38.54.68.213 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 38.54.68.213 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 39/100

Host and Network Information

• Tags: Bruteforce, Brute-Force, cyber security, ioc, malicious, Nextray, phishing, SSH

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: hajmehdi133.ml server02.comprobansistemastgd.com im.trinhtrang.xyz

Open Ports Detected

10000 10001 10002 10008 10010 10011 10012 10013 10019 10038 10042 10047 10065 10082 10086 10243 10249 10250 10324 10397 10398 10443 10480 10554 10909 10911 10935 11000 11002 11027 11075 11112 11184 11210 11211 11288 11300 11371 11434 11688 12106 12111 12112 12114 12117 12121 12122 12123 12127 12130 12139 12141 12145 12149 12153 12159 12163 12166 12184 12191 12197 12200 12205 12208 12215 12216 12219 12225 12226 12227 12232 12233 12236 12237 12241 12243 12244 12247 12254 12257 12264 12265 12266 12271 12279 12295 12301 12311 12314 12315 12316 12322 12325 12333 12337 12338 12339 12348 12363 12364 12365 12370 12383 12384 12396 12401 12404 12407 12418 12423 12430 12431 12434 12444 12453 12454 12459 12462 12463 12477 12480 12487 12489 12490 12494 12502 12529 12530 12531 12532 12535 12536 12540 12542 12548 12550 12554 12555 12557 12566 12569 12577 12580 12980 13228 13333 13579 14104 14147 14265 14344 14401 14407 14897 14900 15000 15018 15040 15555 15672 16001 16003 16010 16015 16020 16021 16024 16025 16026 16028 16029 16030 16034 16037 16041 16047 16049 16073 16075 16079 16082 16085 16086 16402 16404 16831 16992 16993 17000 17010 17770 17775 18004 18005 18006 18011 18012 18015 18016 18028 18037 18038 18044 18047 18048 18051 18066 18071 18074 18079 18085 18087 18088 18092 18094 18096 18097 18102 18110 18200 18225 18245 18368 18443 18765 19000 19016 19071 19091 19100 19222 19443 20000 20020 20030 20053 20070 20080 20082 20110 20184 20202 20208 20256 20512 21025 21083 21084 21100 21231 21232 21236 21245 21246 21254 21258 21261 21262 21267 21269 21274 21281 21286 21289 21290 21293 21297 21310 21311 21314 21322 21324 21327 22 22556 22703 23023 23424 24082 24442 25001 25002 25105 25952 27015 27105 28015 28017 29984 8001

CVEs Detected

CVE-2023-44487 CVE-2025-23419

Map

Whois Information

• NetRange: 38.0.0.0 - 38.255.255.255
• CIDR: 38.0.0.0/8
• NetName: COGENT-A
• NetHandle: NET-38-0-0-0-1
• Parent: ()
• NetType: Direct Allocation
• OriginAS:
• Organization: Cogent Communications, LLC (COGC)
• RegDate: 1991-04-16
• Updated: 2025-09-23
• Ref: https://rdap.arin.net/registry/ip/38.0.0.0
• OrgName: Cogent Communications, LLC
• OrgId: COGC
• Address: 2450 N Street NW
• City: Washington
• StateProv: DC
• PostalCode: 20037
• Country: US
• RegDate: 2000-05-30
• Updated: 2025-09-23
• Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv
• Ref: https://rdap.arin.net/registry/entity/COGC
• OrgTechHandle: IPALL-ARIN
• OrgTechName: IP Allocation
• OrgTechPhone: +1-877-875-4311
• OrgTechEmail: ipalloc@cogentco.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPALL-ARIN
• OrgNOCHandle: ZC108-ARIN
• OrgNOCName: Cogent Communications
• OrgNOCPhone: +1-877-875-4311
• OrgNOCEmail: noc@cogentco.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/ZC108-ARIN
• OrgAbuseHandle: COGEN-ARIN
• OrgAbuseName: Cogent Abuse
• OrgAbusePhone: +1-877-875-4311
• OrgAbuseEmail: abuse@cogentco.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/COGEN-ARIN
• NetRange: 38.54.0.0 - 38.54.127.255
• CIDR: 38.54.0.0/17
• NetName: KAOPU-CGNT-NET-1
• NetHandle: NET-38-54-0-0-1
• Parent: COGENT-A (NET-38-0-0-0-1)
• NetType: Reallocated
• OriginAS:
• Organization: Kaopu Cloud HK Limited (KCHL-3)
• RegDate: 2022-05-04
• Updated: 2022-05-04
• Ref: https://rdap.arin.net/registry/ip/38.54.0.0
• OrgName: Kaopu Cloud HK Limited
• OrgId: KCHL-3
• Address: LEVEL 54 HOPEWELL CENTRE 183 QUEEN’S ROAD EAST HK
• City: HK
• StateProv:
• PostalCode:
• Country: HK
• RegDate: 2022-04-13
• Updated: 2023-11-21
• Comment: Geofeed https://www.kaopucloud.com/geofeed.csv
• Ref: https://rdap.arin.net/registry/entity/KCHL-3
• OrgTechHandle: MANAG489-ARIN
• OrgTechName: Manager
• OrgTechPhone: +852 94159695
• OrgTechRef: https://rdap.arin.net/registry/entity/MANAG489-ARIN
• OrgAbuseHandle: MANAG489-ARIN
• OrgAbuseName: Manager
• OrgAbusePhone: +852 94159695
• OrgAbuseRef: https://rdap.arin.net/registry/entity/MANAG489-ARIN
• NetRange: 38.54.68.0 - 38.54.69.255
• CIDR: 38.54.68.0/23
• NetName: LIGHTNODE-UK
• NetHandle: NET-38-54-68-0-1
• Parent: KAOPU-CGNT-NET-1 (NET-38-54-0-0-1)
• NetType: Reassigned
• OriginAS:
• Customer: LightNode-UK (C09039864)
• RegDate: 2022-11-24
• Updated: 2022-11-24
• Ref: https://rdap.arin.net/registry/ip/38.54.68.0
• CustName: LightNode-UK
• Address: UK,London
• City: London
• StateProv:
• PostalCode:
• Country: GB
• RegDate: 2022-11-24
• Updated: 2022-11-24
• Ref: https://rdap.arin.net/registry/entity/C09039864
• OrgTechHandle: MANAG489-ARIN
• OrgTechName: Manager
• OrgTechPhone: +852 94159695
• OrgTechRef: https://rdap.arin.net/registry/entity/MANAG489-ARIN
• OrgAbuseHandle: MANAG489-ARIN
• OrgAbuseName: Manager
• OrgAbusePhone: +852 94159695
• OrgAbuseRef: https://rdap.arin.net/registry/entity/MANAG489-ARIN
• network:ID:NET4-2636000011
• network:Network-Name:NET4-2636000011
• network:IP-Network:38.54.0.0/17
• network:Org-Name:KAOPU CLOUD HK LIMITED
• network:Street-Address:11 GREAT OAKS BLVD
• network:City:SAN JOSE
• network:State:CA
• network:Country:US
• network:Postal-Code:95119
• network:Tech-Contact:ZC108-ARIN
• network:Updated:2025-05-06 14:14:32

Links to attack logs

****** dolondon-ssh-bruteforce-ip-list-2023-02-07 ****** ******