59.17.136.193 Threat Intelligence and Host Information

Share on:
Jul 27, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 59.17.136.193 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Nextray, cowrie, cyber security, ioc, malicious, phishing, scanners, ssh, vultr

  • JARM: 06d06d00006d06d06c42d42d000000b4c49d3b7f662fc6d2ecb8638db37bbc

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: b3b0, haley_ssh

  • Country: South Korea
  • Network: AS4766 korea telecom
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: nitlshare.direct.quickconnect.to iot.nitl.co.kr

Malware Detected on Host

Count: 1 a0c2cdb95eb662ba766ed637ffc46815cf55e20a38ebef0683e7e2ae99881063

Open Ports Detected

18081 2021 2022 2211 443 500 7080 80 8088 8090 8091 8180

CVEs Detected

CVE-2012-5533 CVE-2013-4508 CVE-2013-4559 CVE-2013-4560 CVE-2014-2323 CVE-2014-2324 CVE-2015-3200 CVE-2018-19052 CVE-2019-11072

Map

Whois Information

  • query : 59.17.136.193
  • IPv4주소 : 59.0.0.0 - 59.31.255.255 (/11)
  • 기관명 : 주식회사 케이티
  • 서비스명 : KORNET
  • 주소 : 경기도 성남시 분당구 불정로 90
  • 우편번호 : 13606
  • 할당일자 : 20040831
  • 이름 : IP주소 담당자
  • 전화번호 : +82-2-500-6630
  • 전자우편 : [email protected]
  • IPv4주소 : 59.17.136.192 - 59.17.136.255 (/26)
  • 기관명 : 수도권서부본부
  • 네트워크 구분 : CUSTOMER
  • 주소 : 인천광역시 서구 심곡동
  • 우편번호 : 404190
  • 할당내역 등록일 : 20190115
  • 이름 : IP주소 담당자
  • 전화번호 : +82-2-500-6631
  • 전자우편 : [email protected]
  • IPv4 Address : 59.0.0.0 - 59.31.255.255 (/11)
  • Organization Name : Korea Telecom
  • Service Name : KORNET
  • Address : Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90
  • Zip Code : 13606
  • Registration Date : 20040831
  • Name : IP Manager
  • Phone : +82-2-500-6630
  • E-Mail : [email protected]
  • IPv4 Address : 59.17.136.192 - 59.17.136.255 (/26)
  • Organization Name : Sudogwonseobubonbu
  • Network Type : CUSTOMER
  • Address : Simgok-Dong Seo-Gu Incheongwangyeok-Si
  • Zip Code : 404190
  • Registration Date : 20190115
  • Name : IP Manager
  • Phone : +82-2-500-6631
  • E-Mail : [email protected]

Links to attack logs

bruteforce-ip-list-2021-06-24 bruteforce-ip-list-2021-09-01 bruteforce-ip-list-2021-08-12 bruteforce-ip-list-2021-09-05 bruteforce-ip-list-2021-08-16 vultrparis-ssh-bruteforce-ip-list-2023-07-03