5.104.110.89 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.104.110.89 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 66/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing, probing, scanning, TOR, VPN, webscan, webscanner bruteforce web app attack

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, sblam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 37 times
  • Protocols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 15 e746ba510b706bc06b084ce84d6cd7e417137efde85bf12e421fdf21fd677943 949c6737d24f301ca7ea79dfd0936614bb3158ca66be70a842e7e0a7510d8616 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 b73eaa192ab95cab8e279d904a301d61ec84be69781b369bd73e538437680bc3 af24c251c58fc2288fbd9a0964e1be40c28616973b53cde677f80caf06dd2eec fe111b6fff9830a29ba03ae1000b15ba4541127d708a8ad33c7e798029453322 a35f9799486b7807384ae44cbb99618a5cbf5cf12279a3120095be36dcac17fd 860d97d305fcbfd03fd39a6784c3257fed4e463260a9a5455cfd72a1d166f074 2e66d07f6dc0aaaa247802ba12be12fc5904b0a23d6118c76718c3f84125b871 010321a94d616733d0564ec1584682a1b359315565db281c008be1f31624be0e

Open Ports Detected

8080

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

  • inetnum: 5.104.110.0 - 5.104.110.255
  • netname: MYLOC-DE-DUS2-DEDICATED-INFRA
  • descr: dedicated Server by http://www.webtropia.com
  • descr: myLoc managed IT AG
  • country: DE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ASSIGNED PA
  • mnt-by: MYLOC-MNT
  • created: 2012-06-29T14:09:04Z
  • last-modified: 2015-10-27T13:15:30Z
  • role: WIIT AG NOC
  • address: WIIT AG
  • address: Network Operations & Services
  • address: Joachim-Erwin-Platz 3
  • address: 40412 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: abuse@myloc.de
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2024-04-23T13:59:09Z
  • route: 5.104.104.0/21
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2012-06-29T13:46:33Z
  • last-modified: 2015-10-27T13:17:34Z

Links to attack logs

****** bruteforce-ip-list-2021-05-23 ****** aws-ssh-bruteforce-ip-list-2021-05-31 ******

Share on: