45.61.186.22 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.61.186.22 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

Tags: C2, cyber security, ioc, malicious, Nextray, phishing, RedLine, Stealer
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: stopforumspam_180d, stopforumspam_365d, stopforumspam_90d, stopforumspam, tor_exits_30d

Known TOR node
Country: United States
Network: AS53667 frantech solutions
Noticed: 32 times
Protocols Attacked: ntp
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 13 9e341fe16f8ab0071ceeb1f79597e6e2d8286b200ebb88e52b5ebb807acf7137 abc1f67ce93f7c13941dc57f108c41020e459b18a03c0893579384dd4c0686e3 b4b4c54d15b5083bc51303aa6cb73fff908132571b7a8a8fbc91d487dbc18709 60e548b23416e0209619c4a3b5110c68e11f218c8d11441b40fa00fe120474b3 75765b28dcd38762b3fea473d6af75c82379beeca1d86145b972653c33046c28 2ca12e3d464ce0236d452ed4d52b9a09f42ff4ee3a71afaa5dedd0b77580eb16 6e1a3eb223844c4b5af2c63f66925f43d704bcb4d95cea0565cc5a1229d307a0 9042cb7a4c6f235cf35d96e624d095ed3a6ac399675c0874fd3d175bb0c9f389 e956ea16e325f3a7ca04b5e297aceb69d7dd8846bdf4518dd5a4e0ca65ad3787 7d6984b616a1b467b4fadeaf0d55fe791a748c4b5764e03cb4bd792fb214e6fb

Open Ports Detected

Map

Whois Information

NetRange: 45.61.128.0 - 45.61.191.255
CIDR: 45.61.128.0/18
NetName: PONYNET-15
NetHandle: NET-45-61-128-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2015-01-02
Updated: 2015-01-02
Ref: https://rdap.arin.net/registry/ip/45.61.128.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: admin@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: admin@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

Share on: