31.31.198.66 Threat Intelligence and Host Information

Jul 09, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 31.31.198.66 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1056 - Input Capture, T1070 - Indicator Removal on Host, T1113 - Screen Capture, T1114 - Email Collection, T1566 - Phishing

  • Tags: agent tesla, akamaias, akamaiasn1, alphv, amazon02, any.run, api export, arkei, arkei malware, as15169, as16509, as20940, as3359, as8075, as852, ave maria, bitcoin, blackcat, blackcat browse, compromise, cuba, danabot, database, date, december, facebook, geoip, ghost, google, indicator of compromise, indonesia, info, ioc, iocs, iocs data, iocs ioc, iocs request, level3, maas, malware, media, mexico, mini, nanocore, noberus, official, open, proton, public url, remote access, requests share, seznam, telecom, threatfox, Tracking Domains, trojan, twitter, ukraine, vidar, vidar analysis, vidar malware, warzone, website, win32, win64, win.blackcat

  • JARM: 29d29d00029d29d00042d42d0000005d86ccb1a0567e012264097a0315d7a7

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_psh

  • Country: Russia
  • Network:
  • Noticed: 5 times
  • Protocols Attacked: SSH
  • Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 16 460c8855510ca6c9c8d6a769a5cafb5a085841eb2181376f50e4878ee038c730 e45ad35da9350bb09d68d39b0fcc1b9ea3b4bf26faa522b4d1bd7daaad0ea811 f7d96f03ed0b329879975a0abb8462a3b3a9276c6636784007dade1e00c2b3f0 27a982ceee8f36b5ec7fb6c11c1cdedc598bcc85f863e5b17cace3fcdf541e27 06d0bd06b3f38238d2cdaf51ede03f8adbdf390c771785aab9b8238b15278325 387fb5698bae553cbc8f22f1ae24a4922db0a104fda8db56a433fbc8250c37cc 012c8d861df35d3a6f60f4d7745479e02893947a6a7de7e51852de13bf8ad46f 15ce6109b8b2a62481a389b65d72c43ea3bdc385bec18ec5a4ef970cf9d90e71 ef3ca5d0221973333142bc7a3092bf9b5905ef0e9bebcd37cd6d8ab7b0cf44d5 52c8167612853eafec63a54f8c3009c107f3a1b375187a80500566395c4ccf6a

Open Ports Detected

111 143 21 22 25 3306 3310 443 53 587 80 993 995

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2022-4900 CVE-2024-25117 CVE-2024-3566 CVE-2024-5458

Map

Links to attack logs

****** ****** ******

Share on: