213.230.65.20 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 213.230.65.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 55/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Uzbekistan
  • Network: AS8193 uzbektelekom joint stock company
  • Noticed: 41 times
  • Protocols Attacked: SSH
  • Countries Attacked: Belgium, China, India, Italy, Korea Republic of, Singapore, Taiwan, Thailand, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 443, 80, 8181, 8888
  • Tor Node: No

Tags

  • attack
  • babuk
  • bianlian
  • blackcat
  • Blacklist
  • cowrie
  • credential stuff
  • dark
  • dark web
  • december
  • DNSBL
  • egregor
  • hunter
  • italian mario
  • july
  • june
  • lockbit
  • mario
  • mega
  • megacortex
  • noescape
  • password spray
  • paulsan
  • ransomhouse
  • resecurity
  • samsam
  • SPAM
  • ssh
  • white rabbit

MITRE ATT&CK TTPs

  • T1046 - Network Service Scanning
  • T1078 - Valid Accounts
  • T1083 - File and Directory Discovery
  • T1090 - Proxy
  • T1098.004 - SSH Authorized Keys
  • T1105 - Ingress Tool Transfer
  • T1110.001 - Password Guessing
  • T1110.003 - Password Spraying
  • T1110.004 - Credential Stuffing
  • T1110 - Brute Force
  • T1566 - Phishing
  • T1583.005 - Botnet

Attack Log References

Whois Information

inetnum: 213.230.65.0 - 213.230.65.255 netname: UZTELECOM-STATIC-CUSTOMERS country: UZ admin-c: ROJ1-RIPE tech-c: ROJ1-RIPE abuse-c: ROJ1-RIPE status: ASSIGNED PA mnt-by: AS8193-MNT created: 2018-10-09T09:47:07Z last-modified: 2018-10-09T09:47:12Z role: Role of Uzbektelecom JSC address: Alisher Navoi Avenue, 28A, Shaykhontohur District address: Tashkent, Uzbekistan org: ORG-JC7-RIPE org: ORG-UNCN1-RIPE nic-hdl: ROJ1-RIPE admin-c: BM2509-RIPE tech-c: BS10923-RIPE tech-c: SHI1990-RIPE abuse-mailbox: ripe@bkm.uz mnt-by: AS8193-MNT mnt-by: UZTELECOM-MNT created: 2018-10-09T04:28:53Z last-modified: 2021-05-26T05:11:22Z route: 213.230.65.0/24 descr: Uzbektelecom JSC org: ORG-UNCN1-RIPE origin: AS8193 mnt-by: AS8193-MNT created: 2018-10-09T08:14:38Z last-modified: 2018-10-10T10:10:39Z organisation: ORG-UNCN1-RIPE org-name: "Uzbektelekom" Joint Stock Company country: UZ org-type: LIR address: ALISHER NAVOI AVENUE, 28A address: 100011 address: TASHKENT address: UZBEKISTAN phone: +998712448042 phone: +998712146129 fax-no: +998712443443 admin-c: ROJ1-RIPE tech-c: ROJ1-RIPE abuse-c: ROJ1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: AS8193-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: AS8193-MNT created: 2004-04-17T12:24:40Z last-modified: 2022-09-20T13:11:54Z