168.138.230.95 Threat Intelligence and Host Information

Share on:
Apr 24, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: 0xBFKX, Brute-Force, Bruteforce, Malicious IP, Nextray, SSH, Telnet, alienvault ip, attack, aws, bernal, blacklist, botnet c2, bruteforce, carapicuiba, cowrie, cyber security, dstip, fail2ban, feodo tracker, generic, ho chi, host at, host de, host in, host tw, ioc, ip blocklist, la, lafusioncenter, login, louisiana, malicious, malicious host, phishing, scan, scanner, scanners, ssh, tcp, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Brazil
  • Network: AS31898 oracle corporation
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: agendamento.unodesigndaluz.com.br www.unodesigndaluz.com.br unodesigndaluz.com.br

Open Ports Detected

2222 443 5000 80 8080

CVEs Detected

CVE-2006-20001 CVE-2010-4478 CVE-2010-4755 CVE-2010-5107 CVE-2011-4327 CVE-2011-5000 CVE-2012-0814 CVE-2014-1692 CVE-2014-2532 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2016-0777 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-20685 CVE-2019-17567 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-11984 CVE-2020-11993 CVE-2020-13938 CVE-2020-13950 CVE-2020-15778 CVE-2020-1927 CVE-2020-1934 CVE-2020-35452 CVE-2020-9490 CVE-2021-26690 CVE-2021-26691 CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-36368 CVE-2021-39275 CVE-2021-40438 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522

Map

Whois Information

  • NetRange: 168.138.0.0 - 168.138.255.255
  • CIDR: 168.138.0.0/16
  • NetName: OC-195
  • NetHandle: NET-168-138-0-0-1
  • Parent: NET168 (NET-168-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Oracle Corporation (ORACLE-4)
  • RegDate: 2016-10-14
  • Updated: 2017-11-27
  • Ref: https://rdap.arin.net/registry/ip/168.138.0.0
  • OrgName: Oracle Corporation
  • OrgId: ORACLE-4
  • Address: 500 Oracle Parkway
  • Address: Attn: Domain Administrator
  • City: Redwood Shores
  • StateProv: CA
  • PostalCode: 94065
  • Country: US
  • RegDate: 1988-04-29
  • Updated: 2021-08-02
  • Ref: https://rdap.arin.net/registry/entity/ORACLE-4
  • OrgRoutingHandle: ORACL2-ARIN
  • OrgRoutingName: ORACLEROUTING
  • OrgRoutingPhone: +1-800-392-2999
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/ORACL2-ARIN
  • OrgTechHandle: ORACL1-ARIN
  • OrgTechName: ORACLE NIS
  • OrgTechPhone: +1-650-506-2220
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ORACL1-ARIN
  • OrgAbuseHandle: NISAM-ARIN
  • OrgAbuseName: Network Information Systems Abuse Management
  • OrgAbusePhone: +1-650-506-2220
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/NISAM-ARIN
  • NetRange: 168.138.0.0 - 168.138.255.255
  • CIDR: 168.138.0.0/16
  • NetName: OC-195
  • NetHandle: NET-168-138-0-0-2
  • Parent: OC-195 (NET-168-138-0-0-1)
  • NetType: Reassigned
  • OriginAS:
  • Organization: Oracle Public Cloud (OC-195)
  • RegDate: 2017-12-01
  • Updated: 2017-12-01
  • Ref: https://rdap.arin.net/registry/ip/168.138.0.0
  • OrgName: Oracle Public Cloud
  • OrgId: OC-195
  • Address: 1501 4th Ave
  • City: Seattle
  • StateProv: WA
  • PostalCode: 98101
  • Country: US
  • RegDate: 2016-04-06
  • Updated: 2021-01-13
  • Ref: https://rdap.arin.net/registry/entity/OC-195
  • OrgTechHandle: OBMO-ARIN
  • OrgTechName: Oracle Bare Metal Operations
  • OrgTechPhone: +1-512-712-7403
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/OBMO-ARIN
  • OrgAbuseHandle: OBMO-ARIN
  • OrgAbuseName: Oracle Bare Metal Operations
  • OrgAbusePhone: +1-512-712-7403
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/OBMO-ARIN
  • OrgRoutingHandle: ORACL2-ARIN
  • OrgRoutingName: ORACLEROUTING
  • OrgRoutingPhone: +1-800-392-2999
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/ORACL2-ARIN

Links to attack logs

aws-ssh-bruteforce-ip-list-2021-04-17 bruteforce-ip-list-2021-05-10 bruteforce-ip-list-2021-03-09 bruteforce-ip-list-2021-06-17 bruteforce-ip-list-2021-03-12 aws-ssh-bruteforce-ip-list-2021-06-24 ** aws-ssh-bruteforce-ip-list-2021-05-20 bruteforce-ip-list-2021-05-13