45.251.240.55 Threat Intelligence and Host Information

Share on:
Jun 14, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.251.240.55 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001 - Data Obfuscation, T1008 - Fallback Channels, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1073 - DLL Side-Loading, T1094 - Custom Command and Control Protocol, T1102 - Web Service, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1190 - Exploit Public-Facing Application, T1210 - Exploitation of Remote Services, T1218 - Signed Binary Proxy Execution, T1505 - Server Software Component, T1547 - Boot or Logon Autostart Execution
  • Tags: > \sys.info, Brute-Force, Bruteforce, CnC, Exchange Server exploit, Nextray, PKPLUG Group, PlugX, ProxyLogon, SSH, THOR, Wuhan, alliance, apac, april, august, australia, avira ’, c ip, china, cobalt, cobalt strike, compromise, connect, cyber security, description, dword, eset, february, figure, file, global, hong kong, http, ioc, june, learn, loader, malicious, march, msie, mustang panda, null, palo alto, phishing, pkplug, plugx, plugx sample, poison ivy, sha256, thor, thor magic, unit, unseen plugx, vietnam, virtualalloc, virustotal, wildfire, windows, windows nt

  • View other sources: Spamhaus VirusTotal

  • Country: Japan
  • Network: AS4785 xtom
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 8 d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 42fa5c98bf830c6b68d9dae6d299e3f77d5fb37c167085ce0f7554301b24757d 064e1bc19220178d20e3027158acf9efc2d0724e2a3c4124d42758c4b118ef0d 8074d300700f90289835aabe09a101ece2d6a81adf103aa4ce7d9371153930e2 a7821a2cb307587a0b8514e24458b5b307260c9af035c0abd2e3c10d6e1a910c 90d828d6c88741d97681eb815c68e0266018c5f774b94e6ca9e1d164a4580237 1cba2cfbe52873edd466863366bdc55bae22d5640f18da6d9eaba30b9ba8be98 cd45610f29a044e22246c12cc9e1c330dac672af055852b622a771836c946e0c

Map

Whois Information

  • inetnum: 45.251.240.0 - 45.251.240.255
  • netname: WENJING-HK
  • descr: Hongkong Wen Jing Network Limited
  • country: HK
  • admin-c: HWNL2-AP
  • tech-c: HWNL2-AP
  • abuse-c: AS2930-AP
  • status: ALLOCATED NON-PORTABLE
  • mnt-by: MAINT-WENJING-HK
  • mnt-irt: IRT-SWNL-CN1
  • last-modified: 2021-01-06T13:30:18Z
  • irt: IRT-SWNL-CN1
  • address: FLAT/RM A30, 9/F SILVERCORP INTERNATIONAL TOWER,, 707-713. NATHAN ROAD, MONGKOK, KOWLOON, HONG KONG
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: HWJN1-AP
  • tech-c: HWJN1-AP
  • mnt-by: MAINT-WENJING-HK
  • last-modified: 2023-06-02T03:36:27Z
  • role: ABUSE SWNLCN1
  • address: FLAT/RM A30, 9/F SILVERCORP INTERNATIONAL TOWER,, 707-713. NATHAN ROAD, MONGKOK, KOWLOON, HONG KONG
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: HWJN1-AP
  • tech-c: HWJN1-AP
  • nic-hdl: AS2930-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2023-06-02T03:37:08Z
  • role: Hongkong WenJing Network Limited administrator
  • address: FLAT/RM A30, 9/F SILVERCORP INTERNATIONAL TOWER,, 707-713. NATHAN ROAD, MONGKOK, KOWLOON, HONG KONG
  • country: HK
  • phone: +85253005175
  • e-mail: [email protected]
  • admin-c: HWNL2-AP
  • tech-c: HWNL2-AP
  • nic-hdl: HWNL2-AP
  • notify: [email protected]
  • mnt-by: MAINT-SWNL-CN
  • last-modified: 2018-12-02T01:51:52Z
  • route: 45.251.240.0/24
  • origin: AS4785
  • descr: Shenzhen Wenjing Network Limited
  • mnt-by: MAINT-WENJING-HK
  • last-modified: 2020-12-02T04:55:47Z

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2023-01-30