136.144.41.22 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 136.144.41.22 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: badrequest, bruteforce, cyber security, ioc, kfsensor, malicious, Nextray, phishing, probing, rdp, Scanner, scanning, smtp, ssh, tcp, Webattack, webscan, webscanner

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: United States
  • Network: AS211252 delis llc
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: primefavro.xyz citi-0nlin3verify.redirectme.net citiver07.com citi-onlin3ver09.redirectme.net www.nzbchronicle.net nzbchronicle.net

Malware Detected on Host

Count: 13 1f2486dd36ac7749cadab2eab1c22988f74c1e5cfce52665e92061b7d7c5a0c2 6e429eead822066aae132f6d7a4779842dc06cdba1fd8018ad2605b47bb7e17e 54efd130dfc93bfa443acda87cffffb93ec515e04b6f67f401e62e4b0c271970 cef8c2eb819cab73b5e3eb199025ce48efdf217508a4fe3f115aafde585abc4d 9d6cf5c9f370a84b7d79a16dff0c8030b475ef751d96f04d8af2b07624f81104 b1f745d1289a6b82df80246312fd8f43a6afa0d290de20edca6048fc2262495a 8c96831de3d9d87c9205055c98f5761d254b6085c1c714ed074968eacd1d054c 9db41023edbfb60bd1321bb4fddf95681295b3ab9866d225f30bf181067f82ab c3a8609db0ce10412d4401067d91864e24d00f4e570fc64c430b6ba6a054e9ef 5b261acaed0136c4114986adf7fc0c163c2d5c9ce118a6ccf3cda9b01e48ae84

Map

Whois Information

  • NetRange: 136.144.16.0 - 136.144.127.255
  • CIDR: 136.144.32.0/19, 136.144.16.0/20, 136.144.64.0/18
  • NetName: RIPE
  • NetHandle: NET-136-144-16-0-1
  • Parent: NET136 (NET-136-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2016-11-08
  • Updated: 2016-11-08
  • Ref: https://rdap.arin.net/registry/ip/136.144.16.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • inetnum: 136.144.41.0 - 136.144.41.255
  • netname: MEGACABLE-136-144-41-0
  • country: MX
  • geoloc: 19.4315604 -99.2148968
  • org: ORG-MCDM2-RIPE
  • admin-c: MCDM40-RIPE
  • tech-c: MCDM40-RIPE
  • status: LEGACY
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:16Z
  • last-modified: 2022-10-21T10:37:16Z
  • organisation: ORG-MCDM2-RIPE
  • org-name: Megacable Comunicaciones de Mexico, S.A. de C.V.
  • org-type: OTHER
  • address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
  • address: 11000 Ciudad de Mexico
  • address: CDMX
  • address: Mexico
  • abuse-c: MCDM40-RIPE
  • mnt-ref: PREFIXBROKER-MNT
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:14Z
  • last-modified: 2022-10-21T10:37:14Z
  • role: Megacable Comunicaciones de Mexico, S.A. de C.V. abuse handling
  • address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
  • address: 11000 Ciudad de Mexico
  • address: CDMX
  • address: Mexico
  • nic-hdl: MCDM40-RIPE
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:14Z
  • last-modified: 2022-10-21T10:37:14Z
  • abuse-mailbox: [email protected]
  • route: 136.144.41.0/24
  • origin: AS14178
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-10-21T10:37:16Z
  • last-modified: 2022-10-21T10:37:16Z

Links to attack logs

awsbah-ssh-bruteforce-ip-list-2022-03-17 ** awsjap-ssh-bruteforce-ip-list-2022-03-17 awsau-ssh-bruteforce-ip-list-2022-02-28 ** **