104.21.64.137 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.64.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 55/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 9 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 2096, 443, 80, 8080, 8443, 8880
• Tor Node: No

Tags

• 114.114.114.114
• aaaa
• accept
• active related
• added active
• address range
• a div
• adobe portable
• adversaries
• agent
• alerts
• algorithm
• all ipv4
• allocation type
• amer
• america asn
• america flag
• analysis
• analysis date
• april
• as16509
• ascii text
• asn as18693
• asn as57033
• asn as63949
• august
• aurora
• australia
• authority
• auto-generated security
• available from
• avast avg
• av detections
• babylon
• backdoor
• bad actor
• bad traffic
• bill
• billing
• binary file
• body
• body html
• british virgin
• ca certificate
• ca creation
• canada flag
• canada hostname
• canada unknown
• cat ozerossl
• ca validity
• certificate
• cgb stgreater
• checks system
• china
• cidr
• ck id
• ck ids
• ck matrix
• ck techniques
• classinfobase
• click
• cloudfront x
• cnamazon rsa
• cname
• cngo daddy
• cnsectigo rsa
• cnzerossl ecc
• code
• colors
• command
• command decode
• connection
• consent plugin
• contact
• contacted hosts
• content length
• content type
• control ta0011
• copy
• copy md5
• copy sha1
• copy sha256
• country name
• cph50 c2
• created
• creation date
• csc corporate
• cus oamazon
• cus starizona
• cus stcolorado
• cybota
• czechia unknown
• data
• datacrashpad
• data upload
• date
• date checked
• date hash
• date sat
• ddos
• default
• defense
• defense evasion
• delphi
• deny
• destination
• dga domain
• dga domains
• directui
• discovery
• div div
• dns resolutions
• dnssec
• dock
• document format
• domain
• domain add
• domain address
• domain name
• domain related
• domains
• domain secure
• domains show
• domain status
• download
• dynamic
• dynamicloader
• edge
• element
• email
• emails
• encrypt
• enigma
• enom
• entity amazon4
• entries
• entries pe
• entries related
• e oct
• error
• et info
• evasion ta0005
• execution
• execution att
• expiration date
• extraction
• extra data
• facts dga
• failed
• failure
• falling
• file
• filehash
• filehashmd5
• filehashsha256
• files
• file score
• files domain
• files location
• files related
• files show
• find
• flag
• flag united
• forbidden
• format
• for privacy
• found
• foundry
• from win32bios
• full
• g2 tls
• g2 validity
• gdpr cookie
• gecko
• general
• getclassinfoptr
• get http
• gmt cache
• gmt content
• gmt contenttype
• gmt ifnonematch
• gmt pragma
• google safe
• gtmkvjvztk dl
• h1 center
• hacktool
• hallrender
• handle
• high
• hong kong
• hostname
• hostname add
• hours ago
• html document
• html internet
• http
• hybrid
• iana id
• icmp
• icmp traffic
• ids detections
• igmp
• include review
• indicator
• indicator facts
• indicator role
• info
• informative
• insert
• intel
• internalname
• invalid url
• ip address
• ipv4
• ipv4 add
• ireland
• islands flag
• italy unknown
• javascript src
• jeff
• june
• key algorithm
• key identifier
• key info
• khtml
• launcher
• learn
• learn xml
• less whois
• list planting
• live
• llc registry
• llc status
• local
• location united
• look
• lowfi
• m03 validity
• malware
• markmonitor
• markus
• maxage34214400
• md5 add
• media
• medium
• medium risk
• metro
• mh may
• mitre att
• module load
• moved
• movie
• mozilla
• msie
• msr jul
• ms windows
• mtb apr
• mtb aug
• mtb jun
• mtb may
• mutexes nothing
• my health
• name redacted
• name server
• name servers
• name tactics
• n bethseda
• n data
• network name
• next
• next associated
• none file
• nothing
• null
• number
• oc0006
• oc0006 http
• ogoogle trust
• org data
• packing t1045
• palantirfoundry
• passive dns
• path
• pattern match
• pdf document
• pe32
• pentagon
• pe resource
• persistence
• pe section
• phi
• pii
• port
• post http
• post method
• powershell
• present apr
• present aug
• present feb
• present jan
• present jul
• present jun
• present mar
• present may
• present nov
• present sep
• privacy city
• privacy country
• protocol
• pulse pulses
• pulses
• pulses none
• pulse submit
• pulses url
• python
• ransom
• read c
• record type
• record value
• redacted for
• refresh
• registrar
• registrar abuse
• registrar url
• related nids
• related pulses
• related tags
• report spam
• request
• research
• resolved ips
• response
• restart
• results aug
• results oct
• reverse dns
• rgba
• rl add
• roboto
• role title
• rsa sha256
• russia
• sabey type
• sameorigin
• script script
• search
• se bethseda
• secure
• secure server
• self
• server
• server response
• servers
• sha1
• sha256
• sha256 add
• show
• showing
• show process
• show technique
• site ca
• size
• source source
• span
• spawns
• ssl certificate
• starfield
• state
• status
• storage
• stream
• strings
• sub domain
• subject public
• submit url
• suricata ipv4
• suricata udpv4
• susp
• suspicious
• t1045
• t1055.015
• t1057
• t1071
• t1105
• t1480
• ta0004 defense
• ta0007 command
• themida
• thread local
• title
• title added
• title error
• tls handshake
• tlsv1
• tools
• tool transfer
• top destination
• top source
• tre att
• trojan
• trojandropper
• ttl value
• tucows domains
• tulach
• twitter
• type
• type data
• type indicator
• typ no
• uchealth
• uchealth app
• ukraine
• united
• united kingdom
• unknown
• unknown aaaa
• unknown ns
• upxoepplace
• urgent care
• url add
• url analysis
• url data
• url hostname
• url http
• url https
• urls
• user agent
• uss c
• usvw
• usvwu
• v3 serial
• validity
• verify
• virtool
• whois registrar
• whois server
• win32
• win32upatre apr
• win64
• windows nt
• wininet c0005
• write
• write c
• x509v3 subject
• x cache
• x frame
• x powered
• yara
• yara detections

MITRE ATT&CK TTPs

• T1003.008 - /etc/passwd and /etc/shadow
• T1027 - Obfuscated Files or Information
• T1036 - Masquerading
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055.012 - Process Hollowing
• T1055.013 - Process Doppelgänging
• T1055.014 - VDSO Hijacking
• T1055 - Process Injection
• T1057 - Process Discovery
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1105 - Ingress Tool Transfer
• T1110.002 - Password Cracking
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1210 - Exploitation of Remote Services
• T1457 - Malicious Media Content
• T1480 - Execution Guardrails
• T1483 - Domain Generation Algorithms
• T1518 - Software Discovery
• T1553 - Subvert Trust Controls
• T1562 - Impair Defenses
• T1568 - Dynamic Resolution
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1590 - Gather Victim Network Information

Passive DNS

• 33425.photo

Whois Information