135.148.143.216 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 135.148.143.216 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

• Mitre ATT&CK IDs: T1110 - Brute Force

• Tags: Bruteforce, Nextray, SSH, Scanner, Webattack, bruteforce, cowrie, cyber security, ioc, malicious, phishing, scanning, smtp, ssh, tcp

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network: AS16276 ovh sas
• Noticed: 1 times
• Protcols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: painel.bonixmc.xyz faturamidwaay.com

Malware Detected on Host

Count: 3 b2ddbe13e28eb3d7520d964105a7dcb0ce4142d7128f6c66b2c06e6896d28fc3 c40fc2b6a41b6f3dc9692edef02e81859df88bf4cd6f256578fde9a0f8ee1a11 0333f4b823280bc6115b90ae626636b7ceefa4552f456817a07894f1fb9fec66

Open Ports Detected

443

Map

Whois Information

• NetRange: 135.148.0.0 - 135.148.255.255
• CIDR: 135.148.0.0/16
• NetName: OUL-16
• NetHandle: NET-135-148-0-0-1
• Parent: NET135 (NET-135-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: OVH US LLC (OUL-16)
• RegDate: 2020-09-28
• Updated: 2020-09-28
• Ref: https://rdap.arin.net/registry/ip/135.148.0.0
• OrgName: OVH US LLC
• OrgId: OUL-16
• Address: 12110 Sunset Hills
• City: Reston
• StateProv: VA
• PostalCode: 20190
• Country: US
• RegDate: 2016-09-16
• Updated: 2022-10-12
• Ref: https://rdap.arin.net/registry/entity/OUL-16
• OrgTechHandle: NOC32732-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-844-325-6233
• OrgTechEmail: [email protected]
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC32732-ARIN
• OrgAbuseHandle: ABUSE8550-ARIN
• OrgAbuseName: ABUSE
• OrgAbusePhone: +1-844-325-6233
• OrgAbuseEmail: [email protected]
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8550-ARIN
• NetRange: 135.148.143.128 - 135.148.143.255
• CIDR: 135.148.143.128/25
• NetName: OVH-DEDICATED-FO
• NetHandle: NET-135-148-143-128-1
• Parent: OUL-16 (NET-135-148-0-0-1)
• NetType: Reassigned
• OriginAS: AS16276
• Organization: OVH US LLC (OUL-16)
• RegDate: 2021-06-13
• Updated: 2021-06-13
• Comment: Failover IPs
• Ref: https://rdap.arin.net/registry/ip/135.148.143.128
• OrgName: OVH US LLC
• OrgId: OUL-16
• Address: 12110 Sunset Hills
• City: Reston
• StateProv: VA
• PostalCode: 20190
• Country: US
• RegDate: 2016-09-16
• Updated: 2022-10-12
• Ref: https://rdap.arin.net/registry/entity/OUL-16
• OrgTechHandle: NOC32732-ARIN
• OrgTechName: NOC
• OrgTechPhone: +1-844-325-6233
• OrgTechEmail: [email protected]
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC32732-ARIN
• OrgAbuseHandle: ABUSE8550-ARIN
• OrgAbuseName: ABUSE
• OrgAbusePhone: +1-844-325-6233
• OrgAbuseEmail: [email protected]
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8550-ARIN

Links to attack logs

awsbah-ssh-bruteforce-ip-list-2022-05-01