185.149.120.19 Threat Intelligence and Host Information

Share on:
Apr 20, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1055 - Process Injection, T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing, T1496 - Resource Hijacking
  • Tags: Brute-Force, Bruteforce, Crypto, Crypto Scams, MageCart, Nextray, OSINT, SSH, Skimmer, T1119, T1134, T1555, anydesk, aurora, back, bitcoin, cowrie, crypto, cyber security, ddosguard, digital ocean, eric brandel, google, groupib, ioc, ip address, javascript, magecart, malicious, mr.SNIFFA, obs, phishing, robin banks, saylor, scanners, silentpush, ssh, ukraine, ursnif, vidar, vultr

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS57724 ddos guard ltd
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.giftbasket8.shop riorollershop.co.uk www.riorollershop.co.uk www.1stforplanthire.com ftp.boots-klinik.com ftp.dobrydesign.net juteseil-shop.de www.juteseil-shop.de ns1.sbsteelbuilding.co.uk ns1.giftbasket20.shop ftp.riorollershop.co.uk giftbasket8.shop giftbasket9.shop giftbasket10.shop ftp.seileshop-online.de ftp.ecocombustioni.com ftp.serverdomaindns.net www.giftbasket20.shop giftbasket20.shop www.giftbasket19.shop giftbasket19.shop www.giftbasket16.shop giftbasket16.shop giftbasket18.shop www.giftbasket14.shop www.giftbasket18.shop giftbasket14.shop www.giftbasket17.shop giftbasket17.shop www.giftbasket15.shop giftbasket15.shop www.giftbasket13.shop giftbasket13.shop giftbasket12.shop www.giftbasket12.shop giftbasket11.shop www.giftbasket11.shop www.giftbasket7.shop giftbasket7.shop www.giftbasket6.shop giftbasket6.shop www.giftbasket5.shop giftbasket5.shop www.giftbasket3.shop giftbasket3.shop www.giftbasket4.shop giftbasket4.shop giftbasket2.shop www.giftbasket2.shop www.giftbasket1.shop giftbasket1.shop masilli.co.uk www.masilli.co.uk iwbwhiteboardtraining.co.uk www.iwbwhiteboardtraining.co.uk www.taxinf.de taxinf.de www.harbordsolicitors.de harbordsolicitors.de ns1.arsanticaglia.it ftp.arsanticaglia.it dobrydesign.net ns1.taxinf.com ftp.taxinf.com 1stforplanthire.com ns1.harbordsolicitors.com www.lido.global lido.global www.dobrydesign.net harbordsolicitors.com www.harbordsolicitors.com www.taxinf.com taxinf.com www.seileshop-online.de seileshop-online.de www.ecocombustioni.com www.sbsteelbuilding.co.uk sbsteelbuilding.co.uk proskate.org autotransfo.com www.autotransfo.com www.boots-klinik.com boots-klinik.com www.arsanticaglia.it arsanticaglia.it www.proskate.org www.trilloteam.com trilloteam.com ftp.bath-works.de ns1.bath-works.de bath-works.de www.bath-works.de ecocombustioni.com ns2.serverdomaindns.net www.santandfriends.co.uk santandfriends.co.uk www.iwbtrain.com iwbtrain.com serverdomaindns.net www.serverdomaindns.net www.fervent-galileo.185-149-120-19.plesk.page fervent-galileo.185-149-120-19.plesk.page ether23.io 2023musk.com 2bitcoins.org 2bitcoins.net newtesla.io musk23.com ceotesla.io ether23.org ether23.com ether23.net richtesla.net teslagifts.io saylorx2.org eloneth.io musketh.io sayloreth.org x2saylor.io saylorget.org saylorbtc.org saylorx2.io nowtesla.net 2xsaylor.io mspro.io chivo-200.com msget.io msusd.io teslausd.pro eth2x.pro chivo200.com chivo100.com msus.io teslausdt.pro teslagive.io ark2022.pro saylor.su twitter22.io chivowallet.pro tesla2x.io saylor2x.io msget.pro 7089547bf58b4542785a940f94af.l2-ip.com

Open Ports Detected

106 110 143 21 22 25 443 465 53 80 8443 8880 993

Map

Whois Information

  • inetnum: 185.149.120.0 - 185.149.120.254
  • netname: RU-DDOSGUARD-20220527
  • country: RU
  • org: ORG-DL380-RIPE
  • admin-c: DA8697-RIPE
  • tech-c: DA8697-RIPE
  • status: ASSIGNED PA
  • mnt-by: IP-RIPE
  • created: 2022-05-27T16:40:35Z
  • last-modified: 2022-05-27T16:40:39Z
  • organisation: ORG-DL380-RIPE
  • org-name: DDOS-GUARD LLC
  • org-type: OTHER
  • address: ul. Maksima Gorkogo, d. 276, et. 5, of. 11
  • address: 344019 Rostov-on-Don
  • address: Russia
  • abuse-c: AR34495-RIPE
  • mnt-ref: IP-RIPE
  • mnt-by: IP-RIPE
  • created: 2019-09-26T12:15:08Z
  • last-modified: 2019-11-29T11:53:30Z
  • role: DDOS-GUARD
  • address: ul. Maksima Gorkogo, d. 276, et. 5, of. 11
  • address: 344019 Rostov-on-Don
  • address: Russia
  • phone: +7 495 2150387
  • nic-hdl: DA8697-RIPE
  • mnt-by: IP-RIPE
  • created: 2019-09-26T12:15:09Z
  • last-modified: 2021-11-18T11:17:10Z
  • route: 185.149.120.0/24
  • origin: AS57724
  • mnt-by: IP-RIPE
  • created: 2022-05-30T08:39:48Z
  • last-modified: 2022-05-30T08:40:08Z

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2022-08-09 bruteforce-ip-list-2022-09-01 dotoronto-ssh-bruteforce-ip-list-2022-09-02 vultrwarsaw-ssh-bruteforce-ip-list-2022-09-05 dotoronto-ssh-bruteforce-ip-list-2022-08-18 dofrank-ssh-bruteforce-ip-list-2022-08-30 dotoronto-ssh-bruteforce-ip-list-2022-09-01 vultrparis-ssh-bruteforce-ip-list-2022-09-06 vultrparis-ssh-bruteforce-ip-list-2022-08-26 vultrmadrid-ssh-bruteforce-ip-list-2022-09-02