194.15.36.137 Threat Intelligence and Host Information

Share on:
May 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.15.36.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 62/100

Host and Network Information

  • Mitre ATT&CK IDs: T1021.004 - SSH, T1071.003 - Mail Protocols, T1100 - Web Shell, T1110 - Brute Force, T1110.001 - Password Guessing, T1110.002 - Password Cracking, T1110.003 - Password Spraying, T1201 - Password Policy Discovery, T1443 - Remotely Install Application, T1481 - Web Service, T1566 - Phishing
  • Tags: Bruteforce, HoneyPot, HoneyTrap, Mail SPam, Malicious IP, Nextray, RDP, SSH, TelNet, Web Attackers, aws, blacklist, botnet, bruteforce, cyber security, ioc, malicious, mirai, phishing, scan, tcp, telnet, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: normshield_all_bruteforce, normshield_high_bruteforce

  • Country: Germany
  • Network: ASNone
  • Noticed: 24 times
  • Protcols Attacked: telnet
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.bestcamd-test.ddnsfree.com bestcamd-test.ddnsfree.com

Malware Detected on Host

Count: 2 8224315160df119531bb2255b8850150b3a2f0dfee168a9b290fe5c46b6d7ccc 7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b ae380c18f39b2ca9af09e83c7aeaa59a2f74692c62eb6d0d907fd650eb8682e6 aa44a6d74797751bf0d021ea8e746d7bf92ed5bfd1dbab687a82bad85cfb0813 e5138390450bd3101c2b39c99eadf424eee6c0566fedb8815a86c4f46e39366e 56db5576278fc201f88ae69389fb59df55881de2e090f76f36bfb8bb34cd17af f52db689d8e07c57c9c884175fc6687237bf05adcba75727bc6f47c9c6870482 17104157f1ddab7bd37a1cf56c9c324935c615f0206ce8f38a1f93e4abe9bd90 d860e8b5244a51b329556faafe93096d41d40d119751f088af67225383ef4980 ee4e0528307576830740057e6f9656c293d71ba8856ab4e5fadbca87eb2b94e1 90121def770cc297150b5b6b483ee1ce7be301089d31f82910f21ec49e68a4b7 2ca4cdcc17e8aea94a786f125463e52a1f143db84d32354efbbbc5aeb7583582

Map

Whois Information

  • inetnum: 194.15.36.0 - 194.15.36.255
  • netname: DATALIX-02
  • country: DE
  • admin-c: FK4477-RIPE
  • tech-c: FK4477-RIPE
  • geofeed: https://datalix.de/.well-known/geofeed.csv
  • status: SUB-ALLOCATED PA
  • mnt-by: MOS-IP-MNT
  • mnt-by: DATALIX-MNT
  • created: 2022-08-08T16:29:46Z
  • last-modified: 2022-11-22T01:16:44Z
  • geoloc: 50.110924 8.682127
  • descr: DATALIX-02
  • org: ORG-DA1262-RIPE
  • organisation: ORG-DA1262-RIPE
  • org-name: Datalix
  • org-type: OTHER
  • address: Theodor-Heuss-Str. 1, 97230 Estenfeld, Deutschland
  • abuse-c: ACRO47748-RIPE
  • mnt-ref: DATALIX-MNT
  • mnt-by: DATALIX-MNT
  • created: 2022-06-14T17:48:09Z
  • last-modified: 2022-06-14T17:48:09Z
  • person: Florian Kolb
  • address: Theodor-Heuss-Str. 1, 97230 Estenfeld, Deutschland
  • phone: +4993674088974
  • nic-hdl: FK4477-RIPE
  • mnt-by: DATALIX-MNT
  • created: 2022-04-20T10:20:46Z
  • last-modified: 2022-04-20T10:20:46Z
  • route: 194.15.36.0/24
  • origin: AS213250
  • mnt-by: MOS-IP-MNT
  • mnt-by: DATALIX-MNT
  • created: 2022-07-07T16:31:10Z
  • last-modified: 2022-07-07T16:31:22Z

Links to attack logs

nmap-scanning-list-2021-06-20 nmap-scanning-list-2021-06-07 nmap-scanning-list-2021-04-29 ruteforce-ip-list-2020-10-02 aws-telnet-bruteforce-ip-list-2020-10-02