94.154.32.193 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 94.154.32.193 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 57/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Noticed: 18 times
  • Protocols Attacked: spring
  • Open Ports: 135, 3389, 445
  • Tor Node: No
  • Associated Malware Samples: 1

Tags

  • active related
  • added active
  • a domains
  • ahmann colorado
  • alerts
  • analysis date
  • AnubisNetworks Sinkhole Cookie Value Snkz
  • av detections
  • bazaar
  • brute force
  • capture
  • christopher ahmann
  • copy
  • crc32
  • created
  • cve-2022-22947
  • data exfil
  • default
  • delete
  • delete c
  • delphi
  • destination
  • detectvm
  • dnsbin demo
  • DNSBin Demo (requestbin .net) - Data Exfitration
  • dns query
  • DNS Query for Webhook/HTTP Request Inspection Service (x .pipedr
  • domain
  • domain add
  • doviacmd
  • dynamicloader
  • entries
  • ethernetid
  • exif data
  • expiro
  • exploits
  • fastly error
  • filehash
  • filenames c
  • files
  • file score
  • file size
  • file type
  • getfiles
  • get na
  • gravityrat
  • hours ago
  • https://unicef.se/assets/apple
  • ids detections
  • ids signatures
  • infection yara
  • information
  • installer
  • intel
  • ip address
  • ipv4
  • lowfi
  • malware
  • malware cve
  • medium
  • meta
  • msie
  • ms windows
  • mtb jan
  • mtb jun
  • mwdb
  • next associated
  • number
  • passive dns
  • pe executable
  • please
  • port
  • Possible Compromised Host
  • potential scan
  • present feb
  • present jan
  • present nov
  • present sep
  • pulse pulses
  • pulses
  • ransom
  • Ransom.Win32.Birele.gsg Checkin
  • related pulses
  • related tags
  • report spam
  • revproxy
  • role title
  • rootjob
  • script domains
  • script script
  • script urls
  • search
  • settingswpad
  • sha1
  • sha256
  • sha3384
  • show
  • sid name
  • sinkhole cookie
  • source port
  • source source
  • special cousel
  • spring-boot-actuator
  • ssdeep
  • state
  • suspicious
  • tam legal
  • title
  • top destination
  • top source
  • total
  • treece alfrey
  • trojan
  • trojandropper
  • ttl value
  • type indicator
  • united
  • unusual port
  • updateserver
  • urls
  • users
  • value snkz
  • web-exploit
  • windows nt
  • wow64
  • write
  • write c
  • x00 x00
  • x00x00
  • yara detections
  • yara rule

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1045 - Software Packing
  • T1057 - Process Discovery
  • T1059.002 - AppleScript
  • T1060 - Registry Run Keys / Startup Folder
  • T1069 - Permission Groups Discovery
  • T1071 - Application Layer Protocol
  • T1105 - Ingress Tool Transfer
  • T1113 - Screen Capture
  • T1119 - Automated Collection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1197 - BITS Jobs
  • T1210 - Exploitation of Remote Services
  • T1457 - Malicious Media Content
  • T1480 - Execution Guardrails
  • T1553 - Subvert Trust Controls
  • T1562 - Impair Defenses
  • T1568 - Dynamic Resolution
  • T1574 - Hijack Execution Flow
  • T1583 - Acquire Infrastructure

Associated CVEs

  • CVE-2020-0796

Attack Log References

Whois Information

inetnum: 94.154.32.0 - 94.154.39.255 geofeed: https://pitline.net/geofeed.csv netname: SKAYVIN-BROADBAND-UA descr: Residential and business customer access network descr: Dynamic and static IP assignments for ISP clients descr: This network is not used for hosting, VPN or proxy country: UA org: ORG-WN11-RIPE admin-c: ARSE-RIPE tech-c: ARSE-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: WEBNETWORK-MNT mnt-routes: WEBNETWORK-MNT mnt-domains: WEBNETWORK-MNT abuse-c: PCAM5-RIPE created: 2011-05-20T07:34:02Z last-modified: 2026-02-10T19:11:40Z sponsoring-org: ORG-LA684-RIPE organisation: ORG-WN11-RIPE org-name: Individual entrepreneur Dyachenko Valentina Ivanovna country: UA org-type: OTHER address: Individual entrepreneur Dyachenko Valentina Ivanovna Kharkiv region, Balakleya area, village Andreevka, Zavodskaya str. 18 Ukraine, 64220 abuse-c: PTLN-RIPE mnt-ref: WEBNETWORK-MNT mnt-by: WEBNETWORK-MNT created: 2010-02-24T19:07:32Z last-modified: 2025-07-01T16:14:28Z person: Artem Sevastyanov nic-hdl: ARSE-RIPE mnt-by: WEBNETWORK-MNT address: 61108 Kharkov Ukraine phone: +380509626832 created: 2009-04-29T14:22:17Z last-modified: 2011-07-19T19:48:46Z route: 94.154.32.0/24 origin: AS214961 created: 2026-02-13T21:20:08Z last-modified: 2026-02-13T21:20:08Z mnt-by: PITLINE-MNT