104.16.13.194 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.13.194 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Saudi Arabia, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 443, 80, 8080, 8443, 8880
• Tor Node: No

Tags

• 114.114.114.114
• 198-46-194-153-host.colocrossing.com
• 443 ma2592000
• aaaa
• abuse
• abuse contact
• accept
• access
• active threats
• activity
• adapter driver
• address
• address domain
• a div
• adload
• admin
• admin country
• a domains
• adult content
• advocate
• adware
• adwind
• agency
• agent
• agent tesla
• aig.com
• aig.rastreator.mx
• alerts
• alexa
• alexa safe
• alexa top
• alfper
• algorithm
• alienvault name
• all octoseek
• all scoreblue
• all search
• already
• amadey
• amazon02
• amazonaes
• analysis date
• analyze
• android
• anonymizer
• anti-detection
• a nxdomain
• apache
• api
• apple
• apple as8075
• apple id
• appleid
• apple ios
• apple phone
• apple private
• appli22
• appliedi
• appliedi abuse
• app themesskin
• april
• artemis
• artro
• as11042
• as133618
• as13414 twitter
• as13789
• as14061
• as14519
• as15169 google
• as16276
• as16625 akamai
• as20446
• as206834 team
• as20940
• as22075
• as22612
• as24940
• as24940 hetzner
• as26710
• as26710 icann
• as2914 ntt
• as3209 vodafone
• as3257 gtt
• as32934
• as36352
• as39494 jsc
• as397240
• as40528 icann
• as43350 nforce
• as44273 host
• as46606
• as47846
• as47995
• as54113
• as54990
• as55081
• as55286
• as6185 apple
• as61969 team
• as62597 nsone
• as62729
• as63949 linode
• as6453 tata
• as6461 zayo
• as714 apple
• as7843 charter
• as797 att
• as8068
• as8075
• ascii text
• asn as133618
• asnone bulgaria
• asnone united
• asp.net
• assaulted
• attack
• attacks
• attorney james
• august
• a ul
• australia
• author
• authority
• auto-generated security
• av detections
• awful
• azorult
• baaa
• back
• backdoor
• bad login
• bandit stealer
• bangladesh
• bank
• banker
• bankerx
• bazaarloader
• b body
• behav
• beijing baidu
• bing ads
• bios
• black
• blackbag
• blacklist
• blacklist http
• blacklist https
• body
• body doctype
• body length
• boolean
• bot networks
• bouvet island
• bradesco
• brashears
• brian
• brian sabey
• bundled
• busybox
• caaa
• caca
• caca4baaa
• cacf
• caddywiper
• caea
• ca issuers
• california
• canada unknown
• car bomb threats
• ccleaner
• cellbrite
• certificate
• certificate status
• cert valid
• charles
• checkbox
• chrome
• cisco umbrella
• citadel
• ck id
• ck matrix
• class
• cleaner
• click
• close
• cloudflarenet
• cname
• cngo daddy
• cobalt strike
• code
• coinminer
• collections
• comcast tmobile
• com laude
• command decode
• communicating
• compiler
• component loop
• comspec
• conduit
• conhost
• contact
• contacted
• contacted hosts
• contacted urls
• contact phone
• content type
• cookie
• copy
• copyright c
• core
• corp
• corrupt
• country
• covid19
• cpm fun
• cpm network
• crack
• created
• create new
• creation date
• critical
• crypt
• crypter
• crypto
• cryptor
• csc corporate
• cuckoo
• cus starizona
• cyber
• cyber crime
• cybercrime
• cyber criminal
• cyber security
• cyber stalking
• cyberstalking
• cyber threat
• cyber warfare
• cymulate
• d417n
• dangerous
• dark
• data
• data center
• data collection
• date
• date hash
• date sat
• debugger evasion
• december
• decode
• deepscan
• default
• defence
• defense
• de indicators
• delete c
• denied trackers
• desktop
• destination
• detection list
• detections type
• digicert inc
• digicert tls
• disability
• discord
• div div
• divi child
• djvu
• dns
• dnspionage
• dns replication
• dnssec
• dock
• document
• document file
• domain
• domain address
• domain holder
• domain name
• domain names
• domain related
• domains
• domains domain
• domains dropped
• domains ii
• domestic cyber terrorism
• downer
• downldr
• download
• download encrypt
• downloader
• dropped
• dropper
• dtamlb
• dynadot
• dynamic
• dynamicloader
• e4609l
• ebury
• elderly
• elf wgetboat
• email
• emails
• emails abuse
• emotet
• encrypt
• endpoints all
• engineering
• enigmaprotector
• entries
• error
• etpro malware
• et tor
• eu data
• evasive
• exe32
• execution
• exit
• exit node
• expiration
• expiration date
• expiressat
• exploit
• facebook
• factory
• fakealert
• falcon
• falcon sandbox
• false
• false files
• family
• february
• feeds ioc
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file samples
• files domain
• files location
• files matching
• files related
• filetour
• file type
• final
• final url
• find
• firehol
• firehol mail
• first
• flag
• flag united
• flubot
• forbidden
• format a
• formbook
• for privacy
• found
• france unknown
• fraud
• fraud services
• front
• full name
• fusioncore
• g2 validity
• gamehack
• gandcrab
• gandcrab dns
• gandi sas
• gecko
• general
• general info
• generator
• generic
• generic malware
• genpack
• geo united
• germany
• germany unknown
• getcursor getdc
• getprocaddress
• ghost rat
• gmo
• gmt contenttype
• gmtn
• gmt path
• gmt server
• gmt x
• goldfinder
• goldmax
• gone
• google
• google safe
• graph community
• greatcall
• green
• group
• guard
• gvb gelimed
• hacker profile
• hacktool
• hallrender
• Hall Render
• hashes
• hashes hashes
• head body
• header intel
• headers
• headers date
• health phone
• hetzner
• heur
• hiddentear
• high
• high level
• highly targeted
• hijacker
• historical ssl
• home pg
• hosting
• hostname
• hostnames
• hr rtd
• hstr
• html
• html info
• http
• http identifier
• http response
• hybrid
• iana id
• icann
• icloud
• id
• identifier
• identify
• ids detections
• iframe
• import
• infection source
• info
• info compiler
• infor
• installation
• installbrain
• installcapital
• installcore
• installer
• installing
• intel
• intellectual property theft
• internet
• internet domain
• investigation
• iobit
• ioc
• iocs
• ioc search
• ios
• ip address
• ip addresses
• ip files
• ip summary
• ipv4
• ireland unknown
• issuers
• j490s6lkpppw
• january
• japan
• java
• javascript
• Jeffrey reimer dpt assault case
• jpeg
• jsauto25 jun
• js tel
• june
• kb body
• key
• key algorithm
• key identifier
• key info
• keylogger
• khtml
• killav
• known tor
• komodo
• lakeside tool
• land use
• length
• lfqprnkje8dni0
• limited
• link
• link library
• link location
• list
• li ul
• lively
• loader
• local
• localappdata
• location first
• location united
• lockbit
• locky
• log id
• logistics
• lokibot
• lolkek
• lookup
• love
• lowfitrojan
• ltd dba
• m
• main
• major
• malicious
• malicious file transfers
• malicious malware
• malicious site
• malicious url
• maltiverse safe
• maltiverse top
• malvertizing
• malware
• malware generator
• malware http
• malware site
• malware stealer trojan evader
• march
• mark
• mark brian sabey
• markmonitor
• mark sabey
• masquerade
• masquerading
• maui ransomware
• maxage31536000
• maze
• mb super
• media center
• mediamagnet
• medium
• meekserver
• meta
• meta http
• meta name
• metasploit
• meta tags
• metro
• michael roberts
• microsoft
• Miles IT
• million
• miner
• mirai
• misc attack
• mitre
• mitre att
• model
• models a
• modified
• module load
• monitoring
• month ago
• months ago
• moved
• mower shop
• msclkidn
• msie
• msms33388520
• ms visual
• ms windows
• ms word
• name
• namecheap inc
• name md5
• name redacted
• name server
• name servers
• name verdict
• nanocore
• nanocore rat
• netcom science
• netlify
• netlify edge
• netsupport rat
• network
• network ascii text
• networm
• neue
• new ioc
• next
• Nextray
• nexus category
• nids
• nimda
• n∅ ip
• nircmd
• njrat
• node traffic
• no expiration
• nokoyawa
• noname057
• none related
• nr-data.net
• null
• number
• nxdomain
• nymaim
• obsession
• occamy
• october
• online sas
• open
• opencandy
• open paste
• open ports
• optimizer
• orgabusehandle
• organization
• orgnochandle
• orgtechhandle
• origin1
• otx octoseek
• outbreak
• override
• overview ip
• packed
• packing t1045
• parent domain
• passive dns
• password
• paste
• patcher
• path
• path pattern match
• pattern match
• payment
• pcap
• pdf broadcom
• pdf report
• pe32
• pe32 compiler
• pe32 executable
• pegasus
• pe resource
• persistence
• peter heather
• phishing
• phishing site
• phone
• phonenumber
• pingback
• pm lowfitrojan
• policy windows
• pornographer
• pornography
• port
• postal code
• post root
• powershell
• ppi useragent
• pragma
• prefetch1
• prefetch8
• premium
• presenoker
• privacy address
• privacy admin
• privacy city
• privacy country
• privacy invasion
• privacy tech
• privateloader
• privilege escalation
• probe
• problems
• process32nextw
• process details
• processes tree
• products id
• proxy
• prynt
• ptr record
• pulse pulses
• pulses
• pulse submit
• pulse use
• qakbot
• qbot
• quasar
• query
• raccoon
• ragnar locker
• ransom
• ransomexx
• ransomware
• raspberry robin
• read c
• record type
• record value
• redacted for
• redacted referrer
• redcap
• redirector
• redline stealer
• redlinestealer
• referrer
• regbinary
• regdword
• registrant fax
• registrar
• registrar abuse
• registrar arin
• registrar iana
• registrar of
• registry domain
• registry policy
• regsetvalueexa
• regsetvalueexw
• reimer
• relacionada
• related nids
• related pulses
• relayrouter
• relic
• remote attacks
• remote cnc
• reports
• report spam
• resolutions
• reverse dns
• rexxfield cyber
• riskware
• river.rocks
• roboto
• root ca
• roots
• round
• route
• rsa sha256
• runtime process
• russia unknown
• rust
• sabey
• safebae
• safe site
• sales
• sality
• sample
• sample path
• samplepath
• samples
• scan endpoints
• scheme
• script
• script domains
• script script
• script urls
• search
• select contact
• self
• september
• seraph
• server
• servers
• service
• service bs
• services
• serving ip
• set cookie
• sha1
• sha256
• shadowpad
• shell
• shell code
• shell commands
• show
• showing
• show process
• show technique
• show technique span
• siblings
• siblings domain
• sibot
• sides with
• silly
• site
• site kit
• site safe
• site top
• size
• slander
• slcc2
• smlb
• smokeloader
• snatch
• spammer
• span
• span a
• span span
• spyware
• ssl certificate
• startpage
• stateprovince
• status
• status code
• stealer
• stealthyness
• stix
• stop ransomware
• stopransomware
• strange
• strings
• subdomains
• subject
• subject billing
• subject key
• subject public
• submissions
• submit
• submitters
• summary
• summary iocs
• suppobox
• suricata
• survivor
• suspicious
• suspicious path
• swipper
• swisscom root
• switch dns
• swrort
• t1129
• t1140
• T1622 - Debugger Evasion
• tackle company
• tag manager
• tags none
• target
• targeting
• targets sa
• tcp syn
• team
• team google
• team proxy
• teams
• teams api
• tech email
• telnet login
• telnet root
• temp
• template
• text
• this
• threat
• threat analyzer
• threat network
• threat report
• threat roundup
• tiggre
• timestamp
• title
• title access
• title rexxfield
• tls web
• tmobile metro
• tofsee
• tools
• tracey richter
• tracker
• tracking
• traffic et
• traffic group
• transactional
• trim
• trojan
• trojanclicker
• trojan features
• trojanspy
• trojanx
• true defense
• trust
• tsara
• tsara brashears
• ttl value
• tulach
• t whois
• twitter
• type
• type data
• type name
• uaaa
• uk telco
• unicode text
• union
• unique
• united
• united kingdom
• united tls web
• unknown
• unknown url
• unlocker
• unruy
• unsafe
• upd4
• update p2p
• url
• url analysis
• url collection
• url http
• url https
• urls
• urls http
• urls https
• url summary
• urls url
• ursnif
• use collection
• us note
• utc
• utc google
• utc submissions
• utmsourcemailer
• v2 document
• v3 serial
• value0
• vawtrak
• ver2
• ver33
• veryhigh
• vidar
• vids1
• virtool
• virustotal
• voyeurism
• vps
• vs2013
• vs2013 upd4
• vt report
• waaa
• wacatac
• webcompanion
• web gateway
• webshell
• webtoolbar
• westlaw
• white cve
• whitelisted
• whois lookups
• whois record
• whois ssl
• whois whois
• who's driving
• widget
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win32mydoom feb
• win32upatre jan
• win64
• windir
• window
• windows
• windows nt
• worm
• wow64
• write
• write c
• writes a pe file header to disc
• writes data to a remote process
• x509v3
• x509v3 key
• xamzexpires300
• xamzexpires600
• xobo
• xor ddos
• xorddos
• xrat
• xtrat
• yaaa
• yapaxi
• yara detections
• yaxpax
• zbot
• zp6axi0
• zpevdo

