80.76.51.113 Threat Intelligence and Host Information

Dec 16, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 80.76.51.113 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

  • Tags: alias, april, bruteforce, Bruteforce, Brute-Force, byval, c0 test, c9 xor, call, case, cf e8, cf mov, citrix, cobalt strike, cobaltstrike, code issues, combinations, compromise ipv4, conpot, copy, cowrie, d0 add, d0 mov, d3 mov, dionaea, dllimport, domain port, email, esp4, f1 jl, f9 mov, false, ff c0, ff d5, ff ff, footer, format, gcti, github, gs003, gs005, gs008, heralding, honeytrap, iocs, javascript, jump, LAMP, license, linux, mailoney, malicious, malware, mirai, mirai botnet, open, please, portscan, postmessagea, pull, push, raxrbp, rdpwrap, Redissecurity, sentrypeer, sftp, sign, sip, sliver, ssh, SSH, star, strong, tanner, unicode, urls, versions, view, without, yara, yararules

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 33 times
  • Protocols Attacked: ssh
  • Countries Attacked: Poland, Sweden
  • Passive DNS Results: bjjg0917.com www.bjjg0917.com www.gaoludog.com gaoludog.com

Malware Detected on Host

Count: 7 a599e193f5a67855988d8c65fc5d140e979a40d00b298bced30e0b8becc00de4 81fed736c64cbad944d1d2442fedeb25742b03688506d1188af993d0a15363cd fd16592a208a76f378e11186db492ff283aeb6ef716b5b7455d65eec5424d74d 8dfc56c34f6fb26e2f8302cb1bfd9e533acb322f7be6b1589099f1edef05a3a0 3c9288d3e6717303225cc56837ac3121d1180ff76c4c54cba46865f17ae6839e 11d5be693bffc68ed15cde852b67134bba8fd41699d96113f72b7acd9302f5fe db7a99f073ae1a6a1fc87aef57a2e07c444617e4ba88cc67fbc8d19771009b3b

Map

Links to attack logs

digitaloceantoronto-ssh-bruteforce-ip-list-2024-11-15

Share on: