212.192.241.44 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 212.192.241.44 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1566 - Phishing, TA0011 - Command and Control

• Tags: botnets, c2 mirai, cyber security, Cyclops, cyclopsblink c, ddos, DDoS, domain, filehashmd5, gafgyt, Gamardeon, gamaredon, geopolitical conflict, ghostwriter, HermeticWiper, ioc, IsaacWiper, malicious, mirai, Nextray, PartyTicket, phishing, powershell, primitivebear, pterodo, quietsieve, ransomware, russia, Russia, sha256, ukraine, Ukraine, unc1151, WhisperGate

• View other sources: Spamhaus VirusTotal

• Country: Czechia
• Network:
• Noticed: 50 times
• Protocols Attacked: ntp
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Russian Federation, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: www.mwb-high.qhigh.com mwb-high.qhigh.com ftp.ardmbdd.fartit.com quota-upgrade.zzux.com docformupkiamb.zzux.com ftp.docformupkiamb.zzux.com dsmtp-za.dsmtp.com item-doc-uptwo.itemdb.com item-doc-up.itemdb.com www.grid-send.dubya.us grid-send.dubya.us ardmbdd.fartit.com www.ardmbdd.fartit.com www.xbaboyddser.zyns.com xbaboyddser.zyns.com www.alikodangok.xxuz.com alikodangok.xxuz.com www.dangogkokok.zzux.com dangogkokok.zzux.com sendgrid-file.dubya.us www.sendgrid-file.dubya.us mwb-online-dd.us sendrid-grid.duckdns.org www.sendrid-grid.duckdns.org www.otzo-luno.otzo.com otzo-luno.otzo.com www.wikaba-up.wikaba.com wikaba-up.wikaba.com www.myddns-up.myddns.com myddns-up.myddns.com www.zyns-up.zyns.com zyns-up.zyns.com doc-formup.vizvaz.com www.doc-formup.vizvaz.com server-form.serveusers.com www.server-form.serveusers.com quota-hostup.zzux.com www.quota-hostup.zzux.com dguaappnewserver.zzux.com www.dguaappnewserver.zzux.com 212-192-241-44.cprapid.com www.212-192-241-44.cprapid.com

Malware Detected on Host

Count: 41 22ff0f82bb376a74c941fd24b4479fa0af6b7073619035ff6f069e9f058232ca 0d28a2d8f1c96ebdd3842d9e2c337d4419cc8d9c9dc1b55162f156204d2493e8 317d770d46282ba9b76329e9df6269a32588360cbc2019dcbab1229e2c00d5a0 89832e686d28e0d0dcebdfa22e21396bc2e15b868a34ae90e8fa4997e9ad27cd e1f4a29c431b6b53921db01af88641cb124a00fdbf1a9aedc508e14197eb9730 315bf7c22154a6f3e6e5094fbdad2fef99634ff5914dd536390957b198eec2aa c21b2fe4199180689294329658607473682be4b8fca92581f6bc610013cfd87f f95e9c4952db43451b6b259d319540dd4991ad4705d487897d6ea77043ac638b e711e4a3c3e3743b226c1d43807b45abd8a5c54ef7646f5f587e3a11395a0ff9 86c51b6b6923f56e5aed948d5fdaced16340b42b26f867b6e3519d783db5fbc2

Map

Links to attack logs

awsau-ntp-bruteforce-ip-list-2021-12-11 ****** ****** awsbah-ntp-bruteforce-ip-list-2021-12-07 ntp-bruteforce-ip-list-2021-12-07 awsbah-ntp-bruteforce-ip-list-2021-12-11 ntp-bruteforce-ip-list-2021-12-11 awsau-ntp-bruteforce-ip-list-2021-12-09 ****** awsau-ntp-bruteforce-ip-list-2021-12-07 ntp-bruteforce-ip-list-2021-12-09 ****** awsbah-ntp-bruteforce-ip-list-2021-12-09