91.250.242.12 Threat Intelligence and Host Information

Share on:

General

This page contains threat intelligence information for the IPv4 address 91.250.242.12 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Tags: bruteforce, cyber security, digital ocean, ioc, malicious, Nextray, phishing, probing, Scanner, scanners, scanning, smtp, ssh, SSH, tcp, TOR, vnc, VPN, Webattack, webscan, webscanner bruteforce web app attack
  • Known tor exit node

  • View other sources: Spamhaus VirusTotal
  • Contained within other IP sets: blocklist_net_ua, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam_365d, talosintel_ipfilter, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Romania
  • Network: AS6718 nav communications srl
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 53 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 ff556aa565a88dadad097d12f60e85780b872afce5fda943da2eca5236b68c5a 7781e721584b001f4cc7cb305ee1a9bb598fd2a3bb9c4dbbd37738539ea2e6b7 91914687bfa37c9e6e615f3b8eda9bb92d536e759e302847734b3f2dc480e30b 705168756d5cced03199f63d4516179c573939cbda551a9005d69ad377109d74 1a382a44d59ef1f7848fe567e1edf8ea556395087dcc77fca09f195c29697650 66090b0dc4b91655c4791bd825dc7be4bca9918ea7d96a00adb860a413a7e1c8 239a0cc7f9f614d0b0fbca448115e3c7cf237fd83766902f190cc3b452e0394e 182dfce8842e6a1c182f0e8ef2e91beb90e60002651b0862589deafa9b564286 cf93542e5b93485475fb98443c8bba33c21774239e88c833e491dd50f67a209a

Map

Whois Information

  • inetnum: 91.250.242.0 - 91.250.242.255
  • netname: DE-SONEXTIS-20120914
  • country: DE
  • org: ORG-SG310-RIPE
  • admin-c: MM50208-RIPE
  • tech-c: MM50208-RIPE
  • status: ALLOCATED PA
  • mnt-by: mnt-de-sonextis-1
  • mnt-by: RIPE-NCC-HM-MNT
  • created: 2022-09-21T15:01:30Z
  • last-modified: 2022-09-21T15:01:30Z
  • organisation: ORG-SG310-RIPE
  • org-name: SONEXTIS GmbH
  • country: DE
  • org-type: LIR
  • address: Abt-Mayr-Str. 47
  • address: 86675
  • address: Buchdorf
  • address: GERMANY
  • phone: +491716234849
  • admin-c: MM50208-RIPE
  • tech-c: MM50208-RIPE
  • abuse-c: AR51323-RIPE
  • mnt-ref: mnt-de-sonextis-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-de-sonextis-1
  • created: 2019-03-08T09:26:28Z
  • last-modified: 2022-02-24T13:32:58Z
  • person: Marko Molnar
  • address: Berger Allee 12
  • address: 86609
  • address: Donauwörth
  • address: GERMANY
  • phone: +49 160 6001123
  • nic-hdl: MM50208-RIPE
  • mnt-by: mnt-de-sonextis-1
  • created: 2019-03-08T09:26:27Z
  • last-modified: 2019-03-08T09:26:28Z

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2022-08-02 aws-ssh-bruteforce-ip-list-2021-05-05