192.42.116.22 Threat Intelligence and Host Information

Share on:
May 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 192.42.116.22 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Tags: Brute-Force, Bruteforce, Nextray, SSH, TOR, Telnet, VPN, attack, bruteforce, cyber security, ioc, login, malicious, phishing, probing, scanner, scanning, webscan, webscanner bruteforce web app attack
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, dm_tor, et_tor, haley_ssh, sblam, snort_ipfilter, stopforumspam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, talosintel_ipfilter, tor_exits, tor_exits_1d, tor_exits_30d, tor_exits_7d

  • Known TOR node
  • Country: Netherlands
  • Network: AS1101 surfnet bv
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: block2.mmms.eu this-is-a-tor-exit-node-hviv122.hviv.nl

Malware Detected on Host

Count: 12 bf3f7652bf2961a964e3d5877ba43325c681a544cad0227f34160d98150333b5 4e4d9398d9feb4fd2159c99093bf3064e174e0b7710eef0fbcc2eda1916f4cb3 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 da94ae6648d6b0b7a9d7290f0a7336005f6521856f0ddfa39ad6aad7d27a1fd7 82b59a8c2725ac416872576e1e63aaf78618ae273314a5d5228d808a9584e806 857df9f995f743358d9379eb9d8ef7848e7969ecc13394600eadbf973076d664 07d282ffd86548dcf0c1bb4aa84fcf1011a8cdee06fdeda359922941a88cbc2f 7c0a7cc831b11c575f62cb322d52b16793e4c1b26ff1d1172a6ebb907e9f07a7 ccc4e0e751bc7c1f0cf1ec46bcc6b627adb93f6d4428b87401097b090135a147 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656

Open Ports Detected

443 80

Map

Whois Information

  • NetRange: 192.42.113.0 - 192.42.132.255
  • CIDR: 192.42.116.0/22, 192.42.120.0/21, 192.42.132.0/24, 192.42.113.0/24, 192.42.114.0/23, 192.42.128.0/22
  • NetName: RIPE-ERX-192-42-113-0
  • NetHandle: NET-192-42-113-0-1
  • Parent: NET192 (NET-192-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2005-02-28
  • Updated: 2005-02-28
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/192.42.113.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • inetnum: 192.42.116.0 - 192.42.116.31
  • netname: TOR-EXIT-HVIV
  • descr: https://www.hartvoorinternetvrijheid.nl/eng.html
  • descr: Amsterdam
  • country: NL
  • org: ORG-HVI2-RIPE
  • admin-c: HVI34-RIPE
  • tech-c: HVI34-RIPE
  • status: LEGACY
  • mnt-by: AS1101-MNT
  • created: 2017-11-02T13:21:00Z
  • last-modified: 2017-11-02T13:21:00Z
  • organisation: ORG-HVI2-RIPE
  • org-name: Hart voor Internetvrijheid
  • org-type: OTHER
  • address: Haarlemmer Houttuinen 63-3
  • address: 1013 GM Amsterdam
  • abuse-c: HVI34-RIPE
  • mnt-ref: NOTSURFNET-MNT
  • mnt-by: AS1101-MNT
  • mnt-by: NOTSURFNET-MNT
  • created: 2017-11-02T13:10:57Z
  • last-modified: 2017-11-02T13:34:15Z
  • role: Hart voor Internetvrijheid (Abuse)
  • address: Haarlemmer Houttuinen 63-3
  • address: 1013 GM Amsterdam
  • abuse-mailbox: [email protected]
  • nic-hdl: HVI34-RIPE
  • mnt-by: AS1101-MNT
  • mnt-by: NOTSURFNET-MNT
  • created: 2017-11-02T13:14:14Z
  • last-modified: 2017-11-02T13:33:13Z
  • route: 192.42.116.0/22
  • descr: IP-EEND-IP
  • origin: AS1101
  • mnt-by: AS1103-MNT
  • created: 2007-12-19T21:20:53Z
  • last-modified: 2007-12-19T21:20:53Z

Links to attack logs

dosing-ssh-bruteforce-ip-list-2022-11-12 aws-ssh-bruteforce-ip-list-2021-02-28 bruteforce-ip-list-2021-04-29 aws-ssh-bruteforce-ip-list-2021-06-04 bruteforce-ip-list-2021-02-06 bruteforce-ip-list-2021-06-09 aws-ssh-bruteforce-ip-list-2021-03-06 bruteforce-ip-list-2020-08-28 vultrwarsaw-ssh-bruteforce-ip-list-2022-11-30