45.95.55.24 Threat Intelligence and Host Information

Share on:
Aug 11, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 45.95.55.24 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1033 - System Owner/User Discovery, T1059 - Command and Scripting Interpreter, T1132 - Data Encoding, T1190 - Exploit Public-Facing Application, T1210 - Exploitation of Remote Services, T1498 - Network Denial of Service, TA0037 - Command and Control

  • Tags: CVE-2021-35394, IoT, Malicious IP, Nextray, Realtek Jungle SDK, RedGoBot, SSH, Scanner, Telnet, Webattack, anna paula, api endpoint, args, associated, attack, august, automatically, backdoorit, blacklist, botnet, bruteforce, caligula, caligula jun, code issues, contact, copy, cowrie, create, currc3adculo, cve202135394, cyber security, december, digital ocean, figure, file, footer, france, from email, gafgyt, github, headers, icmp, info, ioc, jump, linux, login, malicious, malspam email, malware, malware/botnet, malware/gafgyt, malware/mirai, malware/redgobot, mirai, mozi, msi file, netherlands, november, palo alto, path, phishing, powershell, probing, pull, scan, scanner, scanning, shell script, sign, smtp, ssh, star, strong, supply chain, tarrak, tcp, technology/realteksdk, telnet, tuesday, united, userhome, utf8, vietnam, vulnerability, vulnerability/cve-2021-35394, webscan, webscanner bruteforce web app attack, wiki security, wildfire, windows, zip archive

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua

  • Country: Germany
  • Network: AS200303 jan philipp waldecker trading as lumaserv systems
  • Noticed: 1 times
  • Protcols Attacked: telnet
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: project-altis.life cloud.crafthost24.de toeddchen.net

Malware Detected on Host

Count: 6 314bf0b322bf1bc763cb5a7540585af6244b04ba7e58aef1776002aa93618b9a cfc37f73db3dba90f974c0a8f0308dd1f51235aea4335b2f346ecf0503365613 1917aa3e5bfd1c6a958ca61875c4f58edcbf68d5b954707523b3088fbb096363 c1bac9c5272bd1e72248d207caba0e7a7a43870c2642f399afa0af544f02b3d0 6ad155e8d3ff8c11b94fc2d169006642c4517bedfe3adcab3c56e13aec7821ab ed72b171a6feed898e8b449fed8445061aff5b3983c7358ed6ef3df745ddf573

Map

Whois Information

  • inetnum: 45.95.55.0 - 45.95.55.127
  • netname: DE-FLYHOSTING
  • country: DE
  • admin-c: TP7252-RIPE
  • org: ORG-FA1202-RIPE
  • tech-c: TP7252-RIPE
  • status: ASSIGNED PA
  • mnt-by: MNT-LUMASERV
  • created: 2022-03-27T17:10:19Z
  • last-modified: 2022-11-07T08:23:07Z
  • organisation: ORG-FA1202-RIPE
  • org-name: Fly-Hosting
  • org-type: OTHER
  • address: Alte Heerstrasse 13
  • address: 38518 Gifhorn
  • abuse-c: ACRO50538-RIPE
  • mnt-ref: MNT-LUMASERV
  • mnt-by: MNT-LUMASERV
  • created: 2022-05-28T13:54:34Z
  • last-modified: 2022-11-14T17:41:39Z
  • person: Timon Prilop
  • address: Alte Heerstrasse 13
  • address: 38518 Gifhorn
  • phone: +49000000000
  • nic-hdl: TP7252-RIPE
  • mnt-by: MNT-LUMASERV
  • mnt-by: MNT-LUMASERV
  • created: 2022-03-27T17:08:37Z
  • last-modified: 2022-03-27T17:08:37Z
  • route: 45.95.55.0/24
  • origin: AS200303
  • mnt-by: MNT-LUMASERV
  • created: 2019-07-09T09:55:01Z
  • last-modified: 2022-02-02T10:35:20Z

Links to attack logs

dotoronto-telnet-bruteforce-ip-list-2022-06-12