45.66.249.5 Threat Intelligence and Host Information

Share on:
Nov 07, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.66.249.5 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 32/100

Host and Network Information

  • Tags: 1234, 32-bit, 64-bit, arm, ascii, AveMariaRAT, BB26, ddos-bot, dll, doc, dropped-by-PrivateLoader, elf, encrypted, exe, Formbook, geofenced, hajime, js, mips, mirai, Mozi, njRAT, obama261, opendir, Password-protected, powershell, ps, Qakbot, qbot, Quakbot, rar, rat, RemcosRAT, RevengeRAT, smokeloader, Smoke Loader, SocGholish, Stealc, ua-ps, USA, Vidar, wsf, x86-64, zip

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS62005 bluevps ou
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Passive DNS Results: acrobat-adobe.com integralmax.tk greatgoods.gq reliableconexion.xyz wonderproducts.ml

Malware Detected on Host

Count: 8 a1bf927ce95e488f7c2dd8fe769d0eadfd202951621d8abbb10fd6b3a3367a11 0015822393bc0cf2a234b8f38678f60842f2475ae1a7e9c60330cdfde908d2c0 c8fb44d2895a223cce610a391158e6e299f436b65e933dd54e47c1a37009aac9 244dc31d6408dcf837d5a16fd183c74015834a7033e428318eff14b9e1d14eba 7c2afe7ddb9bace6a0b1c8876c27790612b3d21b542c980357910d5b6644c37b 227dc1f2aa7ce7aa129ebdd52d821917f3155d1349f2cc867ad2e69f1a083a1d 8dd76775b39ae25dbdbf58b0ce538c5a81a75c5a0dda6dfe7f002b56723a3fdb 3004fdbcf776a6833cb821f70b36f94b75f026b4ea38f5d3155cb0866211e903

Map

Whois Information

  • inetnum: 45.66.248.0 - 45.66.249.255
  • geofeed: https://geofeed.bluevps.com/geofeed.csv
  • netname: BlueVPS
  • org: ORG-BO78-RIPE
  • country: US
  • admin-c: AR60040-RIPE
  • abuse-c: AR60040-RIPE
  • tech-c: AR60040-RIPE
  • mnt-routes: mnt-ee-bluevps-1
  • mnt-domains: mnt-ee-bluevps-1
  • status: ASSIGNED PA
  • mnt-by: VPLAB-MNT
  • created: 2021-09-28T09:52:58Z
  • last-modified: 2022-12-14T07:57:41Z
  • organisation: ORG-BO78-RIPE
  • org-name: BlueVPS OU
  • country: EE
  • org-type: LIR
  • address: Kesklinna linnaosa, Kaupmehe tn 7-120
  • address: 10114
  • address: Tallinn
  • address: ESTONIA
  • phone: +372 634 6138
  • admin-c: OG3400-RIPE
  • tech-c: OG3400-RIPE
  • abuse-c: AR60040-RIPE
  • mnt-ref: mnt-ee-bluevps-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-ee-bluevps-1
  • created: 2020-03-11T07:52:56Z
  • last-modified: 2022-10-21T09:05:59Z
  • mnt-ref: VPLAB-MNT
  • mnt-ref: MNT-GLBTX
  • role: Abuse-C Role
  • address: Kesklinna linnaosa, Kaupmehe tn 7-120
  • address: 10114
  • address: Tallinn
  • address: ESTONIA
  • nic-hdl: AR60040-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: mnt-ee-bluevps-1
  • created: 2020-03-11T07:52:55Z
  • last-modified: 2020-03-11T07:52:55Z
  • route: 45.66.249.0/24
  • origin: AS62005
  • mnt-by: mnt-ee-bluevps-1
  • created: 2022-04-20T09:38:29Z
  • last-modified: 2022-04-20T09:38:29Z

Links to attack logs

anonymous-proxy-ip-list-2023-11-03