A dive into 216.170.123.13

216.170.123.13 has a malicious history, and should be considered unwanted in any type of network. 216.170.123.13 has acted as a host for the Agent Tesla malware, and it has been identified by multiple security researchers as an malicious environment.

Malware history of 216.170.123.13

The threat actor has hosted multiple malicious files on the destination IP, and it has also utilized the duckdns service.

Screenshot of the malicious files which are hosted on 216.170.123.13

The malicious host is also hosting multiple login pages which are stored on various paths:

/11/webpanel.login.php
/12/webpanel.login.php
/13/webpanel.login.php
/14/webpanel.login.php
/15/webpanel.login.php

Indicators

sroomf70nasiru[.]duckdns[.]org
216.170.123.13

References

https://cybercrime-tracker.net/
https://www.virustotal.com/gui/ip-address/216.170.123.13/relations

Share this information

A dive into 216.170.123.13

Malware history of 216.170.123.13

Indicators

Two suspects who defrauded people by posing as employees of Markplaats have been arrested

Get all IP addresses from CIDR subnet in Python3

OPEN: Afghanistan, Taliban and CyberSecurity

Cell phone stolen while hugging

3 arrests in Dutch banking fraud case, two are 18 years old