app.crowdsec.net Open in urlscan Pro
76.76.21.61  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Find out more about CrowdSec by visiting our website
 * Docs
 * Company
 * Academy
   Pricing


Sign inSign up for free

Hub
CrowdSec Threat IntelligenceCrowdSec Threat Intelligence
Scroll to top
Back

IntegrationsQuery the API
194.169.175.21
Malicious IP
Copy IP to Clipboard

10 queries per 24 hours and 5 queries per hour.

Login to increase limit
 * Crowd Confidence:High
 * Location:
   BulgariaBG
   

 * First Seen:over 1 year ago
 * Last Seen:about 16 hours ago

Known For:
SSH BruteforceHTTP ScanHTTP ExploitHTTP DoSTCP ScanExploitation attemptSMB/RDP
bruteforce
MITRE Techniques:
Brute ForceActive ScanningExploit Public-Facing ApplicationNetwork Denial of
ServiceRemote System DiscoveryNetwork Service Discovery
Background Noise
Very Noisy
Recommendation

Discover key insights on emerging cyberthreats

Subscribe to the Majority Report


IP RANGE

 * Range:194.169.175.0/24Very aggressive
 * AS:UAB Host Baltic


REVERSE DNS

 * net-21-175-169-194.cust.211760.net


TOP CLASSIFICATIONSVIEW ALL

 * Dangerous Services Exposed
 * CrowdSec Community Blocklist


ACTIVITY



MarAprMayJun

Low

Very aggressive
Last 24 hoursVery aggressive

Last monthVery aggressive

Last 7 daysVery aggressive

Last 3 monthsVery aggressive



BLOCKLISTS CONTAINING THIS IP




CROWDSEC INTELLIGENCE LIST

Contains all IPs in our database that have been identified as actively
aggressive, performing a wide variety of attacks. Proactively block these IPs if
you don’t want to take any chances with malicious IPs potentially reaching your
systems.


CLASSIFICATIONS




DANGEROUS SERVICES EXPOSED

IP exposes dangerous services (VNC, Telnet, RDP), possibly due to a
misconfiguration or because it's a honeypot.

Find similar IPs


CROWDSEC COMMUNITY BLOCKLIST

IP belongs to the CrowdSec Community Blocklist


TOP TARGETED COUNTRIES


0%20%40%60%80%
US
CA
GB
RU
FR
NL
DE
BE
BR
IN
Others

65%
US
19%
CA
11%
GB
View all


ATTACK DETAILS



ScenarioDescriptionSSH BruteforceDetect ssh bruteforceSSH Slow BruteforceDetect
slow ssh bruteforceSSH Slow User EnumerationDetect slow ssh user enum
bruteforceBad User AgentDetect usage of bad User AgentModsecurity AlertWeb
exploitation via modsecurityHTTP ProbingDetect site scanning/probing from a
single ipScanning for backdoorsDetect attempt to common backdoorsHTTP DOS with
invalid HTTP versionDetect DoS tools using invalid HTTP versionsPF Scan Multi
Portsban IPs that are scanning usTCP Port Scanban IPs that are scanning
usSuricata Severity 1 EventDetect exploit attempts via emerging threat
rulesWindows BruteforceDetect windows auth bruteforceSuricata Severity 2
EventDetect exploit attempts via emerging threat rules


ACCESS OUR CTI VIA API

Query the most comprehensive and accurate source of security intelligence,
updated in real-time by 70,000+ active contributors worldwide.

Login to access our API
Consult our CTI API documentation (including code examples, third-party apps or
REST API reference using swagger)
Legal noticesEulaCookiesPrivacy Policy

© 2024 CrowdSec.

Pricing
Anonymization OFF
Console tour



CrowdSec Console

0%