217.138.252.123 Threat Intelligence and Host Information

Nov 28, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 217.138.252.123 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua

  • Country: Japan
  • Network: AS9009 m247 ltd
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: majayjay.online runico.synology.me azeemcosyint.ddns.net kasumi.synology.me storage.nsupdate.info nts673.myqnapcloud.com yakitako.synology.me xn–28jte.com

Malware Detected on Host

Count: 9 ea541e3bedaf68265918e25509478ada0de789e5de0e11bec3829f5d64b67bf8 cef158eefeab6bf37010f579e467d8b3f857fcc11bc7ef67ba5e657e2ca29cf7 782bbd2af5662f10e71749ac6e78559c71c9200fca87a0e2140a1b225c92a68c 0a129dd1a17aab3eb7441186b63bfc4b38443027b733c0830cb4b6b8423a70b0 70b208cf272e9ad9f59257b2bdeda35bda07343c23afd8985eee37b5193f89f0 e4f49a5ab6c6c610d460ed05eb5fc10f9b43a47ffa86071f8037fa8f81831854 2be526302b495172e4456c819e68d5a161c3eb7c589482e31e8600fae002095d 2f9139407c8f64c3e3033b66f9bb01c4687c351909282fc1633266aa387360c5 7092f70a3da40f994f74a966d0c31c42edd8ea933b6b853c5fe9618f8e166024

Open Ports Detected

88

Map

Whois Information

  • inetnum: 217.138.252.0 - 217.138.252.255
  • netname: M247-LTD-TOKYO
  • descr: M247 LTD Tokyo Infrastructure
  • country: JP
  • geoloc: 35.6222 139.7455
  • admin-c: GBXS24-RIPE
  • tech-c: GBXS24-RIPE
  • status: ASSIGNED PA
  • mnt-by: GLOBALAXS-MNT
  • mnt-routes: GLOBALAXS-MNT
  • mnt-domains: GLOBALAXS-MNT
  • created: 2020-04-10T10:20:57Z
  • last-modified: 2020-04-10T10:20:57Z
  • role: GLOBALAXS TOKYO NOC
  • address: 2 Chome-1-17 Higashishinagawa, Shinagawa
  • address: Tokyo 140-0002, Japan
  • abuse-mailbox: abuse@m247.ro
  • nic-hdl: GBXS24-RIPE
  • mnt-by: GLOBALAXS-MNT
  • created: 2017-10-17T16:49:19Z
  • last-modified: 2018-07-18T11:04:41Z
  • route: 217.138.252.0/24
  • origin: AS9009
  • mnt-by: GLOBALAXS-MNT
  • created: 2020-04-10T10:25:33Z
  • last-modified: 2020-04-10T10:25:33Z

Links to attack logs

anonymous-proxy-ip-list-2023-11-27

Share on: