107.170.249.6 Threat Intelligence and Host Information

Share on:

May 10, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 107.170.249.6 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
Tags: Brute-Force, Bruteforce, Nextray, SSH, Telnet, alienvault ip, attack, aws, bernal, botnet c2, bruteforce, carapicuiba, cowrie, cyber security, dstip, fail2ban, feodo tracker, generic, ho chi, host at, host de, host in, host tw, ioc, ip blocklist, la, lafusioncenter, login, louisiana, malicious, malicious host, phishing, scanner, scanners, ssh, tsec
View other sources: Spamhaus VirusTotal
Country: United States of America
Network: # Likely Malicious Host 🟠 65/100 AS14061 digitalocean llc
Host and Network Information
Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
Noticed: 50 times
Tags: Brute-Force, Bruteforce, Nextray, SSH, Telnet, alienvault ip, attack, aws, bernal, botnet c2, bruteforce, carapicuiba, cowrie, cyber security, dstip, fail2ban, feodo tracker, generic, ho chi, host at, host de, host in, host tw, ioc, ip blocklist, la, lafusioncenter, login, louisiana, malicious, malicious host, phishing, scanner, scanners, ssh, tsec
Protcols Attacked: SSH
View other sources: Spamhaus VirusTotal
Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

CVEs Detected

CVE-2021-28116 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620 CVE-2021-46784 CVE-2022-41317 CVE-2022-41318

Country: United States
Network: AS14061 digitalocean llc
Noticed: 50 times
Protcols Attacked: spam
Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Map

Whois Information

NetRange: 107.172.0.0 - 107.175.255.255
CIDR: 107.172.0.0/14
NetName: CC-17
NetHandle: NET-107-172-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS36352
Organization: ColoCrossing (VGS-9)
RegDate: 2013-12-27
Updated: 2013-12-27
Ref: https://rdap.arin.net/registry/ip/107.172.0.0
OrgName: ColoCrossing
OrgId: VGS-9
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2005-06-20
Updated: 2019-10-17

Map* Ref: https://rdap.arin.net/registry/entity/VGS-9

OrgAbuseHandle: ABUSE3246-ARIN

Whois Information

OrgAbuseName: Abuse
NetRange: 107.172.0.0 - 107.175.255.255
OrgAbusePhone: +1-800-518-9716
OrgAbuseEmail: [email protected]
CIDR: 107.172.0.0/14
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN
NetName: CC-17
OrgNOCHandle: NETWO882-ARIN
NetHandle: NET-107-172-0-0-1
OrgNOCName: Network Operations
Parent: NET107 (NET-107-0-0-0-0)
OrgNOCPhone: +1-800-518-9716
NetType: Direct Allocation
OrgNOCEmail: [email protected]
OriginAS: AS36352
OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
OrgTechHandle: NETWO882-ARIN
Organization: ColoCrossing (VGS-9)
OrgTechName: Network Operations
RegDate: 2013-12-27
OrgTechPhone: +1-800-518-9716
OrgTechEmail: [email protected]
Updated: 2013-12-27
OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
Ref: https://rdap.arin.net/registry/ip/107.172.0.0
OrgName: ColoCrossing
OrgId: VGS-9
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2005-06-20
Updated: 2019-10-17
Ref: https://rdap.arin.net/registry/entity/VGS-9
OrgAbuseHandle: ABUSE3246-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-800-518-9716
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN
OrgNOCHandle: NETWO882-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-800-518-9716
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
OrgTechHandle: NETWO882-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-800-518-9716
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN

Links to attack logs