134.209.79.108 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 134.209.79.108 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Network: AS14061 digitalocean llc
• Noticed: 45 times
• Protocols Attacked: SSH
• Countries Attacked: Australia, China, France, Germany, Hong Kong, Japan, Netherlands, Saudi Arabia, Singapore, United Kingdom of Great Britain and Northern Ireland, United States of America, Virgin Islands British
• Open Ports: 22
• Tor Node: No
• Associated Malware Samples: 91

Tags

• 114.114.114.114
• 1996
• 1b@ssl.com
• 2nd corintnthians 4:8-9
• 707713
• aaaa
• abuse
• abuse contact
• accept
• accept ch
• access
• activity
• activity dns
• address
• admin country
• a domains
• adult content
• advocate
• adware
• adware affiliate
• aes256gcm
• af81 http
• agent
• agent tesla
• ah6itbtgl
• aig
• akamaias
• alerts
• alexa
• alexa top
• algorithm
• alibaba cloud
• alive
• allegations
• all octoseek
• all search
• all txt
• alohatube
• amadey
• amazon02
• amazonaes
• america asn
• analyze
• and china
• android
• android overlay
• anomalous_deletefile
• anomalous file
• antidebug_guardpages
• anti-detection
• antivirus
• antivm_generic_disk
• a nxdomain
• apb
• api
• apple
• apple as714
• apple as8075
• apple gateway
• apple id
• appleid
• apple ios
• apple private
• apple private data collection
• apple script
• april
• argon data
• artemis
• artro
• AS 10975 (NET-AIG) US
• as11042
• as133618
• as134175 unit
• as13768 aptum
• as14061
• as15169 google
• as16509
• as19237 omnis
• as19527 google
• as19905
• as20068 hawk
• as212913 fop
• as22169 omnis
• as22489
• as23724
• as29066 host
• as29580 a1
• as35280 acorus
• as38365 beijing
• as393601 state
• as397240
• as397241
• as41231
• as4134 chinanet
• as41357
• as43350 nforce
• as44273 host
• as47846
• as4808 china
• as4812 china
• as4837 china
• as49453
• as54113
• as55286
• as60558 phoenix
• as61969 team
• as63949 linode
• as6461 zayo
• as6724 strato
• as7018 att
• as7922 comcast
• as8075
• as8866
• ascii text
• asnone
• asnone united
• asp.net
• assault
• assaulted
• assaulter
• asyncrat
• attack
• Attack origin: United States
• attacks
• august
• autodesk flic
• autoit
• autoit windows
• automation tool
• autorun
• available from
• awful
• azorult
• azorult cnc
• baaa
• back
• backdoor
• bam
• bam.nr-data.net
• bangladesh
• bank
• banker
• bankerx
• BankerX
• bat
• b body
• bbonline uk
• beijing
• beijing baidu
• benjamin
• benjamin c
• beta version
• binary
• bitcoin
• black
• blackbag
• blacklist
• blacklist https
• body
• body doctype
• body length
• boolean
• bootstrap@4.6.2
• Botnet
• botnet campaign
• bradesco
• brian
• brian sabey
• brontok
• browse scan
• b.scope
• bt6lcuigydc9yc
• bundled
• bypass_firewall
• c-67-181-73-197.hsd1.ca.comcast.net
• ca1 odigicert
• caaa
• caca
• caca4baaa
• cacf
• caea
• cams
• capture
• car bomb threats
• castle pines
• cc no
• cellbrite
• cellebrite
• cellebrite ufed
• certificate
• certsentry
• chaos
• checkbox
• check in
• china
• china as4134
• china telecom
• china unknown
• chinese
• chrome
• ciphersuite
• cisco umbrella
• civil rights
• ck id
• ck matrix
• class
• click
• close
• cloudflarenet
• cloud marketing
• cmstp
• cname
• cnc
• cndigicert sha2
• cobalt strike
• code
• collect contacts
• collection
• colorado
• comcast tmobile
• command and control
• command_and_control
• communicating
• communication
• community score
• components
• computing
• comspec
• confed
• connection
• contact
• contacted
• contacted urls
• contact email
• contact made by mark brian sabey
• contact made by o'dea
• contact phone
• content reputation
• content type
• continent na
• cookie
• copy
• core
• corruption
• country
• country us
• cover up
• create c
• create new
• creation date
• critical
• crlf line
• crypto
• cryptowall
• csc corporate
• csv order
• cus cndigicert
• cus cnr3
• cus ou
• cus stnew
• customer
• CVE-2016-7255
• CVE-2017-0147
• CVE-2017-11882
• CVE-2017-17215
• CVE-2017-8570
• CVE-2018-0802
• cve202322518
• cyber stalking
• cyber threat
• daisy coleman
• dalles
• dangerous
• dark
• dark power
• data
• data center
• data collection
• data.net
• date
• date sat
• dcom
• dead
• debugger evasion
• december
• decode
• decrypt
• defacement
• default
• defender
• defense
• defense entity fraud?
• defense evasion
• delete
• delete c
• delphi
• desktop
• detection list
• detections type
• dga
• dga domains
• digitaloceanasn
• disables_windowsupdate
• discord
• discovery
• dns
• dns lookup
• dns replication
• dns resolutions
• dnssec
• dock
• document file
• domain
• domain name
• domainname0
• domain privacy
• domain related
• domain robot
• domains
• domains dropped
• domainsite
• domain status
• domain xn
• domestic cyber terrorism
• dos executable
• douglas county
• download
• drop
• dropbox
• dsp1
• ducktail
• duo insight
• dynadot llc
• dynamic
• dynamic_function_loading
• dynamicloader
• ec oid
• elf wgetboat
• email
• email abuse
• emails
• emotet
• encrypt
• endpoints all
• engineering
• enter
• entity
• entries
• entrust
• eqsray
• error
• et
• eternalblue
• et exploit
• eva reimer
• evasion
• evasive
• evilnum
• excel
• executable
• execution
• exodus
• expiration
• expiration date
• expl
• exploit
• facebook
• factory
• falcon
• falcon sandbox
• false
• february
• feeds ioc
• fexp24007246
• fh no
• file
• file execution
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• files domain
• files location
• final
• final url
• firehol
• first
• fjlsedauv
• florence co
• floxif
• f no
• forbidden
• form
• formbook
• for privacy
• framing
• full name
• gandcrab
• gandi sas
• gecko
• general
• generic
• generic flags
• generic malware
• generic windos
• germany unknown
• get autoit
• get dns
• get http
• get na
• getprocaddress
• global g2
• global rank
• gmbh
• gmo
• gmo internet
• gmt content
• gmt setcookie
• goldfinder
• goldmax
• google
• google llc
• google tag
• gootloader
• goreasonlimited
• go.sabey
• graph api
• graph community
• green
• group
• guard
• hacking
• hacktool
• hallrender
• Hall Render
• harassment
• harstel
• hashes
• headers
• headers date
• heur
• hidden privacy
• high
• highly targeted
• hijacking
• historical
• historical ssl
• history first
• hong kong
• hostile
• hostname
• hostnames
• house.mo.gov
• hr rtd
• html info
• http
• http method
• http request
• http_request
• http requests
• http response
• https://lawlink.com/documents/10935/blackbag-technologies-announ
• human rights
• hybrid
• iana id
• icann whois
• icloud
• id
• identifier
• identity theft
• ieudinit
• iframe
• import
• incapsula
• indicator
• infection source
• info
• info header
• infor
• infrastructure
• ingestion time
• injection_create_remote_thread
• injection_inter_process
• installation
• installcore
• installer
• insurance company
• intel
• interfacing
• internet
• iocs
• ioc search
• iocs quasar
• ionos se
• ios
• ip address
• ip detections
• ip summary
• ip traffic
• ipv4
• ireland
• ireland unknown
• issuer
• jansky
• january
• javascript
• jeffrey reimer dpt
• Jeffrey reimer dpt assault case
• jeffrey reimer pt
• jekyll
• js user
• june
• jxaavf4jnzza0
• kb body
• keepaliveyes
• key algorithm
• key identifier
• key info
• keylogger
• keysystems gmbh
• khtml
• kimsuky
• l1k validity
• label netaig
• language
• latest
• law enforcement aware complacent or complicit?
• lawlink@2x.svg
• legal
• legal entities
• libel
• limited
• link
• link library
• lmenlo park
• loader
• local
• localappdata
• location dublin
• location united
• lockbit
• login
• loki bot
• looquer
• love
• lowfi
• lumma stealer
• m892175
• mail spammer
• major
• makop
• malicious
• malicious malware
• malicious prosecution
• malicious site
• maltiverse
• malvertizing
• malware
• malware beacon
• malware hosting
• malware http
• malware infection
• malware site
• march
• mark
• mark brian sabey
• mark sabey
• masquerading
• matrix
• maze
• media center
• medical malpractice fraud
• medium
• meekserver
• meta
• metro
• metro tmobile
• mhkz
• microsoft
• midia-4
• million
• mimikatz
• mirai
• missouri
• mitre att
• model
• modify_proxy infostealer_cookies
• module load
• monitoring
• month
• moved
• msdos
• ms-dos executable
• ms excel
• msf style
• msie
• msr jan
• ms windows
• mtb dec
• mtb feb
• mtb jan
• multi
• multiple_versions
• multiru
• mvi2
• mydoom
• n1822
• name
• namecheap inc
• namecheapnet
• name md5
• name servers
• namesilo
• name verdict
• nanocore
• nat32
• netcom science
• netherlands
• netlify
• netlify edge
• network
• network ascii text
• network_http
• networks
• new ioc
• new york
• next
• njrat
• no expiration
• no match
• noname057
• norad.mil
• norad tracker
• no security
• november
• nr-data.net
• NSA tool Tulach malaware
• nsyt
• null
• number
• nxdomain
• nymaim
• observed dns
• observed email
• obz4usfn0 http
• october
• odigicert inc
• oentrust
• office open
• olet
• ometa platforms
• online sas
• open
• opencandy
• openioc
• open paste
• open ports
• orgid1054
• otx octoseek
• otx telemetry
• override
• page
• parallax rat
• parent domain
• parent referrer
• parking crew
• passive dns
• password
• paste
• patch
• path
• path pattern match
• pattern match
• payment
• pcap
• pd
• pdf cellebrite
• pdf community
• pdf report
• pe
• pe32
• pegasus
• pegatech
• pe resource
• persistence
• persistence_autorun
• phishing
• phishing site
• phonenumber
• physical attacks
• pine street
• playgame
• plesklin
• pony
• popularity
• pornhub
• portugal
• possible
• postal code
• powershell
• powershell_download
• powershell_request
• pragma
• preemptive policing
• prefetch8
• privacy inc
• private investigator
• privateloader
• privilege
• privilege abuse
• privilege https
• probe
• probe ms17010
• problems
• process32nextw
• procmem_yara
• protect
• prynt
• psiusa
• pty ltd
• pulse
• pulse pulses
• pulses
• pulse submit
• pulse use
• push
• python
• qakbot
• qbot
• quasar
• quasar rat
• query
• quoth
• racism
• rank position
• ransom
• ransomexx
• ransomware
• rat
• raven
• read c
• recon
• record type
• record value
• redacted for
• redir
• redline stealer
• red team
• referrer
• regdword
• registrar
• registrar abuse
• registrar iana
• registrarsafe
• registrar url
• registrar whois
• registry arin
• registry domain
• registry keys
• regsetvalueexa
• relacionada
• related nids
• related pulses
• remcos
• remcos rat
• remote
• remote attack
• remote cnc
• reports
• resolutions
• responder
• retaliation
• revenge
• reverse dns
• rgba
• riskware
• roboto
• roundup
• ruen
• runescape
• runtime process
• russia unknown
• rust
• rwi dtools
• sabey
• safebae
• safe site
• sameorigin
• sample
• samples
• sa victim
• scammer
• scan endpoints
• scanning_host
• scheme
• script
• script domains
• script urls
• search
• searchbox0
• september
• server
• servers
• service
• serving ip
• setup
• severe
• sexism
• sha1
• sha256
• shanghai
• sharecare
• shared
• sherida
• show
• showing
• show technique
• show technique span
• siblings
• siblings domain
• sibot
• sign up
• silencing
• silly
• simda
• site
• skynet
• slcc2
• smbds ipc
• smokeloader
• soa nxdomain
• social engineering
• source
• spammer
• spyeye
• spying
• spyware
• ssl certificate
• st201601152
• startpage
• state
• state actors
• status
• status code
• stcalifornia
• stealer
• stealthyness
• stix
• stopransomware
• strings
• style
• subdomains
• subject key
• subject public
• submission
• submissions
• submitters
• sum35
• summary
• summary iocs
• suppobox
• survivor
• susp
• suspicious c2
• swatting
• sweetheart videos
• system46606
• system information discovery
• t1063
• t1129
• T1622 - Debugger Evasion
• tactics
• tag count
• target
• targeting
• targets sa
• taskscheduler
• team
• teams
• teams api
• tech
• tech email
• technology
• text
• thebrotherssabey
• threat
• threat analyzer
• threat network
• threat report
• threat roundup
• threats
• title
• tjprojmain
• tls rsa
• tlsv1
• tofsee
• tompc
• tools
• tracking
• traffic
• trim
• trojan
• trojandropper
• trojan type
• trojanx
• tsara brashears
• ttl value
• tucows
• tucows domains
• tulach
• twitter
• type
• type name
• typosquatting
• uaaa
• uchealth
• ufed4pc
• ufed iphone
• ufed release
• unclejohn
• unicode text
• unified layer
• union
• united
• united kingdom
• university of cincinnati health
• unknown
• unknown origin
• unlocker
• unlock phone
• unsafe
• untitled states
• url
• url analysis
• url http
• url https
• urls
• urls http
• urls https
• urls latest
• url summary
• urls url
• ursnif
• usage
• us autonomous
• useragent
• users voice
• utc
• utc aw741566034
• utc redirection
• utc submissions
• utf8
• v2 document
• v3 serial
• vanilla-lazyload@12.0.0
• vary
• vbs
• verified
• veryhigh
• victim
• view
• virgin islands
• virtool
• virustotal
• vista event
• vt graph
• vt report
• waaa
• wagersta
• wannacry
• wc3 rpg
• webtoolbar
• week rank
• when
• whois
• whois database
• whois lookup
• whois record
• whois ssl
• whois sslcert
• whois whois
• who's driving
• widget
• win32
• win32 dll
• win32 dynamic
• win32 exe
• win32mydoom jan
• win64
• windir
• windows nt
• wininit
• win.trojan
• workers compensation
• worm
• wow64
• write
• write c
• writeconsolea
• writes data to a remote process
• x509v3 extended
• x509v3 key
• xcitium verdict
• xml document
• xml spreadsheet
• xml title
• xmrig
• xobo
• xpcegvo2adsnq
• xport
• x ua
• yaaa
• yara detections
• yara rule
• yixun tool
• zip blaze

