204.193.139.160 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 204.193.139.160 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 53/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Noticed: 4 times
  • Protocols Attacked: SSH
  • Countries Attacked: United States of America
  • Open Ports: 25
  • Tor Node: No

Tags

  • aaaa
  • aaaa nxdomain
  • abcd
  • abuse
  • abuse contact
  • accept
  • access ta0001
  • address
  • admin country
  • adobe
  • adobe reader
  • a domains
  • alerts
  • alexa
  • alexa top
  • algorithm
  • all scoreblue
  • all search
  • amazon02
  • analysis date
  • analyzer paste
  • analyzer threat
  • anomalous file
  • antivirus
  • a nxdomain
  • apache
  • apple
  • apple remote
  • apple spy
  • archive
  • arial
  • as14870 flexera
  • as15169 google
  • as15293
  • as16276
  • as16342 toya
  • as16509
  • as17667
  • as19527 google
  • as198921
  • as19905
  • as202425 ip
  • as20940
  • as21342
  • as22612
  • as29686 probe
  • as3215 orange
  • as36352
  • as37153
  • as3842 inmotion
  • as397240
  • as40676 psychz
  • as4230 claro
  • as44273 host
  • as46606
  • as49505
  • as50599
  • as53667
  • as54113
  • as5617 orange
  • as63949 linode
  • as706
  • as8075
  • ascii text
  • asn as16342
  • asnone
  • asnone united
  • a td
  • august
  • av detections
  • azorult
  • backdoor
  • bank
  • billing country
  • blacklist
  • blind install
  • body
  • body doctype
  • body html
  • browsing
  • campaign
  • canada unknown
  • certificate
  • checkin
  • cisco umbrella
  • ck id
  • click
  • cloudflare
  • cname
  • co20230203
  • cobalt strike
  • code
  • components
  • contact email
  • contact phone
  • contained
  • content
  • content length
  • content type
  • copy
  • country
  • crack
  • crack serial
  • create c
  • creation date
  • cryptexportkey
  • csc corporate
  • cve cve20020013
  • cve overview
  • cyber threat
  • dark
  • data
  • data redacted
  • date
  • date app
  • date hash
  • defense evasion
  • delete c
  • detection list
  • discord bots
  • dlls defense
  • dll sideloading
  • dlls privilege
  • dns replication
  • dns resolutions
  • dnssec
  • dock
  • dod
  • domain
  • domain name
  • domains
  • domain status
  • dostpne jzyki
  • download
  • download full
  • dynadot llc
  • dynamic
  • dynamicloader
  • email
  • emails
  • emotet
  • encrypt
  • engineering
  • enterprise
  • entity
  • entries
  • error
  • evasion
  • executable
  • execution
  • expiration
  • expiration date
  • exploit
  • exploits
  • explorer
  • ezcrack all
  • facebook
  • fake date
  • ff6633
  • file
  • filehash
  • files
  • file samples
  • files copied
  • file score
  • files domain
  • files dropped
  • files ip
  • files location
  • files matching
  • files related
  • first
  • flag united
  • flow t1574
  • formbook cnc
  • for privacy
  • framing
  • france unknown
  • fraud risk
  • free
  • fuck
  • fuck team
  • generic windos
  • germany
  • germany unknown
  • gmt content
  • gmt contenttype
  • gmt server
  • google
  • google domain
  • google safe
  • government
  • grum
  • hacktool
  • hash
  • hashes
  • head body
  • header intel
  • head title
  • health law
  • high
  • high defense
  • hilgraeve
  • historical ssl
  • hitmen
  • hostname
  • hostnames
  • html public
  • hybrid
  • ibm
  • ids detections
  • ietfdtd html
  • incorporated
  • info compiler
  • infrastructure
  • installs
  • intel
  • internalname
  • internet mobile
  • invalid url
  • iocs
  • ip address
  • ip summary
  • ip traffic
  • ipv4
  • june
  • just
  • keys license
  • killers
  • kingdom unknown
  • language
  • legalcopyright
  • level3
  • lineargradient
  • local
  • location poland
  • luna moth
  • mail spammer
  • malicious
  • malicious ids
  • malicious site
  • maltiverse
  • malvertising
  • malware
  • malware trojan
  • mask
  • media t1091
  • medium
  • memcommit
  • menu files
  • meta
  • meta http
  • million
  • mitre att
  • modify existing
  • module load
  • modyfikuj stref
  • moved
  • ms windows
  • mtb feb
  • mtb mar
  • name md5
  • name servers
  • namesilo
  • next
  • ns nxdomain
  • nxdomain
  • orbiters
  • os2 executable
  • otx scoreblue
  • oval oval
  • overview ip
  • passive dns
  • path
  • pattern match
  • pe32 executable
  • pe resource
  • persistence
  • phishing
  • please
  • png image
  • poland unknown
  • posix tar
  • pragma
  • products id
  • protos
  • providers
  • provides
  • pulse pulses
  • pulse submit
  • push
  • quasi
  • query
  • rask
  • read
  • read c
  • record type
  • record value
  • redacted for
  • referrer
  • refresh
  • registrant fax
  • registrant name
  • registrar
  • registrar abuse
  • registrar iana
  • registrar url
  • registry
  • registry domain
  • related
  • related nids
  • related pulses
  • replication
  • reverse dns
  • rgba
  • runescape
  • russia unknown
  • safe site
  • sample
  • samplepath
  • samples
  • scaleway
  • scan endpoints
  • script
  • script domains
  • script urls
  • search
  • server
  • servers
  • service
  • sha256
  • shadow
  • shellexecuteexw
  • show
  • showing
  • show technique
  • singapore asn
  • site
  • site kit
  • software
  • softwares
  • south africa
  • spawns
  • stalkers
  • state server
  • status
  • stop
  • stream
  • strings
  • submitters
  • summary
  • suppobox
  • support
  • susp
  • suspicious
  • switch dns
  • t1031
  • t1055
  • t1055 spawns
  • table
  • targeted
  • td td
  • td tr
  • team
  • team phishing
  • teenfuckers.com
  • teen porn
  • telefonica co
  • threat network
  • time
  • time stamping
  • title
  • title head
  • tls sni
  • tofsee
  • total
  • traffic
  • trojan
  • trojandropper
  • trojan features
  • trojanspy
  • tr table
  • tr tr
  • ttl value
  • tucows
  • type
  • type texthtml
  • ualberta tld
  • udp a83f8110
  • united
  • united kingdom
  • unknown
  • updated date
  • url analysis
  • url https
  • urls
  • urls http
  • url summary
  • user
  • utc submissions
  • utwrz stref
  • vary
  • vercel x
  • verdict
  • version crack
  • virgin islands
  • virtool
  • vulnerabilities
  • whitelisted
  • whois lookup
  • win16 ne
  • win32
  • win32botgor
  • win32mofksys
  • win32qqpass
  • win32salgorea
  • win32tofsee
  • win32trickler
  • win32vb
  • window
  • windows
  • winhttp authip
  • wordpress site
  • worm
  • worm worm
  • write
  • write c
  • writeconsolew
  • written c
  • x00x00
  • x force
  • yara detections
  • yara rule
  • zbot
  • zeppelin20

MITRE ATT&CK TTPs

  • T1010 - Application Window Discovery
  • T1012 - Query Registry
  • T1031 - Modify Existing Service
  • T1036 - Masquerading
  • T1045 - Software Packing
  • T1053 - Scheduled Task/Job
  • T1055 - Process Injection
  • T1056.001 - Keylogging
  • T1060 - Registry Run Keys / Startup Folder
  • T1068 - Exploitation for Privilege Escalation
  • T1071.001 - Web Protocols
  • T1071.004 - DNS
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1118 - InstallUtil
  • T1120 - Peripheral Device Discovery
  • T1129 - Shared Modules
  • T1143 - Hidden Window
  • T1147 - Hidden Users
  • T1158 - Hidden Files and Directories
  • T1443 - Remotely Install Application
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS
  • T1478 - Install Insecure or Malicious Configuration
  • T1497 - Virtualization/Sandbox Evasion
  • T1528 - Steal Application Access Token
  • T1539 - Steal Web Session Cookie
  • T1553.002 - Code Signing
  • T1553 - Subvert Trust Controls
  • T1568.002 - Domain Generation Algorithms
  • T1568 - Dynamic Resolution
  • T1574 - Hijack Execution Flow
  • T1583.001 - Domains
  • T1583 - Acquire Infrastructure
  • T1589 - Gather Victim Identity Information
  • T1590 - Gather Victim Network Information
  • T1591 - Gather Victim Org Information
  • TA0003 - Persistence
  • TA0011 - Command and Control

Passive DNS

  • riversidesavings-com.safesysmail.com

Attack Log References

Whois Information

NetRange: 204.193.128.0 - 204.193.159.255 CIDR: 204.193.128.0/19 NetName: QTS-204-193-128-0-19 NetHandle: NET-204-193-128-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Allocation OriginAS: AS20141 Organization: Quality Technology Services, LLC (QTS-9) RegDate: 1994-12-08 Updated: 2012-02-24 Ref: https://rdap.arin.net/registry/ip/204.193.128.0 OrgName: Quality Technology Services, LLC OrgId: QTS-9 Address: 300 Satellite BLVD City: Suwanee StateProv: GA PostalCode: 30043 Country: US RegDate: 2006-06-15 Updated: 2019-11-07 Ref: https://rdap.arin.net/registry/entity/QTS-9 OrgAbuseHandle: QTSAB-ARIN OrgAbuseName: QTS-ABUSE OrgAbusePhone: +1-866-239-5000 OrgAbuseEmail: abuse@qtsdatacenters.com OrgAbuseRef: https://rdap.arin.net/registry/entity/QTSAB-ARIN OrgNOCHandle: NOC2886-ARIN OrgNOCName: NOC OrgNOCPhone: +1-866-239-5000 OrgNOCEmail: support@qtsdatacenters.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOC2886-ARIN OrgTechHandle: NOC2886-ARIN OrgTechName: NOC OrgTechPhone: +1-866-239-5000 OrgTechEmail: support@qtsdatacenters.com OrgTechRef: https://rdap.arin.net/registry/entity/NOC2886-ARIN NetRange: 204.193.139.128 - 204.193.139.255 CIDR: 204.193.139.128/25 NetName: QTS-204-193-139-128-25 NetHandle: NET-204-193-139-128-1 Parent: QTS-204-193-128-0-19 (NET-204-193-128-0-1) NetType: Reassigned OriginAS: AS20141 Customer: Safe Systems (C00416157) RegDate: 2002-11-15 Updated: 2011-06-27 Ref: https://rdap.arin.net/registry/ip/204.193.139.128 CustName: Safe Systems Address: 300 Satellite Blvd NW City: Suwanee StateProv: GA PostalCode: 30024 Country: US RegDate: 2002-11-15 Updated: 2011-06-27 Ref: https://rdap.arin.net/registry/entity/C00416157 OrgAbuseHandle: QTSAB-ARIN OrgAbuseName: QTS-ABUSE OrgAbusePhone: +1-866-239-5000 OrgAbuseEmail: abuse@qtsdatacenters.com OrgAbuseRef: https://rdap.arin.net/registry/entity/QTSAB-ARIN OrgNOCHandle: NOC2886-ARIN OrgNOCName: NOC OrgNOCPhone: +1-866-239-5000 OrgNOCEmail: support@qtsdatacenters.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOC2886-ARIN OrgTechHandle: NOC2886-ARIN OrgTechName: NOC OrgTechPhone: +1-866-239-5000 OrgTechEmail: support@qtsdatacenters.com OrgTechRef: https://rdap.arin.net/registry/entity/NOC2886-ARIN