MITRE ATT&CK TTPs

• T1003.008 - /etc/passwd and /etc/shadow
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1027.002 - Software Packing
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1030 - Data Transfer Size Limits
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036 - Masquerading
• T1037 - Boot or Logon Initialization Scripts
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.002 - AppleScript
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1065 - Uncommonly Used Port
• T1068 - Exploitation for Privilege Escalation
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1094 - Custom Command and Control Protocol
• T1095 - Non-Application Layer Protocol
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1112 - Modify Registry
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1123 - Audio Capture
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1176 - Browser Extensions
• T1179 - Hooking
• T1183 - Image File Execution Options Injection
• T1207 - Rogue Domain Controller
• T1210 - Exploitation of Remote Services
• T1213 - Data from Information Repositories
• T1215 - Kernel Modules and Extensions
• T1218 - Signed Binary Proxy Execution
• T1408 - Disguise Root/Jailbreak Indicators
• T1415 - URL Scheme Hijacking
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1467 - Rogue Cellular Base Station
• T1491 - Defacement
• T1497 - Virtualization/Sandbox Evasion
• T1503 - Credentials from Web Browsers
• T1504 - PowerShell Profile
• T1518 - Software Discovery
• T1546 - Event Triggered Execution
• T1562.001 - Disable or Modify Tools
• T1568 - Dynamic Resolution
• T1583.005 - Botnet
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0009 - Collection
• TA0011 - Command and Control
• TA0030 - Defense Evasion

Attack Log References

Whois Information