41.60.129.81 Threat Intelligence and Host Information

Apr 03, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 41.60.129.81 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 67/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: auto-generated security, Brute-Forc, Bruteforce, Brute-Force, cowrie, info, kfsensor, notice, port 22, portscan, rdp, ssh, SSH, tcp/22

  • View other sources: Spamhaus VirusTotal

  • Country: Zambia
  • Network:
  • Noticed: 9 times
  • Protocols Attacked: ssh
  • Countries Attacked: Poland, Sweden, United States of America
  • Passive DNS Results: ppa.org.zm

Malware Detected on Host

Count: 2 24211ce404dd21f3a33e94d63c42eb824cec0d72873a720a6ffd6b8420db4021 ba822ed83bca3281d7ebb4b32a8008a0d4ee7a9eac0d507fa6e5eaa02b2811ef

Open Ports Detected

135 1433 1801 1883 2000 3306 33060 5985 80 8009 8020 8080 8083 82 8443

CVEs Detected

CVE-2020-1938 CVE-2023-26048 CVE-2023-26049 CVE-2023-36478 CVE-2023-36479 CVE-2023-40167 CVE-2023-41900 CVE-2023-44487 CVE-2024-22201 CVE-2024-6763 CVE-2024-8184

Map

Whois Information

  • inetnum: 41.60.128.0 - 41.60.131.255
  • netname: REALTIME-CUST-1
  • descr: Realtime Customer Space
  • country: ZM
  • admin-c: AA110-AFRINIC
  • tech-c: AA110-AFRINIC
  • status: ASSIGNED PA
  • mnt-by: LIQUID-TOL-MNT
  • parent: 41.60.0.0 - 41.60.255.255
  • person: Andrew Alston
  • address: Block A, Sameer Business Park,
  • address: Mombasa Road,
  • address: Nairobi
  • address: Kenya
  • phone: tel:+254-20-5000000
  • nic-hdl: AA110-AFRINIC
  • mnt-by: AA110-MNTR
  • route: 41.60.129.0/24
  • descr: Maintainer Liquid Telecommunications Operations Limited
  • origin: AS30844
  • org: ORG-LTOL1-AFRINIC
  • mnt-lower: LIQUID-TOL-MNT
  • mnt-by: AFRINIC-HM-MNT
  • organisation: ORG-LTOL1-AFRINIC
  • org-name: Liquid Telecommunications Operations Limited
  • org-type: LIR
  • country: MU
  • address: 10th Floor,
  • address: Raffles Tower,
  • address: 19 Cybercity
  • address: Ebene
  • phone: tel:+254-733-222204
  • phone: tel:+230-466-7620
  • phone: tel:+263-8677-033306
  • phone: tel:+254-731-033754
  • admin-c: CM53-AFRINIC
  • admin-c: AS116-AFRINIC
  • admin-c: RD10-AFRINIC
  • admin-c: MC69-AFRINIC
  • tech-c: PS44-AFRINIC
  • tech-c: CM53-AFRINIC
  • tech-c: AS116-AFRINIC
  • tech-c: MC69-AFRINIC
  • tech-c: DV5-AFRINIC
  • mnt-ref: AFRINIC-HM-MNT
  • mnt-ref: LIQUID-TOL-MNT
  • mnt-by: AFRINIC-HM-MNT

Links to attack logs

digitaloceantoronto-ssh-bruteforce-ip-list-2025-04-03 digitaloceanlondon-ssh-bruteforce-ip-list-2025-04-03

Share on: