162.220.162.170 Threat Intelligence and Host Information
Share on:General
This page contains threat intelligence information for the IPv4 address 162.220.162.170 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
Likely Malicious Host 🟠 55/100
Host and Network Information
- Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
-
Tags: attack, cowrie, cyber security, ioc, login, malicious, Nextray, phishing, probing, scanner, scanning, ssh, SSH, Telnet, webscan, webscanner bruteforce web app attack
- View other sources: Spamhaus VirusTotal
-
Contained within other IP sets: haley_ssh
- Country: United States
- Network: AS19318 interserver inc
- Noticed: 50 times
- Protocols Attacked: ssh
- Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
- Passive DNS Results: whm.njoi.rocks njoi.rocks
Malware Detected on Host
Count: 1 2862c1daf7922f97097b870f1c2410d09acc58ceab3e497ecadcf483b7e3f7d8
Open Ports Detected
Map
Whois Information
- NetRange: 162.220.160.0 - 162.220.167.255
- CIDR: 162.220.160.0/21
- NetName: INTERSERVER
- NetHandle: NET-162-220-160-0-1
- Parent: NET162 (NET-162-0-0-0-0)
- NetType: Direct Allocation
- OriginAS: AS19318
- Organization: Interserver, Inc (INTER-83)
- RegDate: 2013-08-28
- Updated: 2013-08-28
- Comment: Please use [email protected] for all abuse reports.
- Ref: https://rdap.arin.net/registry/ip/162.220.160.0
- OrgName: Interserver, Inc
- OrgId: INTER-83
- Address: 110 Meadowlands Pkwy
- Address: 1st Floor
- City: Secaucus
- StateProv: NJ
- PostalCode: 07094
- Country: US
- RegDate: 2003-03-17
- Updated: 2018-05-18
- Comment: Please use https://www.interserver.net/contact-information.html for all abuse complaints.
- Comment:
- Comment: DMCA registered agent [email protected]
- Comment:
- Ref: https://rdap.arin.net/registry/entity/INTER-83
- OrgNOCHandle: NOC1390-ARIN
- OrgNOCName: Network Operations Center
- OrgNOCPhone: +1-201-605-1440
- OrgNOCEmail: [email protected]
- OrgNOCRef: https://rdap.arin.net/registry/entity/NOC1390-ARIN
- OrgTechHandle: NOC1390-ARIN
- OrgTechName: Network Operations Center
- OrgTechPhone: +1-201-605-1440
- OrgTechEmail: [email protected]
- OrgTechRef: https://rdap.arin.net/registry/entity/NOC1390-ARIN
- OrgAbuseHandle: NOC1390-ARIN
- OrgAbuseName: Network Operations Center
- OrgAbusePhone: +1-201-605-1440
- OrgAbuseEmail: [email protected]
- OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC1390-ARIN
Links to attack logs
** vultrparis-ssh-bruteforce-ip-list-2022-07-30 dolondon-ssh-bruteforce-ip-list-2022-07-30 dotoronto-ssh-bruteforce-ip-list-2022-07-30 ** dofrank-ssh-bruteforce-ip-list-2022-07-30 bruteforce-ip-list-2022-07-30 vultrmadrid-ssh-bruteforce-ip-list-2022-07-30 **