62.102.148.68 Threat Intelligence and Host Information

Share on:

Jul 06, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 62.102.148.68 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
Tags: Brute-Force, Bruteforce, Nextray, RDP, SSH, TOR, bruteforce, cowrie, cyber security, ioc, malicious, phishing, probing, scanning, ssh, vnc, webscan, webscanner bruteforce web app attack
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: cruzit_web_attacks, haley_ssh, maxmind_proxy_fraud, snort_ipfilter, stopforumspam_180d, stopforumspam_365d, talosintel_ipfilter
Known TOR node
Country: Sweden
Network: AS51815 ip-only networks ab
Noticed: 1 times
Protcols Attacked: redis ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: block2.mmms.eu seed.nu.crypto-daio.co.uk 3.datadog.pool.ntp.org 0.datadog.pool.ntp.org assk2.torservers.net

Malware Detected on Host

Count: 10 26cd418aa265c089f1b57488dac8048ad2d19912855b4e328f030232173dac92 2212bdbab238e6b217595453110eef154f7963e396be1d8a08fce3d043516c0e 9af3235829e2039f3ca11f62928dbe85f4eb33e629a84e49db35fd27cdea3ef3 5a5759b6ce4ddfe7960aab9206864562d08b05e9f139b2f88df75d93ae4961e0 a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3 09e1373baddb229bd54a04bb0827fa943d13634b884768f01288fc09ee22b850 8ca0392a421283b00404a015034e1618ed8ac18b0b48bd8a2614966546338411 2a6f9762bdf59d98c8adb762c73e52961405363e0f7359f9df89ea9f2f8522c0 62b648749aafa11fddda727071363545530ea6614cca175ac963fc4849d5d604

Map

Whois Information

inetnum: 62.102.148.64 - 62.102.148.71
netname: KUSTBANDET-TOR-NETWORK
descr: TOR Network
country: SE
admin-c: MB22990-RIPE
tech-c: MB22990-RIPE
abuse-c: ZWFR1-RIPE
status: ASSIGNED PA
mnt-by: KUSTBANDET-MNT
created: 2015-10-30T20:29:40Z
last-modified: 2019-01-10T20:11:25Z
person: Jens Kubieziel
address: Zwiebelfreunde e.V.
address: c/o DID Dresdner Institut fuer Datenschutz
address: Palaisplatz 3
address: 01097 Dresden
address: Germany
phone: +49-351-21296018
fax-no: +49-8131-9044975
nic-hdl: MB22990-RIPE
mnt-by: ZWIEBELFREUNDE
created: 2011-02-11T04:11:32Z
last-modified: 2021-10-10T17:17:11Z
route: 62.102.148.0/23
descr: Kustbandet AB
origin: AS51815
mnt-by: TEKNIKBYRAN-MNT
created: 2011-05-12T22:44:39Z
last-modified: 2015-10-30T20:33:59Z

Links to attack logs