136.144.41.128 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 136.144.41.128 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, tsec

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS211252 delis llc
  • Noticed: 41 times
  • Protocols Attacked: ntp
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: help0nlinechas3445.com seconline233.com onlineverifp485.com

Malware Detected on Host

Count: 32 5ff5bd71b07e83bb60ad50f5861440e0565edd3434dbdeeedf4b0d855dd58819 ea6f09c06656ee6f46dbdd61c4ce9553a1316942477907338ff46c684e2da27b f2ea289b28410b7e9c9e6399e5c782bd57294f7f5da3649e057c416ed1224b52 19dbd56c740b109881534a34d357edeedd13a5233e5aff6795c17d1a8e2b17d5 a7fbb3fc4bd37865643624b36ad17d7c78582e565b2145267304115e2ac8bc77 24ef37f6fe77853e9c37523bcd037328bfee18d80d070d00f8036a43a598520f a4c000bb1e0141fc91aa82538c49a066692bdca7fdf2e7d5c0a402c02f8be191 50a1fd4a61f4f2aec38ab48c50728f036cb308ad455caea9b2a7abfbfe6bbd94 2690b29694ad06482e28577d75195acd4633d8bf7a348c2c709ace194ffcb913 5441f57a7d99e180b3875c412d12c0a96a118b06dff34916d9cc93d58b00c082

Map

Whois Information

  • NetRange: 136.144.16.0 - 136.144.127.255
  • CIDR: 136.144.16.0/20, 136.144.64.0/18, 136.144.32.0/19
  • NetName: RIPE
  • NetHandle: NET-136-144-16-0-1
  • Parent: NET136 (NET-136-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2016-11-08
  • Updated: 2016-11-08
  • Ref: https://rdap.arin.net/registry/ip/136.144.16.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • inetnum: 136.144.41.0 - 136.144.41.255
  • netname: MEGACABLE-136-144-41-0
  • country: MX
  • geoloc: 19.4315604 -99.2148968
  • org: ORG-MCDM2-RIPE
  • admin-c: MCDM40-RIPE
  • tech-c: MCDM40-RIPE
  • status: LEGACY
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:16Z
  • last-modified: 2022-10-21T10:37:16Z
  • organisation: ORG-MCDM2-RIPE
  • org-name: Megacable Comunicaciones de Mexico, S.A. de C.V.
  • org-type: OTHER
  • address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
  • address: 11000 Ciudad de Mexico
  • address: CDMX
  • address: Mexico
  • abuse-c: MCDM40-RIPE
  • mnt-ref: PREFIXBROKER-MNT
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:14Z
  • last-modified: 2022-10-21T10:37:14Z
  • role: Megacable Comunicaciones de Mexico, S.A. de C.V. abuse handling
  • address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
  • address: 11000 Ciudad de Mexico
  • address: CDMX
  • address: Mexico
  • nic-hdl: MCDM40-RIPE
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:14Z
  • last-modified: 2022-10-21T10:37:14Z
  • abuse-mailbox: [email protected]
  • route: 136.144.41.0/24
  • origin: AS14178
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:16Z
  • last-modified: 2022-10-21T10:37:16Z

Links to attack logs

** awsau-ntp-bruteforce-ip-list-2021-10-19 awsbah-ntp-bruteforce-ip-list-2021-10-19 ** ntp-bruteforce-ip-list-2021-10-19 **