MITRE ATT&CK TTPs

• T1001.003 - Protocol Impersonation
• T1001 - Data Obfuscation
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036 - Masquerading
• T1037 - Boot or Logon Initialization Scripts
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.002 - AppleScript
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1095 - Non-Application Layer Protocol
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1112 - Modify Registry
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1122 - Component Object Model Hijacking
• T1129 - Shared Modules
• T1134.001 - Token Impersonation/Theft
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1158 - Hidden Files and Directories
• T1184 - SSH Hijacking
• T1207 - Rogue Domain Controller
• T1210 - Exploitation of Remote Services
• T1213 - Data from Information Repositories
• T1218 - Signed Binary Proxy Execution
• T1408 - Disguise Root/Jailbreak Indicators
• T1410 - Network Traffic Capture or Redirection
• T1415 - URL Scheme Hijacking
• T1416 - URI Hijacking
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1444 - Masquerade as Legitimate Application
• T1445 - Abuse of iOS Enterprise App Signing Key
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1453 - Abuse Accessibility Features
• T1460 - Biometric Spoofing
• T1467 - Rogue Cellular Base Station
• T1491 - Defacement
• T1497.002 - User Activity Based Checks
• T1497 - Virtualization/Sandbox Evasion
• T1505.001 - SQL Stored Procedures
• T1518 - Software Discovery
• T1523 - Evade Analysis Environment
• T1543 - Create or Modify System Process
• T1546.015 - Component Object Model Hijacking
• T1546 - Event Triggered Execution
• T1548 - Abuse Elevation Control Mechanism
• T1560 - Archive Collected Data
• T1562.003 - Impair Command History Logging
• T1562 - Impair Defenses
• T1563 - Remote Service Session Hijacking
• T1566 - Phishing
• T1569 - System Services
• T1573 - Encrypted Channel
• T1583.005 - Botnet
• T1584.005 - Botnet
• T1588.004 - Digital Certificates
• T1588 - Obtain Capabilities
• TA0001 - Initial Access
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0011 - Command and Control
• TA0030 - Defense Evasion

Associated CVEs

• CVE-2007-2768

Passive DNS

• andherecomesthesunshop.com

Attack Log References

Whois Information