45.64.105.11 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 45.64.105.11 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1080 - Taint Shared Content, T1102 - Web Service, T1210 - Exploitation of Remote Services, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1566 - Phishing

• Tags: agent tesla, cobalt strike, cobaltstrike, cyber security, desktop, domains, emotet, emotet malware, eternalblue, fake net, fallout, first, flawedammyy, hashes, ioc, iocs ip, malicious, malware, microsoft, Nextray, phishing, qbot, systembc, trickbot, trojan, united, wannacry, wannycry, wcry

• JARM: 27d27d27d00027d00043d43d00043dba951fb796b4b956c9799ba19149e94a

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_emd, hphosts_psh

• Country: India
• Network: AS132335 leapswitch networks pvt ltd
• Noticed: 41 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: negreensummit.info amitpatilcentralschool.kumarkia.in pop.crjgrouptech.com smtp.crjgrouptech.com www.nlpderp.crjgrouptech.com nlpderp.crjgrouptech.com ftp.crjgrouptech.com newbharatrefrigeration.in www.newbharatrefrigeration.in svpschool.org lavanderiaservices.com theelam.online www.archanapack.com archanapack.com www.demo.strado.in smtp.strado.in ftp.strado.in pop.strado.in demo.strado.in www.petnestvetclinic.com indiantechera.com nanoteaching.info drsandeepgovil.in www.drsandeepgovil.in sugajeevanayurveda.com pop.dotnets.in dotnets.in www.dotnets.in ftp.dotnets.in smtp.dotnets.in shortsmv.com kumbakonam.asia demo.sakidigitalservices.in smtp.sivasangeethampalace.com sivasangeethampalace.com ftp.sivasangeethampalace.com pop.sivasangeethampalace.com www.sivasangeethampalace.com homeopathyonlinemd.com www.saffraige.com pop.saffraige.com saffraige.com smtp.saffraige.com ftp.saffraige.com www.gonikafeed.com pop.gonikafeed.com smtp.gonikafeed.com gonikafeed.com ftp.gonikafeed.com smtp.sofanewhyderabad.in pop.sofanewhyderabad.in www.sofanewhyderabad.in ftp.sofanewhyderabad.in pop.domainhive.co.in ftp.domainhive.co.in smtp.domainhive.co.in domainhive.co.in onnpay.co.in rajprecisioncastings.com arclinewll.com www.rootsuk.uk rootsuk.uk pop.burlyvets.com burlyvets.com ftp.burlyvets.com smtp.burlyvets.com www.burlyvets.com skymindcapital.com sbpiot.com yycnorthstar.com smtp.comelyelectronics.com pop.comelyelectronics.com www.comelyelectronics.com ftp.comelyelectronics.com pop.durgasoftsolutions.com ftp.durgasoftsolutions.com smtp.durgasoftsolutions.com www.durgasoftsolutions.com techsolutionsltd.com rsacademysuwari.in www.rsacademysuwari.in ott.cmas7.in dcamhub.com www.vasavi.divineglb.com vasavi.divineglb.com ankyscreation.com www.wowsms.in wowsms.in ftp.healthistics.in healthistics.in www.healthistics.in www.letsdairy.in test.letsdairy.in www.test.letsdairy.in letsdairy.in smtp.sachinenterprises.net pop.sachinenterprises.net www.sachinenterprises.net ftp.sachinenterprises.net sachinenterprises.net smtp.aayps.in pop.aayps.in ftp.aayps.in aayps.in www.aayps.in bathtubrepair.ae www.eptrd.com madhusudanderi.com groupoflifescienceacademy.com epicedu.in www.epicedu.in www.hotelsnowvillage.com ftp.desaiagro.in smtp.desaiagro.in pop.desaiagro.in www.manishbhati.com manishbhati.com ftp.manishbhati.com pop.manishbhati.com smtp.manishbhati.com www.vagamonvibes.com pop.vagamonvibes.com smtp.vagamonvibes.com ftp.vagamonvibes.com www.oxfordschool.org.in oxfordschool.org.in www.felij.com pop.telecommbytes.com www.telecommbytes.com ftp.telecommbytes.com smtp.telecommbytes.com ftp.dikshamadaan.com dikshamadaan.com pop.dikshamadaan.com www.dikshamadaan.com smtp.dikshamadaan.com www.bangalorepropertyservices.com www.megainfracity.com pop.yatrijunction.com www.yatrijunction.com ftp.yatrijunction.com sbrgroupofcompanies.com www.merritta.com www.jrptautomation.com www.campdreamscape.com jktender.shivashyamalinfotech.com www.aritgroups.com it-ril.com pop.bathtub.repair www.bathtub.repair ftp.bathtub.repair bathtub.repair smtp.lifelineclinics.in www.lifelineclinics.in pop.lifelineclinics.in lifelineclinics.in ftp.lifelineclinics.in covenanteducation.co.in www.covenanteducation.co.in infomaxservice.com www.infomaxservice.com bangalorepropertyservices.com www.itlresidency.com durgasoftsolutions.com dailyfreshkolkata.com centrose.online eptrd.com searchyourmodel.com www.speakolearn.com rkenterprises.world swingtraders.info spnews.asia www.aibolts.com vegasic.com htrgoacarrental.com telecommbytes.com nadivaid.com aibolts.com grenozone.com keralayurvedapunjab.com kavisaritasharma.com cattlerench.com firozz.com mentalistvinodsanthipuram.com propertiesdna.com allinone9.com friendhelping.com miraipharmaceutical.com dudabuilder.com librospublication.com hygnus.com vagamonvibes.com www.shscanteenalain.com campdreamscape.com theinternslab.com aritgroups.com wintecheducation.com shivamtravels.org rizvifurnishing.com qatarstationerysuppliers.com www.makhdoomashraf.com sohamsports.com parayresidency.com risenindiasports.com www.galaxysofa.com bharatsofa.shop fourseasonsbrands.com namdharifeed.com tekmithra.com zoyaclassic.hopeglob.com research.hopeglob.com finance.hopeglob.com www.jobs.hopeglob.com www.research.hopeglob.com www.finance.hopeglob.com jobs.hopeglob.com www.zoyaclassic.hopeglob.com sahilsofafurnishing.com petnestvetclinic.com oxiumglobal.com timnortherncomedyfestival.com acntours.com jouherbalindia.com heenafoundation.com sitaramji.com www.sitaramji.com hotelsnowvillage.com smtp.juriswise.com ftp.juriswise.com www.juriswise.com pop.juriswise.com juriswise.com jsda.co.in www.jsda.co.in galaxysofa.com speakolearn.com charmich.com kdnorthzonenavratri.com ikkacamping.com zaspri.com blackleotattoos.com durgasoftsolution.com merritta.com fundexglobal.com easternhuts.com shibins.com kisanagencies.com davaaguru.com modern-jewellers.com sohamyogalife.com evergreenvattavada.com cyberstore.tech ddnrd.com sarkariyojna.us addressktm.com pop.hireindiandev.com chirag.shop www.goldencircleautoparts.com goldencircleautoparts.com nextechnology.in www.nextechnology.in goaselfcars.com policy.redmorus.com redmorus.com keywordskarma.com the-questlearning.com keralayurvedaindia.com herbsoul.digitaltechsite.com www.keywordskarma.com vetbytes.in www.sevait.in sevait.in www.flowtechsolution.in flowtechsolution.in 5000property.com calciconsultancy.com www.pioneerrf.com comelyelectronics.com hireindiandev.com www.samadhanweb.in samadhanweb.in joherbal.com www.joherbal.com sineclad.com www.sineclad.com tulipsgrand.com smtp.aryanecoresort.com pop.aryanecoresort.com ftp.aryanecoresort.com dannyholidaysmunnar.com negreensummit.org www.negreensummit.org mutualfundsolutions.in www.mutualfundsolutions.in www.instashoppe.online instashoppe.online alhabat-allamaha.com www.iidm.cbalifecare.com www.testing.cbalifecare.com testing.cbalifecare.com www.design.cbalifecare.com www.test.cbalifecare.com www.medical.cbalifecare.com bhartiyakisansangthan.com www.bhartiyakisansangthan.com amandwivedi.tech smtp.weltcodeweb.com weltcodeweb.com ftp.weltcodeweb.com pop.weltcodeweb.com www.weltcodeweb.com ftp.blasttechsolution.com smtp.blasttechsolution.com pop.blasttechsolution.com desaiagro.in www.desaiagro.in nanditachemicals.com denaaidfoundation.com www.denaaidfoundation.com jrptautomation.com swadhyay.opensourcecook.in smtp.unstopfashiondeal.in