185.220.101.208 Threat Intelligence and Host Information

May 17, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 185.220.101.208 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: auto-generated security, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh

  • JARM: 2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: dm_tor, et_tor, haley_ssh, stopforumspam_365d, tor_exits_30d

  • Country: Germany
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: serveur-nas1.synology.me

Malware Detected on Host

Count: 7 9548279b0e1a2b7daf4f46e6fea59fca91dacb23ec85d000b3de43eab9266f60 2e66d07f6dc0aaaa247802ba12be12fc5904b0a23d6118c76718c3f84125b871 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656 b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86 475f8b92d2ea4d632c33c7e61c407ff9efb793f29762cd072cceeef6d471a58d 8ca0392a421283b00404a015034e1618ed8ac18b0b48bd8a2614966546338411 df85653a9ba8890d8ba68235e25ed0c243ef2068c8fdab7a895d24cbb446f682

Open Ports Detected

123 8443

Map

Links to attack logs

****** bruteforce-files-list-2020-12-08 nmap-scanning-list-2021-01-25 ****** ******

Share on: