77.68.13.61 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 77.68.13.61 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
  • Tags: Bruteforce, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh

  • JARM: 29d29d15d29d29d21c42d42d000000b7cc5a312b95f81625a914b21964a66e

  • View other sources: Spamhaus VirusTotal

  • Country: United Kingdom
  • Network: AS8560 1&1 ionos se
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.cron.noon.studio cron.noon.studio api.noon.studio www.api.noon.studio www.allergen.testing-noon.studio allergen.testing-noon.studio www.ateb.email-builder.co.uk xenodochial-rubin.77-68-13-61.plesk.page www.xenodochial-rubin.77-68-13-61.plesk.page www.storage.noon.studio storage.noon.studio sandbox.virtualreading.co.uk www.tmi-a.email-builder.co.uk tmi-a.email-builder.co.uk www.tmi.email-builder.co.uk staging.virtualreading.co.uk www.staging.virtualreading.co.uk vod.testing-noon.studio www.inno.testing-noon.studio inno.testing-noon.studio new-idea.testing-noon.studio nottingham.testing-noon.studio www.funtastickids.testing-noon.studio webrtcapp.testing-noon.studio corporatetreasury.testing-noon.studio www.corporatetreasury.testing-noon.studio drupal.testing-noon.studio www.drupal.testing-noon.studio staging.noon.studio www.staging.noon.studio ug231.testing-noon.studio www.ug231.testing-noon.studio confluence.testing-noon.studio www.confluence.testing-noon.studio www.ug23.testing-noon.studio ug23.testing-noon.studio ca3aba3.online-server.cloud biome.testing-noon.studio www.biome.testing-noon.studio www.plausible.testing-noon.studio plausible.testing-noon.studio tomorrow.testing-noon.studio www.indiapgt.testing-noon.studio indiapgt.testing-noon.studio www.matt.email-builder.co.uk matt.email-builder.co.uk virtual-openday.co.uk www.wp.virtual-openday.co.uk wp.virtual-openday.co.uk www.care.testing-noon.studio care.testing-noon.studio sayanghouse.testing-noon.studio sportspark.testing-noon.studio www.sportspark.testing-noon.studio www.sayang.testing-noon.studio sayang.testing-noon.studio www.football.testing-noon.studio ug21.testing-noon.studio www.sellyourprestigecar.testing-noon.studio sellyourprestigecar.testing-noon.studio playground.testing-noon.studio www.node.testing-noon.studio node.testing-noon.studio www.wellbeing.testing-noon.studio wellbeing.testing-noon.studio www.alpha.virtual-openday.co.uk alpha.virtual-openday.co.uk www.headlesswp.testing-noon.studio headlesswp.testing-noon.studio football.testing-noon.studio masters.virtual-openday.co.uk treasury40.testing-noon.studio first-iteration.virtual-openday.co.uk october.virtual-openday.co.uk www.virtual.testing-noon.studio www.testing-noon.studio testing-noon.studio carrie.testing-noon.studio drew.testing-noon.studio www.experience.virtual-openday.co.uk experience.virtual-openday.co.uk eact-summit.testing-noon.studio clearing.testing-noon.studio www.clearing.testing-noon.studio academy.testing-noon.studio ateb.email-builder.co.uk bnpp.testing-noon.studio www.bnpp.testing-noon.studio virtual.inherent.design www.virtual.inherent.design flowrelaxyoga.testing-noon.studio paypal.testing-noon.studio noon.testing-noon.studio virtual.testing-noon.studio eact.email-builder.co.uk www.eact.email-builder.co.uk reading.testing-noon.studio mrpc.inherent.design tfp.testing-noon.studio mrpc.testing-noon.studio www.merl-email.co.uk jarballs.com www.jarballs.com hospitality-v2.testing-noon.studio www.tfp.testing-noon.studio treasury-4-0.testing-noon.studio sabre.testing-noon.studio merl.testing-noon.studio www.merl.testing-noon.studio lgfpartners.testing-noon.studio eact.testing-noon.studio jarballs.co.uk www.jarballs.co.uk bars.testing-noon.studio www.carriefrais.com carriefrais.com webapp.testing-noon.studio jarballs.testing-noon.studio ateb.testing-noon.studio merl.email-builder.co.uk test.inherent.design uor.email-builder.co.uk rusu.inherent.design imagine-stage.testing-noon.studio pgt.testing-noon.studio www.host.inherent.design host.inherent.design mafia.testing-noon.studio www.inherentdesign.co.uk inherentdesign.co.uk cee.testing-noon.studio thriving-treasury.inherent.design tmi-statistics.testing-noon.studio hospitality.testing-noon.studio treasury-management.testing-noon.studio study-abroad.testing-noon.studio funtastickids.testing-noon.studio funtastic-kids.testing-noon.studio imagine.testing-noon.studio www.merl.email-builder.co.uk tmi.email-builder.co.uk merl-email.co.uk www.noon.studio noon.studio www.tmi.testing-noon.studio tmi.testing-noon.studio email-builder.co.uk www.email-builder.co.uk inherent.design eatwithamber.co.uk

Open Ports Detected

143 21 22 25 3306 443 465 53 80

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

  • inetnum: 77.68.8.0 - 77.68.15.255
  • netname: UK-NGCS
  • org: ORG-FHL1-RIPE
  • descr: UK Next Generation Cloud Server (NGCS)
  • country: GB
  • admin-c: FHUK-RIPE
  • tech-c: FHUK-RIPE
  • status: ASSIGNED PA
  • mnt-by: AS15418-MNT
  • mnt-by: AS8560-MNT
  • created: 2016-09-27T14:06:01Z
  • last-modified: 2016-09-27T14:06:01Z
  • organisation: ORG-FHL1-RIPE
  • org-name: Fasthosts Internet Limited
  • country: GB
  • org-type: LIR
  • address: Discovery House
  • address: GL1 2EX
  • address: Gloucester
  • address: UNITED KINGDOM
  • phone: +443330142700
  • fax-no: +441452541633
  • mnt-ref: AS15418-MNT
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: AS15418-MNT
  • admin-c: FHUK-RIPE
  • tech-c: FHUK-RIPE
  • abuse-c: FH4126-RIPE
  • created: 2004-04-17T12:14:35Z
  • last-modified: 2023-01-09T16:11:45Z
  • role: Fasthosts Networks UK
  • address: Fasthosts Internet Limited
  • address: Discovery House
  • address: 154 Southgate Street
  • address: Gloucester, GL1 2EX
  • phone: +44 1452 561874
  • abuse-mailbox: [email protected]
  • nic-hdl: FHUK-RIPE
  • org: ORG-FHL1-RIPE
  • admin-c: GD8691-RIPE
  • admin-c: MM24449-RIPE
  • tech-c: GD8691-RIPE
  • tech-c: MM24449-RIPE
  • mnt-by: AS15418-MNT
  • mnt-by: AS8560-MNT
  • created: 2015-02-26T14:57:35Z
  • last-modified: 2019-01-28T10:09:16Z
  • route: 77.68.0.0/17
  • descr: Fasthosts Internet Ltd
  • origin: AS8560
  • mnt-by: AS15418-MNT
  • mnt-by: AS8560-MNT
  • created: 2014-12-12T12:16:25Z
  • last-modified: 2014-12-12T12:16:25Z

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2022-12-04 vultrmadrid-ssh-bruteforce-ip-list-2022-12-03