113.160.234.229 Threat Intelligence and Host Information

May 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 113.160.234.229 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001.001 - Junk Data, T1001.003 - Protocol Impersonation, T1001 - Data Obfuscation, T1003.003 - NTDS, T1003.004 - LSA Secrets, T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1078 - Valid Accounts, T1090 - Proxy, T1098 - Account Manipulation, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1114 - Email Collection, T1136 - Create Account, T1187 - Forced Authentication, T1190 - Exploit Public-Facing Application, T1212 - Exploitation for Credential Access, T1505 - Server Software Component, T1528 - Steal Application Access Token, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1555 - Credentials from Password Stores, T1556 - Modify Authentication Process, T1557 - Man-in-the-Middle, T1566 - Phishing, T1583 - Acquire Infrastructure, T1584 - Compromise Infrastructure, T1586 - Compromise Accounts, T1587 - Develop Capabilities, T1588 - Obtain Capabilities, T1597 - Search Closed Sources, TA0002 - Execution, TA0004 - Privilege Escalation, TA0005 - Defense Evasion

  • Tags: alliance, anchorfree vpn, android, april, apt, APT28, blizzard, brute-force, cactus vpn, c server, cve-2023-23397, cve202323397, CVE-2023-23397, cve-2023-38831, cyber security, edgeos device, exchange, exchange online, exchange server, exploit, explorer, february, fighting ursa, forest blizzard, hash, hash theft, information stealer, ioc, iocs https, ip address, local, malicious, march, microsoft, Microsoft Outlook, monitoring, mullvad vpn, networks, Nextray, NTLM, object, outlook, outside, palo alto, pawn storm, phishing, phishing site, prior, response, russia, sednit, service, sha256, sofacy, source, spear-phishing, targeted attack, test2, test3, test4, test5, twitter, ukraine, unit, ursa, Ursa, virustotal, webdav, whoer vpn, windows

  • JARM: 0bd0bd00000000000042d42d0000004dda12c60d5f928802d7dfb003ed1ff1

  • View other sources: Spamhaus VirusTotal

  • Country: Vietnam
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Afghanistan, Åland Islands, Bulgaria, Canada, Central African Republic, Czechia, Denmark, Estonia, France, Germany, Italy, Jordan, Latvia, Lithuania, Luxembourg, Malaysia, Montenegro, Norway, Poland, Romania, Russian Federation, Slovakia, South Africa, Taiwan, Turkey, Türkiye, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 1 f0f98c676f311385f73ad5bb39058c85114c294ef4836b5e8e57470ab2005485

Open Ports Detected

161 443 80

Map

Whois Information

  • inetnum: 113.160.0.0 - 113.191.255.255
  • netname: VNPT-VN
  • descr: Vietnam Posts and Telecommunications Group
  • descr: No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City
  • country: VN
  • admin-c: PTH13-AP
  • tech-c: PTH13-AP
  • status: ALLOCATED PORTABLE
  • mnt-by: MAINT-VN-VNNIC
  • mnt-lower: MAINT-VN-VNPT
  • mnt-routes: MAINT-VN-VNPT
  • last-modified: 2018-01-25T03:55:17Z
  • mnt-irt: IRT-VNNIC-AP
  • irt: IRT-VNNIC-AP
  • address: Ha Noi, VietNam
  • phone: +84-24-35564944
  • fax-no: +84-24-37821462
  • e-mail: hm-changed@vnnic.vn
  • abuse-mailbox: hm-changed@vnnic.vn
  • admin-c: NTTT1-AP
  • tech-c: NTTT1-AP
  • mnt-by: MAINT-VN-VNNIC
  • last-modified: 2017-11-08T09:40:06Z
  • person: Pham Tien Huy
  • address: VNPT-VN
  • country: VN
  • phone: +84-24-37741604
  • e-mail: huypt@vnpt.vn
  • nic-hdl: PTH13-AP
  • mnt-by: MAINT-VN-VNPT
  • last-modified: 2017-11-19T07:06:20Z
  • route: 113.160.224.0/19
  • descr: VietNam Post and Telecom Corporation (VNPT)
  • descr: VNPT-AS-AP
  • country: VN
  • origin: AS45899
  • notify: hm-changed@vnnic.net.vn
  • mnt-by: MAINT-VN-VNPT
  • last-modified: 2010-08-10T08:20:02Z
  • route: 113.160.224.0/19
  • descr: VietNam Post and Telecom Corporation (VNPT)
  • descr: VNPT-AS-AP
  • country: VN
  • origin: AS7643
  • notify: hm-changed@vnnic.net.vn
  • mnt-by: MAINT-VN-VNPT
  • last-modified: 2010-01-22T02:47:21Z

Links to attack logs

bruteforce-ip-list-2023-05-02 ****** ****** ******

Share on: