80.85.159.3 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 80.85.159.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056 - Input Capture, T1114 - Email Collection, T1564 - Hide Artifacts, T1566 - Phishing, T1569 - System Services

• Tags: agent tesla, any.run, appdata, ave maria, carter, c server, danabot, dridex, first, formbook, keylogger, loki bot, lokibot, lokibot malware, lokibot spyware, lokibot stealer, machineguid, next, remote access, trojan, warzone

• JARM: 29d29d00029d29d21c29d29d29d29d2a916fbd2973c6ae37f24641fbcfd1d1

• View other sources: Spamhaus VirusTotal

• Country: Russia
• Network: AS44493 chelyabinsk-signal llc
• Noticed: 1 times
• Protcols Attacked: SSH
• Passive DNS Results: grandroyalehotels-london.com www.maxima54.ru maxima54.ru msk-finprogress.ru www.excluparts.ru www.gmhost.ru gmhost.ru risingbks.online www.risingbks.online www.prof-reshenia.ru prof-reshenia.ru wallet365.site www.wpdev.sergeitumanov.com wpdev.sergeitumanov.com www.joebenensonllp.com joebenensonllp.com inverganado.com products-webberstore.vip webbersquarecommerce-products.club www.vova-net.ru vova-net.ru www.jaffnahistory.freesri.ru excluparts.ru www.av4.site consultacnpjcpf.agr.br www.consultacnpjcpf.agr.br www.oknatisn64.ru oknatisn64.ru nrzk.productions www.nrzk.productions blog.freesri.ru www.blog.freesri.ru contabill601.pserver.ru stuntcapital.com www.stuntcapital.com www.jh-emiratesconstruction.com jh-emiratesconstruction.com www.jh-emirates-construction.com jh-emirates-construction.com vozdenayarit.com orlando-services.com www.orlando-services.com www.maropuzoproperties.co maropuzoproperties.co nevanakatere.ru www.nevanakatere.ru www.logo-football.ru generalpharmacy.us www.generalpharmacy.us buyxanaxmeds.online www.callumleegow.com callumleegow.com logo-football.ru www.finbizport.ru finbizport.ru future-trade.investments www.future-trade.investments www.xn--80adiaqbakbgyafg3a5ai8e7d5a.xn–p1ai xn–80adiaqbakbgyafg3a5ai8e7d5a.xn–p1ai leworkle.ru www.leworkle.ru www.elenakormanart.com elenakormanart.com www.atanganarogers.com atanganarogers.com www.mashreq.sbs mashreq.sbs www.estosago.ru estosago.ru heyai.tech getvideo.opentips.com.au www.getvideo.opentips.com.au www.igreg845.pserver.ru igreg845.pserver.ru www.realty.96.ru.net realty.96.ru.net www.cs.96.ru.net cs.96.ru.net mypingrf.com product-shop54.ru www.product-shop54.ru ready-22.ru www.ready-22.ru www.sunxiaauslanka.com newgenacademy.ru www.newgenacademy.ru www.maeu.ru maeu.ru www.wallet365.one www.forum.96.ru.net forum.96.ru.net xxx.estate www.organic-solut.com www.sovtransavtonsk.ru sovtransavtonsk.ru mssb54.ru www.mssb54.ru printerplus74.ru www.printerplus74.ru www.buyproaccs.com www.iobal.com razd.pserver.ru one-bet-one.ru www.one-bet-one.ru www.bet-stav-x.ru bet-stav-x.ru www.txbet.ru txbet.ru chill-bet.ru www.chill-bet.ru www.sector911vt.ru sector911vt.ru sunxiaauslanka.com greendotextrade.biz loverseden.ml vpnstorm.top www.vpnstorm.top www.ssmithassociates.com ssmithassociates.com www.shepherd-software.com vpnboy.top vpnpro.top www.vpnpro.top buyproaccs.com onlineohsutton.com www.onlineohsutton.com philliprichardson-llp.com www.philliprichardson-llp.com online-suttonoh.com www.online-suttonoh.com www.igrecovery.xyz igrecovery.xyz www.sotccoan.org.ng sotccoan.org.ng airsends.com organic-solut.com invest-review.ru www.invest-review.ru esuspb.ru www.esuspb.ru fivestar-contractors.com www.fivestar-contractors.com bitvavo-account.website musk-coin.net www.musk-coin.net www.account-bitvavo.site account-bitvavo.site bitvavo-account.site www.bitvavo-account.site squarespace-account.com www.squarespace-account.com www.experika.ru experika.ru www.dam-fx.com dam-fx.com bdroid.ru www.bdroid.ru penthousedom.com www.penthousedom.com yugmash.ru wallet365.one www.thewellsfarinfoproblem.pserver.ru thewellsfarinfoproblem.pserver.ru olaspace.site www.001mm.ru wellsfargosecurelogin.pserver.ru www.wellsfargosecurelogin.pserver.ru gameservercode8771.xyz www.on-day.ru on-day.ru ideas-bank.pro www.philiprichardsonllp.com philiprichardsonllp.com blukhed-dev.xyz zabolard.xyz mayday2k.org www.mayday2k.org iobal.com www.darim-podarki.top darim-podarki.top tutarjetadigital.cf frs-financial.com shtrsmr.com standart-cleaning.ru www.standart-cleaning.ru www.dominkom.ru greenstardispatch.com www.burnfund.ca burnfund.ca www.rybakrevetka.ru rybakrevetka.ru leobernlawfirm.com mir-sidinga.ru www.mir-sidinga.ru bariasystem.one bariasystem.info npekb.com mtllnsk.com www.mtllnsk.com car.sriad.ru www.car.sriad.ru www.sriad.ru sriad.ru www.youlez.net youlez.net postsfinance.com shop-43.ru union-43.ru lumisoft.fi ira-moda.ru tangledvinebar.com dverilistok.ru shawmotoproducts.com 001mm.ru yohaha.in 4x4nn.ru www.demo.sriad.ru demo.sriad.ru colpatbanco.com av4.site www.iprofitfx.com iprofitfx.com www.001mm.opentips.ru 001mm.opentips.ru dominkom.ru uobgrops.com www.uobgrops.com oopdomain.space www.oopdomain.space rigasfinieris.lv www.rigasfinieris.lv fanera.lv www.fanera.lv indgovjob.org chinaxoeciticbnk.com irimlekad.ru eliston.pserver.ru www.eliston.pserver.ru happydessert.ru pensilkok.ru thefrontlinners.org www.thefrontlinners.org kamd.kz dlemsuk.ru xn–80acbh2b2av2h.xn–p1ai www.xn--80acbh2b2av2h.xn–p1ai www.airdrop-elon-musk.com airdrop-elon-musk.com dengiau.ru www.dengiau.ru www.xn--c1ajatbjv1b4d.com xn–c1ajatbjv1b4d.com www.kompressor-vozduh.ru kompressor-vozduh.ru 2rublya.ru www.2rublya.ru sexologistindore.com psychiatristindia.com tequenoselzuliano.com maharshivitiligo.com gamehosting.online tecnica1.cf oldgoodhecu.xyz fourcargoservices.com www.xn--80aidjojhfbeocv0kiy.xn–p1ai xn–80aidjojhfbeocv0kiy.xn–p1ai geraldbrimacombe.com crentipl.ru www.crentipl.ru wowgreen.ru www.wowgreen.ru www.vkstikerss.ru vkstikerss.ru kazansky-syzran.ru www.kazansky-syzran.ru 80.85.159.3 secureweb-rbi-in.com www.secureweb-rbi-in.com www.gk-result.ru gk-result.ru www.flutter.sriad.ru flutter.sriad.ru aoelanka.sriad.ru www.aoelanka.sriad.ru xn–80aea6asirl4e.xn–j1adp.xn–p1acf www.dekrdk.ru dekrdk.ru sliv.pserver.ru slivvodyspotolka.ru www.slivvodyspotolka.ru www.greenvilletrustfinance.com www.durbanmotel.com f1free.com www.reddingtonsecurity.com vishopin.ge soldatki.live www.optimisticlogisticservice.net optimisticlogisticservice.net bitcoinblockpro.club maropuzoproperties.co.za www.maropuzoproperties.co.za www.xn--c1abcnbnpc.xn--90amc.xn–p1acf xn–c1abcnbnpc.xn–90amc.xn–p1acf www.maf256-technologies.com maf256-technologies.com cul8r.online www.cul8r.online greenvilletrustfinance.com otogrevavtonso.ru xn–80aea6asirl4e.xn–k1afg2e.xn–p1acf www.xn--80aea6asirl4e.xn--k1afg2e.xn–p1acf rmiskandarov.ru www.rmiskandarov.ru www.opencart.freesri.ru opencart.freesri.ru durbanmotel.com corona-stat.ru www.arabswissbnk.com arabswissbnk.com emigranti.info www.emigranti.info reddingtonsecurity.com shepherd-software.com www.stimuli-capital.com stimuli-capital.com www.santanderbg.com santanderbg.com