192.42.116.27 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 192.42.116.27 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Known tor exit node

• JARM: 2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, dm_tor, et_tor, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, talosintel_ipfilter, tor_exits

• Known TOR node
• Country: Netherlands
• Network:
• Noticed: times
• Protocols Attacked: ssh
• Passive DNS Results: this-is-a-tor-exit-node-hviv127.hviv.nl 192.42.116.27 sonjamont.hldns.ru

Malware Detected on Host

Count: 20 dfc41ce030340214dfb943f97574b23d44728460586c139e7873732fcd44c1af b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 2ce399a329b20c97bec49d1ecd1315aca646c5a0dd95e4b9bbffc9b52a9a528d a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 815276a2536b6db641b2decab624a80b421c33268ca51dfb8f7494ff36b018c6 f45ac7a9fe37b0d18bb9301efb87b7e949096c3f719a4483c5a10586a59b684c 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca f2d2ac74db5bbbb4afb1818bf345019c15a5688b574e53c5f93aa41b1df353c4 fe111b6fff9830a29ba03ae1000b15ba4541127d708a8ad33c7e798029453322

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 192.42.113.0 - 192.42.132.255
• CIDR: 192.42.116.0/22, 192.42.113.0/24, 192.42.132.0/24, 192.42.114.0/23, 192.42.120.0/21, 192.42.128.0/22
• NetName: RIPE-ERX-192-42-113-0
• NetHandle: NET-192-42-113-0-1
• Parent: NET192 (NET-192-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2005-02-28
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/192.42.113.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN

Links to attack logs

digitaloceansingapore-ssh-bruteforce-ip-list-2024-03-05 vultrparis-ssh-bruteforce-ip-list-2022-07-16 ****** vultrparis-ssh-bruteforce-ip-list-2024-01-03 bruteforce-ip-list-2021-02-18 bruteforce-ip-list-2021-03-21 vultrmadrid-ssh-bruteforce-ip-list-2023-04-03 ****** digitaloceansingapore-ssh-bruteforce-ip-list-2024-02-27 ******