134.209.194.210 Threat Intelligence and Host Information

Mar 17, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 134.209.194.210 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1046 - Network Service Scanning, T1059.006 - Python, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1078 - Valid Accounts, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1114 - Email Collection, T1136 - Create Account, T1190 - Exploit Public-Facing Application, T1505.003 - Web Shell, T1552.001 - Credentials In Files, T1552 - Unsecured Credentials, T1583.005 - Botnet, T1595.002 - Vulnerability Scanning

  • Tags: added active, androxgh0st, attackpatterns, august, behavior, contacted, contacted urls, core, cybox, cyboxcommon, execution, filehashmd5, filehashsha1, filehashsha256, fileobj, hash, indicator, known, lockbit, malware, march, persistence, python, referrer, related pulses, role title, search, simplehashvalue, ssl certificate, stix, threat roundup, title, type indicator, url http, url https, whois record

  • JARM: 29d29d15d29d29d00029d29d29d29dea0f89a2e5fb09e4d8e099befed92cfa

  • View other sources: Spamhaus VirusTotal

  • Country: Netherlands
  • Network: AS14061 digitalocean llc
  • Noticed: 2 times
  • Protocols Attacked: SSH
  • Passive DNS Results: eu.guzelhosting.com normal-knife.auto.playit.gg defective-experience.auto.playit.gg crooked-wash.auto.playit.gg miniature-car.auto.playit.gg bored-baby.auto.playit.gg brainy-example.auto.playit.gg tasty-comfort.auto.playit.gg pleasant-ant.auto.playit.gg melted-advertisement.auto.playit.gg ams1.playit.gg dawidservers.tk solaiman-el-bacha-1.testingwebshop.nl

Malware Detected on Host

Count: 13 ca1fc9c7c23eafd4c58a71e1da6be984930b4d0659e283c30745016bb138ee2a cac51dd15c70e3384a980f5b662a7e055ebf4ec3f6a0fc7f4405bf63f648e240 c9e5ede0698ce6d68cb584808d312f372ccae016a0ab1e015794ea6248348c54 5168c572e69b3f0a5742e12e645eeefedf6c00b377540fc9ce5cff38169ccb19 eb946e214d37d38b6df65de0700a3d93da70c07c17676613091ee18b20d05c6d 14328b183d5a90f35be5163fb6fc95d71ddcb091e567855bd9f0453506042254 f47212d9d7004a0f383720859f5bef4efe3c41a6995be7592d7b437dc5ce1b24 cba86739984b675dcf15e3d5cecc37dbbc957e3a2e0c1f88f22534b487692359 3a7c1ed801412b51146a7359c749f0649a77a08b09c7c73321cdd49f0b179b57 cc977159af417c3488d5477fcc783edb16e8a2f0398f29a7472f88af249da35c

Open Ports Detected

111 2083 2086 2087 3306 443 53 587 80

Map

Whois Information

Links to attack logs

****** ****** ******

Share on: