3.131.207.170 Threat Intelligence and Host Information

Share on:
Jun 25, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 3.131.207.170 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 25/100

Host and Network Information

  • Tags: C&C, Log4j Scanning Hosts, ngrok

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: socks_proxy_30d, socks_proxy_7d

  • Country: United States
  • Network: AS16509 amazon.com inc
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: United States of America
  • Passive DNS Results: 2.mass-ed.com minecrafttime.tk mineskymcvn.ga drgonfly.com.ar ng2.ml.mdn.skype.net vgs-caddy-mtls-test.prxprx.io ngrok.cruftbusters.com microsoftfixer.duckdns.org regedxasd.duckdns.org freemineserver.cf 2.tcp.ngrok.io 3.tcp.ngrok.io

Malware Detected on Host

Count: 451 24f788d0efa15670c6756b450d81d0d4de19710e7eae7b5d8cb2470436ddf883 360188db707074731f7372c5f80d9b303846c5e9f86a36e2b69c8b76fe5f58e7 60568bb96ede3fd4f84483c950f1b95981e607715439222b6613615b781a4f5a f7aa0b5e1063da37e45ff54cf34801aecb34ba5abfda9556321298681a5dd58f dd832e8cb16a660a57d5bff7aa0c1933fae0107e8ed25355303b081ee7289086 1fcb405e76d4b525b77d2927aea0f2441c712b03f3338141f559bc8c57b7c25a fc66802505b2aafa3bb74169d05995ca66b0410ac1318aaf12a89d20623bfc8d f6e48b16ab2ce9a342be306c26c786045c732b9917864289dcaf9a9448dbef1a 2f59bc71704b0e8e6cc6f261cee518df3e58fbdf94c4b12ff7f3fd0d45d4acae 6dd469cf9d310919d5ddb9307a93419fba93b478c1080051bf9fede8c56c2c79

Open Ports Detected

10001 10554 12345 14147

Map

Whois Information

  • NetRange: 3.128.0.0 - 3.255.255.255
  • CIDR: 3.128.0.0/9
  • NetName: AT-88-Z
  • NetHandle: NET-3-128-0-0-1
  • Parent: NET3 (NET-3-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Amazon Technologies Inc. (AT-88-Z)
  • RegDate: 2018-06-25
  • Updated: 2018-09-13
  • Ref: https://rdap.arin.net/registry/ip/3.128.0.0
  • OrgName: Amazon Technologies Inc.
  • OrgId: AT-88-Z
  • Address: 410 Terry Ave N.
  • City: Seattle
  • StateProv: WA
  • PostalCode: 98109
  • Country: US
  • RegDate: 2011-12-08
  • Updated: 2022-09-30
  • Comment: All abuse reports MUST include:
  • Comment: * src IP
  • Comment: * dest IP (your IP)
  • Comment: * dest port
  • Comment: * Accurate date/timestamp and timezone of activity
  • Comment: * Intensity/frequency (short log extracts)
  • Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
  • Ref: https://rdap.arin.net/registry/entity/AT-88-Z
  • OrgTechHandle: ANO24-ARIN
  • OrgTechName: Amazon EC2 Network Operations
  • OrgTechPhone: +1-206-555-0000
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
  • OrgRoutingHandle: IPROU3-ARIN
  • OrgRoutingName: IP Routing
  • OrgRoutingPhone: +1-206-555-0000
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
  • OrgRoutingHandle: ARMP-ARIN
  • OrgRoutingName: AWS RPKI Management POC
  • OrgRoutingPhone: +1-206-555-0000
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
  • OrgNOCHandle: AANO1-ARIN
  • OrgNOCName: Amazon AWS Network Operations
  • OrgNOCPhone: +1-206-555-0000
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
  • OrgAbuseHandle: AEA8-ARIN
  • OrgAbuseName: Amazon EC2 Abuse
  • OrgAbusePhone: +1-206-555-0000
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-06-22