5.2.70.223 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.2.70.223 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force

  • Tags: attack, bruteforce, Bruteforce, login, scanner, SSH, Telnet, TOR, vnc, VPN

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, et_tor, stopforumspam_180d, stopforumspam_365d, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Netherlands
  • Network: AS60404 the infrastructure group b.v.
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Passive DNS Results: serure-email.online maillet-vdsm.synology.me rws02.riguan.nl ras01.riguan.nl topbackupcenter.com

Malware Detected on Host

Count: 36 2efd2b7f3c3a743f167471969485ef77be37adad7e823403aaf8ba28bc83da5e 17d22cdccc54f5616d7c0801c902b6d2b2defc53f78e0fdcbc80df40c98ed5bf 11037bc7fb50948db17e9e6ff075961767d882a16747f4e57bc4cf3eeec46820 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 c5b2f2e366e1788ce8088b49bce83214c60835193d760922fd119836b77402a7 9237e9a6e4a3e3fe87ad8402def620a9586642b16f52df52308b45333e70c683 1d811e975e723720cbfc93ae6d0aa2837539846a7fbbc78204b0cf454b43f52c cf93542e5b93485475fb98443c8bba33c21774239e88c833e491dd50f67a209a 11dd4788e12ed466ade5e925cea122c2f211429d71c6d4cda8e9cdb6eff39957 e7bdec044f177a8a6242560b3f8c6f349d1cf318a9f943c6d0e1c8eafbfa83f6

Map

Whois Information

  • inetnum: 5.2.70.0 - 5.2.70.255
  • netname: TIG
  • country: NL
  • admin-c: TIGB2-RIPE
  • tech-c: TIGB2-RIPE
  • status: ASSIGNED PA
  • mnt-by: mnt-nl-theinfrastructuregroup-1
  • created: 2018-09-05T09:19:17Z
  • last-modified: 2023-04-06T17:21:11Z
  • role: The Infrastructure Group B.V. - NOC Department
  • address: Havinghastraat 32
  • address: 1817DA Alkmaar (The Netherlands)
  • phone: +31853012862
  • nic-hdl: TIGB2-RIPE
  • mnt-by: mnt-nl-theinfrastructuregroup-1
  • created: 2019-11-12T09:12:44Z
  • last-modified: 2019-11-12T09:12:44Z
  • route: 5.2.70.0/24
  • origin: AS60404
  • mnt-by: mnt-nl-theinfrastructuregroup-1
  • created: 2021-04-17T08:18:11Z
  • last-modified: 2023-04-06T17:53:02Z

Links to attack logs

****** ****** ******

Share on: