89.163.150.213 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 89.163.150.213 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Tags: badrequest, bruteforce, cyber security, ioc, malicious, Nextray, phishing, probing, TOR, VPN, webscan, webscanner

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, sblam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.68706198.xyz

Malware Detected on Host

Count: 9 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 2e1cb6a2cb1b284dbdd0b8d47d53f946ca0b27a196c45600cc656889c2e57623 f046b65739764aa74d38bfaf666094d45ad087b3bc6430c5a19c599b1735a54e eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca 82b59a8c2725ac416872576e1e63aaf78618ae273314a5d5228d808a9584e806 857df9f995f743358d9379eb9d8ef7848e7969ecc13394600eadbf973076d664 4fa3f2617f30ba961c5a8ba15364a6b9c70882bf4f405cc868ef734bfefeed91 a35f9799486b7807384ae44cbb99618a5cbf5cf12279a3120095be36dcac17fd 860d97d305fcbfd03fd39a6784c3257fed4e463260a9a5455cfd72a1d166f074

Open Ports Detected

111 22 80

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

  • inetnum: 89.163.128.0 - 89.163.255.255
  • netname: DE-MYLOC-DUS-20060217
  • country: DE
  • org: ORG-MMIA3-RIPE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ALLOCATED PA
  • mnt-by: MYLOC-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • created: 2020-11-04T10:31:12Z
  • last-modified: 2020-11-04T10:31:12Z
  • organisation: ORG-MMIA3-RIPE
  • org-name: myLoc managed IT AG
  • country: DE
  • org-type: LIR
  • address: Am Gatherhof 44
  • address: 40472
  • address: Düsseldorf
  • address: GERMANY
  • phone: +4921161708110
  • fax-no: +4921161708111
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • abuse-c: MOPS-RIPE
  • mnt-ref: MYLOC-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: MYLOC-MNT
  • created: 2019-10-28T10:48:29Z
  • last-modified: 2021-02-09T10:11:49Z
  • role: myLoc NOC
  • address: myLoc managed IT AG
  • address: Network Operations & Services
  • address: Am Gatherhof 44
  • address: 40472 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2022-07-08T14:48:44Z
  • route: 89.163.128.0/17
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2017-02-02T17:04:51Z
  • last-modified: 2017-02-02T17:06:25Z

Links to attack logs

bruteforce-ip-list-2021-06-07