45.15.16.175 Threat Intelligence and Host Information

Share on:
Jul 01, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.15.16.175 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001 - Data Obfuscation, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1006 - Direct Volume Access, T1007 - System Service Discovery, T1008 - Fallback Channels, T1010 - Application Window Discovery, T1011 - Exfiltration Over Other Network Medium, T1012 - Query Registry, T1014 - Rootkit, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1020 - Automated Exfiltration, T1021 - Remote Services, T1025 - Data from Removable Media, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1030 - Data Transfer Size Limits, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1037 - Boot or Logon Initialization Scripts, T1039 - Data from Network Shared Drive, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1046 - Network Service Scanning, T1047 - Windows Management Instrumentation, T1048 - Exfiltration Over Alternative Protocol, T1049 - System Network Connections Discovery, T1052 - Exfiltration Over Physical Medium, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1069 - Permission Groups Discovery, T1070 - Indicator Removal on Host, T1072 - Software Deployment Tools, T1074 - Data Staged, T1078 - Valid Accounts, T1080 - Taint Shared Content, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1087 - Account Discovery, T1090 - Proxy, T1091 - Replication Through Removable Media, T1092 - Communication Through Removable Media, T1095 - Non-Application Layer Protocol, T1097 - Pass the Ticket, T1098 - Account Manipulation, T1102 - Web Service, T1104 - Multi-Stage Channels, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110 - Brute Force, T1111 - Two-Factor Authentication Interception, T1112 - Modify Registry, T1113 - Screen Capture, T1114 - Email Collection, T1115 - Clipboard Data, T1119 - Automated Collection, T1120 - Peripheral Device Discovery, T1123 - Audio Capture, T1124 - System Time Discovery, T1125 - Video Capture, T1127 - Trusted Developer Utilities Proxy Execution, T1129 - Shared Modules, T1132 - Data Encoding, T1133 - External Remote Services, T1134 - Access Token Manipulation, T1135 - Network Share Discovery, T1136 - Create Account, T1137 - Office Application Startup, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1185 - Man in the Browser, T1187 - Forced Authentication, T1189 - Drive-by Compromise, T1190 - Exploit Public-Facing Application, T1195 - Supply Chain Compromise, T1197 - BITS Jobs, T1199 - Trusted Relationship, T1200 - Hardware Additions, T1201 - Password Policy Discovery, T1202 - Indirect Command Execution, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1205 - Traffic Signaling, T1207 - Rogue Domain Controller, T1210 - Exploitation of Remote Services, T1211 - Exploitation for Defense Evasion, T1212 - Exploitation for Credential Access, T1213 - Data from Information Repositories, T1216 - Signed Script Proxy Execution, T1217 - Browser Bookmark Discovery, T1218 - Signed Binary Proxy Execution, T1219 - Remote Access Software, T1220 - XSL Script Processing, T1221 - Template Injection, T1222 - File and Directory Permissions Modification, T1480 - Execution Guardrails, T1482 - Domain Trust Discovery, T1484 - Domain Policy Modification, T1485 - Data Destruction, T1486 - Data Encrypted for Impact, T1489 - Service Stop, T1490 - Inhibit System Recovery, T1491 - Defacement, T1495 - Firmware Corruption, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1505 - Server Software Component, T1518 - Software Discovery, T1525 - Implant Internal Image, T1526 - Cloud Service Discovery, T1528 - Steal Application Access Token, T1529 - System Shutdown/Reboot, T1530 - Data from Cloud Storage Object, T1531 - Account Access Removal, T1534 - Internal Spearphishing, T1535 - Unused/Unsupported Cloud Regions, T1537 - Transfer Data to Cloud Account, T1538 - Cloud Service Dashboard, T1539 - Steal Web Session Cookie, T1542 - Pre-OS Boot, T1543 - Create or Modify System Process, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1548 - Abuse Elevation Control Mechanism, T1550 - Use Alternate Authentication Material, T1552 - Unsecured Credentials, T1553 - Subvert Trust Controls, T1554 - Compromise Client Software Binary, T1555 - Credentials from Password Stores, T1556 - Modify Authentication Process, T1557 - Man-in-the-Middle, T1558 - Steal or Forge Kerberos Tickets, T1559 - Inter-Process Communication, T1560 - Archive Collected Data, T1561 - Disk Wipe, T1562 - Impair Defenses, T1563 - Remote Service Session Hijacking, T1564 - Hide Artifacts, T1565 - Data Manipulation, T1566 - Phishing, T1567 - Exfiltration Over Web Service, T1568 - Dynamic Resolution, T1569 - System Services, T1570 - Lateral Tool Transfer, T1571 - Non-Standard Port, T1572 - Protocol Tunneling, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1578 - Modify Cloud Compute Infrastructure, T1580 - Cloud Infrastructure Discovery, T1583 - Acquire Infrastructure, T1584 - Compromise Infrastructure, T1585 - Establish Accounts, T1586 - Compromise Accounts, T1587 - Develop Capabilities, T1588 - Obtain Capabilities, T1589 - Gather Victim Identity Information, T1590 - Gather Victim Network Information, T1591 - Gather Victim Org Information, T1592 - Gather Victim Host Information, T1593 - Search Open Websites/Domains, T1594 - Search Victim-Owned Websites, T1595 - Active Scanning, T1596 - Search Open Technical Databases, T1597 - Search Closed Sources, T1598 - Phishing for Information, T1599 - Network Boundary Bridging, T1600 - Weaken Encryption, T1601 - Modify System Image, T1602 - Data from Configuration Repository, T1606 - Forge Web Credentials, T1609 - Container Administration Command, T1610 - Deploy Container, T1611 - Escape to Host, T1612 - Build Image on Host, T1613 - Container and Resource Discovery, T1614 - System Location Discovery

  • Tags: TOR, VPN, adwind, agenttesla, anydesk, april, attack, autoit, backend, bloodhound, capture, cobalt strike, code, crackmapexec, date, date ip, discord, erebus, execution, fraud, god without, houdini, hworm, indicators of, info, keylogger, malware, metasploit, mimikatz, mtnci, mtnci descr, nanocore, nanocore rat, netbouncer se1, netbouncer uk1, netwire, neutrino, opera1er, packer, paraguay, pass, payment, permission, persistence, playing god, powershell, powersploit, psexec, rats, rdpwrap, remcos, restrict, safetykatz, service, sharpweb, sherlock, swift, team, teamviewer, threat report, tips, tools, venom rat, venomrat, webdav, whois, wsh

  • View other sources: Spamhaus VirusTotal

  • Country: Sweden
  • Network: AS42675 obehosting ab
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: Argentina, Bangladesh, Burkina Faso, Cameroon, Gabon, Mali, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Togo, Uganda
  • Passive DNS Results: fatalius.direct.quickconnect.to skogen.davidmonsen.com news.coris-bank.fr actu.afrikmedia.info personnels.bdm-sa.fr news.banquealtantique.net windowsupdaters.zapto.org

Open Ports Detected

8118

Map

Whois Information

  • inetnum: 45.15.16.128 - 45.15.16.255
  • netname: NB-SE1-4
  • descr: Netbouncer SE1
  • country: SE
  • admin-c: NB10001-RIPE
  • tech-c: NB10001-RIPE
  • status: ASSIGNED PA
  • mnt-by: MNT-NB
  • created: 2021-10-11T08:28:07Z
  • last-modified: 2021-10-11T08:28:07Z
  • role: Netbouncer AB
  • address: Box 2062
  • address: 174 02 Sundbyberg
  • abuse-mailbox: [email protected]
  • nic-hdl: NB10001-RIPE
  • mnt-by: MNT-NB
  • created: 2019-05-11T09:56:01Z
  • last-modified: 2020-06-23T21:02:26Z
  • route: 45.15.16.0/24
  • origin: AS42675
  • mnt-by: MNT-NB
  • created: 2021-02-02T21:32:08Z
  • last-modified: 2021-02-02T21:32:08Z

Links to attack logs

anonymous-proxy-ip-list-2023-06-29 anonymous-proxy-ip-list-2023-06-30