88.80.20.86 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 88.80.20.86 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force
  • Tags: attack, Bruteforce, cyber security, ioc, login, malicious, Nextray, phishing, scanner, SSH, Telnet, TOR, VPN

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_30d, dm_tor, et_tor, haley_ssh, sblam, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Sweden
  • Network: AS33837 fredrik holmqvist
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 8 5a6ef4bb96efacaa4db232c1d28c37e3b5ec0e471b948ed2b55770db5e820e24 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 a4a63515b6bd2562e94430e10629c0c9e69309b2281dc857628cd537909c0352 ce11997dc64e5db0dc62219e25dc06c4209ba388589112d24973e5fc22ae48ee 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 efc4d26efb434f74d15ad3da887c6479af7b8c771523449852448751d408fa5c 5ec5871b702ab135831503398816c6d1572c3371c48531dc3ffee82c4562dc4e 1cfd5c28dd4ec099114032137eecee8251ab66d5bf9ecc9f0a986c4c3c7cdbc3

Open Ports Detected

2222 9001

Map

Whois Information

  • inetnum: 88.80.20.0 - 88.80.20.127
  • netname: SE-PRQ-DEDI
  • descr: PRQ Dedicated server network
  • country: SE
  • admin-c: PIN7-RIPE
  • tech-c: PIN7-RIPE
  • status: ASSIGNED PA
  • mnt-by: MNT-PRQ
  • mnt-lower: MNT-PRQ
  • mnt-routes: MNT-PRQ
  • created: 2009-11-26T21:00:09Z
  • last-modified: 2009-11-26T21:00:09Z
  • role: prq Inet NOC
  • address: PRQ AB
  • address: Box 1206
  • address: SE 11479 Stockholm
  • address: Sweden
  • abuse-mailbox: [email protected]
  • admin-c: PW1115-RIPE
  • tech-c: PW1115-RIPE
  • nic-hdl: PIN7-RIPE
  • mnt-by: MNT-PRQ
  • created: 2004-07-07T20:06:09Z
  • last-modified: 2009-01-19T22:43:22Z
  • route: 88.80.16.0/20
  • descr: Periquito aggregated route
  • origin: AS33837
  • mnt-by: MNT-PRQ
  • created: 2022-03-14T00:14:51Z
  • last-modified: 2022-03-14T00:14:51Z

Links to attack logs

vultrparis-ssh-bruteforce-ip-list-2022-12-04