191.61.144.40 Threat Intelligence and Host Information

May 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 191.61.144.40 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 29/100

Host and Network Information

  • Tags: 114.114.114.114, aaaa, activity, address list, a domains, all scoreblue, apt ip, arial, as14061, as17421, as21928, as3462, as4766 korea, as51468, as54113, as701 verizon, as9318 sk, asnone, bad login, body, bot networks, busybox, certificate, china as4134, china as4837, china as9394, china asnone, cname, contacted, copy, creation date, date, dcbg, denmark unknown, destination, dynamic link, egypt as36992, encrypt, entries, fbotsatori, files, final url, firebase app, gmt server, gpl telnet, high, hisilicon dvr, historical ssl, hong kong, hostname, http response, iocs, ip address, ip block, ip related, kb body, kenya as36926, list, listen, malware, moved, msg div, next, nids, nigeria asnone, nukespeed, otx telemetry, passive dns, port, powershell, pulse pulses, pulses otx, record value, resolverror, scan endpoints, search, sha256, showing, south africa, south korea, status, status code, suspicious path, taiwan, taiwan as3462, tcp syn, telnet, telnet login, telnet root, title invalid, tracker, tulach, tunisia as37693, tunisia asnone, united, unknown, urls, win32, yara detections

  • View other sources: Spamhaus VirusTotal

  • Country: Brazil
  • Network:
  • Noticed: 2 times
  • Protocols Attacked: Anonymous Proxy
  • Countries Attacked: Australia, France, Hong Kong, India, Indonesia, Italy, Japan, Korea Republic of, Philippines, South Africa, Taiwan, United States of America

Malware Detected on Host

Count: 1 88b0fdad2a13e2c97ee36738a56f15aa435a755b5406f00fa6f80b0285861d14

Open Ports Detected

2628

Map

Whois Information

  • inetnum: 191.60.0.0/14
  • aut-num: AS4230
  • abuse-c: GSE6
  • owner: CLARO S.A.
  • ownerid: 40.432.544/0706-09
  • responsible: Ger�ncia Internet EMBRATEL
  • country: BR
  • owner-c: CAP12
  • tech-c: CAP12
  • created: 20140327
  • changed: 20210826
  • nic-hdl-br: CAP12
  • person: Gerencia T�cnica de Opera��es Internet
  • e-mail: domain-admin@embratel.net.br
  • country: BR
  • created: 19980202
  • changed: 20211006
  • nic-hdl-br: GSE6
  • person: Grupo de Seguran�a Internet da Embratel
  • e-mail: abuse@embratel.net.br
  • country: BR
  • created: 20001005
  • changed: 20181227

Links to attack logs

****** ****** ******

Share on: