204.246.164.6 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 204.246.164.6 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

• Mitre ATT&CK IDs: T1031 - Modify Existing Service, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0009 - Collection, TA0034 - Impact, TA0040 - Impact

• Tags: 185.199.108.133, accept, !#AddsCopyToStartup, a domains, africa, all octoseek, apple, as54113, attack, authentihash, avast avg, av detections, cache, compiler, contact, contacted, copy, core, cybercrime, data collection, date, date hash, december, domain robot, emotet, entries, evasive, execution, expiration date, filehash, files show, file type, for privacy, fraud services, generic, generic malware, github pages, hacktool, historical ssl, hit x, hostnames, ids detections, imphash, inject, injector, intel, iocs, ioc search, ios, ip summary, libel, link, magic pe32, malware, malware infection, msil, ms windows, name servers, new ioc, no data, noname057, november, passive dns, password cracker, paste, privilege escalation, problems, pulse pulses, redacted for, referrer, request id, rich pe, sample summary, scan endpoints, search, sea x, service modification, show, SLF:Exploit:Win32/UACPathBypass.A, ssdeep, ssl certificate, SSL excessive fatal alerts (possible POODLE attack against serve, startpage, summary, tag count, target, targeting an individual, teams api, threat, threat analyzer, threat network, threat report, threat roundup, title, trojan, tsara brashears, united, unknown, upx, urls, urls http, url summary, vhash, virtool, whois record, whois whois, win32 dll, xamzexpires300, yara detections

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 2 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America
• Passive DNS Results: publiko-kom.com a818ab4613af7bd72f543d007ad93b233.profile.sin2.cloudfront.net a6a83f02f86565e3b4e2bc63b3e69d7c4.profile.sin2.cloudfront.net a25a61bd4a258a983a9204ee431cecb65.profile.sin2.cloudfront.net a7136171cf62b294d8e44376bd43d1f7c.profile.sin2.cloudfront.net adc633bdad16c80895702c5f7ddb9549b.profile.sin2.cloudfront.net af7e41ad5f76a2aa18b9eafff5ead8c68.profile.sin2.cloudfront.net a7325b34845bf13da4ed497647d12fcb4.profile.sin2.cloudfront.net a662a2a2d258b3b6d40cc91e9687befb3.profile.sin2.cloudfront.net a5c3fa0bffd27aadfb4cb11b84321aaf8.profile.sin2.cloudfront.net a6f625fb7dd579f22a5b34524be237dc2.profile.sin2.cloudfront.net a3f8b0e9b0890fc4cfd3f48700eceae49.profile.sin2.cloudfront.net ac704f525c2928015544b3506b918a9e6.profile.sin2.cloudfront.net aa029ea9908b9838859887f5beceb7b52.profile.sin2.cloudfront.net a3bc0ed012fe09b64ad5f5615fb61eedc.profile.sin2.cloudfront.net a8285f01db14135048f5a6273dbcf8730.profile.sin2.cloudfront.net aedb8ddb89be23329e94d35ab96d86f3e.profile.sin2.cloudfront.net aca8d9842a9fb9f5542f9b41e55113d11.profile.sin2.cloudfront.net a830282e2f419a33127e3ac76b87c8be5.profile.sin2.cloudfront.net a05f4997c48a255851225625d2ca2e0e7.profile.sin2.cloudfront.net a5856cfa405c4e376acec65f7e6c7d9fa.profile.sin2.cloudfront.net a006649c812fa6f2fdbe53e85766ed3ba.profile.sin2.cloudfront.net a26f2d67039f010cb702aa643a1066c60.profile.sin2.cloudfront.net a1fbbfb8cb97b6ed83cc1bf6112f09432.profile.sin2.cloudfront.net a40463dae3ee6dd5e6673d95066559513.profile.sin2.cloudfront.net ae2d0c90d2d42882f37c012f7dce16c5e.profile.sin2.cloudfront.net abe68533d5a1b6c361f369a953aaf6e1a.profile.sin2.cloudfront.net a142ef4e31f5cbd67bab6fd31e9e1c5b7.profile.sin2.cloudfront.net ae3414322844bc92fe145fd7e7655b137.profile.sin2.cloudfront.net aa1e03db69bff9734bec75bcb7e453d54.profile.sin2.cloudfront.net a69a11415d3142868b82b3c6546c0e71f.profile.sin2.cloudfront.net a5f26115445619c344a89487434b42c6b.profile.sin2.cloudfront.net a7469daf1dad673ea04dcbc98a2aca51c.profile.sin2.cloudfront.net a9ba31de5f0e13829c4df0e2ff53adca4.profile.sin2.cloudfront.net a407183b4950c5c2d0f2562de3543f5d9.profile.sin2.cloudfront.net a37ca4daf59ed3b925d2038b35ceaa9fc.profile.sin2.cloudfront.net a57a45bb4671439bdca7a2c6b2fd0b723.profile.sin2.cloudfront.net a344628b55d8e7ffb75aa056332a5a536.profile.sin2.cloudfront.net a2ba082fc490311f088e5169abe64d595.profile.sin2.cloudfront.net a256e8f4283c236730a36e22646472830.profile.sin2.cloudfront.net a560e0e5f072a2d55e9ad2c14bfd27bce.profile.sin2.cloudfront.net a24bef632db773e3dcf9313b94cba1be8.profile.sin2.cloudfront.net

Open Ports Detected

80

Map

Whois Information

• NetRange: 204.246.160.0 - 204.246.191.255
• CIDR: 204.246.160.0/19
• NetName: AMAZON-04
• NetHandle: NET-204-246-160-0-1
• Parent: NET204 (NET-204-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS16509, AS39111, AS7224
• Organization: Amazon.com, Inc. (AMAZON-4)
• RegDate: 2009-07-17
• Updated: 2015-09-24
• Ref: https://rdap.arin.net/registry/ip/204.246.160.0
• OrgName: Amazon.com, Inc.
• OrgId: AMAZON-4
• Address: 1918 8th Ave
• City: SEATTLE
• StateProv: WA
• PostalCode: 98101-1244
• Country: US
• RegDate: 1995-01-23
• Updated: 2022-09-30
• Ref: https://rdap.arin.net/registry/entity/AMAZON-4
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: trustandsafety@support.aws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• RNOCHandle: ROLEA19-ARIN
• RNOCName: Role Account
• RNOCPhone: +1-206-266-4064
• RNOCEmail: ipmanagement@amazon.com
• RNOCRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
• RTechHandle: ROLEA19-ARIN
• RTechName: Role Account
• RTechPhone: +1-206-266-4064
• RTechEmail: ipmanagement@amazon.com
• RTechRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN
• RAbuseHandle: ROLEA19-ARIN
• RAbuseName: Role Account
• RAbusePhone: +1-206-266-4064
• RAbuseEmail: ipmanagement@amazon.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ROLEA19-ARIN

Links to attack logs

****** ****** ******