85.93.20.89 Threat Intelligence and Host Information

Share on:

General

This page contains threat intelligence information for the IPv4 address 85.93.20.89 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • View other sources: Spamhaus VirusTotal
  • Contained within other IP sets: packetmail

  • Country: Poland
  • Network: AS12586 ghostnet gmbh
  • Noticed: 1 times
  • Protcols Attacked: mysql
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 2595 7dffcb4c4a460100d4c49e173fbf70eba4a7306747dc2d6570f4371b978fa87b 6b6ae9cd1c7155655e718d14fba168ef4129f38de01d17116476fdfe53d8dde8 b65b7bb28d76aa10b3488d5fa1a33ae849b738505725f4796dea642423c44e7c 4b19f7d82f1574d6e0fceb239a9f71868abdb51f6372e4008babf3d3d8c0b74b 060f89f9ccfb00a65f9f2aa2aed7bee7ea20688b9d510708d14ac17d62ab8240 3961b6ca4fca0a90233cfb7f73b78f6f72d39b6cb75a255f23a3041675b5be50 3a1e79caea5b3af0ed3a9db413d8dd6cc61d816e5f83f8d4a8c99cc4d8cbbc8e 5b2701768cd508f65bb7f3a99d895c883c37291333ff33ab4e98d44a25a8f67d 637d28336968a3685fdcb4d0e90f9548e5d23b1cf4182d58eab588d4e60249d5 56b0cc23c1b4bf119a9066914632a6cf4b2aea9eb9caebbfb5e2b38c4504ae12

Map

Whois Information

  • inetnum: 85.93.20.0 - 85.93.20.255
  • netname: IP-Interactive-DE-FRA
  • country: DE
  • admin-c: GN-RIPE
  • tech-c: GN-RIPE
  • status: ASSIGNED PA
  • mnt-by: GHOSTNET-MNT
  • created: 2021-05-26T19:57:18Z
  • last-modified: 2021-05-26T19:57:18Z
  • role: GHOSTnet GmbH
  • admin-c: GNSG-RIPE
  • tech-c: GNSG-RIPE
  • address: Am Dachsbau 17
  • address: 65812 Bad Soden a. Ts.
  • address: Deutschland
  • phone: +49 6172 185025
  • fax-no: +49 6172 185029
  • nic-hdl: GN-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: GHOSTNET-MNT
  • created: 2003-04-17T02:22:16Z
  • last-modified: 2017-11-10T09:36:32Z
  • route: 85.93.0.0/19
  • descr: IP Interactive
  • origin: AS12586
  • mnt-by: GHOSTNET-MNT
  • created: 2015-06-20T10:16:04Z
  • last-modified: 2021-05-26T20:09:05Z
  • route: 85.93.0.0/19
  • descr: IP Interactive
  • origin: AS197549
  • mnt-by: NEWCOLO-MNT
  • created: 2023-03-14T06:00:54Z
  • last-modified: 2023-03-14T06:00:54Z

Links to attack logs

awsbah-mysql-bruteforce-ip-list-2020-08-23 aws-mysql-bruteforce-ip-list-2021-01-02 aws-mysql-bruteforce-ip-list-2020-10-23 awsjap-mysql-bruteforce-ip-list-2020-11-07 aws-mysql-bruteforce-ip-list-2020-11-20 azureus-mysql-bruteforce-ip-list-2020-08-24 awsau-mysql-bruteforce-ip-list-2020-08-25 aws-mysql-bruteforce-ip-list-2020-10-09 aws-mysql-bruteforce-ip-list-2020-10-11 awsuk-mysql-bruteforce-ip-list-2020-08-22 aws-mysql-bruteforce-ip-list-2020-11-09 aws-mysql-bruteforce-ip-list-2020-10-03 aws-mysql-bruteforce-ip-list-2020-10-10 aws-mysql-bruteforce-ip-list-2021-01-14 aws-mysql-bruteforce-ip-list-2020-10-14 aws-mysql-bruteforce-ip-list-2020-10-25 awsau-mysql-bruteforce-ip-list-2020-08-23 aws-mysql-bruteforce-ip-list-2020-10-28