46.161.27.151 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 46.161.27.151 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1046 - Network Service Scanning, T1059.001 - PowerShell, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1078 - Valid Accounts, T1090 - Proxy, T1094 - Custom Command and Control Protocol, T1176 - Browser Extensions, T1190 - Exploit Public-Facing Application, T1471 - Data Encrypted for Impact, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1531 - Account Access Removal, T1547 - Boot or Logon Autostart Execution, T1550 - Use Alternate Authentication Material, T1560 - Archive Collected Data, T1562.001 - Disable or Modify Tools, T1562 - Impair Defenses, T1566 - Phishing, T1583 - Acquire Infrastructure

  • Tags: alphv, anydesk, anydesk server, april, attack, august, azerbaijan, basta, bitcoin, bits, black, black basta, blackcat, c2 endpoint, cisa, ck techniques, cl0p, cobalt strike, Cobalt Strike, comment, conti, cve-2020-1472, cve-2021-34527, cve-2021-42278, cve-2021-42287, cve-2024-1709, cyber, cyber security, domains, download, encryption, energy, execution, exfiltration, february, forensics, gootloader, healthcare, hvs iocs, icedid, IcedID, icmp traffic, impact, incident response, install, ioc, iocs, iocs https, iocsyou, july, june, karakurt, kazakh, kazakhstan, list a, local, login, malicious, malspam, matanbuchus, Matanbuchus, mega, metasploit, meterpreter, mimikatz, misp event, misp feed, mitre att, nemty, Nextray, nokoyawa, november, panama, phishing, pinkslipbot, play, play ransomware, powershell, proton, psexec, python, qakbot, qbot, quackbot, Quantum ransomware, ransom, ransomexx, ransomware, rat c2, rats, revil, royal, russian, rust, ryuk, scanner, scpssh, sector, securex, september, shadowsyndicate, ShadowSyndicate, shell, shodan, sliver, source ip, SSH, stopransomware, #StopRansomware: Black Basta, strong, talos, team, technique title, Telnet, threat intelligence, threats, threat spotlight, tools, trendmicro, trickbot, unknown, webdav, yorotrooper, сохраняю

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Russia
  • Network: AS43350 nforce entertainment b.v.
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Azerbaijan, Canada, Czechia, Denmark, Estonia, France, Germany, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Norway, Poland, Romania, Tajikistan, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ourcookieslover.com

Malware Detected on Host

Count: 1 37c369f9a9cac898af2668b1287dea34c753119071a1c447b0bfecd171709340

Map

Whois Information

  • inetnum: 46.161.27.0 - 46.161.27.255
  • netname: Megaholdings-net
  • descr: VPS and Shared Hosting pool
  • country: NL
  • admin-c: MCR109-RIPE
  • tech-c: MCR109-RIPE
  • org: ORG-MHL8-RIPE
  • abuse-c: MCR109-RIPE
  • status: SUB-ALLOCATED PA
  • mnt-routes: MNT-NFORCE
  • mnt-routes: MNT-PINSUPPORT
  • mnt-by: MNT-PINSUPPORT
  • created: 2020-10-28T17:25:53Z
  • last-modified: 2021-01-21T10:08:37Z
  • organisation: ORG-MHL8-RIPE
  • org-name: MEGA HOLDINGS LIMITED
  • org-type: OTHER
  • address: E11 - North Ras Al Khaimah , Falcon Technologies International, UAE
  • abuse-c: MCR109-RIPE
  • mnt-ref: MNT-PINSUPPORT
  • mnt-ref: megaholdings
  • mnt-by: megaholdings
  • created: 2018-05-08T07:51:49Z
  • last-modified: 2022-06-13T12:42:50Z
  • role: MEGAHOLDINGS CONTACT ROLE
  • address: E11 - North Ras Al Khaimah
  • address: Falcon Technologies International
  • address: United Arab Emirates
  • abuse-mailbox: abuse@mholding.biz
  • admin-c: DH7421-RIPE
  • tech-c: DH7421-RIPE
  • nic-hdl: MCR109-RIPE
  • mnt-by: megaholdings
  • created: 2018-05-08T07:49:17Z
  • last-modified: 2022-06-13T12:42:21Z
  • route: 46.161.27.0/24
  • descr: NFOrce Entertainment B.V. - Customer 2166
  • origin: AS43350
  • mnt-by: MNT-PINSUPPORT
  • mnt-by: MNT-NFORCE
  • created: 2020-10-28T17:21:05Z
  • last-modified: 2020-10-28T17:21:05Z

Links to attack logs

****** bruteforce-ip-list-2022-02-10 bruteforce-ip-list-2022-02-11 ****** ******

Share on: