The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 31.31.198.106 on port 80 (using HTTP POST):
hXXp://pnl34625.site/api/endpoint.php
$ dig +short pnl34625.site
31.31.198.106
$ nslookup 31.31.198.106
server5.hosting.reg.ru
Referencing malware binaries (MD5 hash):
05f4553ee500bce6677b73e2ed44e3ae — AV detection: 12 / 65 (18.46)
08ebe67005b4d6a378e94e92a83e3d08 — AV detection: 24 / 70 (34.29)
0b91486fe1450b8bbc0afac372b2a097 — AV detection: 26 / 67 (38.81)
132a9e5b4ab55ba9a59b73714fd10f10 — AV detection: 26 / 71 (36.62)
b3e7ffc2b68ac03d4d2cfbb8f3e33080 — AV detection: 36 / 65 (55.38)
fab57a35302683a2c2fb2b8bd5361e23 — AV detection: 33 / 67 (49.25)
Other malicious domain names hosted on this IP address:
absite.xyz 31.31.198.106
pnl34625.site 31.31.198.106