa0e5fcd9c3d95d5c12e3560ba709a71c940a47c10d3b e8b5117ff353546363e27d60ff40c83d73a8a865ad86db84627f3d105affc702 5690536a7ec6f6972d707ae296eccdb30972451608688842dcd6c70e6f5ef5ea 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 42eead06b47af53d48033dceddc9d6e74b7f755046de775e85ab2a64cc087c27 2f26bea5af7fc60271c4529bd040f75a77e5a676719399fb2c1cee77e1cbe489 eef2df20ad69a9e1ddd301ec237ee75c4637823e15621c397b7fcb4debd25447 d9b63f1088ad01965febafd3cf8ca7ec2f902026365c2f13e444e0dc1c12e673 b7dc30ec908a1bc473af334722f5b73a4c4f2e95e871083ee1138b5d26889cdf 70430dae496f27194ce64f61e547ebbb1edb6e8cea8c8662ef3f4bb799dabc07

Map

Whois Information

  • NetRange: 138.59.0.0 - 138.59.255.255
  • CIDR: 138.59.0.0/16
  • NetName: LACNIC-ERX-138-59-0-0
  • NetHandle: NET-138-59-0-0-1
  • Parent: NET138 (NET-138-0-0-0-0)
  • NetType: Transferred to LACNIC
  • OriginAS:
  • Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
  • RegDate: 2010-11-19
  • Updated: 2010-11-19
  • Comment: This IP address range is under LACNIC responsibility
  • Comment: for further allocations to users in LACNIC region.
  • Comment: Please see http://www.lacnic.net/ for further details,
  • Ref: https://rdap.arin.net/registry/ip/138.59.0.0
  • OrgName: Latin American and Caribbean IP address Regional Registry
  • OrgId: LACNIC
  • Address: Rambla Republica de Mexico 6125
  • City: Montevideo
  • StateProv:
  • PostalCode: 11400
  • Country: UY
  • RegDate: 2002-07-27
  • Updated: 2018-03-15
  • Ref: https://rdap.arin.net/registry/entity/LACNIC
  • OrgAbuseHandle: LWI100-ARIN
  • OrgAbuseName: LACNIC Whois Info
  • OrgAbusePhone: +598-2604-2222
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
  • OrgTechHandle: LACNIC-ARIN
  • OrgTechName: LACNIC Whois Info
  • OrgTechPhone: +598-2604-2222
  • OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN
  • inetnum: 138.59.16.0/22
  • status: allocated
  • aut-num: AS52423
  • owner: Data Miners S.A. ( Racknation.cr )
  • ownerid: CR-ADMS-LACNIC
  • responsible: RackNation Network Operations Center
  • address: 918-2100, 3790, -
  • address: 918-2100 - San Jose -
  • country: CR
  • phone: +506 40002133 [0000]
  • owner-c: ENR11
  • tech-c: ENR11
  • abuse-c: ENR11
  • inetrev: 138.59.16.0/22
  • nserver: NS.RACKNATION.CR
  • nsstat: 20240328 AA
  • nslastaa: 20240328
  • nserver: NS2.RACKNATION.CR
  • nsstat: 20240328 AA
  • nslastaa: 20240328
  • nserver: NS3.RACKNATION.CR
  • nsstat: 20240328 AA
  • nslastaa: 20240328
  • nserver: NS4.RACKNATION.CR
  • nsstat: 20240328 AA
  • nslastaa: 20240328
  • created: 20150205
  • changed: 20150205
  • nic-hdl: ENR11
  • person: Equipo NOC RackNation
  • e-mail: [email protected]
  • address: 300m sur rest il pomodoro, 1, -
  • address: 9182100 - San Pedro - SJ
  • country: CR
  • phone: +506 40002133 [0000]
  • created: 20130311
  • changed: 20211228

Links to attack logs

** aws-ssh-bruteforce-ip-list-2021-03-14 ** **