192.227.164.69 Threat Intelligence and Host Information

Share on:
Apr 20, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, cowrie, cyber security, ioc, malicious, phishing, ssh, tsec

  • View other sources: Spamhaus VirusTotal

  • Country: United States of America
  • Network: AS36352 colocrossing
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: totens.site totens.online es.badgorillas.com cloud.badgorillas.com lhc.badgorillas.com office.badgorillas.com christuncensored.com christunscripted.com mesh.badgorillas.com git.garrisontech.services archive.garrisontech.services www.badgorillas.com badgorillas.com uptime.garrisontech.services start.garrisontech.services chat.garrisontech.services jesuspeople.news gtsl.gq damascusrecovery.com jason.gracetechministries.org wrec.tk gracetech.services shop.garrisontech.services garrisontech.services jason.garrisontech.services

Open Ports Detected

2082 2083 2086 2087 21 25 3306 443 465 53 587 8888

CVEs Detected

CVE-2019-11048 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454

Map

Whois Information

  • NetRange: 192.227.128.0 - 192.227.255.255
  • CIDR: 192.227.128.0/17
  • NetName: CC-12
  • NetHandle: NET-192-227-128-0-1
  • Parent: NET192 (NET-192-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS36352
  • Organization: ColoCrossing (VGS-9)
  • RegDate: 2013-01-29
  • Updated: 2013-01-29
  • Ref: https://rdap.arin.net/registry/ip/192.227.128.0
  • OrgName: ColoCrossing
  • OrgId: VGS-9
  • Address: 325 Delaware Avenue
  • Address: Suite 300
  • City: Buffalo
  • StateProv: NY
  • PostalCode: 14202
  • Country: US
  • RegDate: 2005-06-20
  • Updated: 2019-10-17
  • Ref: https://rdap.arin.net/registry/entity/VGS-9
  • OrgAbuseHandle: ABUSE3246-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-800-518-9716
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN
  • OrgTechHandle: NETWO882-ARIN
  • OrgTechName: Network Operations
  • OrgTechPhone: +1-800-518-9716
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgNOCHandle: NETWO882-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-800-518-9716
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • NetRange: 192.227.164.64 - 192.227.164.95
  • CIDR: 192.227.164.64/27
  • NetName: CC-192-227-164-0-27
  • NetHandle: NET-192-227-164-64-1
  • Parent: CC-12 (NET-192-227-128-0-1)
  • NetType: Reassigned
  • OriginAS: AS36352
  • Customer: RackNerd LLC (C07662738)
  • RegDate: 2020-10-15
  • Updated: 2020-10-15
  • Ref: https://rdap.arin.net/registry/ip/192.227.164.64
  • CustName: RackNerd LLC
  • City: Upland
  • StateProv: CA
  • PostalCode: 91786
  • Country: US
  • RegDate: 2020-10-15
  • Updated: 2020-10-15
  • Ref: https://rdap.arin.net/registry/entity/C07662738
  • OrgAbuseHandle: ABUSE3246-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-800-518-9716
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN
  • OrgTechHandle: NETWO882-ARIN
  • OrgTechName: Network Operations
  • OrgTechPhone: +1-800-518-9716
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgNOCHandle: NETWO882-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-800-518-9716
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN

Links to attack logs

dofrank-ssh-bruteforce-ip-list-2023-01-17 dofrank-ssh-bruteforce-ip-list-2023-01-19 ** dotoronto-ssh-bruteforce-ip-list-2022-12-20 vultrwarsaw-ssh-bruteforce-ip-list-2022-12-29 bruteforce-ip-list-2022-12-14 dolondon-ssh-bruteforce-ip-list-2022-12-14