168.205.200.55 Threat Intelligence and Host Information

Jul 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 168.205.200.55 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001.001 - Junk Data, T1001.003 - Protocol Impersonation, T1001 - Data Obfuscation, T1003.003 - NTDS, T1003.004 - LSA Secrets, T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1078 - Valid Accounts, T1090 - Proxy, T1098 - Account Manipulation, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1114 - Email Collection, T1136 - Create Account, T1187 - Forced Authentication, T1190 - Exploit Public-Facing Application, T1212 - Exploitation for Credential Access, T1505 - Server Software Component, T1528 - Steal Application Access Token, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1555 - Credentials from Password Stores, T1556 - Modify Authentication Process, T1557 - Man-in-the-Middle, T1566 - Phishing, T1583 - Acquire Infrastructure, T1584 - Compromise Infrastructure, T1586 - Compromise Accounts, T1587 - Develop Capabilities, T1588 - Obtain Capabilities, T1597 - Search Closed Sources, TA0002 - Execution, TA0004 - Privilege Escalation, TA0005 - Defense Evasion

  • Tags: alliance, anchorfree vpn, android, april, apt, APT28, blizzard, brute-force, cactus vpn, c server, cve-2023-23397, cve202323397, CVE-2023-23397, cve-2023-38831, cyber security, edgeos device, exchange, exchange online, exchange server, exploit, explorer, february, fighting ursa, forest blizzard, hash, hash theft, information stealer, ioc, iocs https, ip address, local, malicious, march, microsoft, Microsoft Outlook, monitoring, mullvad vpn, networks, Nextray, NTLM, object, outlook, outside, palo alto, pawn storm, phishing, phishing site, prior, response, russia, sednit, service, sha256, sofacy, source, spear-phishing, targeted attack, test2, test3, test4, test5, twitter, ukraine, unit, ursa, Ursa, virustotal, webdav, whoer vpn, windows

  • View other sources: Spamhaus VirusTotal

  • Country: Brazil
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Afghanistan, Åland Islands, Bulgaria, Canada, Central African Republic, Czechia, Denmark, Estonia, France, Germany, Italy, Jordan, Latvia, Lithuania, Luxembourg, Malaysia, Montenegro, Norway, Poland, Romania, Russian Federation, Slovakia, South Africa, Taiwan, Turkey, Türkiye, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America

Map

Whois Information

  • NetRange: 168.205.76.0 - 168.205.255.255
  • CIDR: 168.205.80.0/20, 168.205.76.0/22, 168.205.128.0/17, 168.205.96.0/19
  • NetName: LACNIC-ERX-168-205-76-0
  • NetHandle: NET-168-205-76-0-1
  • Parent: NET168 (NET-168-0-0-0-0)
  • NetType: Transferred to LACNIC
  • OriginAS:
  • Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
  • RegDate: 2011-01-04
  • Updated: 2020-12-02
  • Ref: https://rdap.arin.net/registry/ip/168.205.76.0
  • OrgName: Latin American and Caribbean IP address Regional Registry
  • OrgId: LACNIC
  • Address: Rambla Republica de Mexico 6125
  • City: Montevideo
  • StateProv:
  • PostalCode: 11400
  • Country: UY
  • RegDate: 2002-07-27
  • Updated: 2018-03-15
  • Ref: https://rdap.arin.net/registry/entity/LACNIC
  • OrgAbuseHandle: LWI100-ARIN
  • OrgAbuseName: LACNIC Whois Info
  • OrgAbusePhone: +598-2604-2222
  • OrgAbuseEmail: abuse@lacnic.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
  • OrgTechHandle: LACNIC-ARIN
  • OrgTechName: LACNIC Whois Info
  • OrgTechPhone: +598-2604-2222
  • OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN
  • inetnum: 168.205.200.0/22
  • aut-num: AS262643
  • abuse-c: EPBBA1
  • owner: Brconecta LTDA
  • ownerid: 21.438.434/0001-48
  • responsible: Angela Maria Brisoti Barbeta
  • country: BR
  • owner-c: EPBBA1
  • tech-c: EPBBA1
  • created: 20160310
  • changed: 20241209
  • nic-hdl-br: EPBBA1
  • person: Eduardo Pericles Brisoti Barbeta
  • e-mail: eduardo.barbeta@brconecta.com.br
  • country: BR
  • created: 20180519
  • changed: 20210929

Links to attack logs

****** vultrparis-ssh-bruteforce-ip-list-2023-05-23 ****** ******

Share on: