192.81.213.192 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 192.81.213.192 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: brute force, Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, rdp, scanners, ssh, SSH, vultr, word

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Korea Republic of, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: speedpowershop.com docs2txt.com filestotext.com 192-81-213-192.ipv4.staticdns1.io dannydezign.com tylerboyd.ca

Malware Detected on Host

Count: 47 722afe101f5760650277f7b0eeb28f510a67de816389b31b68dd3da02ff5df18 831a27459bdc75a85ed954a4559875d5808d26011ff69e617c4328d5f285c3c0 fc1efaf0260b47a786676b46d193eefa2386ecebd7f25d99a1777c3158da0539 f7c2dab2da8b2f8de98501d844e76174b095515199f11ec9d37c53881ea51dd5 246cef866f19a13753a09e8bc3699b6167093dc166f99eb8fd128b4ede26297c 275cbfbe87a99950b484070dd2efb66b8a7166a9c94084f4ea1d9b467c727867 bb10f4092e31867dc85d423f17c9580de22b83eec2143b42c6415801708031b1 3fc3e64d715813e38d619c16df351b056cc9a7582ce07a0c1cb5d671bb0bc081 9abcd931096e6be29e438e984dd218e5c16d1d2dd6d499a3fd4c873938544adc 4d6e64a06cba83a1999f031077e926285735c9aade1eb48aaf2cdddf168b7a31

Open Ports Detected

80

Map

Whois Information

• NetRange: 192.81.208.0 - 192.81.223.255
• CIDR: 192.81.208.0/20
• NetName: DIGITALOCEAN-192-81-208-0
• NetHandle: NET-192-81-208-0-1
• Parent: NET192 (NET-192-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: DigitalOcean, LLC (DO-13)
• RegDate: 2013-01-17
• Updated: 2013-01-17
• Comment: Routing and Peering Policy can be found at https://www.as14061.net
• Comment:
• Ref: https://rdap.arin.net/registry/ip/192.81.208.0
• OrgName: DigitalOcean, LLC
• OrgId: DO-13
• Address: 105 Edgeview Drive, Suite 425
• City: Broomfield
• StateProv: CO
• PostalCode: 80021
• Country: US
• RegDate: 2012-05-14
• Updated: 2025-04-11
• Ref: https://rdap.arin.net/registry/entity/DO-13
• OrgNOCHandle: NOC32014-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-646-827-4366
• OrgNOCEmail: noc@digitalocean.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
• OrgAbuseHandle: DIGIT19-ARIN
• OrgAbuseName: DigitalOcean Abuse
• OrgAbusePhone: +1-646-827-4366
• OrgAbuseEmail: abuse@digitalocean.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/DIGIT19-ARIN
• OrgTechHandle: NOC32014-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-646-827-4366
• OrgTechEmail: noc@digitalocean.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN

Links to attack logs

****** vultrmadrid-ssh-bruteforce-ip-list-2023-07-17 vultrwarsaw-ssh-bruteforce-ip-list-2023-08-22 bruteforce-ip-list-2023-08-10 vultrmadrid-ssh-bruteforce-ip-list-2023-06-17 dosing-ssh-bruteforce-ip-list-2023-07-09 dofrank-ssh-bruteforce-ip-list-2023-07-22 ****** bruteforce-ip-list-2023-08-08 ****** dolondon-ssh-bruteforce-ip-list-2023-06-19