185.220.102.4 Threat Intelligence and Host Information

Share on:
Apr 20, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, Scanner, TOR, Telnet, VPN, Webattack, anna paula, associated, attack, badrequest, bruteforce, currc3adculo, cyber security, from email, headers, ioc, kfsensor, login, malicious, malspam email, msi file, phishing, probing, rdp, scanner, scanning, smtp, ssh, tcp, tuesday, utf8, webscan, webscanner, webscanner bruteforce web app attack, zip archive
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, cruzit_web_attacks, dm_tor, et_tor, greensnow, haley_ssh, maxmind_proxy_fraud, stopforumspam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, talosintel_ipfilter, tor_exits, tor_exits_1d, tor_exits_30d, tor_exits_7d

  • Known TOR node
  • Country: Germany
  • Network: AS60729 zwiebelfreunde e.v.
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: maillet-vdsm.synology.me

Malware Detected on Host

Count: 22 7c630541714c8672b2114897ef028e6a7d34a2ee9b7687f1b5043187a082870b c559045e3e12b021b754d51598a4ad826d9ccbe10f361b46ff9ae14a75d2013b b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 ec43e150012d049bbdf9a552c9a466482c628db8b981064584998a97d2662914 d643588fd00e7cbb933a634a3a1636e4b789dd7bc22ecf4a83c80f133ab1a849 e746ba510b706bc06b084ce84d6cd7e417137efde85bf12e421fdf21fd677943 e7711425a3037a9b4a805b185c9096b2db65a523f07c8f908ab89d1da37370b7 ce11997dc64e5db0dc62219e25dc06c4209ba388589112d24973e5fc22ae48ee 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca

Map

Whois Information

  • inetnum: 185.220.102.0 - 185.220.102.31
  • descr: Zwiebelfreunde e.V.
  • netname: ZWIEBELFREUNDE
  • country: DE
  • org: ORG-ZE9-RIPE
  • admin-c: MB22990-RIPE
  • tech-c: MB22990-RIPE
  • status: ASSIGNED PA
  • mnt-by: de-zwf-1-mnt
  • mnt-by: ZWIEBELFREUNDE
  • created: 2018-08-25T15:37:55Z
  • last-modified: 2018-08-25T15:37:55Z
  • organisation: ORG-ZE9-RIPE
  • org-name: Zwiebelfreunde e.V.
  • org-type: OTHER
  • address: c/o DID Dresdner Institut fuer Datenschutz
  • address: Palaisplatz 3
  • address: 01097 Dresden
  • address: GERMANY
  • abuse-c: AR18597-RIPE
  • mnt-ref: ZWIEBELFREUNDE
  • mnt-by: ZWIEBELFREUNDE
  • created: 2013-05-21T12:32:47Z
  • last-modified: 2019-09-12T15:27:10Z
  • person: Jens Kubieziel
  • address: Zwiebelfreunde e.V.
  • address: c/o DID Dresdner Institut fuer Datenschutz
  • address: Palaisplatz 3
  • address: 01097 Dresden
  • address: Germany
  • phone: +49-351-21296018
  • fax-no: +49-8131-9044975
  • nic-hdl: MB22990-RIPE
  • mnt-by: ZWIEBELFREUNDE
  • created: 2011-02-11T04:11:32Z
  • last-modified: 2021-10-10T17:17:11Z
  • route: 185.220.102.0/24
  • origin: AS60729
  • mnt-by: de-zwf-1-mnt
  • created: 2017-09-17T04:04:03Z
  • last-modified: 2018-05-15T08:28:07Z

Links to attack logs

bruteforce-ip-list-2021-05-09 aws-ssh-bruteforce-ip-list-2021-06-11 vultrwarsaw-ssh-bruteforce-ip-list-2022-11-16 aws-ssh-bruteforce-ip-list-2021-05-11 bruteforce-ip-list-2021-02-06 bruteforce-ip-list-2020-07-16 aws-ssh-bruteforce-ip-list-2021-06-15 bruteforce-ip-list-2020-07-03 bruteforce-ip-list-2020-07-05 bruteforce-ip-list-2020-06-12 bruteforce-ip-list-2021-02-11