193.189.100.200 Threat Intelligence and Host Information

Jan 08, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 193.189.100.200 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1046 - Network Service Scanning

  • Tags: abuseipdb, auto-generated security, bot, cve202229266, cyber security, ddos, description, description ip, indicator, indicator type, ioc, malicious, Nextray, phishing, tor, tor exit node

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, dm_tor, et_tor, sblam, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Sweden
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: xxx.line.pm www.xxx.line.pm

Malware Detected on Host

Count: 32 e2111f8fab209e4fec0d4a9cc0b3405cf77dae7b16338b4b30cfc44e1a037af5 2a97239ffb9e60e92fc894e05769f5c079bad38ad8d1525043480f6e96b111d6 cb1257e06ecd7a1e1dd42c78c6d663ce10951f7b98f3926b2cab67781a5aa191 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 f65e0418fc2f01f3cae4ac0852a7dcee9d11885757d8fcfa898cce289a2ae022 397200e2d3246b6e673b1dec5f3a42e103651d25f8f0cef061cd4aececcbb1a7 8a92c1ef584729b381aa63d96c0d6ff26b85ff66fa8780983c09c6a938160c65 87898b0d6eef51e25ccf453c4b796bc41bd90ea4924337ac346e21dacc2f1c67 065f7d2c4cfbbc774d08b22926501898707d7f78a3e6d982b22408654289047f 95c868331a1fcb7a15e79a942e4b56c0edbbc946dff3cd6dfa4472470a7521c5

Open Ports Detected

123 161 443 444 5000 80 81

Map

Links to attack logs

****** nmap-scanning-list-2022-02-28 ****** ******

Share on: