45.56.222.140 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 45.56.222.140 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: blacklist, brute-force, bruteforce, Bruteforce, cowrie, cyber security, ioc, malicious, Malicious IP, Nextray, phishing, scan, scanners, ssh, SSH, tcp, vultr

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: b3b0, haley_ssh

• Country: Canada
• Network: AS13768 aptum technologies
• Noticed: 43 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: koraianz.com.peeronevoip.com www.koraianz.com.peeronevoip.com www.koraianz.com koraianz.com www.koraianzcom.peeronevoip.com koraianzcom.peeronevoip.com www.hostwebdata.peeronevoip.com hostwebdata.peeronevoip.com kfqus184.hostpapavps.net ghanbazaar.com.au www.ghanbazaar.bizregistrations.com.au bizregistrations.com.au evhog217.hostpapavps.net albyn427.hostpapavps.net ofa.dadogdigitalmedia.com www.ofa.dadogdigitalmedia.com cpcalendars.dadogdigitalmedia.com cpcontacts.dadogdigitalmedia.com dadogdigitalmedia.com cpcalendars.lydieslushideas.com cpcalendars.bonusfans.com cpcontacts.lydieslushideas.com cpcontacts.bonusfans.com cpcontacts.gamblingvideotips.com cpcalendars.gamblingvideotips.com gamblingvideotips.dadogdigitalmedia.com cpcalendars.edinburghwebdesigners.net cpcontacts.edinburghwebdesigners.net www.products.dadogdigitalmedia.com products.dadogdigitalmedia.com lydieslushideas.dadogdigitalmedia.com bonusfans.com www.bonusfans.dadogdigitalmedia.com bonusfans.dadogdigitalmedia.com www.gamblingvideotips.dadogdigitalmedia.com ns1.albyn427.hostpapavps.net www.pbpdirect.dadogdigitalmedia.com pbpdirect.dadogdigitalmedia.com www.shop4gentlemen.dadogdigitalmedia.com shop4gentlemen.com shop4gentlemen.dadogdigitalmedia.com edinburghwebdesigners.dadogdigitalmedia.com www.edinburghwebdesigners.dadogdigitalmedia.com edinburghwebdesigners.net www.albyntownhouse.dadogdigitalmedia.com albyntownhouse.dadogdigitalmedia.com albyntownhouse.co.uk www.lydieslushideas.dadogdigitalmedia.com lydieslushideas.com glasgowwebdesigners.net gamblingvideotips.com

Open Ports Detected

110 143 2082 2083 2086 2087 21 443 465 53 587 80 993 995

Map

Whois Information

• NetRange: 45.56.216.0 - 45.56.223.255
• CIDR: 45.56.216.0/21
• NetName: NET-45-56-216-0-1
• NetHandle: NET-45-56-216-0-1
• Parent: NET45 (NET-45-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: HostPapa (HOSTP-7)
• RegDate: 2016-07-01
• Updated: 2024-02-02
• Comment: http://www.hostpapa.com - static allocation.
• Ref: https://rdap.arin.net/registry/ip/45.56.216.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• RTechHandle: NETTE12-ARIN
• RTechName: NETTECH-HOSTPAPA
• RTechPhone: +1-905-315-3455
• RTechEmail: net-tech@hostpapa.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE12-ARIN
• RAbuseHandle: NETAB26-ARIN
• RAbuseName: NETABUSE-HOSTPAPA
• RAbusePhone: +1-905-315-3455
• RAbuseEmail: net-abuse@hostpapa.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB26-ARIN

Links to attack logs

****** vultrwarsaw-ssh-bruteforce-ip-list-2022-07-12 ****** ******