194.149.145.120 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 194.149.145.120 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 36/100

Host and Network Information

• Tags: blacklist, botnet, bruteforce, cyber security, digital ocean, ioc, malicious, Malicious IP, mirai, mssql, Nextray, phishing, scan, Scanner, scanning, smb, smtp, ssh, tcp, vultr, Webattack

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: turris_greylist

• Country: North Macedonia
• Network: AS5379 univerzitet sv. kiril i metodij
• Noticed: 1 times
• Protcols Attacked: mssql
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: kbdk.gf.ukim.edu.mk geodezija.gf.ukim.edu.mk www.seeform.ukim.edu.mk ukim.edu.mk webserver1.gf.ukim.edu.mk

Malware Detected on Host

Count: 6 e9dea8c0429b4b4de71bcb640c61a612986a1810e6c0693fc599710c5d0bba98 78d25a860f461d38762162956fa02fb34250d2979f2f592e19b9476b94c61a42 215f170284d9cc65e4bac5822478b441ee9d7a48af0727d82d06ec133f0577d7 e2299e038e8c8eee73a8946ca875389b6ec276ae286173910fb7cf3921d1cac7 06bbc1f3a02221f63997fbad5738ebfec3125ff4c64fcbf97c95ac2125c46389 16874e3e1f2b6bff62cc8e5efc119c06535ddfd88f627b902cbe2d8d10a6457d

Open Ports Detected

3306 80

CVEs Detected

CVE-2010-1899 CVE-2010-2730 CVE-2010-3972

Map

Whois Information

• inetnum: 194.149.145.0 - 194.149.145.127
• netname: UKIM-NET-GRF
• descr: UKIM - FACULTY OF CIVIL ENGINEERING
• country: MK
• admin-c: BT1969-RIPE
• tech-c: BT1969-RIPE
• status: ASSIGNED PA
• mnt-by: UKIM-MNT
• mnt-lower: UKIM-MNT
• mnt-routes: UKIM-MNT
• created: 2011-03-03T09:48:30Z
• last-modified: 2018-08-17T07:58:18Z
• person: Blanka Taslamicevska
• address: Gradezen Fakultet - Skopje
• address: bul. Partizanski odredi br. 24
• address: 1000 Skopje, MACEDONIA
• phone: +389 2 3116 066
• nic-hdl: BT1969-RIPE
• mnt-by: UKIM-MNT
• created: 2010-10-07T12:31:16Z
• last-modified: 2011-04-04T09:27:24Z
• route: 194.149.128.0/19
• descr: UKiM-IPv4
• origin: AS5379
• holes: 194.149.139.0/24
• holes: 194.149.138.0/24
• holes: 194.149.137.0/24
• holes: 194.149.136.0/24
• holes: 194.149.135.0/24
• pingable: 194.149.130.249
• ping-hdl: REK35-RIPE
• mnt-by: UKIM-MNT
• created: 2002-02-28T10:24:47Z
• last-modified: 2023-09-12T19:45:08Z
• role: UKIM-REK Administrators
• address: Ss. Cyril and Methodius University
• address: Goce Delchev Blvd. 9
• address: 1000 Skopje, Macedonia
• admin-c: GM23-RIPE
• abuse-mailbox: [email protected]
• nic-hdl: REK35-RIPE
• mnt-by: UKIM-MNT
• created: 2017-11-13T23:20:51Z
• last-modified: 2018-10-23T09:16:51Z

Links to attack logs

dofrank-mssql-bruteforce-ip-list-2021-11-10 nmap-scanning-list-2022-01-24 dolondon-mssql-bruteforce-ip-list-2022-05-15 nmap-scanning-list-2022-01-01 dolondon-mssql-bruteforce-ip-list-2021-12-24 vultrmadrid-mssql-bruteforce-ip-list-2022-01-24 vultrmadrid-mssql-bruteforce-ip-list-2022-06-15 awsau-mssql-bruteforce-ip-list-2021-11-11 awsjap-mssql-bruteforce-ip-list-2022-03-22