141.98.252.163 Threat Intelligence and Host Information

Share on:
Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 141.98.252.163 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 42/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, sblam

  • Country: United Kingdom
  • Network: AS39351 31173 services ab
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: carr.direct.quickconnect.to mewltn.direct.quickconnect.to patgaff.synology.me scds918.direct.quickconnect.to device-f8e3ea59-01bf-40fd-a727-ce29bf948f83.remotewd.com markiljas.com gb-lon-003x.mullvad.net maximumstorage.myqnapcloud.com alw.synology.me arthur.sandcats.io

Malware Detected on Host

Count: 2 1bccac43b2390a1dee5cc1a7c09379621cf0df83c6387518bd27e0ef1f7c6f39 e0ba867a89237e31a94dfbc67ca7aba984ca2ef0e40cbd23a53ddaff3f562d07

Map

Whois Information

  • inetnum: 141.98.252.0 - 141.98.252.255
  • netname: NET-31173-141-98-252
  • country: GB
  • descr: 31173 Services AB infrastructure in London, United Kingdom.
  • geoloc: 51.5050 0.0000
  • language: en
  • org: ORG-SUK2-RIPE
  • admin-c: SUK10-RIPE
  • tech-c: SUK10-RIPE
  • abuse-c: SUK10-RIPE
  • status: ASSIGNED PA
  • mnt-by: ESAB-MNT
  • created: 2020-05-04T09:36:05Z
  • last-modified: 2020-05-05T11:39:12Z
  • organisation: ORG-SUK2-RIPE
  • org-name: 31173 Services United Kingdom
  • org-type: OTHER
  • geoloc: 51.5050 0.0000
  • language: en
  • address: 31173 Services AB
  • address: Scheelegatan 9
  • address: 21228
  • address: Malmo
  • address: SWEDEN
  • admin-c: SUK10-RIPE
  • tech-c: SUK10-RIPE
  • abuse-c: SUK10-RIPE
  • mnt-by: ESAB-MNT
  • mnt-ref: ESAB-MNT
  • created: 2020-05-04T08:58:33Z
  • last-modified: 2024-01-22T09:36:18Z
  • role: 31173 Services United Kingdom
  • address: 31173 Services AB
  • address: Scheelegatan 9
  • address: 21228
  • address: Malmo
  • address: SWEDEN
  • abuse-mailbox: [email protected]
  • admin-c: NEMO1-RIPE
  • tech-c: KPE-RIPE
  • nic-hdl: SUK10-RIPE
  • mnt-by: ESAB-MNT
  • created: 2020-05-04T08:46:52Z
  • last-modified: 2024-01-22T09:41:52Z
  • route: 141.98.252.0/24
  • origin: AS39351
  • mnt-by: ESAB-MNT
  • created: 2019-01-18T14:29:10Z
  • last-modified: 2020-05-04T09:36:42Z

Links to attack logs

aws-ssh-bruteforce-ip-list-2021-06-12 ** ** **