46.246.12.6 Threat Intelligence and Host Information

Share on:
Jun 28, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 46.246.12.6 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1053.005 - Scheduled Task, T1055 - Process Injection, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1059.005 - Visual Basic, T1095 - Non-Application Layer Protocol, T1102 - Web Service, T1204 - User Execution, T1204.002 - Malicious File, T1218 - Signed Binary Proxy Execution, T1218.009 - Regsvcs/Regasm, T1498 - Network Denial of Service, T1547 - Boot or Logon Autostart Execution, T1547.001 - Registry Run Keys / Startup Folder, T1553 - Subvert Trust Controls, T1566 - Phishing

  • Tags: APT-C-36, RAT, adodb, against south, alliance, apt & targeted attacks, aptc36, articles, bidencash, bitrat, blind eagle, breachforums, bryan club, campaign, carding, chile, colombia, commodity rats, compression, contact, copy, credit card, critical, cross-origin resource sharing, crypter, customs, cybercrime, cybersecurity, cyble, data breach, dcrat, dian, directorate, discord, docx, download, droptostartup, dubai, ecuador, elseif, english, evolving threat, execution, exploit, extractor, featured, february, figure, file storage, find, further, generator, gmail, hawk, highlights, iframe, indonesia, infosec, infostealer, january, keylogger, look, magento, malware, mediafire, meterpreter, national taxes, news, online skimmer, osversion gt, panama, path, payment, personally identifiable information, phishing, pii, powershell, python, quasar, quasarrat, r3nin, r3nin sniffer, rat, rat payload, rats, reports, research, russian market, sandbox, script, security, singapore, small, sniffer, sniffer toolkit, snip3, snip3 crypter, spam, spam campaign, stolen credit cards, stream, strong, threat, threat intelligence, threathunt, threatintel, threatlabz team, trend micro, trojan, ttps, url shortener, uuid, vbs, windows, winrar, write, xss, yale lodge

  • View other sources: Spamhaus VirusTotal

  • Country: Sweden
  • Network: AS42708 glesys ab
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: Australia, Chile, Colombia, Ecuador, Georgia, India, Panama, Singapore, Spain
  • Passive DNS Results: septiembre2022.duckdns.org nuevosecua.duckdns.org nuevosremcs.duckdns.org navidad202223.duckdns.org capurgana.duckdns.org cachi.duckdns.org mayo21.duckdns.org matarife.duckdns.org spamworzon.duckdns.org asy1543.duckdns.org 05042109.duckdns.org medellin2022.duckdns.org diosamor27.duckdns.org mr1963.duckdns.org proxy21.duckdns.org ecuadordos.duckdns.org ecuado2021.duckdns.org windowsupdaters.zapto.org 4kurdistan.no-ip.biz

Malware Detected on Host

Count: 105 6dd25f1f288da8a804f41af680fda859e16b8b14b702025d1d265195f7a1bad3 3c5a733411aca498591aa177a6023984645062af02a127d3f08dc970feb27540 ef9353e2ce183d62fff967fb5d97dce26f862f35f1cfb1a512970c674953eee4 89a09e2f4971b6d329a694f88d8a3f4c09b51eaff819fb4497d63e162e4c2028 2d9425f22ff6bfac3217629cb2b724557e2431718937cef2d8ab629f32a3e92d fb0242383cc04dbaa3a81ac1947d183cad1c91f9fc77c1eddcc5e79b745c0017 7fc11ae7d7870624df39b4a18c11f95c58ff9e5856a523f108814a8d3627641b af375504ca558e9035a8bc319bbb592055bcd73bd20a6932203d252bfcae9530 beec48641e268819b654b29b10417e1c6d843c79211335bfed09b0c919f78209 e40c61053b74dc0f06d169322b5076716d210e1b5a2aadeb000349aa484344f3

Map

Whois Information

  • inetnum: 46.246.12.0 - 46.246.13.255
  • netname: FROOTYNET-4
  • descr: Frootynet Sweden
  • country: SE
  • admin-c: FN2785-RIPE
  • tech-c: FN2785-RIPE
  • org: ORG-FA755-RIPE
  • status: ASSIGNED PA
  • mnt-by: MNT-PORTLANE
  • created: 2015-06-20T02:50:48Z
  • last-modified: 2016-08-23T12:18:53Z
  • organisation: ORG-FA755-RIPE
  • org-name: Frootynet
  • org-type: OTHER
  • address: Box 6322
  • address: 102 35 Stockholm
  • address: Sweden
  • abuse-c: FN2785-RIPE
  • mnt-ref: MNT-PORTLANE
  • mnt-by: MNT-FROOTVPN
  • created: 2016-08-23T11:52:36Z
  • last-modified: 2016-08-23T12:20:23Z
  • role: Frootynet NOC
  • address: Box 6322
  • address: 102 35 Stockholm
  • address: Sweden
  • nic-hdl: FN2785-RIPE
  • mnt-by: MNT-FROOTVPN
  • created: 2016-08-23T11:47:22Z
  • last-modified: 2016-08-23T12:16:24Z
  • abuse-mailbox: [email protected]
  • route: 46.246.0.0/17
  • descr: Portlane Network
  • origin: AS42708
  • mnt-by: MNT-PORTLANE
  • created: 2011-01-27T13:42:49Z
  • last-modified: 2011-01-27T13:42:49Z

Links to attack logs

anonymous-proxy-ip-list-2023-06-26