5.61.24.226 Threat Intelligence and Host Information

Share on:
Dec 30, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.61.24.226 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 20/100

Host and Network Information

  • Tags: bruteforce, cyber security, ioc, malicious, Nextray, phishing, SSH

  • View other sources: Spamhaus VirusTotal

  • Country: Iran
  • Network: AS58262 negah roshan pars company (pjs)
  • Noticed: 1 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count:

Open Ports Detected

10134 104 1099 11112 113 11371 12345 1311 135 1400 14265 1433 14344 1515 16030 1723 1800 1801 18245 1911 1925 1935 1962 20256 20547 2082 21379 2404 25001 264 2761 2762 3000 3299 3389 3460 35000 3542 37215 3749 37777 4040 4242 4369 443 444 44818 4567 4664 4782 49152 49153 5005 5009 5025 51106 5269 52869 55442 5560 5672 5985 6000 6001 60010 60129 6080 631 6379 6664 7171 7415 7474 7547 7777 7779 789 79 80 8000 8008 8060 8069 8080 8086 8087 8098 81 8123 8126 82 8200 8291 83 8334 8554 8800 8888 9000 9009 9042 9090 9200 9295 9633 9981

Map

Whois Information

  • inetnum: 5.61.24.0 - 5.61.24.255
  • netname: nrpcore2
  • descr: Negah Roshan Pars - Parsdev Iran Network
  • country: ir
  • admin-c: NP3440-RIPE
  • tech-c: NP3440-RIPE
  • status: ASSIGNED PA
  • mnt-by: AI42700-MNT
  • created: 2012-06-10T20:44:46Z
  • last-modified: 2014-01-07T09:13:51Z
  • person: Negah Roshan Pars PJS
  • address: 3rd Floor,Aria Building,Moallem Blvd,Rasht,Iran
  • phone: +981333261010
  • fax-no: +981391009910
  • nic-hdl: NP3440-RIPE
  • mnt-by: parsdevir
  • created: 2014-01-07T09:04:02Z
  • last-modified: 2019-11-21T23:15:15Z
  • route: 5.61.24.0/24
  • descr: nrpcore2
  • origin: AS58262
  • mnt-by: AI42700-MNT
  • created: 2012-06-10T20:48:49Z
  • last-modified: 2012-06-10T20:48:49Z

Links to attack logs

** bruteforce-ip-list-2022-12-09 vultrmadrid-ssh-bruteforce-ip-list-2022-12-08 ** **