158.255.215.50 Threat Intelligence and Host Information

Share on:
May 07, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 158.255.215.50 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 39/100

Host and Network Information

  • Tags: RDP, SSH, abuse, bruteforce, fraud, ipqs, ipqualityscore, web attack

  • View other sources: Spamhaus VirusTotal

  • Country: France
  • Network: AS9009 m247 ltd
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy

Open Ports Detected

10000 10001 10134 10443 10554 11112 11210 11300 11371 12000 123 1337 13579 14147 14265 16010 16992 16993 17000 18081 18245 19000 19071 22 3128 3129 3268 3269 3299 3301 3307 3310 3311 3337 3352 3388 3389 3401 3404 3407 3408 3409 3443 3503 3524 3541 3542 3548 3549 3551 3552 3554 3556 3558 3560 3561 3563 3569 3570 3689 3749 3780 3790 3791 3793 3794 3922 3951 3952 3953 4000 4001 4022 4040 4042 4043 4063 4064 4117 4118 4190 4200 4242 4282 4321 4369 4433 4482 4500 4505 4523 4545 4567 4646 4664 4782 4786 4840 4848 4899 4911 5001 5002 5004 5005 5006 5007 5009 5025 5050 5080 5090 5172 5201 5209 5222 5269 5357 5400 5431 5432 5435 5454 5494 5542 5560 5567 5568 5569 5591 5592 5593 5596 5597 5599 5600 5601 5602 5604 5605 5606 5608 5609 5672 5673 5800 5900 5901 5906 5908 5938 5984 5985 5986 6001 6002 6006 6080 6102 6161 6262 6264 6352 6379 6443 6510 6512 6550 6560 6565 6588 6590 6633 6650 6653 6662 6664 6666 6667 6668 6697 6748 7000 7001 7002 7003 7004 7005 7014 7070 7080 7090 7171 7218 7401 7415 7444 7445 7474 7493 7500 7510 7537 7547 7548 7634 7657 7676 7776 7777 7778 7779 7788 7989 7998 7999 80 8000 8001 8002 8006 8007 8008 8009 8010 8012 8013 8015 8016 8017 8026 8029 8030 8031 8033 8034 8035 8036 8038 8041 8044 8046 8047 8049 8051 8052 8053 8055 8057 8060 8064 8066 8069 8072 8080 8081 8083 8084 8086 8087 8089 8090 8092 8097 8098 8099 8100 8104 8105 8107 8110 8112 8123 8126 8139 8140 8159 8181 8182 8184 8200 8236 8238 8241 8243 8248 8249 8282 8333 8334 8402 8403 8404 8406 8408 8409 8411 8412 8413 8415 8417 8418 8419 8420 8421 8422 8423 8425 8426 8427 8428 8432 8433 8443 8448 8500 8553 8554 8575 8585 8586 8590 8621 8623 8649 8663 8666 8686 8688 8765 8767 8779 8782 8787 8789 8800 8801 8806 8808 8810 8811 8816 8818 8819 8821 8825 8826 8828 8829 8830 8832 8833 8838 8841 8842 8843 8844 8849 8851 8852 8854 8859 8860 8861 8867 8871 8874 8875 8877 8879 8881 8885 8888 8889 8899 8969 8988 8989 8990 8993 8999 9000 9001 9002 9003 9004 9006 9007 9009 9010 9011 9012 9013 9015 9017 9018 9021 9023 9029 9030 9032 9033 9034 9035 9036 9039 9040 9041 9042 9043 9045 9046 9047 9049 9051 9080 9082 9084 9088 9090 9091 9092 9096 9097 9098 9100 9102 9103 9104 9106 9110 9111 9119 9151 9160 9191 9199 9200 9204 9206 9208 9209 9210 9213 9214 9215 9219 9220 9221 9251 9295 9299 9301 9302 9304 9305 9306 9308 9310 9311 9418 9433 9443 9445 9527 9530 9550 9595 9600 9682 9690 9704 9743 9761 9800 9861 9869 9876 9898 9899 9943 9950 9955 9981 9988 9990 9993 9994 9999

CVEs Detected

CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12522 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527 CVE-2019-12528 CVE-2019-12529 CVE-2019-12854 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-11945 CVE-2020-14058 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-25097 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-46784 CVE-2022-41318

Map

Whois Information

  • NetRange: 158.255.0.0 - 158.255.255.255
  • CIDR: 158.255.0.0/16
  • NetName: RIPE-ERX-158-255-0-0
  • NetHandle: NET-158-255-0-0-1
  • Parent: NET158 (NET-158-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2010-11-03
  • Updated: 2010-11-17
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/158.255.0.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • inetnum: 158.255.215.0 - 158.255.215.255
  • netname: EDIS-FR-NET
  • descr: EDIS Infrastructure in France
  • country: FR
  • geoloc: 48.856082268164414 2.383888363838196
  • geofeed: https://www.edis.at/geofeed.txt
  • language: FR
  • org: ORG-EG44-RIPE
  • admin-c: EDIS-AT
  • tech-c: EDIS-AT
  • status: ASSIGNED PA
  • mnt-by: EDIS-MNT
  • created: 2011-12-20T13:37:06Z
  • last-modified: 2022-12-06T15:44:57Z
  • organisation: ORG-EG44-RIPE
  • org-name: EDIS GmbH
  • country: AT
  • org-type: LIR
  • address: Hauptplatz 3/3
  • address: 8010
  • address: Graz
  • address: AUSTRIA
  • phone: +43316827500300
  • fax-no: +43316827500777
  • admin-c: GK2
  • admin-c: ISAT
  • mnt-ref: EDIS-MNT
  • mnt-ref: MELBICOM-MNT
  • mnt-ref: NINE-MNT
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: EDIS-MNT
  • abuse-c: EDIS-AT
  • created: 2011-08-10T14:08:22Z
  • last-modified: 2021-02-03T07:58:56Z
  • role: EDIS GmbH - Noc Engineer
  • address: EDIS GmbH, Hauptplatz 3/3, 8010, GRAZ, Austria
  • address: http://www.edis.at
  • phone: +43 316 827500300
  • admin-c: EDIS-RIPE
  • admin-c: GK2
  • admin-c: ISAT
  • tech-c: EDIS-RIPE
  • tech-c: ISAT
  • abuse-mailbox: [email protected]
  • nic-hdl: EDIS-AT
  • mnt-by: EDIS-MNT
  • created: 2011-08-12T07:29:38Z
  • last-modified: 2016-04-08T06:50:42Z
  • route: 158.255.215.0/24
  • descr: EDIS-M247-FRANCE
  • origin: AS9009
  • mnt-by: EDIS-MNT
  • created: 2020-09-10T07:19:22Z
  • last-modified: 2020-09-10T07:19:22Z

Links to attack logs

roxy-ip-list-2023-05-05