109.69.67.17 Threat Intelligence and Host Information

Oct 16, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 109.69.67.17 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing, probing, scanning, tor, TOR, VPN, webscan, webscanner bruteforce web app attack

  • Known tor exit node

  • JARM: 2ad2ad16d2ad2ad22c42d42d000000d342d5966a57139eeaff9f8bc4841b25

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, botscout, dm_tor, et_tor, maxmind_proxy_fraud, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Germany
  • Network: AS49855 plutex gmbh
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: tor.plutex.de labmember001.duckdns.org

Malware Detected on Host

Count: 89 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 7981c7b1d9c627c31a3fd3733e9f98c2d34ed58f86990f67d797bdf73fbdaddf 182dfce8842e6a1c182f0e8ef2e91beb90e60002651b0862589deafa9b564286 b9947a957eeb4374af49b94ba331f378207dbf8926d1a04d1ebedb26175c9af0 ae28931e3251286d456797c25ec977a7819330b3efa3eaeb0a3670415891c6da 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 c9e0ecef23baa32fc8ed53f9b20af0705e9f9e5e2ff6d484f43e94341e7c3371 714ab2065b90209bef45d675e0f29d4dbcd6f12c3391754671500069b423a52b a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 8d2de1001805a61af10c0d48ce9d393de30a7d07fc4a80cdcd7197c2baf064b8

Open Ports Detected

22 443 80

Map

Whois Information

  • inetnum: 109.69.67.16 - 109.69.67.19
  • netname: PLUTEX-CUSTOMER-50070
  • descr: ********************************************
  • descr: This is a tor node. https://www.torproject.org/
  • descr: If you see suspicious traffic from this host:
  • descr: This is unavoidable due to how TOR works.
  • descr: More info on https://www.torproject.org/
  • descr: ********************************************
  • descr: Das hier ist ein Tor Knoten. https://www.torproject.org/
  • descr: Falls Sie verdaechtige Aktivitaeten aus diesem Netz feststellen:
  • descr: Das laesst sich leider nicht vermeiden und haengt mit der funktionsweise
  • descr: vom TOR-Netzwerk zusammen.
  • descr: Weitere Infos auf https://www.torproject.org/
  • descr: ********************************************
  • country: DE
  • admin-c: PLU5-RIPE
  • tech-c: PLU5-RIPE
  • status: ASSIGNED PA
  • mnt-by: PLUTEX-MNT
  • created: 2017-03-08T10:14:51Z
  • last-modified: 2019-08-23T07:16:33Z
  • role: PLUTEX NOC
  • address: PLUTEX GmbH
  • address: Hermann-Ritter-Str. 110
  • address: 28197 Bremen
  • nic-hdl: PLU5-RIPE
  • admin-c: TB4275-RIPE
  • admin-c: HLI7-RIPE
  • mnt-by: PLUTEX-MNT
  • created: 2013-11-01T11:19:56Z
  • last-modified: 2021-10-07T11:51:45Z
  • abuse-mailbox: abuse@plutex.de
  • route: 109.69.64.0/21
  • descr: PLUTEX
  • origin: AS49855
  • mnt-by: PLUTEX-MNT
  • mnt-lower: PLUTEX-MNT
  • created: 2009-11-05T11:29:55Z
  • last-modified: 2009-11-05T11:29:55Z
Share on: