148.72.177.126 Threat Intelligence and Host Information

Dec 13, 2024 ipinfopage

General

IP Address
148.72.177.126
IPv4 Address
Location
🇺🇸 St Louis, United States
US
Network
AS30083
AS-30083-GO-DADDY-COM-LLC
Threat Score
56/100
High Risk
brute-forcebruteforceBruteforceBrute-Forcecowriemalicioussftpssh
Attack Intelligence
MITRE ATT&CK Techniques
T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Open Ports Detected
22
Geographic Location
Country
United States
City
St Louis
Region
Missouri
Coordinates
38.6287, -90.1988
Network Information
ASN
AS30083
Organization
AS-30083-GO-DADDY-COM-LLC
Network
AS30083 AS-30083-GO-DADDY-COM-LLC
WHOIS Information
NetRange
148.72.164.0 - 148.72.177.255
CIDR
148.72.164.0/22, 148.72.168.0/21, 148.72.176.0/23
NetName
VIG-97
NetHandle
NET-148-72-164-0-1
Parent
NET148 (NET-148-0-0-0-0)
NetType
Direct Allocation
OriginAS
Organization
velia.net (VIG-97)
RegDate
2023-05-05
Updated
2024-11-26
Ref
https://rdap.arin.net/registry/entity/VIG-97
OrgName
velia.net
OrgId
VIG-97
Address
Hessen-Homburg-Platz 1
City
Hanau
StateProv
PostalCode
63452
Country
DE
OrgDNSHandle
HOSTM2182-ARIN
OrgDNSName
hostmaster
OrgDNSPhone
+49 221 429 143
OrgDNSEmail
net-arin@velia.net
OrgDNSRef
https://rdap.arin.net/registry/entity/HOSTM2182-ARIN
OrgAbuseHandle
HOSTM2182-ARIN

  • Country: United States
  • Network: “reputation”: 0, “indicator”: “148.72.177.126
  • Noticed: 7 times
  • Protocols Attacked: ssh

Malware Detected on Host

Count:

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Likely Malicious Host 🟠 61/100

  • OrgTechPhone: +1-555-867-5309

Host and Network Information

  • OrgTechEmail: rsteward@velia.net

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • OrgTechRef: https://rdap.arin.net/registry/entity/STEWA571-ARIN

  • Tags: brute-force, bruteforce, Bruteforce, Brute-Force, cowrie, malicious, sftp, ssh, SSH, tcp

  • OrgNOCHandle: HOSTM2182-ARIN

  • OrgNOCName: hostmaster

  • View other sources: Spamhaus VirusTotal

  • OrgNOCPhone: +49 221 429 143

Open Ports Detected

22 3000 443 80 8080

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Whois Information

Links to attack logs

digitaloceansingapore-ssh-bruteforce-ip-list-2024-11-24 digitaloceansingapore-ssh-bruteforce-ip-list-2024-11-24

Share on:
Disclaimer
This page contains threat intelligence information for the IPv4 address 148.72.177.126 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.