185.220.100.247 Threat Intelligence and Host Information

Share on:
Feb 23, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute Force, SSH, SSL VPN, TOR, Telnet, VPN, attack, badrequest, bruteforce, cowrie, login, nmap, port-scan, probing, scanner, scanning, ssh, vnc, webscan, webscanner, webscanner bruteforce web app attack
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, cruzit_web_attacks, cybercrime, dm_tor, et_tor, greensnow, haley_ssh, sblam, stopforumspam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, tor_exits

  • Known TOR node
  • Country: Germany
  • Network: AS205100 f3 netze e.v.
  • Noticed: 50 times
  • Protcols Attacked: mysql redis
  • Countries Attacked: Australia, Spain, United States of America
  • Passive DNS Results: tor-exit-8.zbau.f3netze.de

Malware Detected on Host

Count: 13 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 e7711425a3037a9b4a805b185c9096b2db65a523f07c8f908ab89d1da37370b7 7cf34eadb163afa46e8936bc8a37c38d51a646079d39897397ab6bd3fd527f9a 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 175947117e7dfbe4d0b437034d850cb8bb063038d1b1ab0219c56ddc6464b395 a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00 4fa3f2617f30ba961c5a8ba15364a6b9c70882bf4f405cc868ef734bfefeed91 4322f5477f23e04b4474091e6406c0aac5627e26d05fb5448e3fc5c28ff6dc14 1ea6e228b98c2b1d1fcd3e10c40119cec7ccdc63d256b29ad81800d5b61ba1d1 010321a94d616733d0564ec1584682a1b359315565db281c008be1f31624be0e

Open Ports Detected

22 9000 9001

Map

Whois Information

  • inetnum: 185.220.100.240 - 185.220.100.255
  • descr: Network for Tor-Exit traffic.
  • netname: TOR-EXIT
  • country: DE
  • admin-c: FN2977-RIPE
  • tech-c: FN2977-RIPE
  • status: ASSIGNED PA
  • mnt-by: F3NETZE
  • created: 2020-01-15T18:58:08Z
  • last-modified: 2021-03-22T21:10:04Z
  • org: ORG-FNE6-RIPE
  • organisation: ORG-FNE6-RIPE
  • org-name: F3 Netze e.V.
  • country: DE
  • org-type: OTHER
  • address: Am Hafen 6
  • address: 97437 Hassfurt
  • address: DE
  • abuse-c: AA32807-RIPE
  • mnt-ref: F3NETZE
  • mnt-ref: ZWIEBELFREUNDE
  • mnt-by: F3NETZE
  • created: 2017-11-06T17:07:57Z
  • last-modified: 2022-12-01T17:12:28Z
  • role: F3Netze NOC
  • address: F3 Netze e.V.
  • address: Am Hafen 6
  • address: 97437 Hassfurt
  • address: Germany
  • admin-c: TN3638-RIPE
  • admin-c: CR8822-RIPE
  • admin-c: FB15623-RIPE
  • admin-c: TK7920-RIPE
  • tech-c: TN3638-RIPE
  • tech-c: CR8822-RIPE
  • tech-c: FB15623-RIPE
  • tech-c: TK7920-RIPE
  • nic-hdl: FN2977-RIPE
  • mnt-by: F3NETZE
  • created: 2018-03-26T10:57:36Z
  • last-modified: 2019-10-04T14:16:13Z
  • route: 185.220.100.0/24
  • origin: AS205100
  • mnt-by: F3NETZE
  • created: 2018-02-18T18:17:41Z
  • last-modified: 2018-02-18T18:17:41Z

Links to attack logs

nmap-scanning-list-2022-03-03 nmap-scanning-list-2022-07-03 nmap-scanning-list-2021-10-01 vultrparis-redis-bruteforce-ip-list-2021-12-26 awsau-mysql-bruteforce-ip-list-2022-03-10 nmap-scanning-list-2021-09-28