5.135.180.185 Threat Intelligence and Host Information

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
• Tags: 0xBFKX, Bruteforce, Nextray, SSH, Telnet, attack, bruteforce, cowrie, cyber security, fail2ban, ioc, la, lafusioncenter, login, louisiana, malicious, phishing, scanner, ssh, tsec
• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: France
• Network: AS16276 ovh sas
• Noticed: 50 times
• Protcols Attacked: SSH
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: mandataire17.negotravaux.com mandataire16.negotravaux.com mandataire18.negotravaux.com mandataire22.negotravaux.com mandataire21.negotravaux.com mandataire19.negotravaux.com mandataire25.negotravaux.com mandataire24.negotravaux.com mandataire23.negotravaux.com mandataire20.negotravaux.com negofacile.com www.negofacile.com www.negofacile.fr negofacile.fr negofacile.negotravaux.fr mandataire11.negotravaux.com mandataire14.negotravaux.com mandataire15.negotravaux.com mandataire12.negotravaux.com mandataire13.negotravaux.com mandataire6.negotravaux.com mandataire4.negotravaux.com mandataire10.negotravaux.com cloud.negotravaux.com mandataire1.negotravaux.com mandataire8.negotravaux.com mandataire3.negotravaux.com mandataire5.negotravaux.com mandataire7.negotravaux.com mandataire9.negotravaux.com mandataire2.negotravaux.com pma.negotravaux.com negotravaux.fr www.negoimmobilier.com www.negoimmobilier.fr negoimmobilier.com negoimmobilier.fr www.negotravaux.fr www.negotravaux.com ns3289869.ip-5-135-180.eu negotravaux.com t2.hostuje.org

Malware Detected on Host

Count: 1 6a02eb9196c0516d6edac4d173932913e6076f1a1042791dc694d687daa31937

Open Ports Detected

10000 443 80

Map

Whois Information

• inetnum: 5.135.176.0 - 5.135.191.255
• netname: OVH
• descr: Dedicated Servers
• country: FR
• org: ORG-OS3-RIPE
• admin-c: OK217-RIPE
• tech-c: OTC2-RIPE
• status: ASSIGNED PA
• mnt-by: OVH-MNT
• created: 2016-03-23T10:24:31Z
• last-modified: 2016-03-23T10:24:31Z
• organisation: ORG-OS3-RIPE
• org-name: OVH SAS
• country: FR
• org-type: LIR
• address: 2 rue Kellermann
• address: 59100
• address: Roubaix
• address: FRANCE
• phone: +33972101007
• admin-c: OTC2-RIPE
• admin-c: OK217-RIPE
• admin-c: GM84-RIPE
• abuse-c: AR15333-RIPE
• mnt-ref: OVH-MNT
• mnt-ref: RIPE-NCC-HM-MNT
• mnt-by: RIPE-NCC-HM-MNT
• mnt-by: OVH-MNT
• created: 2004-04-17T11:23:17Z
• last-modified: 2020-12-16T10:24:51Z
• role: OVH Technical Contact
• address: OVH SAS
• address: 2 rue Kellermann
• address: 59100 Roubaix
• address: France
• admin-c: OK217-RIPE
• tech-c: GM84-RIPE
• tech-c: SL10162-RIPE
• nic-hdl: OTC2-RIPE
• abuse-mailbox: [email protected]
• mnt-by: OVH-MNT
• created: 2004-01-28T17:42:29Z
• last-modified: 2014-09-05T10:47:15Z
• person: Octave Klaba
• address: OVH SAS
• address: 2 rue Kellermann
• address: 59100 Roubaix
• address: France
• phone: +33 9 74 53 13 23
• nic-hdl: OK217-RIPE
• mnt-by: OVH-MNT
• created: 1970-01-01T00:00:00Z
• last-modified: 2017-10-30T21:44:51Z
• route: 5.135.0.0/16
• descr: OVH
• origin: AS16276
• mnt-by: OVH-MNT
• created: 2012-07-06T13:00:08Z
• last-modified: 2012-07-06T13:00:08Z

Links to attack logs

bruteforce-ip-list-2020-08-05 bruteforce-ip-list-2020-07-10 bruteforce-ip-list-2021-02-05 bruteforce-ip-list-2020-11-09 bruteforce-ip-list-2021-01-06