194.5.98.249 Threat Intelligence and Host Information

Share on:
May 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.5.98.249 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1080 - Taint Shared Content, T1102 - Web Service, T1210 - Exploitation of Remote Services, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1566 - Phishing
  • Tags: activity, agent tesla, appdata, aruba networks, asiapacific, astaroth bra, blacklist host, cobalt strike, cobaltstrike, coinminer, cvss, cvss base, desktop, domains, donot, email, emotet, emotet malware, emotet trojan, emotet virus, enterprise, eternalblue, exploit, fake net, fakeupdates, fallout, february, first, flawedammyy, formbook, germany, gootloader, gozi ita, guildma, hashes, hashes domains, http get, icedid, indonesia, iocs ip, ip address, ip country, ita italy, japan, latest spambot, malware, meterpreter, microsoft, ms17010, name submit, north america, parallax rat, play ransomware, plugx, powershell code, python package, qbot, quakbot tr, rce flaw, recordbreaker, redlinestealer, remcosrat, russia, sha1 file, socelars, stealc, systembc, trickbot, trojan, vba code, visit, wannacry, wannycry, wcry, windows

  • View other sources: Spamhaus VirusTotal

  • Country: Netherlands
  • Network: AS208476 danilenko artyom
  • Noticed: 11 times
  • Protcols Attacked: SSH
  • Passive DNS Results: fresh02.ddns.net fresh01.ddns.net tristanatt.ddns.net sams.myftp.org pedrobedoya201904.duckdns.org trabajo2019.duckdns.org cquestt.duckdns.org kartelicemoney.duckdns.org indigobaba.publicvm.com malam.ddns.net

Malware Detected on Host

Count: 14 50d0791d095e2a0097aab7945e7e3cb9c9af9af77e06291ac77923bdb3faf18e 50d0791d095e2a0097aab7945e7e3cb9c9af9af77e06291ac77923bdb3faf18e e5527850149f33649ea2bed7ef055d5c12d30c57c075e47ec1a3d5fc521392ad c453c2c6f1ec1a7d79a2b342e0dd4b5406213d977689b34fa69fab64a180fbc1 3b5dc0cfe5cc7f4ce51afade57e86fa2cf47f9b13f190307eb9c40fcb2b82157 3b5dc0cfe5cc7f4ce51afade57e86fa2cf47f9b13f190307eb9c40fcb2b82157 0ff9db2fae8bc12ec221cb1d48dc849e755d3060915e79b8faa5ad90435badbe d333e67190f3eb0ce3ca187771324222964fa978d587fbff9f3f566f4b828f49 dd09e82381c4a2b236ebb70cfef6a5bb536af4ae00bd527ca7450ba8999d21cf ad2fa97d26cc6f2fd98ff365ec11cd8f5eb45a9e3a8603c60a7a9695fe26dbab

Open Ports Detected

22 53

Map

Whois Information

  • inetnum: 210.5.80.228 - 210.5.80.231
  • netname: I-GATE
  • descr: 1-187SOEU_ENTERPRISE Client
  • descr: This space has been assigned as STATIC
  • country: PH
  • admin-c: NA185-AP
  • tech-c: NT80-AP
  • abuse-c: AP713-AP
  • status: ASSIGNED NON-PORTABLE
  • mnt-by: PHIX-NOC-AP
  • mnt-irt: IRT-PLDT-PH
  • last-modified: 2021-01-15T08:06:10Z
  • irt: IRT-PLDT-PH
  • address: Philippine Long Distance Telephone Company
  • address: 6/F Innolab Building
  • address: Boni Avenue, Mandaluyong City
  • address: Philippines
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: NA185-AP
  • tech-c: NA185-AP
  • mnt-by: PHIX-NOC-AP
  • last-modified: 2023-04-06T02:11:17Z
  • role: ABUSE PLDTPH
  • address: Philippine Long Distance Telephone Company
  • address: 6/F Innolab Building
  • address: Boni Avenue, Mandaluyong City
  • address: Philippines
  • country: ZZ
  • phone: +000000000
  • e-mail: [email protected]
  • admin-c: NA185-AP
  • tech-c: NA185-AP
  • nic-hdl: AP713-AP
  • abuse-mailbox: [email protected]
  • mnt-by: APNIC-ABUSE
  • last-modified: 2023-04-06T02:12:23Z
  • person: Nilo Agir
  • nic-hdl: NA185-AP
  • e-mail: [email protected]
  • address: 6/F Innolab Building, Boni Avenue, Mandaluyong City
  • phone: +632-584-1045
  • country: PH
  • mnt-by: PHIX-NOC-AP
  • last-modified: 2011-04-27T01:43:18Z
  • person: Noel Tabernilla
  • nic-hdl: NT80-AP
  • e-mail: [email protected]
  • address: PLDT Co., 3/F MGO Bldg., Legaspi cor Dela Rosa Sts., Makati City
  • phone: +632-864-5752
  • fax-no: +63-2-813-5794
  • country: PH
  • mnt-by: PHIX-NOC-AP
  • last-modified: 2008-09-04T07:29:34Z

Links to attack logs

nmap-scanning-hosts-2020-10-07