45.9.148.108 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.9.148.108 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Netherlands
  • Network: AS49447 nice it services group inc.
  • Noticed: 16 times
  • Protocols Attacked: SSH
  • Countries Attacked: Australia, China, Germany, Japan, Netherlands, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 21, 25, 443, 465, 53, 587, 80, 993, 995
  • Tor Node: No
  • Associated Malware Samples: 33

Tags

  • alarm
  • alibaba
  • alibaba cloud
  • amazon web
  • anondns
  • april
  • aqua
  • aqua security
  • august
  • aws
  • azure
  • beyond
  • c2 server
  • cetus
  • chat
  • christmas
  • cisco secure
  • Cloud
  • cloud analytics
  • CoinMiner
  • command
  • comment
  • computer security
  • core impact
  • credfilenames
  • cryptojacking
  • CVE-2019-5736
  • cyber attacks
  • cyber news
  • cyber security news
  • cyber security news today
  • cyber security updates
  • cyber updates
  • data breach
  • datei
  • december
  • diamorphine
  • docker
  • docker api
  • domains
  • download
  • ec2 instance
  • email subject
  • emotet sha256
  • ethereum
  • execution
  • explosion
  • fall
  • february
  • figure
  • file
  • filename sha256
  • first
  • format
  • fqdns
  • github
  • glue
  • google cloud
  • hacker news
  • hacking news
  • Hildegard
  • how to hack
  • hybrid analysis
  • ident
  • impact
  • info
  • information security
  • Information Technology Sector
  • intezer
  • iocs domains
  • ip address
  • june
  • kaiten
  • king
  • kubernetes
  • Kubernetes
  • labs team
  • localhost
  • main
  • Malicious Shell
  • masscan
  • mimikatz
  • mimipenguin
  • mind
  • miner
  • monero
  • mustang panda
  • nautilus
  • network security
  • next
  • nice vps
  • parrot
  • permiso
  • permiso team
  • persistence
  • pnscan
  • powershell
  • ransomware malware
  • rathole
  • redis
  • salary url
  • security
  • sentinellabs
  • service
  • services
  • sha1
  • sha256
  • silent
  • simple
  • software vulnerability
  • ssh
  • strong
  • summer
  • teamtnt
  • TeamTNT
  • teamtnt tooling
  • tencent
  • the hacker news
  • tools
  • trend micro
  • tsunami
  • tsunami malware
  • twitter
  • unix
  • url http
  • virustotal
  • vpc security
  • wallet
  • worm
  • xmrig
  • XMRig
  • xmrig miner
  • xmrig ngrok

MITRE ATT&CK TTPs

  • T1001 - Data Obfuscation
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1014 - Rootkit
  • T1018 - Remote System Discovery
  • T1021 - Remote Services
  • T1027 - Obfuscated Files or Information
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Name or Location
  • T1036 - Masquerading
  • T1046 - Network Service Scanning
  • T1049 - System Network Connections Discovery
  • T1055 - Process Injection
  • T1056 - Input Capture
  • T1057 - Process Discovery
  • T1059.004 - Unix Shell
  • T1059 - Command and Scripting Interpreter
  • T1070.003 - Clear Command History
  • T1070.004 - File Deletion
  • T1070 - Indicator Removal on Host
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1098.001 - Additional Cloud Credentials
  • T1098 - Account Manipulation
  • T1102 - Web Service
  • T1104 - Multi-Stage Channels
  • T1105 - Ingress Tool Transfer
  • T1106 - Native API
  • T1113 - Screen Capture
  • T1134 - Access Token Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1195 - Supply Chain Compromise
  • T1218 - Signed Binary Proxy Execution
  • T1480 - Execution Guardrails
  • T1485 - Data Destruction
  • T1490 - Inhibit System Recovery
  • T1496 - Resource Hijacking
  • T1505 - Server Software Component
  • T1525 - Implant Internal Image
  • T1526 - Cloud Service Discovery
  • T1528 - Steal Application Access Token
  • T1530 - Data from Cloud Storage Object
  • T1543 - Create or Modify System Process
  • T1547 - Boot or Logon Autostart Execution
  • T1552.005 - Cloud Instance Metadata API
  • T1562 - Impair Defenses
  • T1564 - Hide Artifacts
  • T1566 - Phishing
  • T1574.006 - Dynamic Linker Hijacking
  • T1574 - Hijack Execution Flow
  • T1580 - Cloud Infrastructure Discovery
  • T1592 - Gather Victim Host Information

Passive DNS

  • stephenshives.org

Attack Log References

Whois Information

inetnum: 45.9.148.0 - 45.9.148.127 descr: Nice IT Customers Network netname: NiceIT-NL country: NL admin-c: KS10518-RIPE tech-c: KS10518-RIPE abuse-c: AR52139-RIPE status: ASSIGNED PA mnt-by: niceit-mnt created: 2020-02-26T16:38:38Z last-modified: 2020-09-18T16:08:26Z person: Kimon S. address: 28 Cork Street, Roseau, Dominica phone: +17672677987 nic-hdl: KS10518-RIPE mnt-by: niceit-mnt created: 2019-04-20T21:28:19Z last-modified: 2020-12-02T17:53:28Z route: 45.9.148.0/24 origin: AS49447 mnt-by: niceit-mnt created: 2019-07-04T10:42:15Z last-modified: 2019-07-04T10:42:15Z