81.17.29.148 Threat Intelligence and Host Information

Nov 24, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 81.17.29.148 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1080 - Taint Shared Content, T1102 - Web Service, T1140 - Deobfuscate/Decode Files or Information, T1210 - Exploitation of Remote Services, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1552 - Unsecured Credentials, T1566 - Phishing

  • Tags: aaaa, aaaa nxdomain, admin email, agent tesla, algorithm, all search, a nxdomain, apt, as13335, as51852 asn, as8075, asnone, asnone country, asnone united, australia, body, city, cname, cobalt strike, cobaltstrike, code, communicating, contacted, contact phone, containers, cookie, creation date, cus cngts, cve, cyber security, data, date, desktop, dns replication, dnssec, domain, domain related, domains, domains show, domain status, email, emotet, emotet malware, entrie, eternalblue, exchange, execution, facebook, fake net, fallout, file size, file type, first, flawedammyy, format, full name, general full, gmbh version, google, hash, hashes, historical ssl, https://www.virustotal.com/gui/collection/54321340057709266cb812, iaas, ibm xforce, identifier, info, ioc, iocs ip, ip reputation, ipv4, IPv4 13.75.251.189 scanning_host, june, kb script, key algorithm, key identifier, key info, legal, linux, llc validity, magic iso8859, magic pdf, malicious, malware, march, microsoft, moth callback, namecheap, namecheap inc, new zealand, Nextray, ns nxdomain, number, nxdomain, ogoogle trust, open ports, otx octoseek, panama, panama domain, passive dns, pdf document, phishing, plataformas, postal code, privacy admin, privacy billing, pty ltd, pulse pulses, qbot, record type, redacted for, referrer, registrar abuse, registrar url, resolutions, resource, reverse dns, san francisco, scan endpoints, scanning_host, search, security, server, service, service privacy, showing, siblings, soa nxdomain, software, spam, ssdeep, ssl certificate, stateprovince, status hostname, status page, stix, subject key, subject public, systembc, t1140, t1552, t1566, ta0001, ta0006, taxii, text, text text, threat intelligence, threat roundup, tpp wholesale, trickbot, trid adobe, trid file, trojan, ttl value, type name, united, unknown, url http, url reputation, usage, v3 serial, vhash, vulnerabilities, wannacry, wannycry, wcry, whois, whois record, whois server, whois whois, wholesale pty, x509v3 key

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts

  • Country: Switzerland
  • Network: AS51852 private layer inc
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 544 37dc078017c27f021988082c8e83718814d81ad908f870aaf67e0afe000e0585 6d85f57933288bfc00ae5d6683bac502a52be46b2fe64e86dfe9170e45f11609 a101f9cf1dc244ca3275e68d9813deee9615ecc3f134212638e9cf9d7ac10579 d1253abe9eaef5f4ad50271f1bac04a3bb5928aaf0d2303780b73c9ef7d7539d c8b256dd5b1fddc924941ea1a7db4889779a29cbcb199d7493a49d291375459c 2d7168119a3d622d3e9efe7d122e50fe2d69630926e5db0e2c7e6e1b6208af37 3a6c6b0e846d0a13971125a89ff77c1e545adc8bf12159bda9bcc5da9f1833dc 79c4f00e045054025afa2c8fd04ba2f3ec5c26e82f3024fe5d0655d412c22b10 ede032258dd89e225f44a12448400608358bee0a5c43039e8bbe5a5b56297197 accd39c4cbb0e1b44c005577ca25afffb12e1f42724f1df5fbf4dfa0688f45c5

Open Ports Detected

443 53 80 8080

Map

Whois Information

  • inetnum: 81.17.16.0 - 81.17.31.255
  • netname: PA-PRIVATELAYERCOM-20110829
  • country: CH
  • org: ORG-PLI2-RIPE
  • admin-c: JP5315-RIPE
  • tech-c: JP5315-RIPE
  • status: ALLOCATED PA
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: KP73900-MNT
  • mnt-routes: KP73900-MNT
  • mnt-domains: KP73900-MNT
  • created: 2011-08-29T14:30:49Z
  • last-modified: 2021-04-12T06:58:49Z
  • geoloc: 47.2201 8.3300
  • organisation: ORG-PLI2-RIPE
  • org-name: Private Layer INC
  • country: PA
  • org-type: LIR
  • address: Panama City
  • address: 00000
  • address: Panama
  • address: PANAMA
  • phone: +507 833 9167
  • abuse-c: AR15077-RIPE
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: KP73900-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: KP73900-MNT
  • created: 2010-10-15T13:08:21Z
  • last-modified: 2020-12-16T12:44:59Z
  • person: Milciades Garcia
  • address: Edificio Don Tin, Office 306
  • address: Ave Cuba, Calidonia
  • address: Panama City
  • address: Panama
  • phone: +5078339167
  • nic-hdl: JP5315-RIPE
  • mnt-by: KP73900-MNT
  • created: 2011-03-17T23:52:10Z
  • last-modified: 2018-05-30T19:09:03Z
  • route: 81.17.16.0/20
  • descr: Ripe Allocation
  • origin: AS51852
  • mnt-by: KP73900-MNT
  • created: 2012-04-25T13:15:26Z
  • last-modified: 2012-04-25T13:15:26Z
Share on: