5.199.143.202 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.199.143.202 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 76/100

Host and Network Information

  • Tags: cyber security, ioc, kfsensor, malicious, Nextray, phishing, rdp, ssh, TOR, VPN

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: nixspam, sblam, stopforumspam_365d, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Germany
  • Network: AS24961 myloc managed it ag
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 16 5a6ef4bb96efacaa4db232c1d28c37e3b5ec0e471b948ed2b55770db5e820e24 4d3b369698cd8b6fc6bd6c5c6439929ab14f65a3ce0cd2a557b4e31b12e4295c 31e336d15f3414e6bae7056b612b3529b0af5c6656f93f9c3d51312a3ce8935c 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 e6aca25a484efc2f6c65d72999ad040b8258e7633553533c3bd41770937008c4 7cf34eadb163afa46e8936bc8a37c38d51a646079d39897397ab6bd3fd527f9a 91e0c268211f9e8d9a28e6d8526188360563e1e57739156c07d4ac3e8617bb23 a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00 c3bee7ed9d81f9d851ca45f952261ba1b486c74b9dd388742becfeefd7e88093 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b

Open Ports Detected

123 8080

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

  • inetnum: 5.199.143.0 - 5.199.143.255
  • netname: MYLOC-DE-DUS2-DEDICATED-SERVER
  • descr: webtropia dedicated Server by http://www.webtropia.com
  • descr: myLoc managed IT AG
  • country: DE
  • admin-c: MOPS-RIPE
  • tech-c: MOPS-RIPE
  • status: ASSIGNED PA
  • mnt-by: MYLOC-MNT
  • created: 2013-01-02T06:24:15Z
  • last-modified: 2016-04-13T10:07:17Z
  • role: WIIT AG NOC
  • address: WIIT AG
  • address: Network Operations & Services
  • address: Joachim-Erwin-Platz 3
  • address: 40412 Duesseldorf DE
  • admin-c: PHAN
  • tech-c: PHAN
  • tech-c: DDO
  • tech-c: JOH
  • tech-c: NIL
  • tech-c: STH
  • tech-c: KT3550-RIPE
  • nic-hdl: MOPS-RIPE
  • abuse-mailbox: abuse@myloc.de
  • mnt-by: MYLOC-MNT
  • created: 2013-02-11T16:38:10Z
  • last-modified: 2024-04-23T13:59:09Z
  • route: 5.199.128.0/20
  • descr: myLoc managed IT AG
  • origin: AS24961
  • mnt-by: MYLOC-MNT
  • created: 2012-08-29T12:29:55Z
  • last-modified: 2017-02-07T16:39:12Z

Links to attack logs

bruteforce-ip-list-2021-05-12 ****** ****** ******

Share on: