193.169.245.79 Threat Intelligence and Host Information

Aug 15, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 193.169.245.79 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1011 - Exfiltration Over Other Network Medium, T1018 - Remote System Discovery, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1049 - System Network Connections Discovery, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1129 - Shared Modules, T1190 - Exploit Public-Facing Application, T1505 - Server Software Component, T1531 - Account Access Removal, T1546 - Event Triggered Execution, T1553 - Subvert Trust Controls, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1574 - Hijack Execution Flow
Tags: appweb, azure sql, cisa, ck techniques, cl0p, cl0p ransomware, CL0P Ransomware, cobalt strike, cryptomix, CVE-2023-34362, dewmode, enterprise, february, flawedammyy, flawedgrace, get2, health check, install, june, khtml, LEMURLOOT, MOVEit, moveit transfer, OSINT, powershell, random, ransomware, restrict, sdbot, service, sql injection, T1018, T1055, T1070, T1071, T1105, T1113, T1129, T1574.002, ta505, tinymet, truebot, vulnerability, win64
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 24 times
Protocols Attacked: SSH

Malware Detected on Host

Count: 2 814db864670fcdf310342ee1915bfc23dc3132e98c4eec1a9a4fbc1d3b9fc50b dd16014eb3fa62d483758b63b2f412017381e6d9cc03347152dff3eb9f8e6e3b

Map

Whois Information

inetnum: 193.169.244.0 - 193.169.245.255
netname: DELTAHOST-NET
country: NL
org: ORG-FZDL2-RIPE
admin-c: ZDL2-RIPE
admin-c: ARUD-RIPE
tech-c: ZDL2-RIPE
tech-c: ARUD-RIPE
status: ASSIGNED PI
mnt-by: DELTAHOST-MNT
mnt-by: RIPE-NCC-END-MNT
mnt-routes: DELTAHOST-MNT
mnt-routes: SERVERIUS-MNT
mnt-domains: DELTAHOST-MNT
created: 2009-08-13T11:59:04Z
last-modified: 2016-08-13T21:24:14Z
organisation: ORG-FZDL2-RIPE
org-name: Zemlyaniy Dmitro Leonidovich
country: UA
org-type: LIR
address: Liskivska 37, 36
address: 02167
address: Kyiv
address: UKRAINE
phone: +380442470862
abuse-c: DLTH1111-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: DELTAHOST-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DELTAHOST-MNT
created: 2013-03-04T13:19:53Z
last-modified: 2021-01-13T11:37:30Z
person: Oleksandr Serhiyovych Rudenko
address: Ukraine, Kremenchuk
phone: +380442470862
nic-hdl: ARUD-RIPE
mnt-by: DELTAHOST-MNT
created: 2015-02-13T16:37:16Z
last-modified: 2019-01-09T10:27:24Z
person: Zemlyaniy Dmitro Leonidovich
address: Ukraine, Kyiv
phone: +380442470862
nic-hdl: ZDL2-RIPE
mnt-by: DELTAHOST-MNT
created: 2009-05-02T11:46:55Z
last-modified: 2020-09-23T10:46:21Z
route: 193.169.245.0/24
origin: AS42159
mnt-by: DELTAHOST-MNT
created: 2019-08-29T21:50:41Z
last-modified: 2019-08-29T21:50:41Z

Links to attack logs

****** MoveIT-Exploitation-Hosts ****** ******

Share on: