5.181.80.139 Threat Intelligence and Host Information

Oct 14, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.181.80.139 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

Mitre ATT&CK IDs: T1110.003 - Password Spraying, T1583.005 - Botnet
Tags: 32, 32-bit, 64, analyze, arm, auto-generated security, bashlite, blacklist, block, botnet, bruteforce, combinations, compromise ipv4, dll, dropped-by-PrivateLoader, dropped-by-Stealc, elf, encrypted, expirationtime, Formbook, gafgyt, gs003, hajime, high, IDS, indicatortype, indicatorvalue, initiator ip, intel, iocs, ipaddress, IPS, ipv4 port, kfsensor, license, linux, Malicious IP, mips, mirai, mirai botnet, motorola, Mozi, mstic port 23, Port Scan, PowerPC, rdp, renesas, scan, scanner, sha1, sha256, shellscript, SocGholish, Socks5Systemz, sparc, sql inyection, ssh, Stealc, tcp, tcp/23, telnet, true, vultr, WAF, x86-32, xworm
View other sources: Spamhaus VirusTotal

Country: Bulgaria
Network:
Noticed: 50 times
Protocols Attacked: telnet
Countries Attacked: Belgium, France, Spain, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: bu.takyalghozag.tk bu.takyalghozag.site bu.takyalghozag.ga maverickmix.net xn–fpengar-exa.com smtp.hostbomb.net pop.hostbomb.net ftp.hostbomb.net hostbomb.net chasesecurecheck.com

Malware Detected on Host

Count: 3 2384176f3e1b9c3b6692bca1842e0f4c18e4ff8dbb97981c1912717185529a50 ceef0838d860b20dbfd045a1eee90b0b7a3f50f8be0cc61606bb53fb8a38c2c9 80affa049e3d85870f60966985ca34cb82fc5cf2dbdf1b8fa02092b824a2efb9

Open Ports Detected

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2024-6387 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

inetnum: 5.181.80.0 - 5.181.80.255
netname: Tamatiya-EOOD
country: BG
org: ORG-IPTL2-RIPE
admin-c: PD8817-RIPE
mnt-routes: TAMATYA-MNT
mnt-domains: TAMATYA-MNT
tech-c: PD8817-RIPE
status: ASSIGNED PA
mnt-by: lir-bg-itserviceprovider-1-MNT
mnt-by: TAMATYA-MNT
mnt-by: MNT-LIR-BG
created: 2021-05-10T19:55:44Z
last-modified: 2021-12-08T08:52:36Z
organisation: ORG-IPTL2-RIPE
org-name: Tamatiya EOOD
country: BG
org-type: OTHER
address: 35, Ivan Vazov str., Sopot, Bulgaria
abuse-c: AR40280-RIPE
mnt-ref: TAMATYA-MNT
mnt-ref: MNT-LIR-BG
mnt-by: TAMATYA-MNT
created: 2014-10-22T22:11:46Z
last-modified: 2022-12-01T17:15:26Z
person: Petar Dimov
address: hostmaster@4vendeta.com
address: noc@4vendeta.com
phone: +359988865442
nic-hdl: PD8817-RIPE
mnt-by: TAMATYA-MNT
created: 2016-11-06T19:36:43Z
last-modified: 2022-12-20T20:23:46Z
route: 5.181.80.0/24
origin: AS50360
mnt-by: Tamatiya
mnt-by: TAMATYA-MNT
created: 2021-05-10T20:28:28Z
last-modified: 2021-05-10T20:28:28Z

Links to attack logs

****** vultrwarsaw-telnet-bruteforce-ip-list-2023-07-22 vultrparis-telnet-bruteforce-ip-list-2023-12-30 vultrparis-telnet-bruteforce-ip-list-2024-01-03 vultrparis-telnet-bruteforce-ip-list-2024-01-01 dotoronto-telnet-bruteforce-ip-list-2023-07-23 dofrank-telnet-bruteforce-ip-list-2023-07-23 ****** ****** vultrparis-telnet-bruteforce-ip-list-2023-12-31

Share on: