5.79.68.161 Threat Intelligence and Host Information

Share on:
Aug 15, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 5.79.68.161 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

  • Tags: Nextray, TOR, VPN, cyber security, ioc, malicious, phishing

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: cruzit_web_attacks, nullsecure

  • Country: Netherlands
  • Network: AS60781 leaseweb netherlands b.v.
  • Noticed: 1 times
  • Protcols Attacked: spam
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: tor-exit.network www.dhfudmglko.com dhfudmglko.com torakqnap.myqnapcloud.com rpbackup.net relay-j.tor-exit.network server6.tvdw.eu tor-exit.server6.tvdw.eu seed.bitcoin.sipa.be

Malware Detected on Host

Count: 28 55b3bde433d98a36032ae343ef23757764fb91b0c9bf84f54d2a420e318385a4 c9237b7186a2f061dd20c270cbb66673c3103345532f0b9c45bb1da973ef5610 3538c2f5ca4a852f4a80c2cb4cbf8f2a1ad28895d84ba75132925aeb39cb49e2 3bd8cf9cb733be4682687ee4161fb5855499ce1f3159c648c365cd7250d21ccf fb7fc3b7516b6338d420bf2aeb0691e93585d96460a86c40fd8eff68dad6fcfe f13f5d6762205df3dd312a80db46083aa0e51db4bab10e85e1512fd5cca38865 d3c0f89eb1a671df4f07936f2e52a7967a8e56ac9dc8a65352d68850013e99a1 4e111304f9df72a2a41084c2bf754ad066a23cfcb6817ab9b085482f61577e67 784828bd3223ba0440e1e66b6ba126e11f03c260a0ac8a9b80b17bf7f2759aa7 2ee8e9b1190caa6a8b50ed2f7773c8dd5b1626d03da8df3cf92e0884ea6261a6

Map

Whois Information

  • inetnum: 5.79.64.0 - 5.79.127.255
  • netname: NL-LEASEWEB-20120614
  • country: NL
  • org: ORG-OB3-RIPE
  • admin-c: lswn1-RIPE
  • tech-c: lswn1-RIPE
  • status: ALLOCATED PA
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • mnt-lower: LEASEWEB-NL-MNT
  • mnt-domains: LEASEWEB-NL-MNT
  • mnt-routes: LEASEWEB-NL-MNT
  • created: 2012-06-14T07:52:30Z
  • last-modified: 2017-11-16T10:10:08Z
  • organisation: ORG-OB3-RIPE
  • org-name: LeaseWeb Netherlands B.V.
  • country: NL
  • org-type: LIR
  • address: Postbus 93054
  • address: 1090BB
  • address: Amsterdam
  • address: NETHERLANDS
  • phone: +31203162880
  • fax-no: +31203162890
  • admin-c: lswn1-RIPE
  • abuse-c: LWAD-RIPE
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: LEASEWEB-NL-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2004-04-17T11:42:05Z
  • last-modified: 2020-12-16T12:49:01Z
  • role: Leaseweb NL NOC
  • address: Hessenbergweg 95, 1101 CX. Amsterdam
  • admin-c: SPW1-RIPE
  • nic-hdl: lswn1-RIPE
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2017-11-16T10:05:00Z
  • last-modified: 2022-07-05T12:59:36Z
  • route: 5.79.64.0/18
  • descr: LEASEWEB
  • origin: AS60781
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2014-03-10T12:46:38Z
  • last-modified: 2015-09-30T23:00:01Z

Links to attack logs

forum-spam-ip-list-2014-07-03 forum-spam-ip-list-2014-07-08