79.137.196.237 Threat Intelligence and Host Information

Share on:
May 07, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 35/100

Host and Network Information

  • Mitre ATT&CK IDs: T1021.004 - SSH
  • Tags: Brute-Force, Bruteforce, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Russian Federation
  • Network: AS12695 llc digital network
  • Noticed: 7 times
  • Protcols Attacked: ssh
  • Countries Attacked: Australia

Open Ports Detected

10000 10001 1022 1026 1027 104 10443 1050 10554 106 1080 1099 11 110 11000 111 1110 11112 1119 11210 11211 113 11300 1153 1167 119 12000 1234 1290 13 131 13579 139 14147 14265 143 1433 1471 1500 1521 1599 16010 1604 16992 1723 175 179 180 1820 18245 1833 1883 19071 19132 1925 195 1951 199 20 2000 20000 2001 2003 2006 2008 2012 2018 2021 2022 2048 2053 2055 2056 2062 2064 2065 2066 2067 2070 2077 2079 2080 2087 2095 2096 21 2100 21025 211 2121 2126 21379 2150 2154 2181 22 2200 2202 221 2211 2222 22222 225 2250 2266 2351 2375 2376 2379 2443 2455 2480 25 25001 2506 25105 2525 2548 2551 2555 2556 25565 2562 2563 2566 2567 2568 2570 2601 2602 2626 264 2701 27015 2709 2761 28015 2806 3001 3002 3005 3049 3050 3051 3055 3056 3057 3058 3059 3060 3061 3062 3072 3075 3079 3080 3084 3086 3088 3089 3090 3091 3094 3096 3098 3099 3101 3102 3103 3105 3108 3112 3113 3114 3116 3119 3120 3128 3211 3260 3268 3269 32764 3299 3301 3306 33060 3307 3333 3388 3389 3402 3405 3407 3498 35000 3541 3548 3551 3555 3557 3559 3562 3567 3568 3569 3570 37 37215 37777 3794 38 3838 3922 3953 3954 4000 4001 4022 4063 4064 4100 4190 4242 427 4282 43 4321 4369 44158 443 4430 444 4444 445 44818 4500 4506 4545 4567 465 4700 4734 4782 4808 4840 4848 4899 491 4911 4949 50000 5002 5003 5004 5005 50050 5007 50070 5010 502 5025 503 5050 51106 5122 51235 515 5190 5201 5209 522 5269 5280 53 5321 5400 5432 5446 5454 548 5494 5500 554 55442 555 55553 5567 5568 5569 5593 5597 5599 5600 5602 5605 5607 5608 5609 5672 587 5907 5910 593 5938 5984 6000 6001 6002 6003 6007 6009 6010 6102 6161 61613 61616 636 6363 6379 6464 6510 6511 6543 6560 6580 6588 6590 6600 6603 6633 6653 666 6667 6668 6697 6955 70 7004 7005 7010 7081 7090 7171 7401 7433 7445 7474 7634 7676 771 772 7778 7779 7788 7887 789 79 7998 7999 80 800 8000 8003 8005 8007 8009 8011 8012 8013 8022 8024 8025 8030 8031 8033 8034 8035 8037 8038 8039 8040 8041 8044 8045 8047 8049 805 8052 8055 8057 8060 8064 8066 8080 8081 8087 8090 8095 8097 8098 8099 8100 8101 8108 8109 8126 8180 8190 8200 8222 8236 8237 8238 8239 8241 8249 8291 830 8333 8403 8407 8409 8410 8417 8418 8420 8426 8429 843 8430 8431 8432 8442 8447 8513 8545 8554 8586 8590 86 8622 8623 8663 8686 8688 8728 873 8733 8766 8784 8802 8803 8804 8805 8806 8808 8810 8812 8814 8816 8818 8819 8820 8822 8823 8826 8827 8828 8836 8839 8845 8846 8848 8850 8852 8853 8854 8855 8860 8862 8863 8865 8868 8870 8871 8874 8875 8877 888 8885 8887 8890 8899 8935 8988 8989 8993 9001 9002 9003 9005 9007 9008 9011 9014 9015 9018 902 9020 9022 9024 9026 9029 9032 9033 9035 9038 9041 9042 9047 9048 9051 9070 9084 9092 9094 9096 9097 9098 9100 9101 9102 9104 9106 9108 9109 9110 9119 9151 9160 9189 9200 9201 9203 9210 9211 9212 9213 9216 9219 9221 9222 9303 9306 9307 9308 9309 9310 9311 9389 9433 9444 9445 95 96 9600 9606 9663 97 9704 9743 9761 98 9869 9876 99 990 992 993 9944 995 9950 9990 9991 9994 9998 9999

CVEs Detected

CVE-2006-20001 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522

Map

Whois Information

  • inetnum: 79.137.196.0 - 79.137.199.255
  • netname: aeza-net-7
  • country: NL
  • geofeed: https://aeza.net/static/ipv4_f.csv
  • geoloc: 52.3559446 4.9531184
  • org: ORG-AGL38-RIPE
  • mnt-routes: aeza-mnt
  • mnt-domains: aeza-mnt
  • admin-c: AN32749-RIPE
  • tech-c: AN32749-RIPE
  • status: ASSIGNED PA
  • mnt-by: DN-MNT
  • created: 2022-09-01T13:10:46Z
  • last-modified: 2023-02-27T08:09:03Z
  • organisation: ORG-AGL38-RIPE
  • org-name: AEZA GROUP LLC
  • org-type: OTHER
  • address: 350001, Krasnodar, st. im. Mayakovskogo, b. 160, office 2.4
  • abuse-c: AA38875-RIPE
  • mnt-ref: aeza-mnt
  • mnt-ref: DN-MNT
  • mnt-ref: VF1-MNT
  • mnt-ref: DATAMAX-M
  • mnt-by: aeza-mnt
  • created: 2021-11-23T13:59:30Z
  • last-modified: 2023-01-06T12:18:43Z
  • role: Aeza Network
  • address: 350001, Krasnodar, st. im. Mayakovskogo, b. 160, office 2.4
  • nic-hdl: AN32749-RIPE
  • mnt-by: aeza-group-mnt
  • created: 2021-11-24T09:55:02Z
  • last-modified: 2021-11-24T09:55:02Z
  • route: 79.137.196.0/22
  • origin: AS210644
  • mnt-by: aeza-mnt
  • mnt-by: AEZA-NETWORK-MNT
  • created: 2022-09-01T23:02:07Z
  • last-modified: 2022-09-01T23:02:07Z

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2023-05-06