178.20.55.18 Threat Intelligence and Host Information

May 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 178.20.55.18 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

Mitre ATT&CK IDs: T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1560 - Archive Collected Data, T1573.002 - Asymmetric Cryptography, T1573 - Encrypted Channel
Tags: all search, anlise, anonymizers, apple ios, as62744, ascii text, authority, backdoor, body, brian sabey, bruteforce, catalog file, ck id, class, click, collection, contacted, contacted urls, critical, cyber security, dangeroussig, date, done adding, dropped, dumping, error, fali malicious, general, generator, hacking, hacktool, hallrender.com, http, hybrid, indicator, ioc, ip address, ipv4, kfsensor, local, look, malicious, mark sabey, mirai, mitre att, monitoring, Nextray, otx octoseek, passive dns, pattern match, phishing, proxy avoidance, pulse as16509, pulse pulses, rdp, refresh, related nids, restart, root ca, scan endpoints, Scanner, scanning, smtp, span, spyware, ssh, SSH, ssl certificate, strings, tcp, threat, tools, TOR, Tsara brashears, unknown, url http, urls, verify, vnc, VPN, Webattack, whois record, whois whois, win32, win64
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, haley_ssh, sblam, snort_ipfilter, stopforumspam_365d, talosintel_ipfilter, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

Known TOR node
Country: France
Network:
Noticed: 50 times
Protocols Attacked: spam ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: chubbillionaire.ai 3.datadog.pool.ntp.org 178.20.55.18 marcuse-2.nos-oignons.net

Malware Detected on Host

Count: 41 c60b3d074e5ac1192be71607a268f1a16807018d12663986a4412b66478a9314 4dd54e45d55a8b49a5582027a812f2d2f055fb55c8f292d62c89236583822e9e 7899fb72d9a0f54ccad66599e198e2056e284e52545dfae28e4ef14f9fe1ea7f d9eb6f401544377511ca03f19442a4680feed39c971b6bcbec2ab341b4fb4645 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 440995269acba0c73184ea9e33a5aea774221db37c9ce5c94e52edc3a2131c97 d643588fd00e7cbb933a634a3a1636e4b789dd7bc22ecf4a83c80f133ab1a849 e55544cf6acb31b3505fa7f5d35714e420994905990ca1a4075631e58ac48e0a 7a0ee686ffc3d96323b54dc1bde8ce69860f9d2d1858de8c6b8e44153680a3af

Open Ports Detected

161

Map

Links to attack logs

Share on: