193.34.145.205 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 193.34.145.205 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 54/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Germany
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, Belgium, Brazil, Canada, Chile, Germany, Guatemala, Hungary, Ireland, Japan, Kenya, Luxembourg, Mexico, Moldova Republic of, Morocco, Netherlands, Peru, Poland, Russian Federation, Singapore, Slovakia, Spain, Taiwan, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 110, 143, 2082, 2083, 2086, 2087, 2095, 21, 443, 465, 587, 80, 993, 995
• Tor Node: No

Tags

• 443 ma2592000
• aaaa
• aaaa nxdomain
• abuseipdb
• accept
• access
• access ta0001
• access ta0006
• activity
• activity beacon
• activity mirai
• added active
• address
• address domain
• a domains
• adversaries
• adware malware
• ag alberto
• ag ingo
• air force
• akamai
• alerts
• algorithm
• all quiet
• all scoreblue
• all search
• america city
• analyzer paste
• analyzer threat
• andariel
• android
• anomalous file
• a nxdomain
• apache
• appdata
• appdatalocal
• apple
• april
• artemis
• as10753 level
• as10796 charter
• as11351 charter
• as11426 charter
• as11427 charter
• as12271 charter
• as12337 noris
• as133618
• as14061
• as15133 verizon
• as15169 google
• as15598
• as16276
• as16552 tiggee
• as16625 akamai
• as16787 charter
• as174 cogent
• as19024
• as1921
• as19536 directv
• as20001 charter
• as20115 charter
• as204601 zomro
• as20940
• as21342
• as24940 hetzner
• as28521
• as29789
• as31898 oracle
• as32787 akamai
• as32934
• as33363 charter
• as3379 kaiser
• as3456 charter
• as35994 akamai
• as396982 google
• as397241
• as40021 contabo
• as44273 host
• as45430
• as47846
• as49505
• as51167 contabo
• as53418
• as54113
• as5742
• as60664 xion
• as62597 nsone
• as63949 linode
• as6976 verizon
• as7018 att
• as701 verizon
• as714 apple
• as7843 charter
• as797 att
• as8068
• as8075
• as8560
• as8972 host
• as9009 m247
• asn as15598
• asnone
• asnone dns
• asnone germany
• asnone related
• asnone united
• austria
• avast avg
• av detections
• avg clamav
• backdoor
• benchhttp
• binbusybox
• bios
• bits
• bittorrent dht
• blacklist
• body
• body doctype
• body head
• brazil
• breaking news
• brian sabey
• browsing
• business
• cachecontrol
• capa
• cape
• catalog tree
• cc3517
• centos web
• certificate
• charter communications
• check
• checkin
• china unknown
• chrome
• cisco umbrella
• clickable urls
• close
• cname
• cnapple public
• cnc beacon
• code
• colorado
• command
• components
• connection
• contacted
• content length
• content type
• control ta0011
• cookie
• copy
• copyright
• country united
• cp bus
• create process
• creates
• creation date
• cryp
• cryptexportkey
• cur cono
• cus cndigicert
• cus cngts
• cus ouserver
• cve201717215
• cyber folks
• cyberfolks
• cyber warfare
• czechia unknown
• data redacted
• date
• date hash
• date tue
• ddos
• default
• defense evasion
• delete
• delete c
• delete file
• delete shadows
• delphi
• demonbot
• denvecolorado
• denver
• denver colorado
• destination
• detected m1
• detection list
• discovery e1082
• discovery t1082
• div div
• dns query
• docguard
• dock
• domain
• domain name
• domain related
• domains
• doscom c
• download
• dr city
• drweb
• dynamic
• dynamicloader
• e1203 data
• e1564 hidden
• e98c1cec8156
• ecacc
• echo request
• ee edcje4j
• ekyxe
• emails
• emails info
• encrypt
• entertainment
• entries
• entries http
• enumerate
• eofae
• erase
• error
• et
• et info
• et p2p
• etpro
• etpro malware
• etpro trojan
• et trojan
• evasion ob0006
• evasion ta0005
• example domain
• execution
• expiration date
• expires thu
• exploit
• exploitation
• exploit none
• externalport
• fakedout threat
• fastly error
• federation asn
• file
• filehash
• filerepmalware
• files
• filesadobe c
• file samples
• files c
• files domain
• files ip
• file size
• files location
• files matching
• file system
• file type
• finance
• find
• fin ivdo
• fixed line
• flag united
• format
• for privacy
• found
• france
• france unknown
• gafgyt
• games
• gecko
• germany
• germany mail
• germany unknown
• get http
• gmt cache
• gmt content
• gmt contenttype
• gmt server
• gmt setcookie
• gmt vary
• google safe
• grum
• guard
• hash avast
• hashes
• hashes cape
• hat server
• helloworld
• heurunsec
• hichina
• hide artifacts
• high
• high assurance
• historical otx
• hitmen
• holidaycheck ag
• home
• home network
• honduras
• host
• hosting
• hostmaster
• hostname
• hostnames
• html public
• http
• http headers
• http host
• http request
• huawei hg532
• huawei remote
• hx88x89
• hx88x9ax1e
• icmp traffic
• ids detections
• ietfdtd html
• immobilien ag
• impact ob0008
• impact ta0040
• inbound
• inc orgid
• inc usage
• indicator facts
• indonesia
• information isp
• install
• installcore
• instrumentation
• intel
• internalport
• invalid pointer
• invalid url
• iocs
• ios
• ip address
• ip check
• ip country
• ip summary
• ip traffic
• ipv4
• ireland
• ireland unknown
• isp charter
• isp hostname
• issuing ca
• javascript
• javascript c
• jujubox
• june
• kelihos
• khtml
• kraupa
• kryptiklfq
• kryptikpii
• kryptikxp
• kurt walther
• kx82xd3x11
• labs pulses
• level 3
• levelblue
• licess
• line isp
• lnmp
• lnmp a
• location los
• location oxford
• location united
• look
• lowfi
• lredmond
• m1
• magic pdf
• mail spammer
• main
• maldoc
• malware
• malware beacon
• malware site
• malware traffic
• malware worm
• masquerade
• media center
• medium
• memcommit
• memory pattern
• memreserve
• meta
• method status
• mexico
• mexico unknown
• michigan
• microsoft
• miniigd upnp
• mirai
• mirai variant
• mitm
• mitre att
• modify system
• module load
• modules t1129
• moldova related
• moldova unknown
• moved
• mozilla
• msdefender apr
• msie
• msms57295540
• msms86718722
• msr apr
• ms windows
• mtb apr
• mtb aug
• mutexes
• mx81xd1r
• name servers
• net107
• net1070000
• nethandle
• netherlands
• netherlands asn
• netrange
• networks
• next
• next http
• nids
• nod32
• no data
• nondns
• ns nxdomain
• null
• number
• nxdomain
• ob0005 defense
• object
• object moved
• odigicert inc
• ogoogle trust
• onelouder
• onl our
• open
• open threat
• os version
• otx scoreblue
• ouserver ca
• overview ip
• oxford
• oxypumper
• packing t1045
• panda
• panel forum
• passive dns
• path
• pattern domains
• payload hello
• pcap
• pdb path
• pdf document
• pdf execution
• pe32
• pedraz
• pe resource
• persistence
• phishing bank
• phy samo
• .pl
• please
• plesk forum
• poland
• poland unknown
• porn
• pornhub.software
• port
• possible
• post
• postalcode
• post http
• post utcore
• powershell
• pragma
• process32nextw
• process t1543
• project pi
• pulse http
• pulse pulses
• pulses
• pulses none
• pulse submit
• puma se
• push
• pushdo
• quantum fiber
• query
• ransom
• read
• read c
• reads software
• realtek sdk
• record type
• record value
• recycle bin
• redacted for
• regbinary
• regdword
• registrar
• regsetvalueexa
• related nids
• related pulses
• related tags
• request
• resolverror
• response
• reverse dns
• rock
• role title
• rpcs
• rsa ca
• rsa tls
• russia as49505
• sabey
• safe site
• sameorigin
• sample
• samples
• sandbox
• scan endpoints
• scans show
• script domains
• script script
• script urls
• sea p
• search
• secure server
• serce internetu
• server
• server ca
• server error
• server header
• servers
• service
• set cookie
• sgeneric
• sha256
• shell
• show
• showing
• shutdown
• signals mutexes
• sinkhole cookie
• slcc2
• slovakia
• soa nxdomain
• soap command
• spammer
• specified
• spectrum
• sports
• ssdeep
• ssl certificate
• stateprov
• status
• stop
• storage
• stream
• stwashington
• subdomains
• subject
• summary
• susp
• suspicious
• sweep
• swipper
• t1036
• t1045
• t1047
• t1059 very
• t1064
• t1083 reads
• t1129
• t1189 found
• ta0002 command
• ta0003 create
• tag count
• tags
• tcp syn
• text c
• thailand
• timo salzsieder
• title
• title meta
• tls rsa
• tofsee
• tools
• total
• tptjsw
• trending videos
• trid adobe
• trojan
• trojandropper
• trojan features
• trojanspy
• tsara brashears
• ttl value
• tulach
• type
• type fixed
• type get
• type indicator
• united
• united kingdom
• unknown
• unsafe
• updated date
• url analysis
• url hostname
• url http
• url https
• urls
• urls http
• urls https
• url summary
• usage type
• user
• useragent
• users
• value snkz
• vhash
• vietnam
• vipre
• virtool
• virus
• virustotal
• vitro
• weather
• whitelisted
• whitesky
• whois
• whois lookup
• win32
• win32dh
• win64
• windows
• windows check
• windows create
• windows nt
• windows service
• world
• wow64
• write
• write c
• write file
• wsasend
• x8dxb7xb7
• x92xac
• x95xd3xa4
• xb9x8b
• x cache
• xe e
• x frame
• xport
• yara detections
• yara rule
• yomi hunter
• zenbox
• zune

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1012 - Query Registry
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1064 - Scripting
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1089 - Disabling Security Tools
• T1096 - NTFS File Attributes
• T1106 - Native API
• T1112 - Modify Registry
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1133 - External Remote Services
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1189 - Drive-by Compromise
• T1203 - Exploitation for Client Execution
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1428 - Exploit Enterprise Resources
• T1485 - Data Destruction
• T1543 - Create or Modify System Process
• T1547 - Boot or Logon Autostart Execution
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1573 - Encrypted Channel

Passive DNS

• vedhastourism.com

Attack Log References