192.42.116.19 Threat Intelligence and Host Information

Share on:
May 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 192.42.116.19 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, TOR, Telnet, VPN, attack, badrequest, bruteforce, cyber security, digital ocean, ioc, login, malicious, phishing, probing, scanner, scanners, ssh, webscan, webscanner
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, dm_tor, et_tor, greensnow, haley_ssh, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, talosintel_ipfilter, tor_exits

  • Known TOR node
  • Country: Netherlands
  • Network: AS1101 surfnet bv
  • Noticed: 50 times
  • Protcols Attacked: spam ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: block2.mmms.eu this-is-a-tor-exit-node-hviv119.hviv.nl

Malware Detected on Host

Count: 16 4ebe8a593ac1af9753c242cd0044562219bb9140275803f81ac4f8d0e891b0c5 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3 72647c798b0b7b7026f3b34e3377d1da7c9d657984400829b2c37c0f7a2871c1 97ee5a55373b8ffbcccdbbe769ebd9493dbb21033a2011a22719e127803dda72 2b72ed6cd2e3197e2ce7639bb033fbd23d07687565dd406fa267717ca310b45c 5dca574173ec29eab508ab797c6af88456d9960cc56f42d7b86a06eae0cee317 fe111b6fff9830a29ba03ae1000b15ba4541127d708a8ad33c7e798029453322 860d97d305fcbfd03fd39a6784c3257fed4e463260a9a5455cfd72a1d166f074 ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147

Open Ports Detected

443 80

Map

Whois Information

  • NetRange: 192.42.113.0 - 192.42.132.255
  • CIDR: 192.42.132.0/24, 192.42.113.0/24, 192.42.128.0/22, 192.42.114.0/23, 192.42.120.0/21, 192.42.116.0/22
  • NetName: RIPE-ERX-192-42-113-0
  • NetHandle: NET-192-42-113-0-1
  • Parent: NET192 (NET-192-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2005-02-28
  • Updated: 2005-02-28
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/192.42.113.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • inetnum: 192.42.116.0 - 192.42.116.31
  • netname: TOR-EXIT-HVIV
  • descr: https://www.hartvoorinternetvrijheid.nl/eng.html
  • descr: Amsterdam
  • country: NL
  • org: ORG-HVI2-RIPE
  • admin-c: HVI34-RIPE
  • tech-c: HVI34-RIPE
  • status: LEGACY
  • mnt-by: AS1101-MNT
  • created: 2017-11-02T13:21:00Z
  • last-modified: 2017-11-02T13:21:00Z
  • organisation: ORG-HVI2-RIPE
  • org-name: Hart voor Internetvrijheid
  • org-type: OTHER
  • address: Haarlemmer Houttuinen 63-3
  • address: 1013 GM Amsterdam
  • abuse-c: HVI34-RIPE
  • mnt-ref: NOTSURFNET-MNT
  • mnt-by: AS1101-MNT
  • mnt-by: NOTSURFNET-MNT
  • created: 2017-11-02T13:10:57Z
  • last-modified: 2017-11-02T13:34:15Z
  • role: Hart voor Internetvrijheid (Abuse)
  • address: Haarlemmer Houttuinen 63-3
  • address: 1013 GM Amsterdam
  • abuse-mailbox: [email protected]
  • nic-hdl: HVI34-RIPE
  • mnt-by: AS1101-MNT
  • mnt-by: NOTSURFNET-MNT
  • created: 2017-11-02T13:14:14Z
  • last-modified: 2017-11-02T13:33:13Z
  • route: 192.42.116.0/22
  • descr: IP-EEND-IP
  • origin: AS1101
  • mnt-by: AS1103-MNT
  • created: 2007-12-19T21:20:53Z
  • last-modified: 2007-12-19T21:20:53Z

Links to attack logs

forum-spam-ip-list-2023-03-22 bruteforce-ip-list-2020-11-18 aws-ssh-bruteforce-ip-list-2021-02-13 bruteforce-ip-list-2021-01-21 vultrparis-ssh-bruteforce-ip-list-2022-11-26 bruteforce-ip-list-2021-03-12 bruteforce-ip-list-2021-05-30 bruteforce-ip-list-2021-03-13 forum-spam-ip-list-2023-03-17 vultrwarsaw-ssh-bruteforce-ip-list-2022-11-17 dolondon-ssh-bruteforce-ip-list-2023-03-27