ftp.unstopfashiondeal.in pop.unstopfashiondeal.in www.unstopfashiondeal.in unstopfashiondeal.in baghbarhighschool.com selvarooms.in www.selvarooms.in ftp.allzius.com smtp.allzius.com pop.allzius.com resolvemet.vip www.resolvemet.vip www.sapportraits.com www.krazedance.com herbalayurveda.in.net www.herbalayurveda.in.net srigururaya.org www.srigururaya.org pop.shreesiddhavastu.com ftp.shreesiddhavastu.com smtp.shreesiddhavastu.com www.sachaapkedwar.com sachaapkedwar.com www.roservicescenterjabalpur.cfd www.fost.org.in fost.org.in design.cbalifecare.com medical.cbalifecare.com iidm.cbalifecare.com test.cbalifecare.com swanmedia.co.in www.swanmedia.co.in smtp.idealtechnicalinstitute.org pop.idealtechnicalinstitute.org www.idealtechnicalinstitute.org ftp.idealtechnicalinstitute.org idealtechnicalinstitute.org drivespace.online mrheater.in www.mrheater.in www.11xpert.com 11xpert.com prasanth.icu www.prasanth.icu multilinetools.ae pahlitrade.com gogoacarrental.com smtp.primeloanhub.com ftp.primeloanhub.com www.primeloanhub.com primeloanhub.com pop.primeloanhub.com dalliancewithbooks.com www.strikess.cfd www.malwataxi.com malwataxi.com pioneerrf.com ecaymannational.com rjcopy.shop roservicescenterjabalpur.cfd koha.chanusolutions.com blog.chanusolutions.com kriworld.org www.shulkway.com shulkway.com naman.cfd www.ijoverseas.com ijoverseas.com www.sahyanalukettu.com geotechitsolutions.com pop.geotechitsolutions.com www.geotechitsolutions.com smtp.geotechitsolutions.com ftp.geotechitsolutions.com sahyanalukettu.com dsquaredance.com www.dsquaredance.com mapianta.com parthhitech.com www.vertexexim.com vertexexim.com www.aitvfc.com www.vellorecab.com pop.cacscmaedu.org smtp.cacscmaedu.org ftp.cacscmaedu.org www.cacscmaedu.org cacscmaedu.org pstech.buzz www.pstech.buzz www.offcampus.monster offcampus.monster www.hindustanpowerpvtltd.com hindustanpowerpvtltd.com www.shreeadityaram.buzz indianbeautys.com cogeonets.com www.rapidsolution333.com rapidsolution333.com agcapture24.com www.agcapture24.com www.ordermania.hostingbazar.in ftp.hostingbazar.in pop.hostingbazar.in smtp.hostingbazar.in ordermania.hostingbazar.in www.ncnglobaledu.com ncnglobaledu.com upscnotes.hopeglob.com www.sales.hopeglob.com www.upscnotes.hopeglob.com sales.hopeglob.com www.learn.diligentedu.in learn.diligentedu.in www.shreesiddhavastu.com www.studio0612.in studio0612.in www.store.cyberbroadband.in webflix.cyberbroadband.in store.cyberbroadband.in vellorecab.com dufflo.in www.dufflo.in creationpashmina.com www.creationpashmina.com flatboxhub.com www.flatboxhub.com sofavogue.com dotnets.co.in www.dotnets.co.in ajmerdargahkhwaja.com www.ajmerdargahkhwaja.com learnwebdev.cfd www.learnwebdev.cfd bharateda.com www.bharateda.com musiquemagazine.in www.musiquemagazine.in xl-bi.com www.xl-bi.com www.fulaurirestaurant.com fulaurirestaurant.com smtp.metamenia.com ftp.metamenia.com pop.metamenia.com metamenia.com www.metamenia.com pinetreerealestate.co www.pinetreerealestate.co www.iplkonjitega.online iplkonjitega.online www.highlandhygiene.com highlandhygiene.com smtp.yogawithdeepak.com www.yogawithdeepak.com yogawithdeepak.com ftp.yogawithdeepak.com pop.yogawithdeepak.com www.durgasoftsolution.com sapportraits.com 24xwebservices.com ftp.24xwebservices.com pop.24xwebservices.com www.24xwebservices.com smtp.24xwebservices.com shreesiddhavastu.com joylive.in www.joylive.in www.parvanaconstructions.com parvanaconstructions.com pharmalifecare.com www.pharmalifecare.com www.amitsingharoy.tech amitsingharoy.tech www.e-sarkarinaukri.in e-sarkarinaukri.in macpowerhydraulics.com www.macpowerhydraulics.com

Malware Detected on Host

Count: 1 4247d5e505e34be8d471bc7a353c500f5bbe7d636a23dce6164557aa1222aba3

Open Ports Detected

2222 443 53 80 8888

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2016-10735 CVE-2017-8923 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-11048 CVE-2019-8331 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2022-31628 CVE-2022-31629 CVE-2022-37454 CVE-2024-4577

Map

Whois Information

• inetnum: 45.64.104.0 - 45.64.107.255
• netname: LEAPSWITCH-IN
• descr: LEAPSWITCH NETWORKS PRIVATE LIMITED
• country: IN
• org: ORG-LNPL10-AP
• admin-c: AD1378-AP
• tech-c: AD1378-AP
• abuse-c: AL1842-AP
• status: ASSIGNED PORTABLE
• mnt-by: APNIC-HM
• mnt-routes: MAINT-LEAPSWITCH-IN
• mnt-irt: IRT-LEAPSWITCH-IN
• last-modified: 2024-06-26T09:58:24Z
• irt: IRT-LEAPSWITCH-IN
• address: Office 410, Spectra, Paud Road, Pune Maharashtra 411038
• e-mail: reportabuse@leapswitch.com
• abuse-mailbox: reportabuse@leapswitch.com
• admin-c: AD1378-AP
• tech-c: AD1378-AP
• mnt-by: MAINT-LEAPSWITCH-IN
• last-modified: 2024-06-26T10:14:40Z
• organisation: ORG-LNPL10-AP
• org-name: LEAPSWITCH NETWORKS PRIVATE LIMITED
• org-type: LIR
• country: IN
• address: Office 410, Spectra, Paud Road
• phone: +919595233556
• e-mail: corporate@leapswitch.com
• mnt-ref: APNIC-HM
• mnt-by: APNIC-HM
• last-modified: 2024-05-29T13:08:13Z
• role: ABUSE LEAPSWITCHIN
• address: Office 410, Spectra, Paud Road, Pune Maharashtra 411038
• country: ZZ
• phone: +000000000
• e-mail: reportabuse@leapswitch.com
• admin-c: AD1378-AP
• tech-c: AD1378-AP
• nic-hdl: AL1842-AP
• abuse-mailbox: reportabuse@leapswitch.com
• mnt-by: APNIC-ABUSE
• last-modified: 2024-06-26T10:14:54Z
• person: Abuse Department
• address: Office 410, Spectra, Paud Road, Pune Maharashtra 411038
• country: IN
• phone: +919595233556
• e-mail: reportabuse@leapswitch.com
• nic-hdl: AD1378-AP
• mnt-by: MAINT-LEAPSWITCH-IN
• last-modified: 2024-06-26T09:58:16Z
• route: 45.64.105.0/24
• descr: LeapSwitch Networks Pvt Ltd
• country: IN
• origin: AS132335
• mnt-by: MAINT-LEAPSWITCH-IN
• last-modified: 2024-06-07T02:23:56Z

Links to attack logs

****** ****** ******