213.152.162.99 Threat Intelligence and Host Information

Share on:
Aug 09, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 213.152.162.99 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: Nextray, TOR, VPN, cyber security, ioc, malicious, phishing

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, greensnow, stopforumspam_365d

  • Country: Netherlands
  • Network: AS49453 global layer
  • Noticed: 1 times
  • Protcols Attacked: spam
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: pandoraolympus.myqnapcloud.com www.servicepoint.duckdns.org top.dontabuse1.xyz xylem11.ddns.net mary.airdns.org prattybackup.direct.quickconnect.to timmy06.ddns.net ccss-94.direct.quickconnect.to toornavigator.sytes.net ankieentwan.direct.quickconnect.to srv01.airdns.org jakes.duckdns.org ultrassj.direct.quickconnect.to thrillart.direct.quickconnect.to pratty.direct.quickconnect.to timairvpn.ddns.net arran.synology.me manoxtra.direct.quickconnect.to ralphye.direct.quickconnect.to storage.nsupdate.info sintgerti.duckdns.org servicepoint.duckdns.org newzone.from-ne.com xtreecy.dyndns.tv rdsnas427.myqnapcloud.com racinn.duckdns.org regiskm67.buyshouses.net neverdiemosole.thruhere.net neverdiemosole.is-a-doctor.com superhenk.synology.me dico.homelinux.net neverdiev2.viewdns.net imagine.here-for-more.info roxy.dynalias.net dico.is-a-liberal.com roxy.is-by.us nvdiedico.knowsitall.info dico.is-a-hard-worker.com meinespielwiese.duckdns.org jacob717.myds.me tresor2020.ddns.net domussyno.synology.me nullsubra.duckdns.org david.myvnc.com myth-n-vdr.ddns.us storj.airdns.org rodrigue.isa-geek.net mosole.is-a-chef.org racinn.ddns.net tataye.geekgalaxy.com duep.airdns.org debru.duckdns.org trinityuk.strangled.net pfo3a4lsg0.airdns.org onkelbutzi.mooo.com themankuku.mooo.com alphaone233.ddns.net

Malware Detected on Host

Count: 30 49e7b71fcd7485085c6d6ee2b340d279b6172f9e36f7f8e2307dfa0547a603e3 0a129dd1a17aab3eb7441186b63bfc4b38443027b733c0830cb4b6b8423a70b0 de789e0c58505c345c4dfc11790b2d979dfeccb9250d0f698d0cc740cbd2fdee 3ff302c89707efac90f9744af644ba334e09107e7bfe674b0d33807daf15cd62 ccd4dac0b3220f3b1f0d19cc077664b8af8a2f688d390c42455b154c2f4e95a6 2fa8bdbd0f761ebb1556ca788988b432088da1d96a0ecabdb8a1c71fd15e4db3 38dcf673fc458d7e9ca1381d2eb38b2b888ac165c018d8b135294c72a4aab252 8b96a4f9429a46f6c8a4d1ec5b11b8f04710aa72041bed314f9b17fb2157bb89 c838253a207db8762cf884406fa0c417e903fb49684c8bc1efc41c6ffecddee9 90daf26bb95e3a2e4f2b3c33237b3727f0790c7e3290f5594041f427072679f5

Open Ports Detected

8051 88 89

Map

Whois Information

  • inetnum: 213.152.162.64 - 213.152.162.117
  • netname: NL-AIR
  • descr: AirVPN.org
  • country: NL
  • descr: ******************
  • descr: Alblasserdam datacenter
  • descr: AirVPN IP Space
  • descr: NL, Europe
  • descr: ******************
  • admin-c: PB18435-RIPE
  • tech-c: PB18435-RIPE
  • status: ASSIGNED PA
  • mnt-by: GLOBALLAYER
  • created: 2015-06-20T21:24:14Z
  • last-modified: 2015-06-20T21:24:14Z
  • person: Paolo Brini
  • address: c/o Studio Papa Via Vecchi, 53
  • address: I-06100 PERUGIA
  • address: Italy
  • phone: +393383199237
  • nic-hdl: PB18435-RIPE
  • mnt-by: GLOBALLAYER
  • created: 2015-03-20T20:42:54Z
  • last-modified: 2017-10-30T22:45:43Z
  • route: 213.152.162.0/24
  • descr: Global Layer network
  • origin: AS49453
  • mnt-by: GLOBALLAYER
  • created: 2016-08-11T11:27:53Z
  • last-modified: 2016-08-11T11:27:53Z

Links to attack logs

forum-spam-ip-list-2015-07-12