45.134.225.20 Threat Intelligence and Host Information
Share on:General
This page contains threat intelligence information for the IPv4 address 45.134.225.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
Potentially Malicious Host 🟡 50/100
Host and Network Information
- Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
- Tags: Malicious IP, Nextray, SSH, Scanner, Telnet, Webattack, attack, badrequest, blacklist, botnet, bruteforce, cowrie, cyber security, ioc, login, malicious, mirai, phishing, probing, scan, scanner, scanning, smtp, ssh, tcp, telnet, webscan, webscanner, webscanner bruteforce web app attack
-
View other sources: Spamhaus VirusTotal
- Country: Germany
- Network: AS208046 maximilian kutzner
- Noticed: 1 times
- Protcols Attacked: telnet
- Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
- Passive DNS Results: thesealexploit.com focused-austin.45-134-225-20.plesk.page emarket.gg
Malware Detected on Host
Count: 14 6e9e09848c9f9e1ddb14f4f8f6c2e3adae1bfb804a93aa2dd49c1284119353f9 6fe9d5be760d188863bd1b3a2ac344c883629862a9125928d7bb345cd0845380 eafea677d92f92f137b931c2dd5df6b8b64bf9b45b15c63a8162aef9c043d147 1f488f313ca3062b7fa5d24cb1f220470962c9fc2c31459b474fd46184fc4403 0b60a08b2a447d22a2c05748c1366aa3c1d26ae20915d31f3a6b2fde52d3a249 f1e16dc547aff20650a02ef2ec7029dedabbf32b2447d75d3f4c0f10f2521e11 db329271c71b1ed1ea62727771eb6305cd205f6e80400904a656cf6ff3c3b0bd b47e1fb44bb8a44454e237c223912e063b5fa44195e59a522e851be9151a257e 6ecfdc511396f3d61d41c04db9e09354f4a16e0e317b344ac96bc36e962aa7c1 ca589a59b8a484d07972cbcebedbb466d62cf2de462b1cf3e662d6be923c6656
Map
Whois Information
- inetnum: 45.134.225.0 - 45.134.225.255
- netname: ColocationX-IP-Range
- descr: ColocationX Datacenter
- country: NL
- geoloc: 52.370216 4.895168
- admin-c: CLN38-RIPE
- mnt-domains: dagroup
- org: ORG-CL709-RIPE
- tech-c: CLN38-RIPE
- status: ASSIGNED PA
- mnt-by: COLOX-MNT
- created: 2019-08-28T09:13:13Z
- last-modified: 2022-11-09T12:36:43Z
- organisation: ORG-CL709-RIPE
- org-name: ColocationX Ltd.
- country: GB
- org-type: OTHER
- address: Kingsfordweg 151, 1043GR Amsterdam
- abuse-c: CLN38-RIPE
- mnt-ref: dagroup
- mnt-ref: AZERONLINE-MNT
- mnt-ref: ADAMBB-MNT
- mnt-ref: RELCOMGROUP-EXT-MNT
- mnt-ref: PINGIPMAINTAINER
- mnt-ref: COLOX-MNT
- mnt-by: COLOX-MNT
- created: 2022-11-09T11:43:31Z
- last-modified: 2022-12-01T17:09:22Z
- role: ColocationX Ltd. 24x7 NOC
- address: Kingsfordweg 151, 1043 GR Amsterdam, Netherlands
- abuse-mailbox: [email protected]
- nic-hdl: CLN38-RIPE
- mnt-by: COLOX-MNT
- created: 2022-11-09T11:39:38Z
- last-modified: 2022-11-09T11:43:26Z
- route: 45.134.225.0/24
- origin: AS208046
- mnt-by: dagroup
- created: 2020-07-16T09:19:34Z
- last-modified: 2020-07-16T09:19:34Z