38.242.138.168 Threat Intelligence and Host Information

Oct 18, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 38.242.138.168 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 41/100

Host and Network Information

Tags: cyber security, digital ocean, ioc, malicious, Nextray, phishing, scanners, ssh
JARM: 2ad2ad0002ad2ad00042d42d000000ad9bf51cc3f5a1e29eecb81d0c7b06eb
View other sources: Spamhaus VirusTotal

Country: Turkey
Network:
Noticed: 31 times
Protocols Attacked: ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: wppmanager-fcapi.bloow.com.br wppmanager-fc.bloow.com.br bloow.com.br encoder.trilhadoconhecimento.online plataforma.trilhadoconhecimento.online

Open Ports Detected

1194 1723 18443 18556 2053 2083 2087 2095 2096 21200 21232 21235 21237 21240 21243 21245 21246 21248 21250 21252 21257 21258 21260 21261 21262 21263 21264 21267 21268 21270 21273 21274 21275 21277 21278 21283 21284 21287 21289 21290 21293 21294 21295 21297 33389 40000 40001 40005 40029 40070 443 4433 4434 4443 4444 465 49121 5678 6000 6001 6002 6003 6004 6005 6008 6009 6010 6021 65 66 70 79 80 8060 8061 8062 8063 8064 8065 8066 8067 8069 8071 8072 8075 8076 8077 8079 8080 8081 81 8443 8701 8703 8704 8705 8706 8708 8709 8723 8724 8728 8731 8732 8733 8743 8745 8765 8771 8779 8782 8787 8789 8790 88 8800

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

NetRange: 38.0.0.0 - 38.255.255.255
CIDR: 38.0.0.0/8
NetName: COGENT-A
NetHandle: NET-38-0-0-0-1
Parent: ()
NetType: Direct Allocation
OriginAS:
Organization: Cogent Communications, LLC (COGC)
RegDate: 1991-04-16
Updated: 2025-09-23
Ref: https://rdap.arin.net/registry/ip/38.0.0.0
OrgName: Cogent Communications, LLC
OrgId: COGC
Address: 2450 N Street NW
City: Washington
StateProv: DC
PostalCode: 20037
Country: US
RegDate: 2000-05-30
Updated: 2025-09-23
Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv
Ref: https://rdap.arin.net/registry/entity/COGC
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: +1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/COGEN-ARIN
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: +1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgNOCRef: https://rdap.arin.net/registry/entity/ZC108-ARIN
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: +1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPALL-ARIN
network:ID:NET4-26F2800013
network:Network-Name:NET4-26F2800013
network:IP-Network:38.242.128.0/19
network:Org-Name:Contabo GmbH
network:Street-Address:IN DER STEELE 39
network:City:DUSSELDORF
network:Country:DE
network:Postal-Code:40599
network:Tech-Contact:MH7476-RIPE
network:Updated:2025-05-06 20:09:14

Links to attack logs

****** dofrank-ssh-bruteforce-ip-list-2022-09-25 ****** ******

Share on: