139.224.246.185 Threat Intelligence and Host Information

Nov 03, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 139.224.246.185 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Tags: bruteforce, cyber security, digital ocean, ioc, malicious, mssql, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: turris_greylist

  • Country: China
  • Network: AS37963 hangzhou alibaba advertising co. ltd.
  • Noticed: 32 times
  • Protocols Attacked: mssql
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Singapore, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10134 102 1023 1025 10250 10443 10554 1080 10909 11 11000 111 1110 11112 11210 11211 11288 113 11300 1153 119 12000 121 122 1234 12345 13 1337 135 1355 1414 14147 14265 143 1433 14344 1443 15 1515 1588 1604 16993 17 17000 175 179 1800 1801 18080 18081 18245 18443 1883 19 19000 1911 1926 195 1951 1962 199 19930 2000 20000 2002 2008 20256 2053 20547 2064 2067 2080 2081 2083 2087 20880 21 2121 21379 2154 2201 22069 22070 221 2211 2222 2266 23 23023 2323 2332 2345 2376 2382 2404 2455 25001 25105 2554 25565 2628 263 264 26656 26657 27015 27016 27036 2709 2761 2762 28015 30003 3001 30303 3050 3062 3078 3089 3097 311 3112 3118 3121 31337 31443 32400 3256 3260 3268 3269 32764 3299 3301 3306 33060 3307 33338 3388 33889 3389 3402 3407 35000 3551 3557 37 37777 3780 3790 389 39922 4000 4022 4063 4064 41443 4150 4157 4190 4242 427 4282 43 4321 4369 44158 4433 444 4444 447 44722 44818 4500 4506 465 4700 47808 47990 4840 4899 49 4911 4949 50000 5006 5007 5009 5010 50100 502 5025 503 51 51106 51235 515 5172 5201 5222 5269 53 5431 5432 5435 548 5494 54984 55000 554 55442 55554 5590 5595 5598 5600 5603 5672 5858 587 5909 593 5938 5984 6001 6002 6005 60129 61613 61616 62078 63256 63257 636 6379 6443 64738 6512 6633 666 6667 6668 6697 70 7002 7010 7171 7415 7434 7443 7510 7537 7548 7634 771 7777 789 79 7999 8000 8001 8002 8009 8025 8040 808 8081 8083 8085 8087 8089 8092 8099 8126 8139 8140 8181 8200 8248 8291 8333 8384 8401 8415 8443 8445 85 8500 8545 8554 8575 8649 8723 8728 873 8765 8767 8788 8811 8828 8834 8839 8852 8862 888 8885 9000 9002 9012 9015 9026 9027 9032 9042 9044 9051 9091 9092 9094 9095 9101 9151 9205 9210 9219 9220 9306 9333 9398 9418 9530 9600 9606 9633 9761 9898 993 9943 9998 9999

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2016-3115 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-16905 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767

Map

Whois Information

  • NetRange: 139.224.0.0 - 139.224.255.255
  • CIDR: 139.224.0.0/16
  • NetName: APNIC-ERX-139-224-0-0
  • NetHandle: NET-139-224-0-0-1
  • Parent: NET139 (NET-139-0-0-0-0)
  • NetType: Early Registrations, Transferred to APNIC
  • OriginAS:
  • Organization: Asia Pacific Network Information Centre (APNIC)
  • RegDate: 2010-11-03
  • Updated: 2010-11-17
  • Comment: This IP address range is not registered in the ARIN database.
  • Comment: This range was transferred to the APNIC Whois Database as
  • Comment: part of the ERX (Early Registration Transfer) project.
  • Comment: For details, refer to the APNIC Whois Database via
  • Comment:
  • Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
  • Comment: for the Asia Pacific region. APNIC does not operate networks
  • Comment: using this IP address range and is not able to investigate
  • Comment: spam or abuse reports relating to these addresses. For more
  • Ref: https://rdap.arin.net/registry/ip/139.224.0.0
  • OrgName: Asia Pacific Network Information Centre
  • OrgId: APNIC
  • Address: PO Box 3646
  • City: South Brisbane
  • StateProv: QLD
  • PostalCode: 4101
  • Country: AU
  • RegDate:
  • Updated: 2012-01-24
  • Ref: https://rdap.arin.net/registry/entity/APNIC
  • OrgAbuseHandle: AWC12-ARIN
  • OrgAbuseName: APNIC Whois Contact
  • OrgAbusePhone: +61 7 3858 3188
  • OrgAbuseEmail: search-apnic-not-arin@apnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
  • OrgTechHandle: AWC12-ARIN
  • OrgTechName: APNIC Whois Contact
  • OrgTechPhone: +61 7 3858 3188
  • OrgTechEmail: search-apnic-not-arin@apnic.net
  • OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN

Links to attack logs

****** dosing-mssql-bruteforce-ip-list-2022-03-16 ****** ******

Share on: