130.185.109.77 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 130.185.109.77 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Germany
  • Network: AS51191 xirra
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 22, 80
  • Tor Node: No
  • Associated Malware Samples: 22

Tags

  • abuse contact
  • access
  • advocates ensure the rights of others
  • agent tesla
  • aig
  • alienvault results removed from search results
  • all search
  • america?
  • android overlay
  • apeaksoft ios
  • apple
  • apple phone
  • apple private
  • asn owner
  • assaulted by man demanding phone
  • attack
  • author avatar
  • awful
  • azorult
  • banker
  • blackbag
  • botnet
  • brashears blacklisted
  • brashears bullied to return to PT due to workers compensation ru
  • brashears cannot digest food
  • brashears can't toilet
  • brashears denied disability benefits for years
  • brashears denied vocational rehab twice
  • brashears family identity theft
  • brashears further injured
  • brashears given less than $10000 by Brian sabey
  • brashears stalked
  • brashears tagged in adult content - not removed
  • brashears unable to properly articulate
  • brashears unhirable due to online profile
  • Brian sabey brings case to silence brashears
  • brian sabey constant contact ) threats
  • bryan counts made aware of recordings
  • burg simpson corruption
  • car hacking
  • cellbrite
  • cisco umbrella
  • code
  • comments
  • communicating
  • concerning link
  • constant car bomb threats
  • contacted
  • copy
  • core
  • corruption
  • creation date
  • critical
  • cyber criminal
  • cyber security
  • da informs brashears no statute
  • danger
  • data collection
  • date
  • death threats
  • delphi programming
  • denied healthcare
  • Denver trial attorneys tell brashears statute is 6 years in colo
  • dga domain
  • discrimination
  • dnssec
  • domain name
  • drive
  • email
  • emotet
  • employer rightfully consider brashears attack a risk to others
  • execution
  • external
  • false criminal records created about brashears
  • falsified medical records
  • firewall sync
  • first
  • framing
  • fraud apple support chats
  • grandoreiro
  • group hacked esurance
  • group hacked intermountain healthcare
  • group hacked uchealth colorado
  • hackers
  • hacking
  • hacktool
  • high level
  • hijacker
  • historical otx
  • historical ssl
  • hybridanalysis
  • hydrocephalus not disclosed
  • indian mix brashears physically attacked often followed
  • industry and commerce
  • info api
  • installer
  • ioc
  • jeffrey reimer dpt 'reported' assaulter
  • jeffrey reimer was reported early
  • judge sided with brashears
  • keylogger
  • kgs0
  • local law enforcement
  • make others aware
  • malicious
  • malvertizing
  • malware
  • mdm hacking
  • metro
  • million alexa
  • monitoring
  • mon mar
  • montano threatened brashears with breaking the law if not return
  • neill positively identified - no charges
  • network rats
  • neworder.doc
  • Nextray
  • no charges
  • non stop harassment
  • nothing new
  • online sun
  • open
  • otx octoseek
  • overly large campaign
  • pegasus
  • pegasus attackers do kill
  • pegasus attackers make in person contact
  • pegasus involves malicious actions by humans
  • pegasus technology disallows victim to report to regulatory boar
  • permanent damage
  • phishing
  • private investigators tailed stalkers. became afraid when learni
  • quasar
  • quasi case
  • ransomexx
  • recordings demanded
  • recordings retrieved by bgp
  • recordings storedonline
  • record type
  • red team
  • reimer promoted
  • reimer protected and hidden
  • reimer recorded
  • related
  • relations apple
  • remcos
  • remember george floyd? brashears survived that injury
  • report spam
  • resolutions
  • resolved ips
  • rob neill drives brashears off road
  • sabey motions dismissed
  • scan endpoints
  • script
  • search
  • server
  • shell code
  • siem
  • site
  • skynet
  • soar
  • ssl certificate
  • state and governments cover white offender jeffrey reimer
  • status
  • survivor
  • targeting tsara brashears
  • targets sa
  • tracking
  • tsara brashears
  • ttl value
  • tue mar
  • united
  • unknown
  • unlocker
  • url http
  • url https
  • urls
  • urlvoid
  • vt graph
  • who else is unheard.
  • whois
  • whois lookup
  • whois record
  • whois show
  • whois whois

MITRE ATT&CK TTPs

  • T1071 - Application Layer Protocol

Associated CVEs

  • CVE-2011-4969

Attack Log References

Whois Information

NetRange: 130.185.0.0 - 130.185.255.255 CIDR: 130.185.0.0/16 NetName: RIPE-ERX-130-185-0-0 NetHandle: NET-130-185-0-0-1 Parent: NET130 (NET-130-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-03 Updated: 2010-11-17 Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Ref: https://rdap.arin.net/registry/ip/130.185.0.0 OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: abuse@ripe.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: hostmaster@ripe.net OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN inetnum: 130.185.109.64 - 130.185.109.95 netname: XIRRA-NET descr: Xirra GmbH - various customer country: DE admin-c: LG6981-RIPE tech-c: LG6981-RIPE org: ORG-XG7-RIPE status: ASSIGNED PA mnt-by: XIRRA created: 2012-04-14T21:17:40Z last-modified: 2014-11-28T15:39:59Z organisation: ORG-XG7-RIPE org-name: Xirra GmbH country: DE org-type: OTHER address: Deutschherrnstr. 15-19 address: 90429 Nuernberg address: Germany abuse-c: AR21354-RIPE mnt-ref: XIRRA mnt-by: XIRRA created: 2011-11-17T09:32:42Z last-modified: 2022-12-01T16:59:44Z person: Laura Goetz address: Xirra GmbH address: Deutschherrnstr. 15-19 address: 90429 Nürnberg address: Germany phone: +4991170100030 nic-hdl: LG6981-RIPE mnt-by: XIRRA created: 2013-11-18T11:24:29Z last-modified: 2017-10-30T22:30:52Z route: 130.185.104.0/21 descr: XIRRA-NET origin: AS51191 mnt-by: XIRRA created: 2011-10-24T13:53:35Z last-modified: 2012-02-10T17:35:52Z