5.34.179.165 Threat Intelligence and Host Information

Share on:
Jun 30, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.34.179.165 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: C&C, Log4j Scanning Hosts, Nextray, agentesla, agenttesla, amadey, asyncrat, avemaria, avemariarat, awsau, awsjap, bashlite, bitrat, cyber security, cybergate, dofoil, fareit, gafgyt, hawkeye, houdini, hworm, ioc, jenxcus, katana, loki, lokibot, malicious, mirai, nanocore, netwire, netwire rc, ntp, oski stealer, oskistealer, phishing, predator pain, raccoonstealer, racealer, recam, redline stealer, redlinestealer, remcos, remcosrat, scanners, sharik, siplog, smoke loader, stealer, virusdeck

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS204957 green floid llc
  • Noticed: 1 times
  • Protcols Attacked: ntp
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Japan, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ildolsia.site

Malware Detected on Host

Count: 8 10fa492d71b29b06ddec26b6d475bf42a6068e5a245aafc90d135b6d571c7527 4efd683668f23df7cbc1e1e62500b5b9aeaa5acff7937e477ece63376141043f 6073428fa3e4742da453cb4d38bd9ec3f70494679561121002c470ee0291287c be5b56a06f2472498c834a26a2d62a09679d5cf8e616321c3f241fceaabba827 07db05c5dccc56e6ae2a50f78e443700376946bbe1cb6c12793ff7f1b234a1fe 17544053a0b2bdb46475c0eac5c2642a9cf40e4c709ea9d30c99fbf24705263b 4a4312b26410ff208e3497a2fd069f6b51885ec5a0b626d7810c3e89eb408278 0d65d686ed049a257f47df6c569a63a23f60fc09d0637ec11d938d1ddf61e6ad

Map

Whois Information

  • inetnum: 5.34.178.0 - 5.34.179.255
  • netname: GF-MIA-NET
  • descr: ***********************
  • descr: * As ISP we provide hosting, virtual and dedicated servers.
  • descr: *
  • descr: * Those services are self managed by our customers
  • descr: * therefore, we are not using this IP space ourselves
  • descr: * and it could be assigned to various end customers.
  • descr: *
  • descr: * In case of issues related with SPAM, Fraud, Phishing
  • descr: * DDoS, port scans or others, feel free to contact us
  • descr: * with relevant info. Abuse email: [email protected]
  • descr: ***********************
  • country: US
  • geoloc: 25.7761261 -80.1931018
  • org: ORG-GFL1-RIPE
  • admin-c: GFES1-RIPE
  • tech-c: GFES1-RIPE
  • status: ASSIGNED PA
  • mnt-by: GRFL-MNT
  • created: 2019-10-15T02:56:00Z
  • last-modified: 2021-03-20T19:01:44Z
  • organisation: ORG-GFL1-RIPE
  • org-name: Green Floid LLC
  • org-type: OTHER
  • address: East Jefferson Street, 2707
  • address: Orlando, FL, 32803, USA
  • phone: +1 561 2500001
  • abuse-c: AGFL-RIPE
  • mnt-ref: GRFL-MNT
  • mnt-by: GRFL-MNT
  • created: 2018-09-10T08:03:03Z
  • last-modified: 2019-06-20T09:32:06Z
  • person: GREEN FLOID EU Support Team
  • address: East Jefferson Street, 2707
  • address: Orlando, FL, 32803, USA
  • phone: +1 561 2500001
  • phone: +359 2 4925555
  • nic-hdl: GFES1-RIPE
  • mnt-by: ITLBG-MNT
  • created: 2018-08-16T11:07:23Z
  • last-modified: 2020-12-04T17:01:14Z
  • route: 5.34.178.0/23
  • origin: AS204957
  • mnt-by: GRFL-MNT
  • created: 2019-12-04T11:58:39Z
  • last-modified: 2019-12-04T11:58:39Z

Links to attack logs

awsjap-ntp-bruteforce-ip-list-2020-11-28 awsau-ntp-bruteforce-ip-list-2020-11-28