5.199.130.105 Threat Intelligence and Host Information

Share on:
Dec 01, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.199.130.105 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: brute force, Bruteforce, Brute-Force, cowrie, ssh, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Australia
  • Passive DNS Results: mytekkit.net myftb.net www.office.andziewicz.de s2.andziewicz.de www.rosis-welt.de uteand.de www.sebwan.de sebwan.de www.uteand.de my-lan.org www.my-lan.org my-lan.info www.my-lan.info lg.kaiand1.de www.mc.zocker-insel.net kaiand1.de www.kaiand1.de www.dorado.zocker-insel.net dorado.zocker-insel.net www.the-archiv.net the-archiv.net planet-war.de zocker-insel.net www.zocker-insel.net www.planet-war.de www.wendy.andziewicz.de www.lg.kaiand1.de wendy.andziewicz.de rosis-welt.de www.leaand.de unser-clan.info mc.zocker-insel.net www.unser-clan.info www.andziewicz.de office.andziewicz.de andziewicz.de leaand.de

Malware Detected on Host

Count: 10 aa4d9b05c7fba7f3b498282cb6037e1eccfdd2762389bb66fb332945d3c28693 f055921ca2404aab48de669a32b34c379fe1d842528bbe3242a28887640fd722 e2f254a6b730b5ae77afe10256e85219b38c89099e1bd0da32cefd383ae1eac3 99f700a914423d7027068e54bcc7983603c2bf1fd90d354b30182530a159eb1c 5c0edf979334478cbdfc30f2d9185c7259da53bb191f47c68cc1eeda91d59ce6 8131e8134664b970196bbebe36cd31444c3b9fc03425117c37e5599bd49b2ff9 9c7958817f1f6b3377bb83fb651af588e45575d06eed6eba04b89a5a0292ec6f 91b6b13b3608a91da43fec4f720dd3e0607719325b8e72034e93f2cbff0d04c3 d5b6587a798bfcead0388e6a0e5829621eef683f07f4c7ae21e13e306c1d0a98 865dd398e7b81b1108df46b824960c7d698fe58479acf098b6058748beace895

Open Ports Detected

22 30303 8545

Map

Whois Information

  • inetnum: 5.199.130.0 - 5.199.130.255
  • netname: MYLOC-DE-DUS2-DEDICATED
  • descr: webtropia dedicated Server by http://www.webtropia.com
  • descr: myLoc managed IT AG
  • country: DE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ASSIGNED PA
  • mnt-by: MYLOC-MNT
  • created: 2012-09-18T08:48:43Z
  • last-modified: 2016-04-13T10:07:14Z
  • role: myLoc NOC
  • address: myLoc managed IT AG
  • address: Network Operations & Services
  • address: Am Gatherhof 44
  • address: 40472 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2022-07-08T14:48:44Z
  • route: 5.199.128.0/20
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2012-08-29T12:29:55Z
  • last-modified: 2017-02-07T16:39:12Z

Links to attack logs

vultrwarsaw-ssh-bruteforce-ip-list-2023-12-01