45.148.10.65 Threat Intelligence and Host Information

Share on:
Jun 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.148.10.65 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Mitre ATT&CK IDs: T1546 - Event Triggered Execution, T1566 - Phishing
  • Tags: C&C, Christopher Pool, Malicious IP, Nextray, Pool’s Closed, SSH, Timothy Pool, UPnP, badrequest, blacklist, botnet, bruteforce, cyber security, ioc, malicious, mirai, phishing, probing, scan, scanning, udp, webscan, webscanner, webscanner bruteforce web app attack
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: normshield_all_attack, normshield_high_attack

  • Country: Netherlands
  • Network: AS48090 pptechnology limited
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: bigbots.cc

Malware Detected on Host

Count: 10 67de77e59ea9a48a9b43aa741177167ac09e7af824f2b18c41772f0d95a20781 7feaf02b0379e224b6775dcdbc74e2af9912b4cbe3f2cdaf1d99bffc6e879707 2fa2d9c493647bb2f2146c44e4b80cc87c0ec663b8d44ce27cc5f4d45ea22a9e a1d62f8d2b61829aa43e309ce1640e101b8d77e5d165eb18be08547482c9ba86 ed8ac7fd7cc99ff17d3765146b27a167991779c6015ab5e7c90adf8d1060df36 145e9b80338f19b4c0782de7de2c2c20f0a99e9201e3c1613fec3961474cde46 05373071794f6e82a782841cc066153a6d03c5918f7a2dd8b30c6851f82d7cdc 278a3a655d1e9ab831b00ff6a21215c19a24e686a9140c5a1ea2a9871c522bf0 538c08309b525883ccc3037b80e081ef8366ce555ad48c35337e4642096be8b6 12761dc905dde5dfd7f973981a404c52b8bd7624e0152525160668511a021f7c

Open Ports Detected

22

Map

Whois Information

  • inetnum: 45.148.10.0 - 45.148.10.255
  • org: ORG-PA1232-RIPE
  • mnt-domains: CYBR-DMZ
  • mnt-domains: CYBR-DMZ
  • netname: DMZHOST-LIMITED
  • descr: https://dmzhost.co
  • country: AD
  • admin-c: ACRO26775-RIPE
  • tech-c: ACRO26775-RIPE
  • status: ASSIGNED PA
  • mnt-by: CYBR-DMZ
  • mnt-by: pptechnology
  • created: 2019-09-02T15:08:45Z
  • last-modified: 2022-12-21T16:42:05Z
  • organisation: ORG-PA1232-RIPE
  • org-name: PPTECHNOLOGY LIMITED
  • country: GB
  • org-type: OTHER
  • address: 35 Firs Avenue, London, England, N11 3NE
  • abuse-c: ACRO26775-RIPE
  • mnt-ref: pptechnology
  • mnt-by: pptechnology
  • created: 2019-09-02T14:59:13Z
  • last-modified: 2022-12-01T17:22:22Z
  • role: Abuse contact role object
  • address: 35 Firs Avenue, London, England, N11 3NE
  • abuse-mailbox: [email protected]
  • nic-hdl: ACRO26775-RIPE
  • mnt-by: pptechnology
  • created: 2019-09-02T14:58:45Z
  • last-modified: 2022-10-03T17:04:32Z
  • route: 45.148.10.0/24
  • origin: AS48090
  • mnt-by: CYBR-DMZ
  • created: 2019-09-05T14:32:45Z
  • last-modified: 2019-09-21T13:21:51Z

Links to attack logs

aws-ssh-bruteforce-ip-list-2020-10-13 aws-ssh-bruteforce-ip-list-2020-10-24 aws-ssh-bruteforce-ip-list-2020-10-08 aws-ssh-bruteforce-ip-list-2020-10-21 aws-ssh-bruteforce-ip-list-2020-10-27