45.95.169.205 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.95.169.205 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: anna paula, associated, cowrie, currc3adculo, cyber security, from email, headers, ioc, kfsensor, malicious, malspam email, msi file, Nextray, phishing, rdp, ssh, tuesday, utf8, zip archive

  • View other sources: Spamhaus VirusTotal

  • Country: Croatia
  • Network: AS211619 maxko j.d.o.o.
  • Noticed: 50 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: mccoy.alfii-technologies.com srv-adm.live upd-web.online kerkhooff-consulting.com dnpnidus.com

Malware Detected on Host

Count: 14 af2966b657325caad5c3f15bb8121c8a8ca9805ed030840f6c154a84f9d2c0f4 b92c5000e3f5768eab7ab44abc5fff8e674c4e0703a3563a47eebf020569ca0d a4d159498a20d23a992c16f36bdda7aec916d3a36580b2e507967ad3df745479 b09a31419e31c661d481f7770a0bf9bc4ca4a9626d82960f6372a8c6c75f2a1d 44a1e52e9f72803b8014065ec08de0b70157411b00275bdb81e37cb792620493 c48f1c7502e83648158c66f0080d930c09d5d303072aba453f586a0c960a042f cf381d0b3a8c334053228a4fe724b0f5bf47177d6bbc84911e3b646ca5d3f278 c6881b51da66a423704c4635fad5e812815a783da2049ccc0f0df31cca93f55b d675d2c62dde21b5b3ba7141116bdbc951b0e9957f925c38f4733e82dd7fbefa d1726dc5fb659f2dd1b8b153621e1f1227d5cf63c1c3bfe8fceaa84b32c95016

Map

Whois Information

  • inetnum: 45.95.169.0 - 45.95.169.255
  • org: ORG-MJ181-RIPE
  • netname: MAXKO
  • country: HR
  • admin-c: DF8797-RIPE
  • tech-c: DF8797-RIPE
  • status: ASSIGNED PA
  • mnt-by: mnt-hr-maxko-1
  • created: 2020-01-15T15:40:43Z
  • last-modified: 2024-04-15T11:11:41Z
  • organisation: ORG-MJ181-RIPE
  • org-name: MAXKO d.o.o.
  • country: HR
  • org-type: LIR
  • address: Skradinska 2
  • address: 44000
  • address: Sisak
  • address: CROATIA
  • phone: +385981373725
  • admin-c: DF8797-RIPE
  • tech-c: DF8797-RIPE
  • abuse-c: AR53781-RIPE
  • mnt-ref: mnt-hr-maxko-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-hr-maxko-1
  • created: 2019-07-09T07:28:51Z
  • last-modified: 2024-04-17T12:23:21Z
  • person: Damir Flekac
  • address: Skradinska 2
  • address: 44000
  • address: Sisak
  • address: CROATIA
  • phone: +385981373725
  • nic-hdl: DF8797-RIPE
  • mnt-by: mnt-hr-maxko-1
  • created: 2019-07-09T07:28:50Z
  • last-modified: 2019-07-09T07:28:50Z
  • route: 45.95.168.0/22
  • origin: AS211619
  • mnt-by: mnt-hr-maxko-1
  • created: 2021-03-17T10:40:49Z
  • last-modified: 2021-03-17T10:44:16Z
  • org: ORG-MJ181-RIPE
  • organisation: ORG-MJ181-RIPE
  • org-name: MAXKO d.o.o.
  • country: HR
  • org-type: LIR
  • address: Skradinska 2
  • address: 44000
  • address: Sisak
  • address: CROATIA
  • phone: +385981373725
  • admin-c: DF8797-RIPE
  • tech-c: DF8797-RIPE
  • abuse-c: AR53781-RIPE
  • mnt-ref: mnt-hr-maxko-1
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: mnt-hr-maxko-1
  • created: 2019-07-09T07:28:51Z
  • last-modified: 2024-04-17T12:23:21Z

Links to attack logs

****** dosing-ssh-bruteforce-ip-list-2022-10-16 dofrank-ssh-bruteforce-ip-list-2022-10-15 ****** dofrank-ssh-bruteforce-ip-list-2022-10-16 ******

Share on: