104.21.14.224 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.14.224 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 57/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 28 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 2

Tags

• 443 ma2592000
• aaaa
• access
• active threats
• address
• adload
• a domains
• adult content
• adware
• adwind
• agency
• agent
• agent tesla
• aig.com
• aig.rastreator.mx
• alerts
• alexa
• alexa top
• all octoseek
• all search
• amadey
• amazon02
• amazonaes
• analysis date
• android
• apple
• apple ios
• apple phone
• apple private
• april
• artemis
• artro
• as13789
• as14061
• as15169 google
• as16276
• as16625 akamai
• as206834 team
• as20940
• as22075
• as2914 ntt
• as3209 vodafone
• as3257 gtt
• as397240
• as46606
• as54113
• as54990
• as6185 apple
• as61969 team
• as62597 nsone
• as62729
• as63949 linode
• as6453 tata
• as6461 zayo
• as714 apple
• as7843 charter
• as797 att
• as8075
• ascii text
• asp.net
• asyncrat
• august
• australia
• author
• available from
• av detections
• awful
• azorult
• backdoor
• bandit stealer
• bank
• banker
• bankerx
• b body
• bing ads
• blacklist
• blacklist https
• body
• body length
• bot networks
• bouvet island
• brashears
• brian
• brian sabey
• caddywiper
• canada unknown
• charles
• chrome
• cisco umbrella
• citadel
• ck id
• ck matrix
• class
• cleaner
• click
• cloudflarenet
• cname
• cobalt strike
• code
• collections
• com laude
• communicating
• compiler
• conduit
• conhost
• contact
• contacted
• contacted urls
• contact phone
• contentencoding
• content type
• copy
• copyright c
• core
• corp
• covid19
• cpm fun
• cpm network
• crack
• created
• creation date
• critical
• crypt
• crypto
• csc corporate
• cyber crime
• cyber criminal
• cyberstalking
• cyber threat
• cyber warfare
• cymulate
• dark
• data collection
• date
• date hash
• date sat
• december
• decode
• defence
• defense
• denied trackers
• detection list
• detections type
• disability
• djvu
• dns
• dnspionage
• dns replication
• dnssec
• document
• document file
• domain
• domains
• domains domain
• domains ii
• domain status
• downldr
• download
• downloader
• dropped
• dropper
• dtamlb
• dynadot
• dynamicloader
• elderly
• email
• emotet
• encrypt
• engineering
• entries
• error
• etpro malware
• exe32
• execution
• expiration date
• expiressat
• exploit
• express
• facebook
• fakealert
• february
• filehash
• filehashsha256
• files
• filetour
• file type
• final url
• first
• flubot
• formbook
• for privacy
• found
• france unknown
• fraud
• fraud services
• fusioncore
• gandcrab
• gandcrab dns
• gandi sas
• general
• generator
• generic
• generic malware
• germany
• germany unknown
• getcursor getdc
• gmt contenttype
• gmt server
• goldfinder
• goldmax
• gone
• google
• google safe
• graph community
• greatcall
• gvb gelimed
• hacktool
• hallrender
• hashes
• hashes hashes
• hasty hacker
• head body
• header intel
• headers
• headers date
• headers nel
• health phone
• heur
• highly targeted
• historical ssl
• home pg
• hostname
• hostnames
• html info
• http
• http response
• hybrid
• ids detections
• iframe
• info
• info compiler
• installcore
• installer
• installing
• intel
• intellectual property theft
• internet domain
• iocs
• ios
• ip address
• ip addresses
• ip summary
• ip sun
• ipv4
• ireland unknown
• j490s6lkpppw
• january
• japan
• javascript
• jpeg
• june
• kb body
• keylogger
• killav
• length
• lfqprnkje8dni0
• link library
• list
• lively
• local
• localappdata
• location united
• lockbit
• logistics
• lokibot
• lolkek
• lookup
• ltd dba
• m
• macho restore
• macintosh disk
• main
• malicious
• malicious file transfers
• malicious site
• malvertizing
• malware
• malware site
• malware stealer trojan evader
• march
• markmonitor
• masquerade
• maui ransomware
• maxage31536000
• maze
• mb super
• meta
• meta name
• metro
• Miles IT
• million
• milton keynes
• miner
• mitre
• mk14
• modified
• monitoring
• month ago
• months ago
• moved
• msclkidn
• msie
• ms visual
• ms windows
• ms word
• name
• namecheap inc
• name md5
• name server
• name servers
• name verdict
• nanocore
• network
• new relic
• next
• nimda
• nircmd
• njrat
• nokoyawa
• noname057
• none related
• north wales
• nr-data.net
• nymaim
• october
• open
• opencandy
• optimizer
• origin1
• otx octoseek
• packed
• parent domain
• passive dns
• password
• paste
• patcher
• path
• pe32 compiler
• pe32 executable
• pe resource
• phishing
• phishing site
• pornography
• postal code
• post root
• powershell
• prefetch1
• prefetch8
• premium
• presenoker
• privacy invasion
• privacy tech
• privateloader
• privilege escalation
• probe
• problems
• processes tree
• products id
• pulse pulses
• pulse submit
• qakbot
• qbot
• quasar
• query
• raccoon
• ransom
• ransomexx
• ransomware
• rebel ltd
• record type
• record value
• redacted for
• redirector
• redline
• redline stealer
• referrer
• registrant fax
• registrar abuse
• reimer
• relacionada
• related pulses
• relic
• remote attacks
• report spam
• resolutions
• riskware
• river.rocks
• root ca
• round
• rsa sha256
• runtime process
• sabey
• safebae
• safe site
• sality
• sample
• sample path
• samplepath
• samples
• sat dec
• sat jun
• scan endpoints
• scheme
• script
• search
• self
• september
• seraph
• server
• servers
• service
• service bs
• serving ip
• sha1
• sha256
• shell code
• shell commands
• show
• showing
• show process
• siblings
• siblings domain
• sibot
• sides with
• site
• size
• smlb
• snatch
• specialist
• spyware
• ssl certificate
• startpage
• status
• status code
• stealer
• strings
• submitters
• summary
• summary iocs
• sun jan
• suppobox
• swisscom root
• switch dns
• swrort
• t1140
• tag manager
• tags
• tags none
• target
• targeting
• team
• temp
• text
• threat
• threat network
• threat report
• threat roundup
• tiggre
• title
• title access
• title charles
• tmobile metro
• tofsee
• tracker
• tracking
• trojan
• trojanx
• true defense
• trust
• tsara
• tsara brashears
• ttl value
• tue nov
• tulach
• t whois
• twitter
• type
• type data
• type name
• unicode text
• united
• united kingdom
• unknown
• unlocker
• unruy
• unsafe
• upd4
• url analysis
• url collection
• url http
• url https
• urls
• urls http
• urls https
• url summary
• urls url
• ursnif
• use collection
• utc google
• utc submissions
• utmsourcemailer
• v2 document
• vawtrak
• ver2
• ver33
• vidar
• vids1
• view charles
• virtool
• vs2013
• vs2013 upd4
• wacatac
• webcompanion
• web gateway
• westlaw
• whitelisted
• whois record
• whois whois
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win32mydoom feb
• win32upatre jan
• win64
• windir
• wiza meta
• worm
• write
• writes a pe file header to disc
• xamzexpires600
• xrat
• xtrat
• yara detections
• zpevdo

MITRE ATT&CK TTPs

• T1003.008 - /etc/passwd and /etc/shadow
• T1005 - Data from Local System
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1027.002 - Software Packing
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1043 - Commonly Used Port
• T1056.001 - Keylogging
• T1057 - Process Discovery
• T1059.002 - AppleScript
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1065 - Uncommonly Used Port
• T1068 - Exploitation for Privilege Escalation
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1088 - Bypass User Account Control
• T1094 - Custom Command and Control Protocol
• T1095 - Non-Application Layer Protocol
• T1105 - Ingress Tool Transfer
• T1110.002 - Password Cracking
• T1112 - Modify Registry
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1176 - Browser Extensions
• T1179 - Hooking
• T1183 - Image File Execution Options Injection
• T1215 - Kernel Modules and Extensions
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1491 - Defacement
• T1497 - Virtualization/Sandbox Evasion
• T1583.005 - Botnet
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0009 - Collection
• TA0011 - Command and Control

Passive DNS

• masky.com.tr

Whois Information