5.22.145.121 Threat Intelligence and Host Information

Aug 26, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.22.145.121 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1114 - Email Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution, T1583.005 - Botnet, T1588 - Obtain Capabilities, TA0037 - Command and Control

  • Tags: address, apple ios, b body, body length, botnet, ck id, ck matrix, click, comspec, contact, contacted, date, download, factory, falcon sandbox, file, final url, general, getprocaddress, hackers, hacktool, headers nel, highly targeted, historical ssl, http response, hybrid, indicator, installer, iocs, ioc search, malicious, malware, maxage5184000, mitre att, model, monitoring, name verdict, new ioc, paste, patch, path, pattern match, prefetch8, quasar, relic, serving ip, sha256, show technique, song culture, ssl certificate, status code, strings, teams api, threat, threat analyzer, tofsee, tsara brashears, tulach, united, urls https, whois record, whois whois, win64

  • View other sources: Spamhaus VirusTotal

  • Country: Germany
  • Network:
  • Noticed: 5 times
  • Protocols Attacked: SSH
  • Passive DNS Results: help.playlistslibrary.com sascha-telschow.dvag tmf-gronp.com tmf-group.cc bezahlbare-eautos.de www.maler-vlies.de maler-vlies.de dhgats.com isaachsalem.com bilobili.com bilubili.com eibach-austria.com eibachaustria.com www.labrugeoise.be king-jouet.be b9d440ea-9c98-4acf-ace5-b67c3ceec125.collegestationsolar.com ermitage.net mazars.pa mazars.mk burgschloss.org railone.gmbh ametasmedical.com americasmattresslynnwood.com americasmattresshi.com americasmattressboston.com americasmattressmoreheadcity.com retropixelcamera.com americasmattresswi.com americasmattresssteamboatspings.com americasmattressnorthcharleston.com americasmattressiowa.com americasmattresscolumbia.com americasmattressmtjuliet.com americasmattresstumwater.com americasmattressmoseslake.com americasmattressde.com americasmattressid.com americasmattressmonroeville.com americasmattressharrison.com americasmattressqueens.com americasmattressflorida.com americasmattressmurray.com americasmattressbangor.com americasmattresspleasanthills.com americasmattressnorthhills.com americasmattressal.com americasmattressmississippi.com americasmattresscasagrande.com americasmattresscharleston.com americasmattressvermont.com americasmattressevansville.com americasmattressedmond.com americasmattressut.com americasmattresstorrance.com americasmattressminneapolis.com americasmattressne.com americasmattressbaltimore.com americasmattresssavannah.com americasmattressbrentwood.com americasmattresspennsylvania.com americasmattressalexandercity.com americasmattressidaho.com americasmattressflorence.com americasmattressohio.com americasmattresssouthdakota.com americasmattressauburn.com americasmattresswoodlandhills.com americasmattressbossiercity.com americasmattresssalem.com americasmattressskokie.com americanwatermarket.com americansaunas.com app.greenwichsolar.com schnuddelbank.de us-schot.com bwbp.de zorica-ristov.dvag giovanni-giardullo.dvag ilivenet.com utopia–studios.com carreview.com.au api.solarmontreal.com xn–lidl-podre-obb85n.pl lidl-telecom.co.uk tomdixontrade.net skillnavigator.aero hh2f.com ih2b.com jobsento.de jobtube.info www.jobsento.de www.yourfirm.ch yourfirm.es www.hidden-champion.org hidden-champion.org www.jobtube.info yourfirm.info yourfirm.in www.top-arbeitgeber.net www.yourfirm.info yourfirm.ch top-arbeitgeber.net akteq.net onlyfeelz.net b294709c-6a16-4290-b9fc-bcbdc3892416.mauritaniasolar.com joshua-voth-1934600.dvag tonvanderreijken.com toffifeepromo.com calculallure.com semdual-mix.com leaguenightsupplyco.com leaguenightsupply.com 209deepcreekdrive.com knopperspromo.com