185.220.100.242 Threat Intelligence and Host Information

Share on:
Aug 01, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 185.220.100.242 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing, T1489 - Service Stop, T1498 - Network Denial of Service
  • Tags: Alaska, Brute Force, Bruteforce, DDoS, IPs Attacking Alaskan Hosts, Nextray, SSL VPN, Scanner, TCP ACK flood, TOR, VPN, Web Attack, Webattack, brute force, cowrie, cyber security, direct network flood, ioc, malicious, phishing, probing, public facing websites, scanning, service stop, smtp, ssh, tcp, webscan, webscanner bruteforce web app attack

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, cruzit_web_attacks, dm_tor, et_tor, greensnow, sblam, stopforumspam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, tor_exits

  • Known TOR node
  • Country: Germany
  • Network: AS205100 f3 netze e.v.
  • Noticed: 1 times
  • Protcols Attacked: mysql redis
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: servicepoint.duckdns.org tor-exit-15.zbau.f3netze.de besttest007.com thorgan.synology.me seed.nu.crypto-daio.co.uk

Malware Detected on Host

Count: 25 e079bc9f1a3f2fe5d5ec2500f15440b9d2d75f54541ae31ea172b6dc3d40b1c7 9fa849daeb517ae32becad02cc569a5cd5c96ff18f5e4b4266460ec4bd0d5fe6 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 af95d390d993e64c4d1d54940493b23248fea5331cb63c50ce8cd93ecc3ed72c 31e336d15f3414e6bae7056b612b3529b0af5c6656f93f9c3d51312a3ce8935c 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3 cd0ad6fdc471d308182702859fe453a3f0958042eb9ef46fe1ad212972fbc262 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 ab48ab8639f57f157279a6b3fa42e214e1c71467573b4e648010d83f2b7f1c78

Map

Whois Information

  • inetnum: 185.220.100.240 - 185.220.100.255
  • descr: Network for Tor-Exit traffic.
  • netname: TOR-EXIT
  • country: DE
  • admin-c: FN2977-RIPE
  • tech-c: FN2977-RIPE
  • status: ASSIGNED PA
  • mnt-by: F3NETZE
  • created: 2020-01-15T18:58:08Z
  • last-modified: 2021-03-22T21:10:04Z
  • org: ORG-FNE6-RIPE
  • organisation: ORG-FNE6-RIPE
  • org-name: F3 Netze e.V.
  • country: DE
  • org-type: OTHER
  • address: Am Hafen 6
  • address: 97437 Hassfurt
  • address: DE
  • abuse-c: AA32807-RIPE
  • mnt-ref: F3NETZE
  • mnt-ref: ZWIEBELFREUNDE
  • mnt-by: F3NETZE
  • created: 2017-11-06T17:07:57Z
  • last-modified: 2022-12-01T17:12:28Z
  • role: F3Netze NOC
  • address: F3 Netze e.V.
  • address: Am Hafen 6
  • address: 97437 Hassfurt
  • address: Germany
  • admin-c: TN3638-RIPE
  • admin-c: CR8822-RIPE
  • admin-c: FB15623-RIPE
  • admin-c: TK7920-RIPE
  • tech-c: TN3638-RIPE
  • tech-c: CR8822-RIPE
  • tech-c: FB15623-RIPE
  • tech-c: TK7920-RIPE
  • nic-hdl: FN2977-RIPE
  • mnt-by: F3NETZE
  • created: 2018-03-26T10:57:36Z
  • last-modified: 2019-10-04T14:16:13Z
  • route: 185.220.100.0/24
  • origin: AS205100
  • mnt-by: F3NETZE
  • created: 2018-02-18T18:17:41Z
  • last-modified: 2018-02-18T18:17:41Z

Links to attack logs

redis-bruteforce-ip-list-2021-08-19 vultrparis-redis-bruteforce-ip-list-2022-06-16 awsau-mysql-bruteforce-ip-list-2022-03-10 redis-bruteforce-ip-list-2021-12-03 nmap-scanning-list-2021-12-12 awsjap-redis-bruteforce-ip-list-2022-03-17 awsjap-redis-bruteforce-ip-list-2022-03-31 awsbah-mysql-bruteforce-ip-list-2022-05-13 nmap-scanning-list-2021-09-28 awsbah-redis-bruteforce-ip-list-2022-05-22