103.231.91.59 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 103.231.91.59 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: New Zealand
  • Network: AS133480 intergrid group pty ltd
  • Noticed: 50 times
  • Protocols Attacked: redis
  • Countries Attacked: Australia, Brazil, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 88
  • Tor Node: No
  • Associated Malware Samples: 26

Tags

  • aaaa
  • acint
  • activity
  • add malware
  • adload
  • adversaries
  • adversary tags
  • agent
  • agent algorithm
  • alerts
  • alexa
  • alexa top
  • all scoreblue
  • analysis
  • analyzer
  • antivirus
  • as133618
  • as20940
  • as2914
  • as32181
  • as32421
  • ascii text
  • asyncrat
  • avast avg
  • avatier ccir
  • av detections
  • babe
  • backdoor
  • bank
  • bcrypt
  • blacklist http
  • body
  • bq jul
  • checkin win32/expressdownloader
  • choke
  • cisco umbrella
  • ck id
  • ck matrix
  • ck t1027
  • ck techniques
  • claro
  • cleaner
  • click
  • c!mtb
  • cnc
  • cnwe1 validity
  • cobalt strike
  • code command
  • command
  • command decode
  • conduit
  • contact
  • contacted
  • contact phone
  • copy
  • crack
  • create new
  • crowdstrike
  • cus
  • cus olet
  • cyber security
  • cyber threat
  • data redacted
  • deepscan
  • detection list
  • dns
  • domain
  • dos
  • download
  • email abuse
  • et
  • et trojan
  • expiration
  • exploit
  • facebook
  • false
  • filehashmd5
  • filehashsha1
  • filehashsha256
  • files
  • files location
  • files matching
  • files related
  • filetour
  • firehol
  • first
  • flag united
  • full name
  • fusioncor
  • genkryptik
  • get na
  • gigenet
  • girlfriend
  • green
  • hackers
  • hash
  • heur
  • high
  • high priority
  • hostile
  • hostname
  • html
  • http spammer
  • hybrid identifier
  • ids detections
  • iframe
  • indicator
  • informative
  • injection
  • installcore
  • installpack
  • invalid url
  • ioc
  • iocs
  • iocs ip
  • ip summary
  • ipv4
  • ipv6
  • javascript
  • key algorithm
  • key identifier
  • key info
  • known tor
  • kw1ethical
  • kw2ip
  • kw3cloud
  • kw4augmented
  • level as4230
  • local
  • luna host
  • malicious
  • malicious host
  • malicious site
  • malware
  • malware site
  • memscan
  • meta
  • million
  • misc attack
  • mitre att
  • module behav
  • module load
  • msdos
  • mtb
  • namecheap inc
  • name servers
  • name tactics
  • network
  • network w
  • next
  • Nextray
  • nircmd
  • no data
  • no expiration
  • notice nsis
  • nsis245zlib
  • ntt
  • nuance china
  • null number
  • ogoogle
  • passive dns
  • paste analyzer
  • patcher
  • pattern match
  • pcap
  • pdf report
  • pe
  • phishing
  • phishing site
  • pink
  • pornhub
  • porno
  • port
  • possible
  • possible postal code
  • potential ip
  • privacyurlhttp
  • public tlp
  • pulse provide
  • pulse use
  • ransomware
  • resource phish
  • sinkhole cookie
  • stix
  • termsurlhttp
  • threat
  • threat anonymizer
  • trident
  • trojan
  • trojanspy
  • trust
  • tsunami
  • ttl value
  • twitter
  • union
  • united
  • unknown
  • unsafe
  • upx alerts
  • upxoepplace url
  • url http
  • url https
  • v3 serial
  • validity
  • versionid1
  • virtool
  • virtool virus
  • virus
  • win32
  • win32.birele.gsg
  • win64
  • windows nt
  • worm
  • write
  • x509v3
  • x509v3 key
  • xrat
  • xrat xtrat
  • xtrat
  • yara
  • yara detections
  • yara rule
  • zeus derivative

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1031 - Modify Existing Service
  • T1040 - Network Sniffing
  • T1045 - Software Packing
  • T1057 - Process Discovery
  • T1059 - Command and Scripting Interpreter
  • T1060 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1071 - Application Layer Protocol
  • T1080 - Taint Shared Content
  • T1105 - Ingress Tool Transfer
  • T1114 - Email Collection
  • T1129 - Shared Modules
  • T1132.001 - Standard Encoding
  • T1132 - Data Encoding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1155 - AppleScript
  • T1210 - Exploitation of Remote Services
  • T1457 - Malicious Media Content
  • T1472 - Generate Fraudulent Advertising Revenue
  • T1530 - Data from Cloud Storage Object
  • T1568.002 - Domain Generation Algorithms
  • T1568 - Dynamic Resolution

Passive DNS

  • nas1-disksvr.direct.quickconnect.to

Attack Log References

Whois Information

inetnum: 103.231.91.0 - 103.231.91.255 netname: INTERGRID-AU descr: Intergrid Group Pty. Ltd. country: AU language: EN admin-c: IGPL7-AP tech-c: IGPL7-AP abuse-c: AI345-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-INTERGRID1-AU mnt-lower: MAINT-INTERGRID1-AU mnt-routes: MAINT-INTERGRID1-AU mnt-irt: IRT-INTERGRID-AU last-modified: 2023-12-18T22:48:10Z irt: IRT-INTERGRID-AU address: PO Box 62, Hornsby New South Wales 1630 e-mail: noc@intergrid.com.au abuse-mailbox: networkabuse@intergrid.com.au admin-c: IGPL7-AP tech-c: IGPL7-AP mnt-by: MAINT-INTERGRID1-AU last-modified: 2024-03-21T22:22:26Z role: ABUSE INTERGRIDAU address: PO Box 62, Hornsby New South Wales 1630 country: ZZ phone: +000000000 e-mail: noc@intergrid.com.au admin-c: IGPL7-AP tech-c: IGPL7-AP nic-hdl: AI345-AP abuse-mailbox: networkabuse@intergrid.com.au mnt-by: APNIC-ABUSE last-modified: 2024-03-21T22:22:54Z role: Intergrid Group Pty Ltd administrator address: PO Box 62, Hornsby New South Wales 1630 country: AU phone: +61291910627 fax-no: +61291910627 e-mail: noc@intergrid.com.au admin-c: IGPL7-AP tech-c: IGPL7-AP nic-hdl: IGPL7-AP mnt-by: MAINT-INTERGRID1-AU last-modified: 2018-01-24T23:07:43Z abuse-mailbox: networkabuse@intergrid.com.au route: 103.231.91.0/24 origin: AS133480 descr: Intergrid Group Pty Ltd mnt-by: MAINT-INT-5GN-AU last-modified: 2023-12-18T22:52:40Z