136.144.41.41 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 136.144.41.41 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Mitre ATT&CK IDs: T1046 - Network Service Scanning

• Tags: cyber security, ioc, malicious, Nextray, phishing, SSH, virustotal

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network:
• Noticed: 44 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: mobile-deapp.live mobileregistreren-app.co mobileregistratie-app.me mobileregistratie-app.services mobileregistreren-app.info mobileregistratie.digital mobileregistratie.info mobileregistratie.me mobileregistreren.com mobileregistreren.me contract-voortzetten.com mobilevoortzetting-contract.me mobilecontract-voortzetten.info mobilecontract-voortzetten.me voortzetten-contact.info z-agonsu.org

Malware Detected on Host

Count: 8 c176152094624d43a2bcb561579d0de963760f674f4812c39ac640bb6b802f04 666b326967b81b5dd2197e8423ef9001b6bf7ed33998ad87bf1c0dadf433e56c 4ff26f3e90eee956d694408ecf34d296ca59447d3ba8217e8801cd4ac93b2567 b86c27535a5dbd3b4d45ff7a15d077576c7266eac67de755580c5282fc5ba354 e0b4064f798597f002ca98ae8a82ea354f7a46b2fa71dd3cc0a1b18147e94b82 9d50f180ca85c3a9cdbb91c2f209fafacde8ea16173743fc2eaf080aec2e03f7 f66d37fceabf12512ec0e1b9f75f03c2daa52f05d8ae649106c04eeb83804eed 265c30f02d1088b8fc2209d00295b17c01d57662307e5b97e1f9eab9aadba6d6

Map

Whois Information

• NetRange: 136.144.16.0 - 136.144.127.255
• CIDR: 136.144.16.0/20, 136.144.32.0/19, 136.144.64.0/18
• NetName: RIPE
• NetHandle: NET-136-144-16-0-1
• Parent: NET136 (NET-136-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2016-11-08
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/136.144.16.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN

Links to attack logs

bruteforce-ip-list-2021-07-27 bruteforce-ip-list-2021-08-01 nmap-scanning-list-2021-10-30 bruteforce-ip-list-2021-06-25 bruteforce-ip-list-2021-07-17 bruteforce-ip-list-2021-07-23 ****** bruteforce-ip-list-2021-07-08 bruteforce-ip-list-2021-08-22 ****** bruteforce-ip-list-2021-07-05 ****** bruteforce-ip-list-2021-07-03 bruteforce-ip-list-2021-08-02