170.64.214.142 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 170.64.214.142 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 57/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 6 times
• Protocols Attacked: ssh
• Tor Node: No

Tags

• a167
• aaaa
• abuse contact
• accept
• actionlistccc
• active related
• added active
• admin city
• a domains
• ad soyad
• algorithm
• alienvault
• america
• america flag
• apache
• arizona create
• available from
• backdoor
• body
• body doctype
• bq may
• brian sabey
• Bruteforce
• Brute-Force
• c0002 wininet
• c0014
• canada
• capture
• catalog tree
• cat ozerossl
• cevab
• checkin
• city
• ck ids
• cname
• cnzerossl rsa
• code
• contact phone
• content length
• content type
• copy
• countries
• country
• country name
• created
• creation date
• data
• datacrashpad
• date
• days ago
• delete c
• denmark
• devam
• df bit
• dicator role
• dns resolutions
• domain
• domain add
• domain name
• domain secure
• downloads
• edge
• email
• encrypt
• entries
• error
• expiration date
• expiry date
• fa c7
• false
• fastly error
• file format
• filehashmd5
• filehashsha1
• filehashsha256
• files
• fingerprint
• floodfix
• floxif
• forbidden
• gandi sas
• gecko
• germany
• germany unknown
• get http
• get na
• gizli soru
• gmt content
• gmt contenttype
• gmt ifnonematch
• gmtn
• gmt server
• google tag
• green well
• gtmkvjvztk
• gvenlik iin
• gvenlik sorusu
• hacktool
• handle
• hosting
• hostname add
• hours ago
• html title
• http
• http get
• https http
• http traffic
• iana registrar
• iframe tags
• india
• info
• injection
• injection t1055
• intel
• involved direct
• involved dns
• iocs
• ip address
• ipv4
• ipv4 add
• ireland
• italy
• japan
• jb may
• keepalive
• key identifier
• khtml
• learn
• learn more
• links
• location united
• log id
• ltfen bir
• main
• malicious
• malware
• malware family
• match info
• match low
• minutes ago
• moved
• ms windows
• mtb may
• mtb sep
• mteri numaras
• mtu denial
• mufanom
• mufanom att
• mutexes nothing
• name
• name response
• name servers
• needed
• netherlands
• next
• next associated
• null target
• number
• nxdomain
• oc0006 http
• ocsp
• o jarm
• open threat
• passive dns
• pe32
• performs
• please
• port
• postal code
• present aug
• present dec
• present feb
• present jun
• present may
• present nov
• present oct
• present sep
• proxy
• pulse pulses
• pulses hostname
• pulse submit
• query time
• rdap database
• record type
• record value
• refloadapihash
• registrar abuse
• registrar iana
• registrar url
• registrar whois
• related pulses
• relevance
• reply unique
• report spam
• request
• resolved ips
• response
• reverse dns
• richardson
• role title
• sabey stash
• sample
• sea p
• search
• security scan
• server
• servers
• service
• show
• showing
• site ca
• SSH
• status
• suspicious
• t1036
• t1055
• t1056
• ta0004 process
• technical city
• technical state
• tempe
• tempe admin
• tempe technical
• title
• title added
• tls web
• trojan
• trojandropper
• tsara brashears
• ttl a
• twitter
• type
• type data
• type indicator
• udp connections
• united
• unknown
• url analysis
• url data
• url http
• url https
• urls
• urls show
• v3 serial
• validity
• value
• virtool
• win32
• win64
• windows nt
• wininet c0005
• write
• zerossl
• zerossl rsa

MITRE ATT&CK TTPs

• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056 - Input Capture
• T1060 - Registry Run Keys / Startup Folder
• T1070 - Indicator Removal on Host
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1105 - Ingress Tool Transfer
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1199 - Trusted Relationship
• T1410 - Network Traffic Capture or Redirection
• T1448 - Carrier Billing Fraud
• T1571 - Non-Standard Port
• T1573 - Encrypted Channel

Passive DNS

• polatolee.com

Attack Log References

• digitaloceantoronto-ssh-bruteforce-ip-list-2025-10-05

Whois Information