5.199.130.188 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.199.130.188 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Tags: badrequest, bruteforce, cyber security, ioc, malicious, Nextray, phishing, probing, TOR, VPN, webscan, webscanner

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: cruzit_web_attacks, maxmind_proxy_fraud, sblam, tor_exits_30d

  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 45 times
  • Protocols Attacked: spam
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: vps2400948.fastwebserver.de web.qqwqq.xyz block2.mmms.eu srv8.ipstream.it tor.piratenpartei-nrw.de 5.199.130.188

Malware Detected on Host

Count: 19 175947117e7dfbe4d0b437034d850cb8bb063038d1b1ab0219c56ddc6464b395 857df9f995f743358d9379eb9d8ef7848e7969ecc13394600eadbf973076d664 a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b 5dca574173ec29eab508ab797c6af88456d9960cc56f42d7b86a06eae0cee317 9d90e290acdd0d45826a9bb24d6507448646a0d743b5ae8ac5b006358388c46c fe111b6fff9830a29ba03ae1000b15ba4541127d708a8ad33c7e798029453322 1ea6e228b98c2b1d1fcd3e10c40119cec7ccdc63d256b29ad81800d5b61ba1d1 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656 010321a94d616733d0564ec1584682a1b359315565db281c008be1f31624be0e

Open Ports Detected

111 22 80

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767

Map

Whois Information

  • inetnum: 5.199.130.0 - 5.199.130.255
  • netname: MYLOC-DE-DUS2-DEDICATED
  • descr: webtropia dedicated Server by http://www.webtropia.com
  • descr: myLoc managed IT AG
  • country: DE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ASSIGNED PA
  • mnt-by: MYLOC-MNT
  • created: 2012-09-18T08:48:43Z
  • last-modified: 2016-04-13T10:07:14Z
  • role: WIIT AG NOC
  • address: WIIT AG
  • address: Network Operations & Services
  • address: Joachim-Erwin-Platz 3
  • address: 40412 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: abuse@myloc.de
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2024-04-23T13:59:09Z
  • route: 5.199.128.0/20
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2012-08-29T12:29:55Z
  • last-modified: 2017-02-07T16:39:12Z

Links to attack logs

****** forum-spam-ip-list-2014-04-28 forum-spam-ip-list-2014-07-17 ****** ******

Share on: