130.185.109.77 Threat Intelligence and Host Information

Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 130.185.109.77 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1071 - Application Layer Protocol

  • Tags: abuse contact, access, advocates ensure the rights of others, agent tesla, aig, alienvault results removed from search results, all search, america?, android overlay, apeaksoft ios, apple, apple phone, apple private, asn owner, assaulted by man demanding phone, attack, author avatar, awful, azorult, banker, blackbag, botnet, brashears blacklisted, brashears bullied to return to PT due to workers compensation ru, brashears cannot digest food, brashears can’t toilet, brashears denied disability benefits for years, brashears denied vocational rehab twice, brashears family identity theft, brashears further injured, brashears given less than $10000 by Brian sabey, brashears stalked, brashears tagged in adult content - not removed, brashears unable to properly articulate, brashears unhirable due to online profile, Brian sabey brings case to silence brashears, brian sabey constant contact ) threats, bryan counts made aware of recordings, burg simpson corruption, car hacking, cellbrite, cisco umbrella, code, comments, communicating, concerning link, constant car bomb threats, contacted, copy, core, corruption, creation date, critical, cyber criminal, cyber security, da informs brashears no statute, danger, data collection, date, death threats, delphi programming, denied healthcare, Denver trial attorneys tell brashears statute is 6 years in colo, dga domain, discrimination, dnssec, domain name, drive, email, emotet, employer rightfully consider brashears attack a risk to others, execution, external, false criminal records created about brashears, falsified medical records, firewall sync, first, framing, fraud apple support chats, grandoreiro, group hacked esurance, group hacked intermountain healthcare, group hacked uchealth colorado, hackers, hacking, hacktool, high level, hijacker, historical otx, historical ssl, hybridanalysis, hydrocephalus not disclosed, indian mix brashears physically attacked often followed, industry and commerce, info api, installer, ioc, jeffrey reimer dpt ‘reported’ assaulter, jeffrey reimer was reported early, judge sided with brashears, keylogger, kgs0, local law enforcement, make others aware, malicious, malvertizing, malware, mdm hacking, metro, million alexa, monitoring, mon mar, montano threatened brashears with breaking the law if not return, neill positively identified - no charges, network rats, neworder.doc, Nextray, no charges, non stop harassment, nothing new, online sun, open, otx octoseek, overly large campaign, pegasus, pegasus attackers do kill, pegasus attackers make in person contact, pegasus involves malicious actions by humans, pegasus technology disallows victim to report to regulatory boar, permanent damage, phishing, private investigators tailed stalkers. became afraid when learni, quasar, quasi case, ransomexx, recordings demanded, recordings retrieved by bgp, recordings storedonline, record type, red team, reimer promoted, reimer protected and hidden, reimer recorded, related, relations apple, remcos, remember george floyd? brashears survived that injury, report spam, resolutions, resolved ips, rob neill drives brashears off road, sabey motions dismissed, scan endpoints, script, search, server, shell code, siem, site, skynet, soar, ssl certificate, state and governments cover white offender jeffrey reimer, status, survivor, targeting tsara brashears, targets sa, tracking, tsara brashears, ttl value, tue mar, united, unknown, unlocker, url http, url https, urls, urlvoid, vt graph, who else is unheard., whois, whois lookup, whois record, whois show, whois whois

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts, coinbl_ips, hphosts_emd, hphosts_fsa, hphosts_psh

  • Country: Germany
  • Network: AS51191 xirra
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 22 59f31f1c216a0092026b37bd289f46198da4d4e911e1dd2eebfa9b46c071b710 78f41371a2d8ab24ff00fb800377d26a404e30a53a9a9020b24b5d6bea0bfefc c213c43f1243dba1ecb6d917db51854614f5fb05b0471610e0b1b62c8d8a3527 e8e639f757648f00d2cbb6aec0e44e4403c7f0e5fd11c7697e46506ef684715d f161ea2222d1ad3371187ed129bae5bd8e8125d5fe6bf285ac7229f24ce647c2 aa656cfffb158b9ca945a048855be84b22b065e7cb35fcffa363d1c8e0284e42 6203efcec5b8bd1354183cc05a9059cca3335c57bf1012959ea7345feee66872 64802acfd30f2a48e0c5bdfa518ece5b2f0905a8ae2978dae7fd2cb54dabe381 10992d5d711f3b6e2a9764b81f36a23ab1920a2c6372ec3403117a2711bd154d fae3bc7c20f9c6806159fc59d42f6bf09c78f1ed85c21647cdba751a38aab932

Open Ports Detected

22 80

CVEs Detected

CVE-2011-4969 CVE-2012-6708 CVE-2014-6071 CVE-2015-9251 CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-1247 CVE-2016-4450 CVE-2017-20005 CVE-2017-7529 CVE-2018-16845 CVE-2019-11358 CVE-2019-20372 CVE-2020-11022 CVE-2020-11023 CVE-2020-7656 CVE-2021-23017 CVE-2021-3618

Map

Whois Information

  • NetRange: 130.185.0.0 - 130.185.255.255
  • CIDR: 130.185.0.0/16
  • NetName: RIPE-ERX-130-185-0-0
  • NetHandle: NET-130-185-0-0-1
  • Parent: NET130 (NET-130-0-0-0-0)
  • NetType: Early Registrations, Transferred to RIPE NCC
  • OriginAS:
  • Organization: RIPE Network Coordination Centre (RIPE)
  • RegDate: 2010-11-03
  • Updated: 2010-11-17
  • Comment: These addresses have been further assigned to users in
  • Comment: the RIPE NCC region. Contact information can be found in
  • Ref: https://rdap.arin.net/registry/ip/130.185.0.0
  • OrgName: RIPE Network Coordination Centre
  • OrgId: RIPE
  • Address: P.O. Box 10096
  • City: Amsterdam
  • StateProv:
  • PostalCode: 1001EB
  • Country: NL
  • RegDate:
  • Updated: 2013-07-29
  • Ref: https://rdap.arin.net/registry/entity/RIPE
  • OrgAbuseHandle: ABUSE3850-ARIN
  • OrgAbuseName: Abuse Contact
  • OrgAbusePhone: +31205354444
  • OrgAbuseEmail: abuse@ripe.net
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
  • OrgTechHandle: RNO29-ARIN
  • OrgTechName: RIPE NCC Operations
  • OrgTechPhone: +31 20 535 4444
  • OrgTechEmail: hostmaster@ripe.net
  • OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
  • inetnum: 130.185.109.64 - 130.185.109.95
  • netname: XIRRA-NET
  • descr: Xirra GmbH - various customer
  • country: DE
  • admin-c: LG6981-RIPE
  • tech-c: LG6981-RIPE
  • org: ORG-XG7-RIPE
  • status: ASSIGNED PA
  • mnt-by: XIRRA
  • created: 2012-04-14T21:17:40Z
  • last-modified: 2014-11-28T15:39:59Z
  • organisation: ORG-XG7-RIPE
  • org-name: Xirra GmbH
  • country: DE
  • org-type: OTHER
  • address: Deutschherrnstr. 15-19
  • address: 90429 Nuernberg
  • address: Germany
  • abuse-c: AR21354-RIPE
  • mnt-ref: XIRRA
  • mnt-by: XIRRA
  • created: 2011-11-17T09:32:42Z
  • last-modified: 2022-12-01T16:59:44Z
  • person: Laura Goetz
  • address: Xirra GmbH
  • address: Deutschherrnstr. 15-19
  • address: 90429 Nürnberg
  • address: Germany
  • phone: +4991170100030
  • nic-hdl: LG6981-RIPE
  • mnt-by: XIRRA
  • created: 2013-11-18T11:24:29Z
  • last-modified: 2017-10-30T22:30:52Z
  • route: 130.185.104.0/21
  • descr: XIRRA-NET
  • origin: AS51191
  • mnt-by: XIRRA
  • created: 2011-10-24T13:53:35Z
  • last-modified: 2012-02-10T17:35:52Z

Links to attack logs

****** ****** ******

Share on: