216.170.123.13 has a malicious history, and should be considered unwanted in any type of network. 216.170.123.13 has acted as a host for the Agent Tesla malware, and it has been identified by multiple security researchers as an malicious environment.
Malware history of 216.170.123.13
The threat actor has hosted multiple malicious files on the destination IP, and it has also utilized the duckdns service.

The malicious host is also hosting multiple login pages which are stored on various paths:
- /11/webpanel.login.php
- /12/webpanel.login.php
- /13/webpanel.login.php
- /14/webpanel.login.php
- /15/webpanel.login.php

Indicators
sroomf70nasiru[.]duckdns[.]org 216.170.123.13
References
- https://cybercrime-tracker.net/
- https://www.virustotal.com/gui/ip-address/216.170.123.13/relations
Share this information