136.144.41.27 Threat Intelligence and Host Information

Share on:

Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 136.144.41.27 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

Tags: cyber security, ioc, kfsensor, malicious, Nextray, phishing, probing, rdp, scanning, ssh, webscan, webscanner bruteforce web app attack
View other sources: Spamhaus VirusTotal
Country: United States
Network: AS211252 delis llc
Noticed: 50 times
Protocols Attacked: ntp
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: accessgranted.crabdance.com

Malware Detected on Host

Count: 2 d9d6b3634290a4da2dfc63e01b114b3ad5d88e3fecb1cb281f63d5ea5fb4b12a 4c11b7fb217b3675e60d659ce0a2c3eee1bdbd3e3ddba1ad6d762878f62534d1

Map

Whois Information

NetRange: 136.144.16.0 - 136.144.127.255
CIDR: 136.144.64.0/18, 136.144.32.0/19, 136.144.16.0/20
NetName: RIPE
NetHandle: NET-136-144-16-0-1
Parent: NET136 (NET-136-0-0-0-0)
NetType: Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2016-11-08
Updated: 2016-11-08
Ref: https://rdap.arin.net/registry/ip/136.144.16.0
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPE
OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
inetnum: 136.144.41.0 - 136.144.41.255
netname: MEGACABLE-136-144-41-0
country: MX
geoloc: 19.4315604 -99.2148968
org: ORG-MCDM2-RIPE
admin-c: MCDM40-RIPE
tech-c: MCDM40-RIPE
status: LEGACY
mnt-by: PREFIXBROKER-MNT
created: 2022-10-21T10:37:16Z
last-modified: 2022-10-21T10:37:16Z
organisation: ORG-MCDM2-RIPE
org-name: Megacable Comunicaciones de Mexico, S.A. de C.V.
org-type: OTHER
address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
address: 11000 Ciudad de Mexico
address: CDMX
address: Mexico
abuse-c: MCDM40-RIPE
mnt-ref: PREFIXBROKER-MNT
mnt-by: PREFIXBROKER-MNT
created: 2022-10-21T10:37:14Z
last-modified: 2022-10-21T10:37:14Z
role: Megacable Comunicaciones de Mexico, S.A. de C.V. abuse handling
address: Sierra Candela 111-Piso 8, Lomas de Chapultepec, Miguel Hidalgo
address: 11000 Ciudad de Mexico
address: CDMX
address: Mexico
nic-hdl: MCDM40-RIPE
mnt-by: PREFIXBROKER-MNT
created: 2022-10-21T10:37:14Z
last-modified: 2022-10-21T10:37:14Z
abuse-mailbox: [email protected]
route: 136.144.41.0/24
origin: AS14178
mnt-by: PREFIXBROKER-MNT
created: 2022-10-21T10:37:16Z
last-modified: 2022-10-21T10:37:16Z

Links to attack logs

awsbah-ntp-bruteforce-ip-list-2022-05-17 ** awssafrica-ntp-bruteforce-ip-list-2022-05-17 ** **