1.0.0.4 Threat Intelligence and Host Information

Sep 15, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 1.0.0.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 47/100

Host and Network Information

Tags: akamai, ascii text, authentihash, chengdu, chengdu west, chi2, chi2 1, chinese, collection, collection ii, com laude, couninitialize, data, data rtbitmap, data rtcursor, data rtrcdata, default, default entropy, delphi, detections file, dos exe, enom, entropy, file size, file type, from valid, functionality, imphash, intel, ip check, kb file, kb pe, korlia, lotus, ltd dba, mac malware, magic pe32, md5 code, ms windows, name, name symantec, neutral, pointing device, raw size, sections, serial number, signer, ssdeep, ssl certificate, stamping, steg icons, symantec time, time stamping, trickbot, trid win32, type rtbitmap, type rtcursor, type rticon, type rtrcdata, type rtstring, valid, valid from, verqueryvaluea, vhash, virtual address, virtual size, whois, whois record, win32 dll, win32 exe, wired
View other sources: Spamhaus VirusTotal
Contained within other IP sets: esentire_burmundisoul_ru, esentire_ebankoalalusys_ru, haley_ssh, hphosts_emd, hphosts_fsa, hphosts_psh, lashback_ubl, nixspam, packetmail_ramnode, proxyspy_30d, proxyspy_7d, stopforumspam, stopforumspam_180d, stopforumspam_365d, stopforumspam_90d, turris_greylist

Country: Australia
Network: AS13335 cloudflare
Noticed: 1 times
Protcols Attacked: Anonymous Proxy
Countries Attacked: United States of America
Passive DNS Results: cdn.moepan.cf 7ka.net chinaradish.net c.moecloud.tk gltutu.com esdexpert.com pay.mcmfa.cn www.moepan.cf hyzlnwt.com lc-gifts.com www.adnogpu.cn www.7ka.net www.cdjzzx.com emby.moepan.cf moepan.cf cdn.imoeq.com ckcode.cc hivego.ru www.lsqcgs.com www.zgzb88.com www.hzzrsw.com cfcname.qqdg.ml h5.a-ro.cn www.ltwl.top api.u.52l.top qqsvip9.top www.ysyzf.com www.i5gm.com www.m9uc.com xgtx.vod123.xyz jie.ddidc.top gg.cndns.tech www.32i.cc cdn5.cloudsitedns.com www.x12.fun www.bindianapp.cn min.news www.6c9.cc dadada.icu www.zhongyingbi.com zhongyingbi.com cloudflare.yunzhongzhuan.com cdn.shiertx.fun default.cdn.shiertx.fun udp.kim origin.yun.jiexigu.com skeet.link dprainng.work 3.beif.ltd www.layer4.cn muggles.top 4.yjzcdn.top api.yc1820.com hatiger.ltd master.hatiger.ltd cf.n1.jcdpn.cn www.hatiger.ltd tiger.hatiger.ltd panel.hatiger.ltd test.hatiger.ltd www.pcpc.net pcpc.net device-local-c37018b3-1e07-4789-8848-d4803865dc15.remotewd.com static.juhezw.com fung.style www.57973.cc 102102.xyz v4.passnet.gq stat.v.help.redir.imlede.com webproxy.fung.style.redir.imlede.com www.fung.style gtm-cn-4591bogoc02.1888365.vip cloudflare.baiducdn2.com gtm-sg-yv714vlum09.gtm-i1d6.com yt3.ggpht.com secure.gravatar.com www.google.com 01.4

Malware Detected on Host

Count: 2 3efcb5e3a506cd073d2df5f6e4b9f89055f527458ff87c65c4e7317f337ed5da aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a

Open Ports Detected

2052 2053 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

inetnum: 1.0.0.0 - 1.0.0.255
netname: APNIC-LABS
descr: APNIC and Cloudflare DNS Resolver project
descr: Routed globally by AS13335/Cloudflare
descr: Research prefix for APNIC Labs
country: AU
org: ORG-ARAD1-AP
admin-c: AIC3-AP
tech-c: AIC3-AP
abuse-c: AA1412-AP
status: ASSIGNED PORTABLE
mnt-by: APNIC-HM
mnt-routes: MAINT-APNICRANDNET
mnt-irt: IRT-APNICRANDNET-AU
last-modified: 2023-04-26T22:57:30Z
mnt-lower: MAINT-APNICRANDNET
irt: IRT-APNICRANDNET-AU
address: PO Box 3646
address: South Brisbane, QLD 4101
address: Australia
e-mail: helpdesk@apnic.net
abuse-mailbox: helpdesk@apnic.net
admin-c: AR302-AP
tech-c: AR302-AP
mnt-by: MAINT-AU-APNIC-GM85-AP
last-modified: 2021-03-09T01:10:21Z
organisation: ORG-ARAD1-AP
org-name: APNIC Research and Development
org-type: LIR
country: AU
address: 6 Cordelia St
phone: +61-7-38583100
fax-no: +61-7-38583199
e-mail: helpdesk@apnic.net
mnt-ref: APNIC-HM
mnt-by: APNIC-HM
last-modified: 2023-09-05T02:15:19Z
role: ABUSE APNICRANDNETAU
address: PO Box 3646
address: South Brisbane, QLD 4101
address: Australia
country: ZZ
phone: +000000000
e-mail: helpdesk@apnic.net
admin-c: AR302-AP
tech-c: AR302-AP
nic-hdl: AA1412-AP
abuse-mailbox: helpdesk@apnic.net
mnt-by: APNIC-ABUSE
last-modified: 2021-03-09T01:10:22Z
role: APNICRANDNET Infrastructure Contact
address: 6 Cordelia St
country: AU
phone: +61 7 3858 3100
e-mail: research@apnic.net
admin-c: GM85-AP
admin-c: GH173-AP
admin-c: JD1186-AP
tech-c: GM85-AP
tech-c: GH173-AP
tech-c: JD1186-AP
nic-hdl: AIC3-AP
mnt-by: MAINT-APNICRANDNET
last-modified: 2023-04-26T22:50:54Z
route: 1.0.0.0/24
origin: AS13335
descr: APNIC Research and Development
mnt-by: MAINT-APNICRANDNET
last-modified: 2023-04-26T02:42:44Z

Links to attack logs

Share on: