213.152.162.154 Threat Intelligence and Host Information

Share on:
Aug 09, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 213.152.162.154 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: Nextray, TOR, VPN, cyber security, ioc, malicious, phishing, probing, scanning, webscan, webscanner bruteforce web app attack

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, greensnow, stopforumspam_365d

  • Country: Netherlands
  • Network: AS49453 global layer
  • Noticed: 1 times
  • Protcols Attacked: spam ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: eskoh.direct.quickconnect.to ordou.synology.me kvedder.com eskoh.synology.me servicepoint.duckdns.org nanodarkco.ddns.net nvdiedico.knowsitall.info dico.is-a-hard-worker.com roxy.is-by.us dico.is-saved.org roxy.dynalias.net neverdiemosole.is-a-doctor.com dico.is-a-liberal.com neverdiemosole.thruhere.net dico.homelinux.net imagine.here-for-more.info timmy06.ddns.net mary.airdns.org odi111.ddns.net dvcolomban.direct.quickconnect.to portos77.direct.quickconnect.to prjmngmt.jkwakernaak.nl wiki.jkwakernaak.nl mparrain10.duckdns.org franz-jaeger.direct.quickconnect.to mine4eva.duckdns.org thrillart.direct.quickconnect.to timairvpn.ddns.net racinn.duckdns.org locmisyno.direct.quickconnect.to marschine.synology.me pvstub.ddns.net marschine.direct.quickconnect.to thrillart.diskstation.me storage.nsupdate.info bpcue.direct.quickconnect.to b20.i234.me beepboop.dedyn.io aerobb.synology.me atwood.myqnapcloud.com zanatta.synology.me pronsexpron.duckdns.org gdeboos.co.uk linuxnut.ddns.net don-moahskarton.ga minecr666.mooo.com blolequin.ddns.net mosole.is-a-chef.org racinn.ddns.net duep.airdns.org tataye.geekgalaxy.com onlineplc.hopto.org onkelbutzi.mooo.com bebeto.serveftp.com

Malware Detected on Host

Count: 13 2744b4b85acbfbda40a2eacf25e1f8ac7fe97c7ebd1ceff1502c94d013d1cdba 055be5b8333a1a356ccbc0d36e4d26936684232fb20185deab5b1997636a08f2 ce502c83ce663185bfce99ec435bfb657d31e1ec20351e1fa0210cba887afc10 14df4e5e3b264754cd08b4d7378ed2b9ec075278d1f1097c076a968e31621ad6 9f170357a947a0db05e2b9a8d558e942efe7d8e61c56cf4246f92b5ff95e3a84 334ede1e68555d66f8d43bfd7704264fe11de5dab1bc00d44205971c3bee62ec 9d519168289f6ce99f9c10b5bf8625ccb65d73db92e2f73ba6fc05cfaa30e1ba 9ae0155b14c4ac1f821cb123c92a9221f4b5f1b1034699da0bba18d823c2a767 b740295c57197f04d98447f7ddf360f7053665bfb19e35c06f28ada06338dbb5 f124b90a8b0b04c791e9de2e9f413b5f5c29caf33b339da50a471281244bdb73

Open Ports Detected

88 89 9091

Map

Whois Information

  • inetnum: 213.152.162.118 - 213.152.162.255
  • netname: GLOBALLAYER
  • descr: Global Layer B.V.
  • country: NL
  • descr: ******************
  • descr: For abuse, please e-mail only: [email protected]
  • descr: Abuse messages will be handled within 24 hours time
  • descr: ******************
  • admin-c: GL6540-RIPE
  • tech-c: GL6540-RIPE
  • status: ASSIGNED PA
  • mnt-by: GLOBALLAYER
  • created: 2015-06-20T21:23:29Z
  • last-modified: 2018-09-15T13:39:14Z
  • person: Global Layer
  • address: Postbus 190
  • address: 2950AD Alblasserdam
  • address: Netherlands
  • phone: +31 78 20 20 228
  • nic-hdl: GL6540-RIPE
  • mnt-by: GLOBALLAYER
  • created: 2011-08-04T20:36:25Z
  • last-modified: 2017-10-30T22:14:45Z
  • route: 213.152.162.0/24
  • descr: Global Layer network
  • origin: AS49453
  • mnt-by: GLOBALLAYER
  • created: 2016-08-11T11:27:53Z
  • last-modified: 2016-08-11T11:27:53Z

Links to attack logs

forum-spam-ip-list-2021-02-25 ** dotoronto-ssh-bruteforce-ip-list-2022-10-27 forum-spam-ip-list-2021-03-14 forum-spam-ip-list-2021-02-26 dotoronto-ssh-bruteforce-ip-list-2022-10-28