194.180.48.42 Threat Intelligence and Host Information

Jan 10, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.180.48.42 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 87/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003.001 - LSASS Memory, T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1021.001 - Remote Desktop Protocol, T1021.002 - SMB/Windows Admin Shares, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1036.005 - Match Legitimate Name or Location, T1036 - Masquerading, T1039 - Data from Network Shared Drive, T1047 - Windows Management Instrumentation, T1048 - Exfiltration Over Alternative Protocol, T1053.005 - Scheduled Task, T1053 - Scheduled Task/Job, T1055.001 - Dynamic-link Library Injection, T1055 - Process Injection, T1056 - Input Capture, T1059.001 - PowerShell, T1059.003 - Windows Command Shell, T1059.006 - Python, T1059 - Command and Scripting Interpreter, T1069.001 - Local Groups, T1069.002 - Domain Groups, T1069 - Permission Groups Discovery, T1070.001 - Clear Windows Event Logs, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071 - Application Layer Protocol, T1087.001 - Local Account, T1087 - Account Discovery, T1098 - Account Manipulation, T1102 - Web Service, T1105 - Ingress Tool Transfer, T1123 - Audio Capture, T1135 - Network Share Discovery, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1187 - Forced Authentication, T1189 - Drive-by Compromise, T1204.002 - Malicious File, T1204 - User Execution, T1219 - Remote Access Software, T1482 - Domain Trust Discovery, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1530 - Data from Cloud Storage Object, T1547.004 - Winlogon Helper DLL, T1547 - Boot or Logon Autostart Execution, T1550 - Use Alternate Authentication Material, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1566 - Phishing, T1569.002 - Service Execution, T1569 - System Services, T1570 - Lateral Tool Transfer, T1573 - Encrypted Channel, T1574.002 - DLL Side-Loading, T1574 - Hijack Execution Flow, T1583 - Acquire Infrastructure

  • Tags: advanced ip, alphv, blackcat, bloodhound, Bruteforce, Brute-Force, c2 comms, cobalt strike, contains, create ru, credential harvesting, cyber security, data exfiltration, download, execution, facebook, github, google search, impacket, impact, ioc, lateral movement, localappdata, lsass, malicious, manipulation, metasploit, meterpreter, model, next, Nextray, nitrogen, noberus, or deviceaction, pass, phishing, powershell, powersploit, powerview, process, psexec, python, python code, ransomware, redacted, scanner, sc minute, sc onstart, securonix, seo#lurker attack, service, shadow, sharphound, shell, sliver, smile, SSH, system tn, threat, twitter, winscp

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, stopforumspam_180d, stopforumspam_365d, stopforumspam_90d, stopforumspam

  • Known TOR node
  • Country: United States
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

445

CVEs Detected

CVE-2020-0796

Map

Links to attack logs

****** vultrwarsaw-ssh-bruteforce-ip-list-2022-12-10 ****** ****** vultrmadrid-ssh-bruteforce-ip-list-2022-12-18

Share on: