104.21.84.133 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.84.133 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Network: AS13335 cloudflare
• Noticed: 9 times
• Countries Attacked: Canada, Germany, United States of America
• Open Ports: 2082, 2083, 2086, 2087, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 11626

Tags

• aaaa
• a checkin
• adaptivebee
• address
• admin
• a domains
• agent tesla
• alexa
• alexa top
• algorithm
• all octoseek
• all search
• amazon 02
• anomalous file
• anonymizer
• appdata
• apple phone
• artemis
• as14061
• as15169 google
• as16625 akamai
• as20940
• as25577 ide
• as2914 ntt
• as35994 akamai
• as63949 linode
• as8068
• as9009 m247
• ascii text
• asn owner
• august
• azorult
• bangladesh
• bank
• banker
• binder
• bitrat
• blacklist http
• blacklist https
• body
• body length
• cascade
• cayman
• cdata
• certificate
• cisco umbrella
• class
• click
• cname
• cobalt
• cobalt strike
• code
• collections wow
• communicating
• contact
• contacted
• contacted ip
• contentencoding
• copy
• core
• country
• crack
• create c
• creation date
• critical
• cus cnr3
• dark power
• darpa
• data
• date
• dbatloader
• delete c
• detection list
• detections file
• dnssec
• domain robot
• domains
• downer
• download
• dridex
• dropper
• dtrack
• dynadot
• dynadot inc
• dynamicloader
• emails
• emotet
• entries
• error
• et tor
• et trojan
• execution
• exit
• expiro
• exploit
• fabookie
• facebook
• falcon sandbox
• file
• files
• final url
• findwindowa
• form
• formbook
• for privacy
• fuery
• gandi sas
• gecko
• general
• generator
• genkryptik
• gmt connection
• gmt contenttype
• godaddy online
• hacktool
• hashes c2ae
• hawkeye
• headers nel
• header target
• heur
• high
• highly targeted
• high process
• historical ssl
• hostnames
• html
• http
• http response
• hybrid
• indicator
• infected
• info
• info compiler
• injection t1055
• installcore
• installer
• intel
• internal
• internet se
• iobit
• iocs
• ioc search
• ionos se
• ip address
• ip detections
• ipv4
• javascript
• jfif
• jpeg image
• kb body
• key algorithm
• key identifier
• key info
• keylogger
• kgs0
• khtml
• kls0
• known tor
• less see
• local
• location canada
• lolkek
• lumma
• lumma stealer
• machine intel
• malicious
• malicious site
• maltiverse
• malware
• malware beacon
• malware site
• media center
• mediamagnet
• media player
• medium
• meta
• metro
• million
• mirai malware
• msie
• ms windows
• mtb oct
• music
• name
• name servers
• name verdict
• nanocore rat
• netherlands asn
• net technology
• netwire
• new ioc
• next
• node tcp
• number
• olet
• ollydbg
• organization
• otx octoseek
• outbreak
• parent referrer
• passive dns
• paste
• pattern match
• pe32
• pe resource
• phishing
• phishing site
• pictures
• point
• possible
• postal code
• privacy admin
• privacy tech
• products
• prynt
• prynt stealer
• psiusa
• public folder
• pulse pulses
• qakbot
• quasar
• quasar rat
• query
• ransomware
• rdds service
• read c
• record
• record value
• redacted for
• redline
• redline stealer
• referrer
• regbinary
• regdword
• registrant
• registrar
• regsetvalueexa
• relacionada
• related nids
• relayrouter
• remcos
• resolutions
• reverse dns
• riskware
• runescape
• safe site
• sality
• samples
• scan endpoints
• screenshot
• script
• search
• searchmeup
• sections
• september
• server
• service
• serving ip
• shell
• shell code
• show
• showing
• simda
• sinkhole cookie
• site
• slcc2
• small
• ssl certificate
• stateprovince
• status
• status code
• stealer
• strings
• subject public
• suspicious
• swrort
• t1055
• team
• teams api
• tech contact
• template
• threat
• threat analyzer
• threat roundup
• tor known
• tor relayrouter
• traffic
• trident
• trojan
• trojanspy
• trojanx
• tsara brashears
• twitter
• union
• unique
• united
• united kingdom
• unknown
• unlocker
• unruy
• unsafe
• url http
• url https
• urls
• urls http
• urls https
• ursnif
• utc entry
• v3 serial
• value snkz
• videos
• videosdewebcams
• virtool
• vs2008
• vs2008 sp1
• vs2010
• wacatac
• webshell
• webtoolbar
• whitelisted
• whois
• whois record
• whois service
• whois whois
• win32
• win32 exe
• win64
• windows nt
• wiper
• worm
• wow64
• write
• write c
• x8bxe5
• xpire.info
• yara detections
• yara rule
• zenbox
• zeppelin

MITRE ATT&CK TTPs

• T1027 - Obfuscated Files or Information
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1071 - Application Layer Protocol
• T1090 - Proxy
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1114 - Email Collection
• T1119 - Automated Collection
• T1560 - Archive Collected Data
• T1566 - Phishing

Passive DNS

• live.supplychaindigital.com

Attack Log References

Whois Information