199.249.230.123 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 199.249.230.123 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Tags: cve202229266, cyber security, description, description ip, indicator, indicator type, ioc, malicious, Nextray, phishing, Scanner, scanning, smtp, ssh, tcp, tor, TOR, VPN, Webattack

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, cruzit_web_attacks, dm_tor, et_tor, maxmind_proxy_fraud, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits

• Known TOR node
• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: tor9.quintex.com block2.mmms.eu

Malware Detected on Host

Count: 38 e2111f8fab209e4fec0d4a9cc0b3405cf77dae7b16338b4b30cfc44e1a037af5 382c2b5fd8674045c52333b9fa043866d7a615c2104cb8e4645f6574540677f9 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 c5d1d39816dfe86b55f47fead28b528afefc031f417098ad2f5102d1633086fd a11c9f3565f6ed0bad1e1de37783a3c1295bca8eff42bc906ccc6e6796377680 2df8cdb023d8d8403119282901aa29ec45472a26464f26013ac813d65d8d51c8 61bb82a39acb95130097f977e53819058e25371115100badbbe0c3405484da27 04ef545913284b63fe59beb6fa37bfaa720a99044870553a747206466a7ca003 9e5f3bf3254c336bb5a298ba4c3148d577e9757081571f12982a01c9e0e709d9 412f84c6fd89106b3ac9bb6f5a71d1ece55c5982d862261d6f79567918cac7fc

Map

Whois Information

• NetRange: 199.249.230.0 - 199.249.230.255
• CIDR: 199.249.230.0/24
• NetName: TUCDC
• NetHandle: NET-199-249-230-0-1
• Parent: NET199 (NET-199-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: TRANS UNION OF CANADA, INC. (TUCDC)
• RegDate: 2024-06-07
• Updated: 2024-06-07
• Ref: https://rdap.arin.net/registry/ip/199.249.230.0
• OrgName: TRANS UNION OF CANADA, INC.
• OrgId: TUCDC
• Address: 3115 Harvester Rd., Suite 201
• City: Burlington
• StateProv: ON
• PostalCode: L7N 3N8
• Country: CA
• RegDate: 1995-09-20
• Updated: 2024-06-19
• Ref: https://rdap.arin.net/registry/entity/TUCDC
• OrgTechHandle: TRASM3-ARIN
• OrgTechName: trasmundi, lino
• OrgTechPhone: +1-905-520-4870
• OrgTechEmail: ltrasmu@transunion.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TRASM3-ARIN
• OrgAbuseHandle: GRANT238-ARIN
• OrgAbuseName: Grantham, Scott
• OrgAbusePhone: +1-905-340-1355
• OrgAbuseEmail: scott.grantham@transunion.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/GRANT238-ARIN
• OrgTechHandle: GRANT238-ARIN
• OrgTechName: Grantham, Scott
• OrgTechPhone: +1-905-340-1355
• OrgTechEmail: scott.grantham@transunion.com
• OrgTechRef: https://rdap.arin.net/registry/entity/GRANT238-ARIN

Links to attack logs

****** ****** ******