5.181.80.16 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.181.80.16 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 42/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force

  • Tags: awsbah, bruteforce, Bruteforce, cyber security, ioc, malicious, Nextray, phishing, Scanner, scanning, smtp, ssh, tcp, telnet, Webattack

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: dm_tor, et_tor

  • Country: Bulgaria
  • Network: AS50360 tamatiya eood
  • Noticed: 46 times
  • Protocols Attacked: telnet
  • Countries Attacked: Bahrain, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: securebanking-03b.ddns.net securebanking-01a.ddns.net bring-stemple01.ddns.net secure-05a.ftp.sh secure-04a.ftp.sh secure-03a.ftp.sh secure-01a.ftp.sh bring-stemple.ddns.net securebanking-02b.ddns.net securebanking-01b.ddns.net secure05p-login.ddns.net secure04p-login.ddns.net boulguy2.ddns.net boulguy1.ddns.net enlace-seguro2.ddns.net enlace-seguro1.ddns.net secure02p-login.ddns.net secure01p-login.ddns.net seguro-login.online www.seguro-02b-login.online www.seguro-01b-login.online www.seguro-02b-login.seguro-01b-login.online santander.es.seguro-01b-login.online www.santander.es.seguro-01b-login.online seguro-02b-login.seguro-01b-login.online seguro-02b-login.online seguro-01b-login.online enlace-seguro2.sytes.net segura-enlace1.sytes.net segura-enlace.sytes.net www.5-181-80-16.cprapid.com 5-181-80-16.cprapid.com

Malware Detected on Host

Count: 2 4a3d207cc0f15bb6d588c29d055693831d754f89890e5cd97bed7cf3340526d0 f3986cbe634dc245285612e53eb9a6f0ea5520677c676c38a957de68994a1f54

Open Ports Detected

443 80

Map

Links to attack logs

awsbah-telnet-bruteforce-ip-list-2022-04-02 ****** doamsterdam-telnet-bruteforce-ip-list-2022-12-05 doamsterdam-telnet-bruteforce-ip-list-2022-12-06 ****** ******

Share on: