31.172.80.104 Threat Intelligence and Host Information

Share on:
May 22, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 31.172.80.104 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 62/100

Host and Network Information

  • Mitre ATT&CK IDs: T1001 - Data Obfuscation, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1055 - Process Injection, T1068 - Exploitation for Privilege Escalation, T1110 - Brute Force, T1112 - Modify Registry, T1192 - Spearphishing Link, T1203 - Exploitation for Client Execution, T1563.002 - RDP Hijacking
  • Tags: AppleSeed, Kimsuky, Meterpreter, Mimikatz, Nextray, RDP, SSH, Telnet, VNC, attack, brute-force, bruteforce, cyber security, ioc, login, malicious, phishing, scanner, spearphishing, ssh, tcp, tsec
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: et_compromised, haley_ssh

  • Country: Germany
  • Network: AS44066 accelerated it services & consulting gmbh
  • Noticed: 50 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Korea Republic of, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: l802b76b.justinstalledpanel.com mail.naver-check.ml mail3.nate-or.ga help.naver-login.cf mail3.nate-r.gq jbnu.info ping.onehappy.ml www.soundtrack.gg soundtrack.gg dev.soundcheck.gg soundcheck.gg www.soundcheck.gg

Malware Detected on Host

Count: 2 d6d6589f54f39e4ac15bbf1059e0937791dc4175ca3b7d66881b535ee5054ad1 812570151a97eee8ab33e6f5c97276321266dea04d0c096af61e7f1f96593e12

Map

Whois Information

  • inetnum: 31.172.80.0 - 31.172.80.255
  • netname: DE-ULTAHOST
  • country: DE
  • admin-c: COLO-RIPE
  • tech-c: COLO-RIPE
  • abuse-c: UA17643-RIPE
  • mnt-by: ACCELERATED-MNT
  • created: 2021-03-15T10:22:00Z
  • last-modified: 2021-03-15T11:10:02Z
  • status: ASSIGNED PA
  • role: First Colo Ripe Coordination
  • address: First Colo GmbH
  • address: Hanauer Landstr. 291b
  • address: D-60314 Frankfurt am Main
  • address: Germany
  • phone: +49-(0)69-120069-0
  • fax-no: +49-(0)69-120069-55
  • abuse-mailbox: [email protected]
  • admin-c: LEKR-RIPE
  • admin-c: NKA-RIPE
  • tech-c: LEKR-RIPE
  • tech-c: NKA-RIPE
  • nic-hdl: COLO-RIPE
  • mnt-by: MNT-FIRSTCOLO
  • created: 2007-09-28T19:01:39Z
  • last-modified: 2021-01-27T12:48:26Z
  • route: 31.172.80.0/24
  • origin: AS44066
  • mnt-by: MNT-FIRSTCOLO
  • created: 2018-09-30T14:34:46Z
  • last-modified: 2021-03-16T07:48:58Z

Links to attack logs

bruteforce-ip-list-2021-12-16