172.245.184.103 Threat Intelligence and Host Information

Share on:

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Tags: C&C, Log4j Scanning Hosts, Malicious IP, Nextray, UPnP, agentemis, agentesla, agenttesla, alienvault ip, amadey, asyncrat, avemaria, avemariarat, awsbah, bashlite, beacon, bernal, betabot, bitrat, blacklist, bladabindi, botnet, botnet c2, breut, carapicuiba, cloudeye, cobaltstrike, confucius, cryptbot, cryptolaemus1, cyber security, darkcomet, darkside, dcrat, deloader, djvu, dofoil, dstip, fareit, farfli, feodo tracker, ficker stealer, formbook, fynloski, gafgyt, generic, gh0st rat, glupteba, guloader, ho chi, host at, host de, host in, host tw, houdini, hworm, ioc, ip blocklist, jenxcus, keypass, kimsuky, loki, lokibot, malicious, malicious host, mekotio, mirai, modiloader, mohazo, nancrat, nanocore, netwire, netwire rc, neurevt, njrat, ntp, oski stealer, phishing, pinkslipbot, qakbot, qbot, raccoonstealer, racealer, racoon, recam, redline stealer, redlinestealer, remcos, remcosrat, scan, scanners, sectoprat, sharik, siplog, smoke loader, snake, stealer, stop, strrat, terdot, trickbot, udp, virusdeck
  • View other sources: Spamhaus VirusTotal

  • Country: United States of America
  • Network: AS36352 colocrossing
  • Noticed: 15 times
  • Protcols Attacked: ntp
  • Countries Attacked: Australia, Bahrain, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: wigsperfect.com www.wigsperfect.com howwigs.com www.howwigs.com www.miragehaircut.com miragehaircut.com

Malware Detected on Host

Count: 9 615ee3c1ddc3f5d0c13899730c4d83bf2ab25c02888dfad0725218817c20806b e9cab5cb71eabce3df20edee76f5981bb7eed4226a0b475cf70007c6f8d037ac 04193980bcde1b00d736bcc9349c1cff0e97f8abf4d0f22734bfd6f9b5b5aac2 7a31b0dfb2976fb28ddfc5da404f4c80a88e0febd426acbf6c49dc263f0a4214 ac2abb020f9bb12c2474385f5b9244887606b40142c8a72965bd67e5a0bde18f 80c09dcc075a8a946714117a7e56d8c3e8d54a680a8256b6bc167abfcfdfbc65 8d95e2177c792877ef07bb818ca7e74102b4946b21ed96dbd44fa70cfc2f3875 81a6aeb2d8805885271351e1535ce3ac64072ae08c1e28a9c3978388112c7e27 85b56136ddee75f052122444d537eed84fbfec3b98d63da12d634ba7cf133d7d

Open Ports Detected

22 2525

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617

Map

Whois Information

  • NetRange: 172.245.0.0 - 172.245.255.255
  • CIDR: 172.245.0.0/16
  • NetName: CC-14
  • NetHandle: NET-172-245-0-0-1
  • Parent: NET172 (NET-172-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS36352
  • Organization: ColoCrossing (VGS-9)
  • RegDate: 2013-04-22
  • Updated: 2013-04-22
  • Ref: https://rdap.arin.net/registry/ip/172.245.0.0
  • OrgName: ColoCrossing
  • OrgId: VGS-9
  • Address: 325 Delaware Avenue
  • Address: Suite 300
  • City: Buffalo
  • StateProv: NY
  • PostalCode: 14202
  • Country: US
  • RegDate: 2005-06-20
  • Updated: 2019-10-17
  • Ref: https://rdap.arin.net/registry/entity/VGS-9
  • OrgNOCHandle: NETWO882-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-800-518-9716
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgTechHandle: NETWO882-ARIN
  • OrgTechName: Network Operations
  • OrgTechPhone: +1-800-518-9716
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgAbuseHandle: ABUSE3246-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-800-518-9716
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN

Links to attack logs

ntp-bruteforce-ip-list-2021-04-01 awsbah-ntp-bruteforce-ip-list-2021-04-08