91.208.197.20 Threat Intelligence and Host Information

Share on:
Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 91.208.197.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force

  • Tags: anna paula, associated, attack, blacklist, botnet, bruteforce, Bruteforce, cowrie, currc3adculo, cyber security, from email, headers, ioc, login, malicious, Malicious IP, malspam email, mirai, msi file, Nextray, phishing, scan, scanner, SSH, tcp, telnet, Telnet, tuesday, utf8, vultr, zip archive

  • View other sources: Spamhaus VirusTotal

  • Country: Moldova
  • Network: AS200019 alexhost srl
  • Noticed: 1 times
  • Protcols Attacked: telnet
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: rappel-contravention.com rappel-amende.com telepaiement-gouv.com telepaiement-gouv.net pakets-deutschepost.com post-de-pakets.com telepaiement-antai.net brave-easley.91-208-197-20.plesk.page deliver-paquet.duckdns.org mydelivery-express.info express-delivery.duckdns.org mydelivery-express.duckdns.org www.bpostclient.com bpostclient.com infallible-ganguly.91-208-197-20.plesk.page

Malware Detected on Host

Count: 18 8c8a65b0e884475611982dcd37bd496e8a563f424ca0c076a63219921dedb9fc ad7f7509ecf180f0aff0806119d50e65cba8dfe21f532933d31fc979a42cf0bd df44287a7728747310d7a7d70d0aea57ae47e831c423ed9f30f123959ed73ed1 d11bf0335a5bbfab23e7c9b9deb50d9bc87892db6e78b4d043c15bc7b5b26cf7 42196f5ab0f9f9f156d8e85b66ccc5257e5c147b2ff7f150d538ec762ea957ca 150a96f04d76b65b79367eb68081ed677828360c61b58242258f9f9399bb3f0e 4e44f4ae85382b37801e6621098133a7585fa4c66257c6241364507c58c73ed9 2aa1dc690832edb9baf6c945875ca3b43233d2821028cba9621561139b2b7d97 ddf92fcede891062bebf359afd5e0d43aa2b5d176f0d9dec717bbdbce3283147 47204bd9759fc9410fa78a0c3d5a7bc15616ae468cadebe935bba19e11964e0f

Open Ports Detected

22 80

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

  • inetnum: 91.208.197.0 - 91.208.197.255
  • netname: MD-ALEXHOST-20191107
  • descr: ALEXHOST SRL
  • country: MD
  • org: ORG-AS814-RIPE
  • admin-c: PB22606-RIPE
  • tech-c: PB22606-RIPE
  • status: ALLOCATED PA
  • mnt-by: mnt-md-alexhost-1
  • mnt-by: RIPE-NCC-HM-MNT
  • created: 2019-11-07T09:27:53Z
  • last-modified: 2020-05-02T09:28:42Z
  • organisation: ORG-AS814-RIPE
  • org-name: ALEXHOST S.R.L.
  • country: MD
  • org-type: LIR
  • address: C. Brancusi nr. 3
  • address: MD2060
  • address: Chisinau
  • address: MOLDOVA, REPUBLIC OF
  • phone: +37322878787
  • admin-c: PB22606-RIPE
  • tech-c: PB22606-RIPE
  • abuse-c: AR56508-RIPE
  • mnt-ref: mnt-md-alexhost-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-md-alexhost-1
  • created: 2019-11-04T10:16:52Z
  • last-modified: 2022-10-18T11:59:34Z
  • role: ALEXHOST S.R.L.
  • address: C. Brancusi nr. 3
  • address: MD2060
  • address: Chisinau
  • address: MOLDOVA, REPUBLIC OF
  • phone: +37322878787
  • nic-hdl: PB22606-RIPE
  • mnt-by: mnt-md-alexhost-1
  • created: 2019-11-04T10:16:51Z
  • last-modified: 2022-10-18T11:57:01Z
  • route: 91.208.197.0/24
  • origin: AS200019
  • descr: ALEXHOST S.R.L.
  • mnt-by: mnt-md-alexhost-1
  • created: 2020-01-25T07:59:16Z
  • last-modified: 2020-04-30T10:07:07Z

Links to attack logs

vultrparis-telnet-bruteforce-ip-list-2022-10-09 vultrmadrid-telnet-bruteforce-ip-list-2022-09-08