201.98.60.254 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 201.98.60.254 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: blacklist, botnet, bruteforce, Bruteforce, Brute-Force, cowrie, Malicious IP, mirai, scan, scanners, smb, ssh, SSH, tcp, vultr

  • View other sources: Spamhaus VirusTotal

  • Country: Mexico
  • Network: ASNone
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: France

Malware Detected on Host

Count: 1 7079b5bc9a3eda4175f6163e99cf72d24e25ffbdd078d8ddf8e96db8c0ce71af

Open Ports Detected

443 4443 80

CVEs Detected

CVE-2020-1999 CVE-2020-2022 CVE-2020-2050 CVE-2021-3031 CVE-2021-3036 CVE-2021-3045 CVE-2021-3046 CVE-2021-3047 CVE-2021-3048 CVE-2021-3050 CVE-2021-3054 CVE-2021-3060 CVE-2021-3061 CVE-2021-3062 CVE-2021-3063 CVE-2022-0011 CVE-2022-0022 CVE-2022-0023 CVE-2022-0024 CVE-2022-0028 CVE-2023-0004 CVE-2023-0005 CVE-2023-0007 CVE-2023-0008 CVE-2023-0010

Map

Whois Information

  • inetnum: 201.96.0.0/12
  • status: allocated
  • aut-num: N/A
  • owner: UNINET
  • ownerid: MX-USCV4-LACNIC
  • responsible: No hay informacion
  • address: AVENIDA (AV.) INSURGENTES SUR, 3500, PISO 4 PEÑA POBRE
  • address: 14060 - TLALPAN - CX
  • country: MX
  • phone: +52 5554876500
  • owner-c: GEC10
  • tech-c: GEC10
  • abuse-c: GEC10
  • inetrev: 201.100.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 ERR
  • nslastaa: 20230315
  • inetrev: 201.101.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 ERR
  • nslastaa: 20230316
  • inetrev: 201.102.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230315
  • inetrev: 201.96.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230314
  • inetrev: 201.97.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231022 AA
  • nslastaa: 20231022
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231022 AA
  • nslastaa: 20231022
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231022 ERR
  • nslastaa: 20230314
  • inetrev: 201.98.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230316
  • inetrev: 201.110.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 ERR
  • nslastaa: 20230314
  • inetrev: 201.103.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 ERR
  • nslastaa: 20230315
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • inetrev: 201.104.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230312
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • inetrev: 201.106.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 TIMEOUT
  • nslastaa: 20230315
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • inetrev: 201.108.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 ERR
  • nslastaa: 20230312
  • inetrev: 201.111.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231023 AA
  • nslastaa: 20231023
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231023 TIMEOUT
  • nslastaa: 20230313
  • inetrev: 201.105.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230315
  • inetrev: 201.107.0.0/16
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231022 ERR
  • nslastaa: 20230312
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231022 AA
  • nslastaa: 20231022
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231022 AA
  • nslastaa: 20231022
  • inetrev: 201.99.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230316
  • inetrev: 201.109.0.0/16
  • nserver: NSMEX2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSGDL2.UNINET.NET.MX
  • nsstat: 20231024 AA
  • nslastaa: 20231024
  • nserver: NSMTY2.UNINET.NET.MX [lame - not published]
  • nsstat: 20231024 ERR
  • nslastaa: 20230314
  • created: 20051114
  • changed: 20210927
  • nic-hdl: GEC10
  • person: Gestion de Cambios
  • e-mail: [email protected]
  • address: AV. INSURGENTES SUR, 3500, TORRE TELMEX COL. PEÑA POBRE
  • address: 14060 - TLALPAN - CX
  • country: MX
  • phone: +52 5554876578
  • created: 20110706
  • changed: 20230524

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2023-10-23 vultrparis-ssh-bruteforce-ip-list-2023-10-09 digitaloceantoronto-ssh-bruteforce-ip-list-2023-10-18 digitaloceanfrankfurt-ssh-bruteforce-ip-list-2023-10-06