104.47.18.74 Threat Intelligence and Host Information

Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.47.18.74 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

  • Mitre ATT&CK IDs: T1031 - Modify Existing Service, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1156 - Malicious Shell Modification, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, TA0011 - Command and Control

  • Tags: aaaa, accept, active, active threat, address, aig, akamai, all octoseek, android, a nxdomain, a poster, aposter, apple, apple attack, apple engineering, apple id, applenoc, as16625, as20940, as24940 hetzner, as58061 scalaxy, as714, attack, authority, backdoor, bahamut, bell south, bellsouth, body, body length, brian, brian sabey, briansabey, browse scan, brute force passwords, bundled, ca, canvas, cellbrite, china, cidr, ck id, ck matrix, class, click, cmd, cname, cobalt strike, communicating, config, contact, contacted, contentencoding, contextualizing, copy, create new, creation date, critical, crypto, cybercrime, cyber stalking, dashboard, dns replication, domain, domain entries, endpoints all, error, et, et cins, execution, expiration, falcon sandbox, false, fear, file, filehashmd5, filehashsha1, filehashsha256, final url, final url summary, forbidden, formbook, general, generator, germany, germany unknown, graph, hallrender, hashes files, headers nel, historical, hostname, http response, https, icefog, icloud, install, installer, iocs, ioc search, iocs kb, ipv4, ipv6, japan national police agency, jekyll, local, localappdata, mail spammer, malicious host, malvertizing, malware, masquerading, meta, metro, mitre, mitre att, mitre attk, mtsub26293293, name, name servers, national police agency japan, network, new ioc, next, no expiration, nuance, nxdomain, octoseek, passive dns, paste, pattern match, pcap, pdf report, pegasus, phishing, pulse use, quasar, record type, record value, referrer, reinsurance, relacion, relay, remote, resolutions, root, root ca, sabey, samples, sandbox, scalaxy, scan endpoints, script, search, serving ip, sha256, showing, show technique, simple, small, span, speakez securus, ssh on server, ssl certificate, ssl hostname, state, status codes, stix, strings, subdomains, subid, submit, submit quasar, tagging, teams api, temp, threat, threat analyzer, tofsee, tracker, tracking, trojan, tsara brashears, ttl value, tulach, united, United states, unknown urls, url http, url https, urls https, verdict, win32, workaposter, xobo

  • JARM: 2ad2ad0002ad2ad0002ad2ad2ad2adf9fdf4eeac344e8b5003264da73585be

  • View other sources: Spamhaus VirusTotal

  • Country: Netherlands
  • Network: AS8075 microsoft corporation
  • Noticed: 2 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Netherlands, United States of America
  • Passive DNS Results: hologatetest-com.mail.protection.outlook.com hct-dk.mail.protection.outlook.com in4matic-be.mail.eo.outlook.com covidtestalkmaar-nl.mail.protection.outlook.com covidtestakersloot-nl.mail.protection.outlook.com coronatestservice-nl.mail.protection.outlook.com domini-cat.mail.protection.outlook.com automuovikem.fi bipsbeira.org eur05.admin.protection.outlook.com www.bipsbeira.org hormann-fr.mail.protection.outlook.com dataction-com.mail.protection.outlook.com risomat-de.mail.protection.outlook.com assap-ad.mail.protection.outlook.com www.gepteszt.hu livecomb-com.mail.protection.outlook.com reviced-nl.mail.protection.outlook.com uk.mail.protection.outlook.com smitspt-nl.mail.protection.outlook.com brucity-be.mail.protection.outlook.com bluelinesoft-be.mail.protection.outlook.com passax-com.mail.protection.outlook.com student.smartsuriname.sr coronapassport-eu.mail.protection.outlook.com malyssesterima-be01i.mail.protection.outlook.com stepreply-xyz.mail.protection.outlook.com

Malware Detected on Host

Count: 12 de06ddae668350ee8cf888f4a99eda17dc4706072cd444d529b59eb923b2144d 98fa18ee6e3df02745019b2441e2438526f3a8b6b5fe954d761b5d7e3235dc56 1d54d92b0fa0f245de3b46c44077ac9ab867a2224b0485f108a90f9cd23be67a c18b149b28c1ae2d22e3588e6c3172833589ec3654fd0996a7b2744d8fa10624 b708b26829478153a0c4b6a9e768b5786cba4d43ef9c9a67a7cec3bbcfb4731e 382192f8e64db71c1fd7c60a1771aed98702112b79dedf14bad923852aebfbd4 3011717bc2b80f02450ad957fbab288c14becbdb632e5afa2c6263896ec2855f 40fcd5fd7161e3d87dcfbf5d76fd721ccb0c1a75a78f3246211eef858878e700 c0beae2405a13587a7f6c8769f60328e46903652527a04b0c60480942bad1a5d e32871a3a0c83847cb3e2f1eff7e789af3ef4c61f55f73e52c49e8aacb246e02

Open Ports Detected

25 443 80

Map

Whois Information

Links to attack logs

****** ****** ******

Share on: