89.163.252.230 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 89.163.252.230 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 64/100

Host and Network Information

  • Tags: anna paula, associated, currc3adculo, cyber security, from email, headers, ioc, kfsensor, malicious, malspam email, msi file, Nextray, phishing, probing, rdp, scanning, ssh, tuesday, utf8, webscan, webscanner bruteforce web app attack, zip archive

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, sblam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 8 5a6ef4bb96efacaa4db232c1d28c37e3b5ec0e471b948ed2b55770db5e820e24 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 e7711425a3037a9b4a805b185c9096b2db65a523f07c8f908ab89d1da37370b7 b73eaa192ab95cab8e279d904a301d61ec84be69781b369bd73e538437680bc3 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b 2b72ed6cd2e3197e2ce7639bb033fbd23d07687565dd406fa267717ca310b45c 5dca574173ec29eab508ab797c6af88456d9960cc56f42d7b86a06eae0cee317 0521bd17a637968ea5a612fc2f5f20a216d7bcb4425982792dacf339b14e4829

Open Ports Detected

8080

CVEs Detected

CVE-2021-23017 CVE-2021-3618

Map

Whois Information

  • inetnum: 89.163.128.0 - 89.163.255.255
  • netname: DE-MYLOC-DUS-20060217
  • country: DE
  • org: ORG-MMIA3-RIPE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ALLOCATED PA
  • mnt-by: MYLOC-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • created: 2020-11-04T10:31:12Z
  • last-modified: 2020-11-04T10:31:12Z
  • organisation: ORG-MMIA3-RIPE
  • org-name: myLoc managed IT AG
  • country: DE
  • org-type: LIR
  • address: Am Gatherhof 44
  • address: 40472
  • address: Düsseldorf
  • address: GERMANY
  • phone: +4921161708110
  • fax-no: +4921161708111
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • abuse-c: MOPS-RIPE
  • mnt-ref: MYLOC-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: MYLOC-MNT
  • created: 2019-10-28T10:48:29Z
  • last-modified: 2021-02-09T10:11:49Z
  • role: myLoc NOC
  • address: myLoc managed IT AG
  • address: Network Operations & Services
  • address: Am Gatherhof 44
  • address: 40472 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2022-07-08T14:48:44Z
  • route: 89.163.128.0/17
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2017-02-02T17:04:51Z
  • last-modified: 2017-02-02T17:06:25Z

Links to attack logs

bruteforce-ip-list-2021-12-22 bruteforce-ip-list-2021-05-04