38.55.214.149 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 38.55.214.149 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: awsindia, bruteforce, cyber security, ioc, malicious, mssql, Nextray, phishing

• JARM: 3fd21c20d00000021c43d21c21c43d76e1f79b8645e08ae7fa8f07eb5e4202

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 31 times
• Protocols Attacked: mssql
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, India, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: b51at1.cc t3xis.com cluster58179a52.w1k29.com xl247.vip xl249.vip xl238.vip xl251.vip xl283.vip xl235.vip xl317.vip xl240.vip xl236.vip xl234.vip xl258.vip xl231.vip xl232.vip xl253.vip xl237.vip xl233.vip xl243.vip xl256.vip xl311.com xl334.com xl293.com xl289.com xl310.com xl316.com xl394.com xl261.com xl320.com xl235.com xl245.com xl282.com xl294.com xl237.com xl291.com xl267.com xl243.com xl553.com xl230.com xl264.com xl577.com xl273.com xl229.com xl272.com xl327.com xl244.com xl276.com xl292.com xl315.com xl280.com xl275.com xl295.com xl589.com xl271.com xl314.com xl236.com xl232.com xl587.com xl287.com xl250.com xl234.com xl283.com xl297.com xl270.com xl269.com xl281.com xl300.com xl298.com xl689.com xl279.com xl278.com xl355.com xl227.com xl318.com xl501.com xl248.com xl313.com xl265.com xl606.com xl533.com xl284.com xl602.com xl246.com xl296.com xl290.com xl299.com xl317.com xl286.com xl231.com xl319.com xl274.com xl262.com xl251.com xl240.com y0zi1.com xl162.vip xl170.vip xl182.vip xl185.vip xl205.vip xl202.vip xl161.vip xl159.vip xl169hub.vip xl184.vip xl167.vip xl183.vip xl181.vip xl203.vip xl163.vip xl199.vip xl168.vip xl161.com xl253.com xl033.com xl201.com xl219.com xl259.com xl154.com xl044.com xl130.com xl778.com xl164.com xl056.com xl157.com xl143.com xl049.com xl170.com xl210.com xl023.com xl150.com xl043.com xl172.com xl064.com xl252.com xl152.com xl255.com xl129.com xl200.com xl059.com xl257.com xl125.com xl062.com xl061.com xl285.com xl199.com xl177.com xl174.com xl140.com xl518.com xl209.com xl208.com xl254.com xl047.com xl207.com xl058.com xl241.com xl132.com xl072.com xl213.com xl141.com xl205.com xl179.com xl133.com xl042.com xl159.com xl046.com xl031.com xl148.com xl169.com xl146.com xl206.com xl1cz.com xl192.com xl065.com xl171.com xl173.com xl203.com xl103.com xl098.com xl057.com xl015.com xl136.com xl013.com xl051.com xl012.com xl09.com xl017.com xl05.com xl142.com xl14.com xl052.com xl137.com xl026.com xl055.com xl167.com xl139.com xl06.com xl016.com xl144.com xl160.com

Open Ports Detected

111 22 443 80

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

• NetRange: 38.0.0.0 - 38.255.255.255
• CIDR: 38.0.0.0/8
• NetName: COGENT-A
• NetHandle: NET-38-0-0-0-1
• Parent: ()
• NetType: Direct Allocation
• OriginAS: AS174
• Organization: PSINet, Inc. (PSI)
• RegDate: 1991-04-16
• Updated: 2023-10-11
• Comment: IP allocations within 38.0.0.0/8 are used for Cogent customer static IP assignments.
• Comment:
• Comment:
• Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv
• Ref: https://rdap.arin.net/registry/ip/38.0.0.0
• OrgName: PSINet, Inc.
• OrgId: PSI
• Address: 2450 N Street NW
• City: Washington
• StateProv: DC
• PostalCode: 20037
• Country: US
• RegDate:
• Updated: 2023-10-11
• Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv
• Ref: https://rdap.arin.net/registry/entity/PSI
• OrgAbuseHandle: COGEN-ARIN
• OrgAbuseName: Cogent Abuse
• OrgAbusePhone: +1-877-875-4311
• OrgAbuseEmail: abuse@cogentco.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/COGEN-ARIN
• OrgTechHandle: IPALL-ARIN
• OrgTechName: IP Allocation
• OrgTechPhone: +1-877-875-4311
• OrgTechEmail: ipalloc@cogentco.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPALL-ARIN
• OrgNOCHandle: ZC108-ARIN
• OrgNOCName: Cogent Communications
• OrgNOCPhone: +1-877-875-4311
• OrgNOCEmail: noc@cogentco.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/ZC108-ARIN
• RTechHandle: PSI-NISC-ARIN
• RTechName: IP Allocation
• RTechPhone: +1-877-875-4311
• RTechEmail: ipalloc@cogentco.com
• RTechRef: https://rdap.arin.net/registry/entity/PSI-NISC-ARIN
• NetRange: 38.55.128.0 - 38.55.255.255
• CIDR: 38.55.128.0/17
• NetName: PEG-TECH-CGNT-NET-3
• NetHandle: NET-38-55-128-0-1
• Parent: COGENT-A (NET-38-0-0-0-1)
• NetType: Reallocated
• OriginAS: AS398478, AS398993, AS399195, AS54600, AS398823
• Organization: PEG TECH INC (PT-82)
• RegDate: 2022-01-27
• Updated: 2022-01-27
• Ref: https://rdap.arin.net/registry/ip/38.55.128.0
• OrgName: PEG TECH INC
• OrgId: PT-82
• Address: 2805 Mission College Blvd
• City: Santa Clara
• StateProv: CA
• PostalCode: 95054
• Country: US
• RegDate: 2012-03-27
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/PT-82
• OrgAbuseHandle: ABUSE3497-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-408-692-5581
• OrgAbuseEmail: abuse@petaexpress.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3497-ARIN
• OrgNOCHandle: NOC12550-ARIN
• OrgNOCName: NOC
• OrgNOCPhone: +1-408-692-5581
• OrgNOCEmail: noc@petaexpress.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC12550-ARIN
• OrgTechHandle: NOC12550-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-408-692-5581
• OrgTechEmail: noc@petaexpress.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC12550-ARIN
• network:ID:NET4-2637800011
• network:Network-Name:NET4-2637800011
• network:IP-Network:38.55.128.0/17
• network:Org-Name:PEG Tech Inc.
• network:Street-Address:624 SOUTH GRAND AVENUE
• network:City:LOS ANGELES
• network:State:CA
• network:Country:US
• network:Postal-Code:90017
• network:Tech-Contact:ZC108-ARIN
• network:Updated:2025-05-14 17:06:34

Links to attack logs

****** awsindia-mssql-bruteforce-ip-list-2022-03-11 awsindia-mssql-bruteforce-ip-list-2022-03-10 ****** ******