extraordinarycard.com api.paddleboardreview.com djh2.com h2ah.com josh4fremantle.com www.allpurposevehicle.com pjurusa.com clinicalfungi.org cliplife.jp b.constructor.name this.tracker.eventhandlers.ecommerce.constructor.name t.constructor.name x.constructor.name fe.constructor.name remote.irareg.net onlyfeelz.org dennis-kern.dvag marc-zeising.dvag wilfried-stephan.dvag cashbomb.com elicit-plant.mx heztz.com milletmountainsgroup.com www.uquill.com assterriks.com abbyandlukas.com cycloneforever.com hearthandrail.com mobapreis.com mobapreise.com onlyfeelz.com courir.be www.gpsconsultinginc.org berlin-domains.info rustore.inveter.com beta.ivplaylists.com tony-mueller.dvag marvin-schick.dvag warringdivas.com stap-les.com born2adapt.com nardstromrack.com artxbreath.com holidaygiftingandgiving.com it-services-erp.com erp-for-it-services.com erp4itservices.com 141clovercove.com 202roaringcreekdr.com 146villagepath.com zalando.kg www.aloclair.com api.solarpaels.com www.grandluxehotel.com myheritage.mn relte.co.uk marc-animation-sonorisation.com www.marc-animation-sonorisation.com missy-in-action.com enerpipe-engineering.com enerpipeengineering.com 059879e5-b2e8-4f58-aa46-95f69d92aa34.random.solarmontreal.com layakariband.com rdweb.irareg.net gateway.irareg.net sharepoint.analyticsstudio.com portal.analyticsstudio.com modeldemocracy.org denny-mekic.dvag rene-andre-freier.dvag terranatura.us 8100purpleasterpass.com 206swensondrive.com 21201kiowacove.com members.emailmarketinglaw.com test.emailmarketinglaw.com web.digitalmarketingguide.com xtimber.net schott-pharma.biz cayan-macit.allfinanz mazarsgroupe.com 107garrettway.com cs027.any.com cvpuimarketing.stamfordsolar.com external.soarpanels.com portal.soarpanels.com www.uat.inveter.com lars-schneegass.dvag www.api.inveter.com theyoungsaints.com csshelper.net www.web.stamfordsolar.com 901kunderoad.com 7074statehighway123.com 4074gossansprings.com 19008mediocove.com mailer.digitalmarketingguide.com api.digitalmarketingguide.com www.forums.playlistsdatabase.com sjclkhelp.bookplaylists.com sharepoint.ethiopiasolar.com members.wenatcheesolar.com airasia.icu airarabia.icu airpremia.icu microsoftonline.icu kitstown.icu airfrance.icu hentaimama.icu porntrex.icu monotaro.icu okxxx1.icu navitime.icu incestflix.icu britishairways.icu nytimes.icu kakaku.icu forums.bookplaylists.com isack-hadjar.fr denis-fier.dvag filesrv3.bma.com vermotropin.com 5xnxx.com colombiasal.com sal-de-colombia.com la-centrale-carrosserie.com lacentralecarrosserie.com 15903drexelrun.com 9405westranchroad1431.com 111pecanorchardlane.com fragdrbecker.com cc132eb5-35e8-4c79-a7f0-fe23f10153e7.playlistsdb.com www.merckmillipore.ar ou-depenser-vos-cheques.fr lkogbstaging.digitalmarketingguide.com aflight.ie egeico.com www.forums.ivplaylists.com beta.collaborativeplaylists.com domenico-quartaruolo.dvag stefan-gehrig.dvag www.game1stop.com up-coop.mx deine-videokarte.com freierednerin-berlin.com 1729arborknotdrive.com 268cordovaloop.com dxc-zuerich.ergosign.ch pacsum.com eps.com staging.portknox.info feebok.com voelklingen.andreashegmann.de winwithtoffifee.se up-coop.lt vinstagram.com mythicmakeover.com appsec-nomad.com appsecnomad.com h.constructor.name ye.constructor.name upcoop.ro www.recompany.com myraid.com mybrands-zalando.net pif.vet quentry.com wreathsandmore.org ios-self-signed-certificate-1518571023.tmc.tmcaz.com.tmaz.com api.wishful.com www.members.keenesolar.com cloud.solerpanel.com www.dev.solarpaels.com www.jurxpert.de b-to-c.eu ancettry.com mscafee.com att-66.27.com att-154.27.com att-61.27.com att-228.27.com att-98.27.com att-76.27.com att-160.27.com att-122.27.com att-92.27.com unterwaesche.org salzburg-power-drinks.net salzburgpowerdrinks.net dyck-david.dvag rene-windfelder.allfinanz christina-bachmann.allfinanz thomas-maier.allfinanz tag-des-goldes.com tagdesgoldes.com lytensolar.com pnp-master.com 8906willmonway.com 1706timberwooddrive.com ai4bni.com businesseducation.de property.it www.bav-cockpit.de bav-cockpit.de www.mail.extraordinarycards.com test.playlistslibrary.com salzburgpowerdrinks.org salzburg-power-drinks.org bernhardhanel.net khaled-abou-khamis-1900120.dvag maria-prettenhofer.dvag maulawy-mohamed.allfinanz elias-raoul-espinosa.allfinanz 4xvideos.com themagnificent6.com themagnificent6epc.com thegangof6epc.com thegangof6.com themagnificentsixepc.com themagnificentsix.com salzburgpowerdrinks.com 4734newcapitalstreet.com 234turnberrydrive.com scherma-stefano.dvag oliver-lenz.dvag christina-angress.dvag anne-fallmer.dvag julian-thierolf.allfinanz heyhi.work taxeact.com chediliving.com chediszr.com 2018rundberglane8c.com 8207phoenixavenue.com jobbackshark.com epayco.me robinson.cv globalsustainabilityjam.org armin-muencheberg.dvag michael-heekin.dvag wcibc.com partvpn.com bedt365.com be5365.com guesttainment.com whatwouldalando.com whatwouldalansay.com aieiou.com dlzoffers-mail.com 1077fieldstonedrive.com 1911marquettedrive.com 137hondogaplane.com 1650countyroad439.com duill.com www.duill.com uat.solartulsa.com marketing.solartulsa.com stg.solartulsa.com www.calando.biz stolzmonat2025.de netfliox.com kivideodesign.com www.redranger.com blistex.co.il www.collabary.biz torsten-kiefer.dvag pharmaciedelapetitechampagne.fr www.pharmaciedelapetitechampagne.fr asa-egon.com asaegon.com bestofor.com bestinal.com bestinalbany.com bestinupstateny.com bestofsi.com bestinmass.com bestinhuntsville.com macysc.com hgeico.com curiouslyhuman.ai himedepot.com terminatorcommunications.net urencoinc.net omnit.agjs.com blog.solarboise.com dev.youngstownsolar.com linzner-consulting.com dersportprofi.com www.columbiam.com hitster.shop kilian-ritschel.dvag jonathan-schramke.dvag vitalii-bukatka-1827170.dvag p-to-m.com bncdubai.com www.myosaka.com recipeforbeauty.com zyi.com pflegezuhause.net esgdrive.net jobangebote.net maria-reinicke.dvag clumsy.us claimyour.id be3t65.com matieres-premiere.com matierespremiere.com matiere-premieres.com 205birchoaklane.com www.adabas.com ienet.com fribo.pt www.malwarrebytes.com www.scotlandpro.com www.martin-kelch-1953630.dvag enexy-transfergesellschaft.net hedgeinsurance.net www.jennycfraig.com www.cromologydistribution.com www.jannycraig.com fabian-fritschka.dvag mai-bash-2426420.dvag imperial-tobacco.com jonas-purrmann.allfinanz puzzlesforacause.com www.wwnutrisystem.com www.solus.city printedworkshop.com customlifts.net www.jennycraag.com www.mr-condom.com www.www-nutrisystem.com www.streetsupply.com roboev.asia www.jennycdraig.com collabary.hu www.emakina.brussels strykertesting.net leon-bretschneider-1922790.dvag alexander-rostock.allfinanz xn–gaststtte-02a.com iotcommunity.com verifiedcre.com souloftantra.com maybenotshow.com poryhub.com gyrotoniclatinaequilibra.com io-port.net invernesscitytaxis.co.uk www.jennyaraig.com www.jennxycraig.com api.solarstockton.com pier-one.tv dairies.us sset.playlistly.com truthstruggle.com meteo-solaire.com meteoduphotovoltaique.com meteodusolaire.com meteo-photovoltaique.com indice-photovoltaique.com indicepv.com indicedusoleil.com indicedusolaire.com pvmeteo.com kelseyfostermusic.com www.vitterhetsakad.se shop.solarpanelss.com www.visicraft.llc www.jennycra9g.com app.admindatabase.com www.store.eatpodcast.com www.kalder.family ivox.com vetoquinol.asia efly.asia caravantours.asia samfrancisco.asia aestheticstranslations.com www.chris-michelmann.allfinanz denisemore.wedding bakerysim.com inspectionrepairpros.com 8200neelydr117c.com 1502montview.com admin.michiganactor.com

Malware Detected on Host

Count: 6 0c19a89ad89760a4f7c82cf75b55a47e503b0e526f9b8c7e3a3fefabfad4b6dc aab889224b09f993c396bb09cb29dac1cd48b2d969aa399d89d3050fb6f13a8c 9c92cb2d84fd04669c431472aa47ded4a73932c824e5911b039b5155d2934332 4908395a56a5c48373993a6b6eea963810804c123e54e1f80a7c94c1202d6fb9 eca0d1f56caa65085a96295613e455f943b0ed81f305eeb0dedbc1303d35a96f 0d36048d41f41fbe6de4386dfc6db96cdde0889482f66d778ebdd25e46ff0555

Open Ports Detected

25 80

Map

Whois Information

  • inetnum: 5.22.145.0 - 5.22.145.255
  • netname: AWS-SHAREDSRV-WEB-MAIL-FORWARDING
  • descr: Key-Systems GmbH
  • descr: Im Oberen Werk 1
  • descr: 66386 Sankt Ingbert
  • country: DE
  • admin-c: KEYS-RIPE
  • tech-c: KEYS-RIPE
  • abuse-c: KEYS-RIPE
  • status: ASSIGNED PA
  • mnt-by: KEY-SYSTEMS-MNT
  • created: 2021-06-09T14:17:47Z
  • last-modified: 2022-05-12T10:16:47Z
  • descr: —–BEGIN CERTIFICATE—–MIIDlTCCAn2gAwIBAgIUa6J/3hZo0uB9CLjmRdTXBqcckcMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKQ2VudHJhbE5pYzAeFw0yMTA1MjgwNTM1NDFaFw0yMjA1MjgwNTM1NDFaMFoxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCkNlbnRyYWxOaWMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzSdrZkO8XBIooVIbfd5jpaiLwpUfTqyDCkYYEn8VrBzHrzNeGAks7i4PPD6PEBr9toyqz8lPi9HqOqVuKs7QDNM4Tlz9SOegXjYIFYMarufMfekAFwdwM2naQSod/WVxBN2vPSqnoYH6ZwAmaIzj9ybMdXgE6uxPfeTyvrSNuWRWlVsRI1dp6DLlaQRRevKNYayseZpb6dkols/kTiDrqqxhYGD8MzXQK22uPboW5yqo+97c5qe4vANdnzRFzMKtS1MRD2Yi1t1Y41A5vUc8nz74tgV6THeNXjNxnXfUBg92HH4zGmXwvchm2Y/5Y6n+u9g7FmeKnk4g0pRh2Oo95AgMBAAGjUzBRMB0GA1UdDgQWBBSkq3XeKp5YbJJvqMe8k0WIMpNSnzAfBgNVHSMEGDAWgBSkq3XeKp5YbJJvqMe8k0WIMpNSnzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBnKfZvNHfJzSeYOicJAwgZ/3EEbXaZy2URs+QMXtcrMbeL6p73r84BzED3fFyk64jcuk3Awpk6o9qhzmjgajBpdlRYQGdxU0k5oZUNOe3di2Jh83grJz8wS6Lyy2rO81kSan+9n3sVmWH7An8eP3lQJmSEgxBjxmh1jBlX04QNAjEOZDXH3vn/ilkrG51m7S/t0OxwaFD0LtPbWM88BTsEgtqMmmSFw40/n7kaJddrL5IBHH4Ld0b/XMbn0JT6/y4qBzk6bXzY8lSX5FdnPW7Jm9skohfbiL3Ks2IIEEHGjsV5c3LKa+KGKFtvpknVdKGBRCHrg1fS0pOH8Tfn+ePp—–END CERTIFICATE—–
  • role: Key-Systems GmbH Hostmaster
  • address: Key-Systems GmbH
  • address: Kaiserstrasse 172-174
  • address: 66386 St. Ingbert
  • address: Germany
  • phone: +49-6894-9396-850
  • fax-no: +49-6894-9396-851
  • admin-c: CH3108-RIPE
  • admin-c: ADZ-RIPE
  • tech-c: ADZ-RIPE
  • tech-c: CH3108-RIPE
  • nic-hdl: KEYS-RIPE
  • mnt-by: KEY-SYSTEMS-MNT
  • created: 2009-05-14T11:23:01Z
  • last-modified: 2024-06-03T10:57:24Z
  • abuse-mailbox: abuse@key-systems.net
  • route: 5.22.145.0/24
  • origin: AS196763
  • mnt-by: KEY-SYSTEMS-MNT
  • created: 2021-06-01T12:46:36Z
  • last-modified: 2021-06-01T12:46:36Z

Links to attack logs

****** ****** ******

Share on: