81.177.139.61 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 81.177.139.61 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1080 - Taint Shared Content, T1102 - Web Service, T1210 - Exploitation of Remote Services, T1486 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1566 - Phishing

• Tags: agent tesla, cobalt strike, cobaltstrike, cyber security, desktop, domains, emotet, emotet malware, eternalblue, fake net, fallout, first, flawedammyy, hashes, ioc, iocs ip, malicious, malware, microsoft, Nextray, phishing, qbot, systembc, trickbot, trojan, wannacry, wannycry, wcry

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: cleanmx_phishing

• Country: Russia
• Network: AS8342 jsc rtcomm.ru
• Noticed: 1 times
• Protcols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: po-trades.com video-graphy.ru pharmacieguinee.space pharmacieguineeequatoriale.space pharmacierca.space pharmacierepubliquedemocratiqueducongo.space pharmaciecotedivoire.space pharmacieseychelles.space pharmaciemadagascar.space po-tradeteam.com acquistarabestrom.space galotamespana.space idokaespana.space pf1.lpsphoto.top apotekgenerisk.com tablettenpanett.com medikamenteverkauf.com prestamosrapidosenusa.store prestamosrapidosenusa.com pocket-po.com diceymouse.com otzovik-masla.ru macbot.ru clinic-kt-mrt.ru yinyangschool.ru uteplenie-penopoliuretanom-moskva-mo-1.ru helix1.ru fiir.ru i-qr.ru surroncrimea.ru stroyser.ru to-meet.ru superyahta.ru mrlodka.ru magazindelikatesov.ru magazinkartinok.ru argodoc.site alternativepharmacie.space acheterbonmarche.space frenchgeneric.space www.systems24.ru elektro-blog.ru fdct.ru ultramebel73.ru xn–b1aa2c.shop igrossman.store appchat.click alloutofroad.ru xn–h1ajqba.xn–p1ai www.xn--h1ajqba.xn–p1ai konf-talent.ru rosttehgeo.ru muzhskoymagazin.ru mirunitazov.ru mao-space.ru magazintrub.ru mirstroytehniki.ru mousetravel.ru amulet76.ru www.pskov-terminal.ru pskov-terminal.ru www.bot2.titanio.ru bot2.titanio.ru novoselskiy.ru metro.wuhanshi.ru br.wuhanshi.ru galkina3.ru commandemedicament.ru wb-import.testing.monster www.wb-import.testing.monster www.ok.4atex.ru ok.4atex.ru www.gazelnsk154.ru gazelnsk154.ru www.depil-zhukovskiy.ru depil-zhukovskiy.ru kinoglot.fun simonblackness.site www.simonblackness.site a.kinoglot.ru webdir.tk www.files.myegrn.ru files.myegrn.ru www.board9.vlgshop.ru board9.vlgshop.ru alternativapotek.store alternativapotek.online alternativapotek.com malahoffkaatv.ru www.malahoffkaatv.ru skill-show.ru italgas34.ru mpgames.ru space-mao.ru honpo.ru ladozhskieshkhery.ru gen-medx.ru magazinpeska.ru magazinstekol.ru www.good-cats.ru good-cats.ru osipov62.ru mucai.ru ktmrt-m.ru www.morskoj.com morskoj.com www.po-traders.com imtm.info qxt-broker.cc www.qxt-broker.cc www.superstarnude.ru legenti.myalphapro.site www.myalphapro.site www.smmsharks.shop www.demo31.vlgshop.ru demo31.vlgshop.ru autoschoolmgn.site www.wincrm.aidolov.ru wincrm.aidolov.ru www.doktormozg.cf doktormozg.cf work.srednev.ru www.work.srednev.ru gold-auto-samara.ru vladverf.com kuud.ru fincafaldita.uno bigdatahanty.ru xn–80aimpg.xn–80af5aeh.xn–p1ai www.xn--80aimpg.xn--80af5aeh.xn–p1ai klining-eko.com www.rsspost.digishops.ru rsspost.digishops.ru gregor74.ru www.gregor74.ru mir-avto-samara.ru asuservice-krs.ru www.doska8.titanio.ru doska8.titanio.ru bot.titanio.ru www.bot.titanio.ru www.automoto26.ru automoto26.ru opt.myalphapro.site euthanasia.best dy.kimdv.ru www.home.kok7.ru home.kok7.ru www.free.kok7.ru www.dom.kok7.ru dom.kok7.ru art-massage.ru kinoglot.ru cu1.ru commandemedicament.space achatpilule.online socwow.4atex.ru www.socwow.4atex.ru dorogo-avtovikup.ru tohafox.ru commandemedicament.online achatpilule.ru torlg.ru www.torlg.ru feniks-vedagent.ru www.feniks-vedagent.ru www.azimutved.ru azimutved.ru centr-vikup163.ru aeact.ru akrutyakov.website akkea.ru www.zavod-dmd.ru zavod-dmd.ru autovikup163.ru goodcats.ru ru.vlgshop.ru www.ru.vlgshop.ru po-traders.com www.asb01.ru smmsharks.shop zalivino.net veveni.ru www.qtx-trades.com qtx-trades.com www.qtx-trader.com qtx-trader.com www.wincrmcalc.aidolov.ru wincrmcalc.aidolov.ru www.wincrmdocs.aidolov.ru wincrmdocs.aidolov.ru acercentr-nsk.ru elancla.ru butik164.ru multiservice-24.ru remontacer-msk.ru znanie-perm.ru naadraive.ru mister-safe.ru the-coworking.ru bjemsvai.ru xbox-key.ru market-car-volga.ru oshoartinstitute.ru www.angelsempire.ru martovski-kot.ru akimito.ru bitoshi.ru www.quotex-traders.com quotex-traders.com www.quotex-trades.com inves-pro.ru motostatus.ru probalkony.ru annabeliva.ru www.annabeliva.ru enduro-park.ru www.fly-time.com fly-time.com www.okna.biodom.online okna.biodom.online pro-vikup-avto.ru promeks16.ru mistersafe.ru pro-vikup.ru vkrutimsvai.ru totwoo-russia.ru gcentr-nsk.ru 1nl.ru kjopmodafinil.ru api-bizmall.ru cnnws.ru mumunya.ru speedhunting.ru sergey-rumyantsev-kz.ru siacoin.ru krylya-shop.ru ikeasochi.ru juhor.ru kasko74.ru www.achatmodafinil.online www.starmedianglobal.com nochca.ru storage.ozhogov.ru www.storage.ozhogov.ru pro-photo-studio.ru human-machine.ru mirrorspb.ru lenovoservice-msk.ru dengi-v-3aum2023.ru tonsensei.ru man-das.ru hamam.ml www.hamam.ml blogram.ru ruslift-obninsk.ru www.ruslift-obninsk.ru tourtoken.ru vecadok.ru avestagroup.com ussr24.ru www.ussr24.ru siberia-online.ru ngnp.ru nomeca.ru talaria-crimea.ru sportynews.ru vikupdorogo-163.ru rubloveka.ru tonkurs.ru www.tv.4atex.ru tv.4atex.ru promopult-partners.ru dukexe.ru acercentr-msk.ru kolpino.biodacha.online www.kolpino.biodacha.online www.pyrus.proaktive.ru pyrus.proaktive.ru constructor.prodoma.info mostbraz.com www.mostbraz.com lenseptik.ru xn—-7sbddr1ahlmfbj6afm0byesc.xn–p1ai www.xn----7sbddr1ahlmfbj6afm0byesc.xn–p1ai xn–h1apdh.xn–p1ai www.avtoservice-moscow.ru motostaff.ru kredit-pts.ru eng-for-all.ru diskplus.ru www.spydetect.ru spydetect.ru demo49.vlgshop.ru www.demo49.vlgshop.ru vodoley74.ru www.vodoley74.ru www.ultra-scan.ru surron-moto.ru letoyalta.ru pharmazieonline.space medicamentsenligne.space nfclife.ru www.veravdetstvo.com www.big-bag.ml big-bag.ml 127-0-0-1.online diskrus.ru diskstroy.ru enduroprokat.ru nosmokesimf.ru region-vikup.ru demo3.vlgshop.ru www.demo3.vlgshop.ru aenb.ru snegdom.ru renaissance-car.ru maffinkuhni.ru mashinashop.ru prokat-kostumov.ru pc-master-profi.ru ostrow.ru darimpar.ru quotex-trades.com www.vsevolozhsk.biodom.online vsevolozhsk.biodom.online www.test.biodom.online test.biodom.online starmedianglobal.com www.spb.biodom.online spb.biodom.online mnogo-koles.ru www.mnogo-koles.ru gomeraza.ru new.diodovo.ru begunitsy.biodom.online www.begunitsy.biodom.online babino.biodom.online www.babino.biodom.online myalphapro.space lodkaonline.ru chasiportal.ru chasiforum.ru female-ru.ru chasiinfo.ru www.annino.biodom.online annino.biodom.online smg-src.ru www.agalatovo.biodom.online agalatovo.biodom.online tktspb.ru skate-guard.com www.gatchina.biodom.online gatchina.biodom.online www.nurma.biodom.online nurma.biodom.online abh-organic.ru www.abh-organic.ru www.perevozki-gazel.ml perevozki-gazel.ml www.tosno.biodom.online tosno.biodom.online www.xn--d1avl.xn–p1ai board7.vlgshop.ru www.board7.vlgshop.ru nikolskoe.biodacha.online www.nikolskoe.biodacha.online www.tosno.biodacha.online tosno.biodacha.online www.gruzovoz54rus.tk gruzovoz54rus.tk www.vsevolozhsk.biodacha.online vsevolozhsk.biodacha.online ligshop.ru auto-vikup-volga.ru www.ngtgroup.site ngtgroup.site volga-vikup.ru pharmaciepascher.ru springberry.ru generikaohnerezept.online medikamenterezeptfrei.online rezeptfrei365.online pillerezeptfrei.online tablettenohnerezept.online smotri.site lazyservice.ru womantip.ru promft.ru www.promft.ru www.fiss-chel.ru fiss-chel.ru www.domkontor74.ru brigantina74.ru www.brigantina74.ru beton-polimer.ru www.beton-polimer.ru www.argotl.ru argotl.ru pilulesbonmarche.space apothekegenerika.space pilulespascher.space pilulesgeneriques.space lenovo-ola-s.ru derdoktor.online derdoktor.ru dary-altaya.ml www.dary-altaya.ml xcoding.ru www.add.contactagency.ru add.contactagency.ru max-meta.ru iframe-abc.ru ugrandservice.ru www.ugrandservice.ru www.sap-n.ru smg-sr-s.ru tokenglize.ru sale300.ru www.shopimoll.online pizzahut-ph.ru magexc.ru www.magexc.ru hw-smart-sp.ru ozon300.ru n-src.ru cupcakespie.ru plinko-play.fun cyclos.ml www.fixprice.shop fixprice.shop fix-price.shop www.fix-price.shop www.panther-grib.ml panther-grib.ml wp.npkstt.ru www.wp.npkstt.ru info-sovety.ru achatmodafinil.online rem-stroj.ru achatmodafinil.ru designloft.ru www.designloft.ru xn–80adsi9b4a.xn–p1ai www.xn--b1adap4abb.xn–p1ai xn–b1adap4abb.xn–p1ai www.gazel-054.ml gazel-054.ml www.5.russelektro.ru 5.russelektro.ru prokatzr.ru www.prokatzr.ru ptlok.ru beauti-lady.ru www.spb.master-na-dom-mos.ru spb.master-na-dom-mos.ru forex.1cupdate.ru granatorg.ru www.granatorg.ru www.orderbro3.titanio.ru orderbro3.titanio.ru boiveto.ru rgshops.ru fsshops.ru dm-host.ru kneolins.site deti.info-sovety.ru 101dred.ru master-remontokna.ru wapik.myjino.ru www.aurix.ru earthchilds.life pharmaciepascher.online lapilule.online pharmacieenligne.online lapilule.ru pharmacieenligne.ru magasinpharmacien.ru magasinpharmacien.online oknaspb.online ccreate.tech dasha-dating.online www.dasha-dating.online stela.1cupdate.ru art-sputnik.ru www.art-sputnik.ru www.acheter-modafinil.online acheter-modafinil.ru www.acheter-modafinil.ru estimates.prodoma.info www.estimates.prodoma.info ru-mi-smartola.ru russpravda.ru domregtv.ru apothekerezeptfrei.space apothekeonline.space medecinenligne.space www.medecinenligne.space tablettenpreis.space magasindepharmacie.space

Malware Detected on Host

Count: 76 bed44642a14179c8df277f8a660fa1f54645bd16f4e42793bb599123cd35d473 b73ee66a2dc7780e89dca1d353c31527d1e8dfcf6701010e99c232948697e105 7833a9b638d820de4ed8bce8c52dce2e2c2211de0aa44323c091c126cd0b552b 687c4ebae2133a5decd1e6a67290230376af445c1546650f3d867cbd95d6c60e 6bb12f500c1870d7f0dc11abe8c1c0aeeaa52e862016e2c9d9e1dc5bb903982c 119a149b05a56d1e5f54699d399e64a27cb8c263a4ec907b60c4d8ebc89a5459 16c8eb2895674df597e9a27251d6a4c2f23b3aeca184aaa727f5ad84a6793db8 ebf94006b3ec4d7b6b86038c7f5ff275dcd8d27fa18a3345381ce0711b54c7e7 bb813556d40e578e2b5a5f7017e53d5457b94f52672b60b63ebab42133fc2583 4e5a670e9c1471cd1da4dcc40ff5c7b62d76cc2301933d41829d2bde18fb7de6

Open Ports Detected

21 22 2222 443 80

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408

Map

Whois Information

• inetnum: 81.177.139.0 - 81.177.139.255
• netname: AVGURO-NET
• descr: Avguro Technologies Ltd. Hosting service provider
• descr: Moscow, Russia
• country: RU
• admin-c: SU407-RIPE
• tech-c: SU407-RIPE
• abuse-c: ATA95-RIPE
• status: ASSIGNED PA
• mnt-by: AS8342-MNT
• created: 2010-05-04T13:54:02Z
• last-modified: 2019-01-30T08:42:03Z
• person: Sergey Ulyashin
• address: Avguro Technologies Ltd.
• address: 18, 912, Yunnatov str.
• address: 127083, Moscow, Russia
• phone: +74952293031
• fax-no: +74952293031
• nic-hdl: SU407-RIPE
• created: 2007-08-07T13:30:58Z
• last-modified: 2020-06-04T12:20:02Z
• mnt-by: AS8342-MNT
• route: 81.177.128.0/19
• descr: RTCOMM-RU
• origin: AS8342
• mnt-by: AS8342-MNT
• created: 2015-03-05T10:00:46Z
• last-modified: 2015-03-05T10:00:46Z