185.220.102.6 Threat Intelligence and Host Information

Sep 27, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 185.220.102.6 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1046 - Network Service Scanning

  • Tags: Bruteforce, Brute-Force, cowrie, cve202229266, cyber security, description, description ip, indicator, indicator type, initiator ip, ioc, ip monitor, malicious, Nextray, phishing, scanners, snort, ssh, SSH, tor, vultr

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: maxmind_proxy_fraud, snort_ipfilter, stopforumspam_180d, stopforumspam_365d, talosintel_ipfilter, tor_exits_30d

  • Known TOR node
  • Country: Germany
  • Network: AS60729 zwiebelfreunde e.v.
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: block2.mmms.eu zen.hldns.ru

Malware Detected on Host

Count: 11 b727f8080a2b9b842bd3f7569974f3ed44b2c0c9be5f1f078e718e156415dfe8 312411e40492712a936ee8208cfbdc1287dda85d6f5635de671764ae54737fb2 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 0824ce63c361616ff51da5dec25763aa14cf57b579416617e3b3390fe11c9ae1 8ca0392a421283b00404a015034e1618ed8ac18b0b48bd8a2614966546338411 2c21668a659c7824409f3a4897a40e3d772f17ecfd0a5ad1063ac8a86aeccd4f 3f4358f698b974114ba934d522b06786bef97a472903e780bad1510a1871ed14 d588e65fd7dfbe1665ecb002b0759754ef69aaf6c180d613552cc44fde8688a3 e70984fa4026943a09e626f0b34128ba02d1f86cd3edf1e1c8231a093de95a65 37f8666c16c1575b22ea2199f28488a5f11c381259024a7d660814763dc9d2c7

Map

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2022-07-16 digitaloceansingapore-ssh-bruteforce-ip-list-2024-01-10 aws-ssh-bruteforce-ip-list-2021-05-02 bruteforce-ip-list-2021-12-22 ****** bruteforce-ip-list-2021-05-10 vultrparis-ssh-bruteforce-ip-list-2024-01-03 bruteforce-ip-list-2021-04-29 bruteforce-ip-list-2020-06-24 digitaloceanlondon-ssh-bruteforce-ip-list-2023-12-27 ****** digitaloceanfrankfurt-ssh-bruteforce-ip-list-2024-01-20 ******

Share on: