139.178.68.115 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 139.178.68.115 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: blacklist, botnet, cyber security, digital ocean, ioc, malicious, Malicious IP, mariadb, mirai, mysql, Nextray, phishing, scan, scanners, snmp, tcp, vultr

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS54825 packet host inc.
  • Noticed: 35 times
  • Protocols Attacked: snmp
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: map20-100.s.section.io anycast-100.s.section.io map16.e.section.io map16-100.s.section.io ad1.digi-global.net portal-testing.digimeetings.com portal.digimeetings.com

Malware Detected on Host

Count: 56 3234a3a5c5f7e864cf5e168889a0f49cd5ee23d5d9a7f434f2ad31f25cd59cec e2a077f8065d8b646123c937b982b6ba6729899d887fb64c9fa019ce53d5629d 4dcdcf1a4e7623901a8bfa8c1efa1a3dd047d5fdd634abf2832029bd47aef80a 086e7aa473a3cbb9da0742ba353c38276395746894e7d8c546aa1098422fed7b 87ed3e0ae6438577cf5c427aba0e97de2f64f2a4c5423f47cf2aa523df029016 7b0ad4aa154c64ce34b9040cf41d4d676d23aca84adf57f70f2c190cf865b92a 1222e05915d7b86f6c3d75b1b218dac9f4be98b6b9c14c828f5181675cc331e8 73902d6a92b3cef44495250b7c324cb6004370422425eb827f8105424949b450 523d2e0957c0eea919bf472d483436c039324d3f7fafe61d03b8abaf095b2b39 682ac77bd7ddc3fcaaf723aa1e6c30f8e5a9cfe4b5dc8b2701350a88a7b3b501

Map

Whois Information

  • NetRange: 139.178.0.0 - 139.179.255.255
  • CIDR: 139.178.0.0/15
  • NetName: RIPE-ERX-139-178-0-0
  • NetHandle: NET-139-178-0-0-1
  • Parent: NET139 (NET-139-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2004-03-03
  • Updated: 2004-03-03
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/139.178.0.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • inetnum: 139.178.64.0 - 139.178.95.255
  • netname: PACKET-HOST-139-178-64-0
  • descr: Packet Host Inc
  • org: ORG-PHI4-RIPE
  • country: US
  • admin-c: PH6877-RIPE
  • tech-c: PH6877-RIPE
  • status: LEGACY
  • mnt-by: RIPE-NCC-LEGACY-MNT
  • mnt-by: PACKET-MNT
  • created: 2018-09-22T06:05:27Z
  • last-modified: 2024-03-28T13:29:04Z
  • organisation: ORG-PHI4-RIPE
  • org-name: Equinix Services, Inc.
  • country: US
  • org-type: LIR
  • address: 30 Vesey Street, Suite 900
  • address: 10007
  • address: New York, New York
  • address: UNITED STATES
  • phone: +1-212-933-9785
  • admin-c: PN4923-RIPE
  • tech-c: PN4923-RIPE
  • abuse-c: AR48110-RIPE
  • mnt-ref: PACKET-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: PACKET-MNT
  • created: 2018-09-05T07:58:21Z
  • last-modified: 2020-12-16T12:45:39Z
  • person: Packet Host
  • address: 30 Vesey Street Suite 900 New York, NY 10007 US
  • phone: +1-212-933-9785
  • nic-hdl: PH6877-RIPE
  • mnt-by: PACKET-MNT
  • created: 2015-01-06T15:27:56Z
  • last-modified: 2015-01-06T15:27:57Z

Links to attack logs

** vultrwarsaw-snmp-bruteforce-ip-list-2022-02-05 ** dotoronto-snmp-bruteforce-ip-list-2022-01-31 ** dolondon-snmp-bruteforce-ip-list-2022-01-31