192.241.141.197 Threat Intelligence and Host Information

Oct 06, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 192.241.141.197 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Tags: cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh
View other sources: Spamhaus VirusTotal
Contained within other IP sets: haley_ssh

Country: United States
Network: AS14061 digitalocean llc
Noticed: 32 times
Protocols Attacked: SSH
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: www.gerenciadores.com.br gerenciadores.com.br v2.obel3d.ca obel.mathiscote.ca radio.mathiscote.ca www.192-241-141-197.cprapid.com 192-241-141-197.cprapid.com watch.pnms-system.com pnms-system.com www.pnms-system.com

Open Ports Detected

22 3001 3306 4000 443 5432 6379 80 8001 8082 9090

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2023-22032 CVE-2023-22059 CVE-2023-22064 CVE-2023-22066 CVE-2023-22068 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22097 CVE-2023-22103 CVE-2023-22112 CVE-2023-22114 CVE-2024-20961 CVE-2024-20963 CVE-2024-20965 CVE-2024-20967 CVE-2024-20969 CVE-2024-20971 CVE-2024-20973 CVE-2024-20977 CVE-2024-20981 CVE-2024-20983 CVE-2024-20985 CVE-2024-21165 CVE-2024-21171 CVE-2024-2408 CVE-2024-4577 CVE-2024-5458 CVE-2024-5585

Map

Whois Information

NetRange: 192.241.128.0 - 192.241.255.255
CIDR: 192.241.128.0/17
NetName: DIGITALOCEAN-192-241-128-0
NetHandle: NET-192-241-128-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2013-06-10
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Ref: https://rdap.arin.net/registry/ip/192.241.128.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2023-10-23
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: noc@digitalocean.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: noc@digitalocean.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse@digitalocean.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN

Links to attack logs

bruteforce-ip-list-2021-04-23 ****** bruteforce-files-list-2021-02-20 ****** ****** bruteforce-ip-list-2021-02-11

Share on: