54.38.94.197 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 54.38.94.197 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 20/100

Host and Network Information

• JARM: 2ad2ad0002ad2ad22c2ad2ad2ad2adce7a321e4956e8298ba917e9f2c22849

• View other sources: Spamhaus VirusTotal

• Country: France
• Network:
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: over40.net www.over40.net ns1.simosnap.com irc.simosnap.com www.hot-chat.it hot-chat.it dns.simosnap.com pdns.simosnap.com flashchat.simosnap.com flexchat.simosnap.com vdisk.cbscom.it www.cbscom.it cbscom.it www.chatincontro.it chatincontro.it

Malware Detected on Host

Count: 11 b2c9c4b6e211ed906fd088827d6f405b0c302f032035732ce2cffa5436717d26 8b3b3eb1b82508e883dc44236d4e15b1b9c0c376c24d5ac5fcec97098b81e4f4 5c3c17a6be64aed2e94b92caa27244afd1fe8ad214efe2be035974b33481dad0 71c1ad86990b42fb27ce079dedd387694f819b5a51d9b86a1065c1e203543a81 9ddd84a9323256714cfdec753f2998a4419241c933c4a33478fd4f9894459abd bba8f98cbff8ae17661470d55f6cfa3cd2b31495fae850f23dc8d8b5a2cb5165 7a1fc3d0e4a4da8cdb3ff2a7fffc154fb71c58495bebcfa4a3c317ef5b21f031 4406f783712378ec565e7bef4c08dd2d2f4054d3760384a27961c298495ca7db fd83d282d707c94890af3fd70d6bf7dcbdb9bfa8da0adc808fa8af2f4e2890a1 3dd09305fa006f163374e6f19913cbb4d31bf5ed121aef2c3064dce9a08dcc3f

Open Ports Detected

123 22 3306 443 80

CVEs Detected

CVE-2018-16845 CVE-2019-20372 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

• NetRange: 54.36.0.0 - 54.38.255.255
• CIDR: 54.36.0.0/15, 54.38.0.0/16
• NetName: RIPE
• NetHandle: NET-54-36-0-0-1
• Parent: NET54 (NET-54-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2017-06-19
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/54.36.0.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

****** emotet-iocs ****** ******