89.163.143.8 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 89.163.143.8 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing, probing, Scanner, scanning, smtp, ssh, tcp, TOR, VPN, Webattack, webscan, webscanner bruteforce web app attack

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, dm_tor, et_tor, greensnow, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Known TOR node
• Country: Germany
• Network:
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: vps1913809.dedi.server-hosting.expert

Malware Detected on Host

Count: 22 e595275cf184af6bee734d8b03f52090b6e7660c1965e0cdcbdff1d7bde84dee 42017ea452bcca3379e54c1770d9828f7432ee2f4c6086736ed3f7bc6a26bf90 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 7282e2fdb25b07554b082f5cf1697315ed5ce3005f985cbe96a34da965869db5 1478e3b6930a679931547b8d505ca69e2f8d9ad691c87b4017bee22b349ddf2c db8eacc8419da502b1c75ab77e48dead125bb45ee7a20bca9ca099c7568b00bf ec43e150012d049bbdf9a552c9a466482c628db8b981064584998a97d2662914 c48ef937beb1da99ad12f70dc0e6cd6ae58aaa0ccf63671a325c42f8c61a5598 f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3

Map

Whois Information

• inetnum: 89.163.128.0 - 89.163.255.255
• netname: DE-MYLOC-DUS-20060217
• country: DE
• org: ORG-MMIA3-RIPE
• admin-c: MOPS-RIPE
• tech-c: MOPS-RIPE
• status: ALLOCATED PA
• mnt-by: MYLOC-MNT
• mnt-by: RIPE-NCC-HM-MNT
• created: 2020-11-04T10:31:12Z
• last-modified: 2020-11-04T10:31:12Z
• organisation: ORG-MMIA3-RIPE
• org-name: WIIT AG
• country: DE
• org-type: LIR
• address: Joachim-Erwin-Platz 3
• address: 40212
• address: Düsseldorf
• address: GERMANY
• phone: +4921161708110
• fax-no: +4921161708111
• admin-c: MOPS-RIPE
• tech-c: MOPS-RIPE
• abuse-c: MOPS-RIPE
• mnt-ref: MYLOC-MNT
• mnt-by: RIPE-NCC-HM-MNT
• mnt-by: MYLOC-MNT
• created: 2019-10-28T10:48:29Z
• last-modified: 2025-02-06T07:32:26Z
• role: WIIT AG NOC
• address: WIIT AG
• address: Network Operations & Services
• address: Joachim-Erwin-Platz 3
• address: 40412 Duesseldorf DE
• admin-c: PHAN
• tech-c: PHAN
• tech-c: DDO
• tech-c: JOH
• tech-c: AKIN-RIPE
• tech-c: STH
• tech-c: KT3550-RIPE
• nic-hdl: MOPS-RIPE
• abuse-mailbox: abuse@myloc.de
• mnt-by: MYLOC-MNT
• created: 2013-02-11T16:38:10Z
• last-modified: 2025-02-11T13:37:49Z
• route: 89.163.128.0/17
• descr: myLoc managed IT AG
• origin: AS24961
• mnt-by: MYLOC-MNT
• created: 2017-02-02T17:04:51Z
• last-modified: 2017-02-02T17:06:25Z

Links to attack logs

****** ****** ******