5.5.6.1 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 5.5.6.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 55/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Germany
• Noticed: 50 times
• Protocols Attacked: telnet
• Countries Attacked: Brazil, Germany, Japan, Netherlands, Romania, Russian Federation, United States of America
• Tor Node: No

Tags

• 4624
• a487132c3b
• aaaa
• aaaa nxdomain
• abuse
• accept
• access
• access ta0006
• active related
• activity
• added active
• address
• address domain
• address first
• address range
• admin country
• admin name
• a domains
• adversaries
• advocates ensure the rights of others
• africa
• agent
• agent tesla
• ag organization
• aig
• alerts
• alexa
• alexa top
• algorithm
• a li
• alienvault results removed from search results
• all ipv4
• allocation type
• all octoseek
• all rights
• all scoreblue
• all search
• amazon02
• amazonaes
• america?
• america flag
• analysis date
• analysis ob0002
• analyze
• android overlay
• anid
• anonymizer
• anti
• a nxdomain
• apache
• apnic
• apnic whois
• apple
• apple ios
• april
• arin whois
• arkei stealer
• artemis
• as133296 web
• as136800 sun
• as14061
• as15133 verizon
• as15169 google
• as16276
• as16509
• as16625 akamai
• as20446
• as20940
• as213120
• as21499 host
• as22822
• as29789
• as32400 hostway
• as3356 level
• as43317 fishnet
• as43350 nforce
• as44273 host
• as46562
• as54113
• as58955 bangmod
• as7018 att
• as8068
• as8075
• as9009 m247
• ascii text
• asn as45090
• asnone germany
• asnone united
• assaulted by man demanding phone
• asyncrat
• at filer
• attack
• august
• authority
• avast avg
• av detections
• awful
• aylo premium
• azorult
• b59bn timestamp
• b715
• back
• bank
• bd6en timestamp
• bitrat
• blackbag
• blacklist
• blacklist http
• body
• botnet
• botnet campaign
• botnet command
• bradesco
• brashears
• brashears blacklisted
• brashears bullied to return to PT due to workers compensation ru
• brashears cannot digest food
• brashears can't toilet
• brashears denied disability benefits for years
• brashears denied vocational rehab twice
• brashears family identity theft
• brashears further injured
• brashears given less than $10000 by Brian sabey
• brashears stalked
• brashears tagged in adult content - not removed
• brashears unable to properly articulate
• brashears unhirable due to online profile
• brian sabey
• briansabey
• Brian sabey brings case to silence brashears
• brian sabey constant contact ) threats
• bruteforce
• bryan counts made aware of recordings
• bundled
• burg simpson corruption
• cache
• ca issuers
• cambridge
• car hacking
• caribbean
• catalog tree
• ca valid
• cbe oglobalsign
• cc50689e0a
• c data
• cellbrite
• centos
• certum code
• chrome
• cidr
• cisco umbrella
• city
• city bonn
• ck id
• ck matrix
• ck techniques
• cl0p
• class
• click
• cloudflarenet
• cname
• cnc beacon
• cnc server
• cnc zeus
• cndigicert sha2
• cnus
• cobalt strike
• cobaltstrike
• code
• codeoverlap
• code signing
• coinminer
• collections
• com laude
• command
• command decode
• comments
• communicating
• conduit
• constant car bomb threats
• contact
• contacted
• contacted hosts
• content type
• control
• control ob0004
• control server
• control ta0011
• cookie
• copy
• copy md5
• copy sha1
• copy sha256
• core
• corruption
• count
• count blacklist
• country
• country de
• covid19
• cowboy server
• crack
• creation date
• critical
• cryp
• crypthashdata
• csc corporate
• cura adma
• cus olet
• customer
• CVE-2017-0147
• CVE-2017-0147 alsofound in Pegasus
• cybercrime
• cyber stalking
• cyber threat
• cyberwar
• d4 portable
• da informs brashears no statute
• danger
• darpapox
• data
• database
• data oc0004
• data upload
• date
• date checked
• date hash
• death threats
• de execution
• default
• defender
• defense evasion
• delete
• deletes_executed_files
• delphi
• delphi generic
• delphi programming
• denied healthcare
• Denver trial attorneys tell brashears statute is 6 years in colo
• detection
• detection list
• deva psaa
• development att
• digicert inc
• digicert tls
• dinkle threat
• discovery att
• discrimination
• div div
• dive domains
• dns
• dnspionage
• dns replication
• dns resolutions
• dnssec
• dock
• domain
• domain add
• domain data
• domain id
• domain name
• domain related
• domains
• domains show
• domaiq
• dom dom
• dom doman
• dos exe
• downldr
• download
• download csv
• downloader
• dropped
• drweb
• dynadot inc
• dynamicloader
• e5 e5
• ecacc
• e ep
• email
• emails
• emotet
• employer rightfully consider brashears attack a risk to others
• encrypt
• encrypt cnr3
• engb
• engineering
• enom
• enter
• enter sc
• entity bns34
• entries
• entries found
• error
• et tor
• evasion att
• evasion ta0005
• evilnum
• excluded io
• excluded tous
• execution
• expiration
• expiration date
• extraction
• extraction data
• extra data
• extri please
• f9970e
• facebook
• failed
• falcon
• falcon sandbox
• fall
• false
• false criminal records created about brashears
• falsified medical records
• fastly
• february
• feeds ioc
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• filerepmalware
• filerepmetagen
• files
• file score
• files domain
• files ip
• files location
• files related
• file type
• financial
• find
• find s
• find suggested
• firehol
• first
• flag
• flywheel
• for privacy
• found
• found cache
• found pe
• framing
• fraud
• fraud apple support chats
• from
• full name
• fusioncore
• g2 issuer
• g2 valid
• g4 issuer
• gamehack
• gandi sas
• general
• generator
• generic
• generic malware
• germany
• germany unknown
• get http
• ghost rat
• github pages
• glox
• gmt content
• gmt etag
• gmtn
• gmt p3p
• gmt server
• google llc
• google safe
• google team
• grandoreiro
• graph community
• group hacked esurance
• group hacked intermountain healthcare
• group hacked uchealth colorado
• groups
• hacking
• hacktool
• hall render
• hallrender
• handle
• hash apr
• helper
• heur
• hiddentear
• hide
• high
• highly targeted
• high st
• hijacker
• historical ssl
• host
• hosting
• hostname
• hostname add
• hostname c
• hostnames
• hsbc
• hstr
• http
• http host
• http spammer
• hybrid
• hydrocephalus not disclosed
• iana
• iana id
• iana ref
• icmp traffic
• icons library
• ids detections
• iframe
• illegal
• include data
• included iocs
• india asn
• indian mix brashears physically attacked often followed
• india unknown
• indicaok data
• indicator role
• indicator type
• industry and commerce
• inetsim http
• info
• info header
• informative
• inject
• injection
• inmortal
• installbrain
• installcore
• installer
• installpack
• intel
• internet
• iocs
• ioc search
• ios
• ip address
• ip addresses
• ip check
• ip detections
• iphone
• ip summary
• ipv4
• ipv4 add
• ip whois
• ireland unknown
• issuer certum
• jakuz
• january
• jeffrey reimer dpt 'reported' assaulter
• jeffrey reimer was reported early
• jekyll
• json sample
• judge sided with brashears
• june
• kawaii unicorn
• key algorithm
• key identifier
• key info
• key usage
• kgs0
• kimsuky
• kong asn
• langchinese
• launcher
• learn
• lehash
• levelbluelabs
• link
• link library
• local
• local law enforcement
• location china
• location hong
• location india
• location new
• location united
• log4
• log id
• logos
• look
• los angeles
• lowfi
• lseattle
• ltd dba
• lucky guy
• mailpass mixed
• make others aware
• malicious
• malicious site
• malicious url
• maltiverse
• malvertizing
• malware
• malware hunting
• malware site
• ma ma
• manually add
• mark sabey
• massachusetts
• mb installer
• md5 add
• mdm hacking
• media center
• medium
• medium risk
• memory oc0002
• meta
• metro
• microsoft way
• mile high
• million
• mimikatz
• mirai
• mitre att
• module load
• monitoring
• montano threatened brashears with breaking the law if not return
• morphex
• moved
• msgid10051
• msgid10053
• msie
• ms visual
• ms windows
• mtb apr
• name
• namecheap inc
• name domain
• name legal
• name md5
• name servers
• name tactics
• name verdict
• nanocore
• nanocore rat
• neill positively identified - no charges
• neojit
• net192
• net1920000
• network name
• network rats
• networks
• new ioc
• next
• next associated
• next related
• no charges
• no data
• no entries
• no expiration
• noi nid
• noname057
• none related
• non stop harassment
• norad tracking
• north america
• nothing new
• nuance china
• null
• number
• nxdomain
• ob0001
• ob0007 impact
• ob0012 file
• object
• occamy
• october
• octoseek
• odigicert inc
• open
• opencandy
• o please
• orgabusephone
• organization
• org deutsche
• orgid
• org principal
• o suggesteo
• otx scoreblue
• ouno sni
• overlay
• overly large campaign
• parents
• paris
• passive dns
• password
• paste
• path
• pattern match
• pcap
• pdf report
• pe32
• pe32 linker
• pegasus
• pegasus attackers do kill
• pegasus attackers make in person contact
• pegasus involves malicious actions by humans
• pegasus technology disallows victim to report to regulatory boar
• pe resource
• permanent damage
• persistence
• pe section
• phishing
• phishing site
• please
• png image
• policy windows
• pony
• postal code
• post http
• powershell
• pragma
• presenoker
• present apr
• present aug
• present dec
• present feb
• present jan
• present jun
• present mar
• present may
• present nov
• present oct
• privacy tech
• private investigators tailed stalkers. became afraid when learni
• process32nextw
• process details
• program
• project
• proxy
• psda our
• public key
• pulse pulses
• pulses
• pulses hostname
• pulses none
• pulses otx
• pulse submit
• pur com
• push
• pykspa
• python
• qaeaav12
• qbeipbdii
• quasar
• quasi
• quasi case
• query type
• r6 alphassl
• radar ineractive
• ransom
• ransomexx
• read
• read c
• reads
• recordings demanded
• recordings retrieved by bgp
• recordings storedonline
• record keeping
• record type
• record value
• redacted for
• redlinestealer
• referral url
• referrer
• refresh
• regdword
• registrar
• registrar abuse
• regsetvalueexa
• reimer promoted
• reimer protected and hidden
• reimer recorded
• reinsurance
• related
• related nids
• related pulses
• related tags
• relations apple
• relic
• remcos
• remember george floyd? brashears survived that injury
• remote
• renos
• reports
• request id
• reserved
• resolutions
• resolved ips
• restart
• results apr
• results aug
• results dec
• results feb
• results jan
• results jun
• results mar
• results may
• ret hat
• reverse dns
• review data
• review uus
• revil
• rgba
• riskware
• rob neill drives brashears off road
• role title
• root ca
• roundup
• rsa sha256
• ryuk
• sabey motions dismissed
• safe site
• sama bus
• sample
• samples
• samsung
• scan endpoints
• script
• script urls
• search
• search filter
• search host
• sea x
• secure server
• seen asn
• seen last
• september
• serial number
• server
• server response
• servers
• service
• services
• serving ip
• sha1
• sha256
• shadow
• show
• showing
• show technique
• signer
• signing ca
• singapore
• site
• size
• skynet
• slcc2
• social engineering
• sort
• spaceship
• span
• span h2
• span span
• spawns
• speakez securus
• spy cve
• sqli dumper
• srsplus
• ssl cert
• ssl certificate
• stalker
• stalking
• stamping
• startpage
• state
• state and governments cover white offender jeffrey reimer
• statement
• status
• status hostname
• stcalifornia
• stealer
• stolec kradnie
• strapi app
• strings
• stus
• stwashington
• subject public
• submitters
• summary
• summary iocs
• suppobox
• suricata stream
• survivor
• susp
• suspicious
• symantec time
• system oc0001
• t1003
• t1055
• t1129
• t1480 execution
• ta0002 defense
• ta0009
• tag count
• tags
• tagwearable
• tampering
• targeting tsara brashears
• targetname
• targets sa
• tcmiheijkmutcix
• team
• teams api
• telekom ag
• temp
• test
• tethering
• text
• threat
• threat analyzer
• threat report
• threat roundup
• thumbprint
• thumbprint md5
• time
• timestamp
• time stamping
• title
• title added
• tlsv1
• tlsv1 apr
• tls web
• t-mobile
• tofsee
• tools
• total
• tracker
• tracking
• trademarks
• traffic et
• trojan
• trojan downloader
• trojandropper
• trojanspy
• trusted network
• tsara brashears
• ttl value
• tui sugges
• twitter
• type
• type name
• types
• typosquat infra
• ub euj
• ub uj
• uche6vol
• uc health medical campus colorado medical campus
• ue codeoverlap
• u exclude
• united
• united kingdom
• unknown
• unsafe
• update
• updated date
• update p2p
• updater
• url analysis
• url hostname
• url http
• url https
• urls
• urls http
• urls https
• urls show
• url summary
• ursnif
• usage ff
• user agent
• utc submissions
• utf8
• v3 serial
• validity
• value address
• vendo
• verify
• vmware
• vt graph
• wacatac
• wa status
• webtoolbar
• west domains
• whitelisted
• who else is unheard.
• whois
• whois field
• whois lookups
• whois record
• whois server
• whois show
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win32heur mar
• win32qqpass apr
• win32spigot may
• win64
• windir
• windows
• windows nt
• winver
• worker
• worm
• wormx
• wow64
• write
• write c
• xamzexpires300
• x fw
• x show
• yara detections
• yara rule
• zbot
• zipcode
• zusy

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1057 - Process Discovery
• T1059.002 - AppleScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1094 - Custom Command and Control Protocol
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1112 - Modify Registry
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1125 - Video Capture
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1176 - Browser Extensions
• T1210 - Exploitation of Remote Services
• T1429 - Capture Audio
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1480 - Execution Guardrails
• T1547.006 - Kernel Modules and Extensions
• T1547 - Boot or Logon Autostart Execution
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1560 - Archive Collected Data
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1584.004 - Server
• T1584 - Compromise Infrastructure
• T1598 - Phishing for Information
• TA0011 - Command and Control

Attack Log References

• bruteforce-files-list-2021-04-11
• aws-telnet-bruteforce-ip-list-2020-12-03
• nmap-scanning-list-2021-05-21
• bruteforce-files-list-2020-07-18

Whois Information