194.165.16.139 Threat Intelligence and Host Information

Share on:
Jul 30, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.165.16.139 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1046 - Network Service Scanning, T1423 - Network Service Scanning, T1595.001 - Scanning IP Blocks, T1595.002 - Vulnerability Scanning, T1596.005 - Scan Databases, TA0043 - Reconnaissance

  • Tags: Malicious IP, RDP, UK Based, admin, blacklist, botnet, ip monitor, mirai, scan, tcp, win, windows

  • View other sources: Spamhaus VirusTotal

  • Country: Monaco
  • Network: AS48721 flyservers s.a.
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Italy

Malware Detected on Host

Count: 6231 6b381fa321ac2235cf023201dccce72253376d53d48d685d27404b60c8890fff ac6ade8c1298f1e05d37f904ee65615c0367ebd764b2d23be2acf4a8d367547d 71ce0e2c20d4b33111651477862cd86ab54c1a772c4b6c7125b3a35cab8dea70 8224315160df119531bb2255b8850150b3a2f0dfee168a9b290fe5c46b6d7ccc 7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b ae380c18f39b2ca9af09e83c7aeaa59a2f74692c62eb6d0d907fd650eb8682e6 aa44a6d74797751bf0d021ea8e746d7bf92ed5bfd1dbab687a82bad85cfb0813 e5138390450bd3101c2b39c99eadf424eee6c0566fedb8815a86c4f46e39366e 56db5576278fc201f88ae69389fb59df55881de2e090f76f36bfb8bb34cd17af f52db689d8e07c57c9c884175fc6687237bf05adcba75727bc6f47c9c6870482

Map

Whois Information

  • inetnum: 194.165.16.0 - 194.165.17.255
  • netname: PA-FLYSERVERS
  • country: EU
  • org: ORG-FS255-RIPE
  • admin-c: FGNO1-RIPE
  • tech-c: FGNO1-RIPE
  • status: ASSIGNED PI
  • mnt-by: mnt-pa-flyservers-1
  • mnt-by: RIPE-NCC-END-MNT
  • created: 2021-12-15T13:46:35Z
  • last-modified: 2021-12-15T17:17:28Z
  • organisation: ORG-FS255-RIPE
  • org-name: Flyservers S.A.
  • country: PA
  • org-type: LIR
  • address: 50th Street, Global Bank Tower, Suite 1801
  • address: 0831-2482
  • address: Panama City
  • address: PANAMA
  • phone: +5078321840
  • admin-c: FGNO1-RIPE
  • mnt-ref: Mnets-Admin
  • tech-c: FGNO1-RIPE
  • abuse-c: FGNO1-RIPE
  • mnt-ref: mnt-pa-flyservers-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-pa-flyservers-1
  • created: 2018-12-04T17:00:47Z
  • last-modified: 2022-02-01T07:35:14Z
  • role: FLYSERVERS GLOBAL NETWORK OPERATION CENTRE
  • address: 50th Street, Global Bank Tower, Suite 1801
  • address: Panama
  • abuse-mailbox: [email protected]
  • nic-hdl: FGNO1-RIPE
  • mnt-by: mnt-pa-flyservers-1
  • created: 2021-02-10T10:06:27Z
  • last-modified: 2021-02-10T10:06:27Z
  • route: 194.165.16.0/24
  • origin: AS48721
  • mnt-by: mnt-pa-flyservers-1
  • created: 2021-12-15T17:18:44Z
  • last-modified: 2021-12-15T17:18:44Z

Links to attack logs

nmap-scanning-list-2021-10-17