94.142.140.131 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 94.142.140.131 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Country: Russia
  • Network: AS35196 ihor hosting llc
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: dereus.xyz m4workouts.com mosquitoshoals.com johanna-dumet.com mbhspto.com geddad.info

Malware Detected on Host

Count: 6 38fcd08dac5f784a0011da2736b5272ed258da05463aac32cb9d1e5db4ce61df 8f06cebe95b34a76d20c984bef4fcd0acc212c1198d7b9a11e34de8196f35245 edb73f276d8c619d738be247369809a9e18f80f8e9e2055fef3f0846ee731b16 76cb6215d58d920325f50d510aeafe1aa29e42541aa18619e82498d7e8633494 f39492a6700a780ba5a381d054492672d19ea209698d0184bd3a69928cdc1000 b31278f00b9a05bb92509eac0162fb34572a486eef1471baa40eddd88c8ec48e

Map

Whois Information

  • inetnum: 94.142.140.0 - 94.142.143.255
  • org: ORG-IP78-RIPE
  • netname: ISERVERS-CLOUD-HOSTING
  • descr: ISERVERS Enterprise Network
  • country: RU
  • geoloc: 55.77048726497312 37.715872965846856
  • admin-c: ISD90-RIPE
  • tech-c: ISD90-RIPE
  • status: ASSIGNED PA
  • mnt-by: ISERVERS-MNT
  • created: 2023-01-17T18:47:35Z
  • last-modified: 2023-01-17T18:47:35Z
  • organisation: ORG-IP78-RIPE
  • org-name: I-SERVERS LTD
  • org-type: OTHER
  • address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
  • phone: +44 204 549 7738
  • abuse-c: ACRO29385-RIPE
  • mnt-ref: ISERVERS-MNT
  • mnt-by: ISERVERS-MNT
  • created: 2019-12-23T18:32:33Z
  • last-modified: 2022-11-25T19:14:03Z
  • role: I-SERVERS SALES DEPARTMENT
  • phone: +44 204 549 7738
  • address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
  • nic-hdl: ISD90-RIPE
  • mnt-by: ISERVERS-MNT
  • created: 2022-11-11T12:23:17Z
  • last-modified: 2022-11-25T19:16:49Z
  • route: 94.142.140.0/24
  • origin: AS209641
  • mnt-by: ISERVERS-MNT
  • created: 2023-03-07T09:44:06Z
  • last-modified: 2023-03-07T09:44:06Z

Links to attack logs

dotoronto-ssh-bruteforce-ip-list-2022-11-15