5.5.7.3 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 5.5.7.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 55/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: Germany
- Network: AS6805 telefonica germany gmbh & co.ohg
- Noticed: 12 times
- Protocols Attacked: SSH
- Countries Attacked: Canada, France, Germany, Netherlands, Poland, United States of America
- Tor Node: No
Tags
- 443 ma2592000
- aaaa
- abuse
- accept
- address
- agent
- albania
- albanian
- alerts
- algorithm
- all algorithm
- all scoreblue
- already
- amadey
- amd64 accept
- analysis
- analysis date
- android
- anity
- apeaksoft ios
- appdata
- apple
- apple ios
- apt suspects
- arc1
- arial
- armenia
- artyku polska
- as13335
- as14061
- as15169 google
- as20738 host
- as24940 hetzner
- as25504 vautron
- as31154 toyota
- as31242
- as32244 liquid
- as32934
- as44273 host
- as48559 infomex
- as50599
- as55286
- as6185 apple
- as63949 linode
- as714 apple
- as8068
- as8075
- ascii tekst
- ascii text
- ashley
- asnone united
- asyncrat
- auth1
- authority
- av detections
- back
- backdoor
- base64 encrypt
- bcnt1
- beginstring
- belarus
- belgium
- belgium unknown
- b file
- bits
- blank
- blaty kamienne
- body
- body doctype
- body length
- b server
- burn
- calendar
- calls unmanaged
- campus
- cascade
- ceidg.gov.pl - centralna ewidencja i informacja o działalności g
- certificate
- check point
- chime sa
- christine
- Christopher Pool
- ck id
- ck matrix
- class
- click
- clock
- close
- cloud
- cname
- code
- colors
- command decode
- company isp
- config
- connection
- contact
- contacted
- contentlength
- content type
- controlservice
- copy
- core
- corporation
- country
- cp
- cpai20171016
- crash
- create c
- creation date
- crime
- critical
- critical cmd
- crlf
- crlf line
- cr line
- cryptbot
- ctlrdev293e
- ctlrven8086
- culture
- cus cnr3
- cve20090269
- cve20090689 dua
- cve20171000121
- cve201717215
- cwe122
- cwe1339
- cyber
- cyber attack
- czech
- dania
- darklivity
- date
- date tue
- dcom
- december
- default
- defender
- delete
- delete c
- delta
- denver police
- deny
- desktop
- dev0022
- digicert inc
- dock
- doctype html
- document file
- domain
- domain name
- domains
- dom-modification
- done
- download
- dragdrop
- dugo treci
- dump
- dword
- eksport
- elastic
- emails
- emotet
- ems1
- encrypt
- entity
- entries
- error
- etpro trojan
- et tor
- execution
- exe upload
- exit
- expiration date
- expires thu
- expiresthu
- explorer
- express
- external-resources
- fail
- false
- filehash
- files
- file score
- file type
- final url
- find
- finland unknown
- first
- flag
- flash
- floodfix
- floxif
- font format
- foreign
- form
- format
- found
- found h1
- found title
- france as16276
- friendly
- front
- fullscreen
- func01
- fyou
- general
- generator
- generic http
- germany as24940
- get https
- gina
- gmt cache
- gmt content
- gmt ostatnio
- gmt server
- government
- graph
- green
- gujw4wrohtm
- h1 p
- hackers
- hacktool
- head body
- headers
- hiddentear
- hide
- high
- high level
- highly targeted
- historical ssl
- history first
- hit
- hitmen
- hope
- hostname
- html
- html public
- http
- http host
- huawei
- huawei hg532
- huawei ngfws
- huawei tac
- hybrid
- icelandic
- icmp
- identifier
- ids detections
- ietfdtd html
- iframes
- impacting azure
- import
- indicator
- indonesia
- info
- insert
- install
- intel
- internet se
- inwestycje
- ip address
- ip check
- ip detections
- ip hostname
- ips signature
- ipv4
- ipv4 domain
- issuer
- italian
- japan
- javascript
- jays
- jeremy
- jsc regional
- july
- june
- karin
- karma
- kathrin
- kb body
- kb file
- key algorithm
- key block
- key identifier
- key info
- key usage
- kliknij
- known tor
- korean
- kreatywne meble
- kuchnie
- label saudi
- learn
- leave
- legacy
- less whois
- licia
- loader
- local
- localeenus
- local government
- lockbit
- logging
- look
- malicious
- malware
- malware beacon
- managed code
- markmonitor
- markus
- mascore2
- md5 nazwa
- md5 process
- meble biurowe
- meble kuchenne
- meble łazienkowe
- meble na wymiar
- meble na zamówienie
- media
- media center
- mediawarning
- medium
- memcommit
- men
- meta
- mexico
- michael roberts
- microsoft
- minsk
- misc attack
- mitre att
- model
- module load
- mongolian
- moved
- mozilla firefox
- msie
- msrsaapp
- ms shell
- ms windows
- name
- name microsoft
- name server
- name servers
- name type
- native
- nazwa
- nazwa typ
- nct1
- never
- next
- next pe
- nextron
- niedziela
- node traffic
- november
- nsa
- null
- number
- nxdomain
- objects
- october
- often seen
- okhfjrtblzo
- ok server
- olet
- open
- outbound
- panama
- paraguay
- parents
- partru
- passive dns
- path
- pattern match
- p body
- pe32
- pe32 executable
- pehash
- pe resource
- persistence
- pgp public
- phase
- pipes
- please
- plik
- plugx
- png image
- pobierz plik
- poczenie
- poland as12824
- poland as15967
- poland as29522
- poland as41079
- poland as5617
- poland unknown
- polish
- polityka
- Pool's Closed
- powershell
- powershell id
- pragma
- problem
- process32nextw
- procesu
- produkcja
- profesjonalne
- proofpoint
- prosz czeka
- przejd
- public key
- pulse pulses
- pulse submit
- push
- query
- ransom
- rar jays
- rar youtube
- rdami tego
- read c
- reboot
- record value
- redrum
- red team hacking
- refer
- referer https
- referrer
- refresh
- regbinary
- regdword
- registrar
- registry
- registry techc
- regsetvalueexa
- relacionada
- related nids
- relayrouter
- replacement
- report uid
- request
- restart
- restrict
- returnur
- reverse ip
- rexxfield
- rgba
- ripe
- ripe ncc
- ripe network
- riyadh
- riyadh address
- roberts
- rwx memory
- sabey
- sameorigin
- samplename
- sandy
- saudi
- saudi arabia
- saudi telecom
- scan endpoints
- scene unit
- screen
- screenshot
- script block
- script urls
- scroll
- search
- secchuabitness
- secchuamodel
- secchuaplatform
- secchuawow64
- secure
- self
- serial number
- server nginx
- servers
- server tsa
- service
- serwer
- settingswpad
- sha1
- sha256
- shadow
- shell dlg
- shift
- show
- showing
- shown
- show technique
- shutdown
- sinf
- size
- skaker
- skrypt
- slcc2
- slot1
- slovak
- slovakia
- small
- sneaky server
- social bots
- song culture
- songculture
- sonja
- sophos
- span
- specified
- sprawd
- spreader
- stack
- starfield
- status
- status code
- status valid
- stdin via
- stop
- strings
- strong
- subject key
- subject public
- submission
- subsys1af40022
- suricata ipv4
- susp
- suspicious
- swedish
- switch dns
- sylvia
- synaptics
- system
- szafy
- t1060
- t1129
- tahoma verdana
- target
- telecom company
- terminal
- text/html
- thank
- third-party-cookies
- this
- threat
- thumbprint
- Timothy Pool
- tim rauch
- toolbar
- tools
- trace
- tracey richter
- trackers
- tracking
- trade
- triangulation
- trojan
- truetype
- tsara brashears
- tsara lynn
- turkish
- turn
- twitch
- type name
- type read
- typ zawartoci
- ukraine
- unauthorized
- unicode
- unicode text
- unique
- united
- united kingdom
- unknown
- upgrade
- url analysis
- url http
- url https
- urls
- uruguay
- utf8 unicode
- v2 document
- v3 serial
- valid
- valid from
- valid usage
- ven1af4
- verify
- voice
- vy binh
- waiting
- wannacry
- warto 1
- web open
- welcome
- win32
- win32 exe
- win64
- window
- windows
- windows nt
- wirtualne
- worm
- wow64
- write
- write c
- wskazwka
- x509v3 crl
- xcitium verdict
- xtra
- xwwmwh4cg2hpw
- yara detections
- yciu
- youtube bot
- youtube twitter
- yuming
- zabudowa
- zabudowy wnęk
- zaloguj
- zero
- zip youtube
- znakw z
- znaleziono
- znaleziono cig
- znaleziony
- zobacz
- z terminatorami
- zwizane z
- zwizualizuj
- zwyky tekst
- z wywoania
MITRE ATT&CK TTPs
- T1003 - OS Credential Dumping
- T1005 - Data from Local System
- T1012 - Query Registry
- T1027 - Obfuscated Files or Information
- T1031 - Modify Existing Service
- T1038 - DLL Search Order Hijacking
- T1040 - Network Sniffing
- T1045 - Software Packing
- T1053 - Scheduled Task/Job
- T1055 - Process Injection
- T1057 - Process Discovery
- T1059.007 - JavaScript
- T1059 - Command and Scripting Interpreter
- T1060 - Registry Run Keys / Startup Folder
- T1068 - Exploitation for Privilege Escalation
- T1071.001 - Web Protocols
- T1071.004 - DNS
- T1071 - Application Layer Protocol
- T1081 - Credentials in Files
- T1082 - System Information Discovery
- T1088 - Bypass User Account Control
- T1089 - Disabling Security Tools
- T1094 - Custom Command and Control Protocol
- T1105 - Ingress Tool Transfer
- T1112 - Modify Registry
- T1119 - Automated Collection
- T1125 - Video Capture
- T1129 - Shared Modules
- T1133 - External Remote Services
- T1140 - Deobfuscate/Decode Files or Information
- T1143 - Hidden Window
- T1158 - Hidden Files and Directories
- T1210 - Exploitation of Remote Services
- T1470 - Obtain Device Cloud Backups
- T1518 - Software Discovery
- T1546 - Event Triggered Execution
- T1553.002 - Code Signing
- T1553 - Subvert Trust Controls
- T1566 - Phishing
- T1568 - Dynamic Resolution
- T1583.005 - Botnet
- T1583 - Acquire Infrastructure
- T1584.005 - Botnet
- T1588 - Obtain Capabilities
Attack Log References
Whois Information
inetnum: 5.4.0.0 - 5.7.255.255
netname: DE-MEDIAWAYS-20120425
country: DE
org: ORG-TDG4-RIPE
admin-c: MWH6-RIPE
tech-c: MWH6-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MDA-Z
mnt-lower: MDA-Z
mnt-routes: MDA-Z
created: 2012-04-25T06:13:17Z
last-modified: 2018-07-30T09:52:34Z
organisation: ORG-TDG4-RIPE
org-name: Telefonica Germany GmbH & Co.OHG
country: DE
org-type: LIR
address: Georg-Brauchle-Ring 50
address: 80992
address: München
address: GERMANY
phone: +498924420
admin-c: RCM25-RIPE
admin-c: DK9212-RIPE
abuse-c: MWH6-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MDA-Z
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MDA-Z
created: 2004-04-17T12:45:50Z
last-modified: 2024-04-30T04:43:21Z
role: mediaWays Hostmaster
address: Telefonica Germany GmbH & Co. OHG
address: Georg-Brauchle-Ring 50
address: 80992 Muenchen
address: DE
phone: +498924420
fax-no: +49892442198224
abuse-mailbox: abuse.de@telefonica.com
admin-c: DK9212-RIPE
admin-c: RCM25-RIPE
tech-c: TG819-RIPE
tech-c: ASZ-RIPE
nic-hdl: MWH6-RIPE
mnt-by: MDA-Z
created: 2001-11-06T10:42:25Z
last-modified: 2022-03-31T09:18:07Z
route: 5.4.0.0/14
descr: Telefonica Germany GmbH & Co. OHG
origin: AS6805
mnt-by: MDA-Z
created: 2018-08-08T09:03:25Z
last-modified: 2018-08-08T09:13:47Z