167.172.173.210 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 167.172.173.210 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1498 - Network Denial of Service

• Tags: attack ddos, botnet, Cyclops, ddos, Gamardeon, HermeticWiper, IsaacWiper, list ips, PartyTicket, russia, russian, ukraine, WhisperGate

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: sslproxies_1d, sslproxies_30d, sslproxies_7d

• Country: Germany
• Network:
• Noticed: 6 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Russian Federation
• Passive DNS Results: image-crawler-3.futudata.com target-image-crawler-3.futudata.com

Open Ports Detected

1000 10000 10001 10002 10003 10011 10019 10024 10031 10033 10036 10037 10041 10047 10100 10134 102 1023 1024 10243 104 10443 10909 10911 10933 10936 110 11000 11002 111 1110 11112 11210 113 11401 11434 11443 11601 1200 1207 122 1234 1311 1337 135 1400 1414 143 1433 1443 1444 1447 1515 1521 1604 1700 1723 1741 1800 1801 1925 1935 2000 2001 2003 2006 2008 2010 2016 2031 21 2109 2126 2134 22 2202 221 2222 23 2323 2332 2345 2404 2423 243 26 2626 2628 2701 3001 3003 3007 3016 3021 3030 30303 3101 3105 3108 3111 3114 3118 3120 3127 3134 3137 3138 3139 3145 3200 3301 3307 3310 3333 3400 3401 3405 343 3443 3503 3522 3541 3542 3842 400 4000 4021 4022 4040 4100 4200 4242 4243 427 4321 4343 440 4400 4432 4433 4434 444 4444 445 447 4506 4510 4523 4530 4543 4602 4643 4840 4911 5000 5001 5005 5006 5007 5009 5010 5011 502 5025 503 5100 5120 5122 513 5201 5222 5227 5232 5235 5238 5240 541 5432 5435 5601 5602 5613 5620 5721 5800 5801 5900 5901 5903 5916 5918 5919 5938 6000 6002 6006 6008 6010 6011 6021 6100 631 632 636 6440 6512 6633 7000 7001 7004 7006 7018 7105 7218 7302 7331 7415 7441 7443 7445 7535 7547 7634 79 7900 7946 80 8000 8001 8002 8007 8008 8010 8011 8013 8015 8016 8018 8021 8029 8030 8032 8033 8035 8036 8044 8046 8080 8104 8105 8106 811 8112 8115 8117 8125 8126 8127 8133 8139 8140 8147 8200 8237 8243 8300 832 8333 8334 8403 8404 8409 8419 8423 8429 843 8431 8434 8441 8444 8447 8503 8505 8523 8531 8536 8540 8545 8605 8622 8703 8707 8709 8723 8724 8731 8745 88 8800 8801 8808 8813 8822 8827 8828 8832 8836 8842 8844 8845 8846 8905 8912 8915 8916 8943 9000 9005 9009 9019 902 9021 9023 9029 9030 9037 9042 9046 9100 9101 9104 9107 9109 9124 9131 9134 9144 9201 9203 9206 9207 9211 9214 9215 9218 9219 9230 9244 9303 9306 9307 9308 9309 9311 9313 9333 9418 9441 9443 9447 9501 9505 9507 9515 9529 9530 9600 9633 9711 9800 9804 9810 9908 9922 9926 9929 9930 9943 9944 9999

Map

Whois Information

• NetRange: 167.172.0.0 - 167.172.255.255
• CIDR: 167.172.0.0/16
• NetName: RIPE-ERX-167-172-0-0
• NetHandle: NET-167-172-0-0-1
• Parent: NET167 (NET-167-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2003-07-23
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/167.172.0.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-08-05 anonymous-proxy-ip-list-2023-07-15 anonymous-proxy-ip-list-2023-07-28 anonymous-proxy-ip-list-2023-06-28 anonymous-proxy-ip-list-2023-05-25 anonymous-proxy-ip-list-2023-06-29 ****** anonymous-proxy-ip-list-2023-08-07 anonymous-proxy-ip-list-2023-09-01 anonymous-proxy-ip-list-2023-08-08 anonymous-proxy-ip-list-2023-08-21 anonymous-proxy-ip-list-2023-07-10 anonymous-proxy-ip-list-2023-05-26 anonymous-proxy-ip-list-2023-05-20 anonymous-proxy-ip-list-2023-07-31 anonymous-proxy-ip-list-2023-06-30 anonymous-proxy-ip-list-2023-08-14 anonymous-proxy-ip-list-2023-08-20 anonymous-proxy-ip-list-2023-08-31 anonymous-proxy-ip-list-2023-07-30 anonymous-proxy-ip-list-2023-06-22 ****** anonymous-proxy-ip-list-2023-11-09 anonymous-proxy-ip-list-2023-07-13 ****** anonymous-proxy-ip-list-2023-07-14