195.19.192.26 Threat Intelligence and Host Information
Share on:General
This page contains threat intelligence information for the IPv4 address 195.19.192.26 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
Likely Malicious Host 🟠 55/100
Host and Network Information
- Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1036 - Masquerading, T1040 - Network Sniffing, T1082 - System Information Discovery, T1102 - Web Service, T1140 - Deobfuscate/Decode Files or Information, T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1553 - Subvert Trust Controls
- Tags: CVE-2021-44228, Log4j Scanning Hosts, Nextray, account login, added active, alpha strike, anna paula, apache, apache flink, apache log4j, apache solr, april, aravinda, asns, associated, attack surface, august, australia, ave maria, bad packets, billgates, blocklist, blue team, c2 host, canada, certagid, cia triad, click, code issues, coinminer, coinminer dec, community home, company, contabo gmbh, contact, cookie, copy, cryptominer, curatedintel, currc3adculo, cve202144228, cyber security, cyber threat, dark, date, december, defender, denegacin, denmark, descubrimiento, deteccin, digitaloceanasn, discord, domain, domains, download, edition, elknot, elknot intel, exploit, february, feed, feed log4jci, filehashmd5, filehashsha1, filehashsha256, filename sha256, files, flag, format, france, from email, germany, github, gmbh, hash, hashes, headers, hetzner online, high, host, hunting, hybrid analysis, hydra, indicatori, indonesia, intel, intel portal, intelligence, intro, ioc, ioc acquisiti, ioc feed, ipaddress, ipport, ips url, ipv4, ipv4s context, january, japan, jump, june, junior, kinsing, kinsing miner, labs gmbh, level, level3, linode, linux, log4j, log4j Shell, log4j azure, log4j craiu, log4j crowdsec, log4j exploit, log4j f, log4j greynoise, log4j threatfox, log4j throwing, log4j urlhaus, log4j2 rce, log4jci, log4jci log4jci, log4shell, log4shelliocs, malicious, malspam email, md5 hashes, md5=29851d65fe14699a793bf401cb84c019, md5=5ac6ded41f9a61cd9d026e91af47b695, mirai, mirai infection, mirai log4j, mirai retrieval, msi file, mtb dec, muhstik, muhstik botnet, muhstik c2, muhstik tsunami, mushtik botnet, netherlands, new jersey, open source, orcus, orcusrat, orcusrat zip, osint e, osint intro, ovh sas, phishing, ponynet, professional, public, rce attempt, redis, register, related pulses, remote code, responder, riskiq threat, role title, russia, scanner ip, script, search my, security llc, sentinel ioc, service, servicio web, sha256, sha256 hash, shenal, show, sign, singapore, source ip, source ips, star, strong, subvertir, sweden, sysv, t1040, t1082, t1102, t1498, t1553, target port, telecom, threat alert, tips, tor exit, trojan, tsunami log4j, tuesday, type indicator, ukraine, uniquehash, united, united kingdom, unknown ip, unknown malware, upgrade, url http, url https, url ldap, urlhttp, urls, urls http, utf8, varspoolcron, view, virustotal, w hidden, x x86, x x8664, x x86g, x41me m3wtf, zip archive
-
View other sources: Spamhaus VirusTotal
- Country: Russia
- Network: AS39741 data-centr ekaterinburg ooo
- Noticed: 50 times
- Protcols Attacked: redis
- Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
- Passive DNS Results: www.cruffex.cf cruffex.cf ebin01.cc www.cubestore.org