82.64.169.85 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 82.64.169.85 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
  • Tags: Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, SSH

  • JARM: 07d19d1ad21d21d00042d43d00000076e5b3c488a88e5790970b78ffb8afc2

  • View other sources: Spamhaus VirusTotal

  • Country: France
  • Network: AS12322 free sas
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: me.funkysafe.com

Malware Detected on Host

Count: 59 24584c6037ea95c5c92f8f061bf39453b35f7bd74509f49db6376ae53fae47e9 850aa3a84c4c99358fef6836b751150edbfb48a9245abcee29513d7005e84dac 83908acecdba6a955c3a4bd9625035f7f8c57ee7b091610e6a6fd552da2eeb28 a46bb761602dcb3ad6f7ae03b2c2d14d5db52defe71ac84ec2a0b7f1a46dcdb9 eb26440d22cfc8862ff6e4b673ada4e13d21f48d9c59254ffcc0710a45f4aa32 5fde626343c7366f7e2c4817caef88313bec747fec7c922290e5d607896544bf feb8a24c53ebef06e086693c4d22432a576da3a2a751b9e28c02183c649b100f 57b637edb5a7e92d0d45bab07bb87e8b828c538d08c54bf2752ed16171936172 7bac0ea4ac38376fea1769730061be3a2d48af5b6640c30057b5af374447e823 80d6537435c4d0a799a48be82fb1706fbe1b283782937d2d718129471e2af774

Open Ports Detected

25 80 993

CVEs Detected

CVE-2006-20001 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690 CVE-2023-27522

Map

Whois Information

  • inetnum: 82.64.115.0 - 82.64.255.255
  • netname: FR-PROXAD-ADSL
  • descr: Proxad / Free SAS
  • descr: Dynamic pool (IP/ADSL FT)
  • country: FR
  • admin-c: ACP23-RIPE
  • tech-c: TCP8-RIPE
  • status: ASSIGNED PA
  • mnt-by: PROXAD-MNT
  • created: 2003-09-30T13:29:33Z
  • last-modified: 2003-10-28T14:45:44Z
  • role: Administrative Contact for ProXad
  • address: Free SAS / ProXad
  • address: 8, rue de la Ville L’Eveque
  • address: 75008 Paris
  • phone: +33 1 73 50 20 00
  • fax-no: +33 1 73 92 25 69
  • admin-c: APfP1-RIPE
  • tech-c: TPfP1-RIPE
  • nic-hdl: ACP23-RIPE
  • mnt-by: PROXAD-MNT
  • abuse-mailbox: [email protected]
  • created: 2002-06-26T12:46:56Z
  • last-modified: 2013-08-01T12:16:00Z
  • role: Technical Contact for ProXad
  • address: Free SAS / ProXad
  • address: 8, rue de la Ville L’Eveque
  • address: 75008 Paris
  • phone: +33 1 73 50 20 00
  • fax-no: +33 1 73 92 25 69
  • admin-c: APfP1-RIPE
  • tech-c: TPfP1-RIPE
  • nic-hdl: TCP8-RIPE
  • mnt-by: PROXAD-MNT
  • created: 2002-06-26T12:29:10Z
  • last-modified: 2011-06-14T09:03:07Z
  • abuse-mailbox: [email protected]
  • route: 82.64.0.0/14
  • descr: ProXad network / Free SA
  • descr: Paris, France
  • origin: AS12322
  • mnt-by: PROXAD-MNT
  • created: 2003-04-03T09:35:03Z
  • last-modified: 2003-04-03T09:35:03Z

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2022-12-12 dosing-ssh-bruteforce-ip-list-2023-01-22 bruteforce-ip-list-2022-12-08 bruteforce-ip-list-2023-01-05 dofrank-ssh-bruteforce-ip-list-2022-12-12 dosing-ssh-bruteforce-ip-list-2022-12-21 dofrank-ssh-bruteforce-ip-list-2023-01-03 vultrmadrid-ssh-bruteforce-ip-list-2022-12-10