192.42.116.19 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 192.42.116.19 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

• Mitre ATT&CK IDs: T1046 - Network Service Scanning, T1110 - Brute Force, T1498 - Network Denial of Service

• Tags: abuseipdb, auto-generated security, brute force, Bruteforce, Brute-Force, cowrie, cve202229266, cyber security, DDoS, description, description ip, indicator, indicator type, ioc, malicious, Nextray, phishing, port 22, RTBH, scanners, sftp, ssh, SSH, tanner, tcp/22, tor, tor exit node, vultr

• Known tor exit node

• JARM: 2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: b3b0, blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, botscout, dm_tor, et_tor, haley_ssh, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, talosintel_ipfilter, tor_exits

• Known TOR node
• Country: Netherlands
• Network:
• Noticed: 50 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: block2.mmms.eu this-is-a-tor-exit-node-hviv119.hviv.nl

Malware Detected on Host

Count: 15 4ebe8a593ac1af9753c242cd0044562219bb9140275803f81ac4f8d0e891b0c5 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 72647c798b0b7b7026f3b34e3377d1da7c9d657984400829b2c37c0f7a2871c1 97ee5a55373b8ffbcccdbbe769ebd9493dbb21033a2011a22719e127803dda72 2b72ed6cd2e3197e2ce7639bb033fbd23d07687565dd406fa267717ca310b45c 5dca574173ec29eab508ab797c6af88456d9960cc56f42d7b86a06eae0cee317 fe111b6fff9830a29ba03ae1000b15ba4541127d708a8ad33c7e798029453322 860d97d305fcbfd03fd39a6784c3257fed4e463260a9a5455cfd72a1d166f074 ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147

Open Ports Detected

80

Map

Whois Information

• NetRange: 192.42.113.0 - 192.42.132.255
• CIDR: 192.42.116.0/22, 192.42.114.0/23, 192.42.128.0/22, 192.42.132.0/24, 192.42.113.0/24, 192.42.120.0/21
• NetName: RIPE-ERX-192-42-113-0
• NetHandle: NET-192-42-113-0-1
• Parent: NET192 (NET-192-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2005-02-28
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/192.42.113.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

forum-spam-ip-list-2023-03-22 anonymous-proxy-ip-list-2023-10-31 bruteforce-ip-list-2020-11-18 ****** digitaloceantoronto-ssh-bruteforce-ip-list-2024-03-05 aws-ssh-bruteforce-ip-list-2021-02-13 anonymous-proxy-ip-list-2023-11-01 bruteforce-ip-list-2021-01-21 bruteforce-ip-list-2021-03-12 bruteforce-ip-list-2021-05-30 vultrparis-ssh-bruteforce-ip-list-2022-11-26 bruteforce-ip-list-2021-03-13 vultrwarsaw-ssh-bruteforce-ip-list-2022-11-17 vultrparis-ssh-bruteforce-ip-list-2023-12-14 forum-spam-ip-list-2023-03-17 vultrparis-ssh-bruteforce-ip-list-2024-02-21 ****** dolondon-ssh-bruteforce-ip-list-2023-03-27 ****** digitaloceanfrankfurt-ssh-bruteforce-ip-list-2024-02-09 vultrwarsaw-ssh-bruteforce-ip-list-2023-08-27 bruteforce-ip-list-2024-06-23