standardcharitered.com www.secularnews.org secularnews.org shqipet.site www.shqipet.site xn—-8sbbqcsggchgmci5psa3h.xn–p1ai www.xn----8sbbqcsggchgmci5psa3h.xn–p1ai pay.org.ru animeha.net xn–d1aijeje.025.xn–p1acf www.xn--d1aijeje.025.xn–p1acf freemintedcoin.ru musorout.ru www.musorout.ru www.xn--80aea6asirl4e.xn--80ap4as.xn–p1acf xn–80aea6asirl4e.xn–80ap4as.xn–p1acf xn–80aea6asirl4e.xn–80af3b0c.xn–p1acf www.xn--80aea6asirl4e.xn--80af3b0c.xn–p1acf xn–80aea6asirl4e.xn–b1avn.xn–p1acf www.xn--80aea6asirl4e.xn--b1avn.xn–p1acf www.xn--80aea6asirl4e.xn--j1adp.xn–p1acf www.xn--b1aqpp2b.xn--80ae0bp.xn–p1acf xn–b1aqpp2b.xn–80ae0bp.xn–p1acf uk.online-alpha.com www.uk.online-alpha.com www.malinovoozorskiy-mkts.ru www.streetnews.one www.health-life-news.com kevupdate.pserver.ru www.kevupdate.pserver.ru www.enportal-metrony.com tulsahockey.net www.theboxinghype.com bubkie.ru kofe.ml www.brandblack.ru brandblack.ru docs.mvla.ru www.revenuenotify.com revenuenotify.com pikova.tk amxmodx.ru www.amxmodx.ru www.powerpharm.pro powerpharm.pro mariordin.com betwinner-oficial.com www.betwinner-oficial.com balkoni21veka.ru www.balkoni21veka.ru www.alexblog7.ru alexblog7.ru pointofsale.beheth.ru sbogltd.com www.sbogltd.com www.poi.freesri.ru poi.freesri.ru web.downloads.moscow nikitarovonovich.pserver.ru yowwi.ru www.synergyofsports.com synergyofsports.com nicehome.moscow www.veterinary-03.ru veterinary-03.ru www.agoodsportshang.com fuxury.best delucia.ru vds.pserver.ru www.vds.pserver.ru www.nderimlushi.com nderimlushi.com www.wolfallenlaw.com www.koreaneximnb.com globelinkexpressdelivery.com sexa.fun secure.koreaneximnb.com www.secure.koreaneximnb.com www.garfik1989.pserver.ru slide.freesri.ru www.slide.freesri.ru rusmedical.store www.pointofsale.beheth.ru movie-mobile.ru football-2019.com www.football-2019.com www.pos.freesri.ru mma-movement.com malinovoozorskiy-mkts.ru www.livevstvhd.net agoodsportshang.com enportal-metrony.com www.en.tr-yapiedkredi.com www.tulsahockey.net www.delucia.ru mail.tr-yapiedkredi.com pop.tr-yapiedkredi.com parceltrackers.cf www.parceltrackers.cf lfer.ru 0668.ch placefinder.freesri.ru www.placefinder.freesri.ru futuretechnologynews.info edu.gimns.org www.edu.gimns.org www.tourist.freesri.ru www.amsterdamokworld.co dvsobol.ru www.dvsobol.ru www.hire.freesri.ru hire.freesri.ru www.a4print.ru a4print.ru cv6.freesri.ru www.cv6.freesri.ru traditionalfood.freesri.ru www.traditionalfood.freesri.ru health-life-news.com www.zplace.freesri.ru zplace.freesri.ru www.find.freesri.ru find.freesri.ru findplace.freesri.ru www.findplace.freesri.ru beheth.ru www.beheth.ru lucamatteoesq.com www.lucamatteoesq.com streetnews.one contineltcahspe.com www.contineltcahspe.com www.klm-department.com klm-department.com www.heartofisrael.org heartofisrael.org browse.lk www.browse.lk filatovaphoto.com www.filatovaphoto.com theboxinghype.com livevstvhd.net www.elena-p.ru elena-p.ru sarana.freesri.ru www.sarana.freesri.ru dhammapada.freesri.ru www.dhammapada.freesri.ru sirithmaldama.freesri.ru www.sirithmaldama.freesri.ru bday.by www.bday.by www.fquran.com stroisum.ru aiparacadutismo.it www.mihaigor.pserver.ru mihaigor.pserver.ru vsepotolki.by www.vsepotolki.by www.gpstrack.freesri.ru gpstrack.freesri.ru www.buddha.freesri.ru buddha.freesri.ru www.stroidoma-moscow.ru stroidoma-moscow.ru studzen.by www.studzen.by apps.gimns.org www.apps.gimns.org cemenardagul.xyz www.sound.freesri.ru sound.freesri.ru ask.gimns.org

Malware Detected on Host

Count: 5 ac18f60e242bcb21d12047df8c11a0aa61aa657227475137f3b44efc3d9f4018 0dcc9e10329c937104efd29c59f469986382304af8b6e162c63685b09433f395 3480d5d62c02bcb4d371b8a3d51c2126399e1896dd9b1cc758b2795b046bbe97 5b99482f33896f2910113e923a32d64f6fef7af43894353483cc3f1a0d4f7a28 19b389c6b56881bef53636ed279091853707f3dac909894eef9b0f97e1e4f87e

Open Ports Detected

111 143 21 22 25 3306 443 465 587 80 993 995

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-3618 CVE-2021-36368 CVE-2021-41617 CVE-2022-37451 CVE-2022-37452 CVE-2023-38408

Map

Whois Information

• inetnum: 80.85.156.0 - 80.85.159.255
• netname: CHELYABINSK-SIGNAL
• country: RU
• admin-c: MN11627-RIPE
• tech-c: MN11627-RIPE
• status: ASSIGNED PA
• mnt-by: ru-pdkllc-1-mnt
• created: 2016-10-12T10:26:13Z
• last-modified: 2023-06-08T11:21:31Z
• person: Michael Nechaev
• address: Lenina Prospekt 49-16
• address: 454091
• address: Chelyabinsk
• address: RUSSIAN FEDERATION
• phone: +7 351 2671366
• nic-hdl: MN11627-RIPE
• mnt-by: ru-pdkllc-1-mnt
• created: 2017-05-12T09:34:28Z
• last-modified: 2017-05-12T09:34:28Z
• route: 80.85.159.0/24
• origin: AS44493
• mnt-by: ru-pdkllc-1-mnt
• created: 2016-05-10T04:26:58Z
• last-modified: 2023-06-08T11:26:00Z