45.149.77.27 Threat Intelligence and Host Information

Share on:
Jun 23, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.149.77.27 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, Telnet, alienvault ip, attack, bernal, botnet c2, bruteforce, carapicuiba, cowrie, cyber security, dstip, fail2ban, feodo tracker, generic, ho chi, host at, host de, host in, host tw, ioc, ip blocklist, la, lafusioncenter, login, louisiana, malicious, malicious host, phishing, scanner, ssh, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Iran
  • Network: AS60631 pars parva system co. ltd.
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Sweden, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: saham-edlarat.host sahamedalat-irname.host saham-mypanel.host saham-edalatme.host saham-mypan.host hip-saham.cloud hip-saham.com hit-saham.host dr-saham-ir.host nab-saham.host hi-saham.host dr-saham.host daryaft-saham.host sabt-saham.host samane-saham.host my-saham-ir.host me-saham-ir.host qelnet.com borhan.sbu.ac.ir

Malware Detected on Host

Count: 6 250f64ceb312faa0a56343a381fd3410ebcd60ba3a75c6c64ec20f43b9a24f4d 6aec87865a00656be781e68c373f298890653d44ac7044a9737c736043b2ec28 5b427396f3dd5d054475e7aa3bee9bc3bc1d27d92eea36c51eb332f76ebc46d5 0d2e70d75e86f23db7108ef05f1035b2505ca68539fb5d3a1740832338e5faa7 078576866d6d29c77ee5ea3b47ea86a1fdb7c5a2a07a5ecdb7d14ff474603a0d d89a1f348c47264ead8462649b8ecf2a69462714683815299ed145a801ed5bb5

Map

Whois Information

  • inetnum: 45.149.76.0 - 45.149.77.255
  • netname: ParsPack
  • country: IR
  • admin-c: PS12254-RIPE
  • tech-c: PS12254-RIPE
  • status: LIR-PARTITIONED PA
  • mnt-by: mnt-ir-parsparva4-1
  • created: 2020-05-04T08:25:13Z
  • last-modified: 2020-05-04T08:25:13Z
  • person: Pars Parva System LTD
  • address: Saadat Abad, 35th West Street, Number 2
  • phone: +982141807
  • nic-hdl: PS12254-RIPE
  • mnt-by: PS60518-MNT
  • created: 2011-10-06T13:11:14Z
  • last-modified: 2018-09-13T08:16:47Z
  • route: 45.149.77.0/24
  • origin: AS60631
  • mnt-by: mnt-ir-parsparva4-1
  • created: 2020-05-04T08:27:59Z
  • last-modified: 2020-05-04T08:27:59Z

Links to attack logs

bruteforce-ip-list-2021-03-07