204.74.99.100 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 204.74.99.100 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 75/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Noticed: 21 times
  • Protocols Attacked: SSH
  • Countries Attacked: Argentina, Aruba, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Chile, China, Colombia, Denmark, France, Georgia, Germany, Hong Kong, India, Indonesia, Ireland, Italy, Japan, Mexico, Netherlands, Norway, Philippines, Poland, Russian Federation, Singapore, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 80
  • Tor Node: No
  • Associated Malware Samples: 612

Tags

  • 0 report
  • aaaa
  • address
  • admin city
  • admin email
  • a domains
  • ai cloud
  • algorithm
  • all octoseek
  • all search
  • america asn
  • analyze
  • android
  • apple app capable
  • apple mobile
  • Apple phishing
  • apple web
  • artro
  • as15169
  • as15169 google
  • as16417 cisco
  • as16509
  • as16625 akamai
  • as20940
  • as22843
  • as26211
  • as2914 ntt
  • as3356 level
  • as36646 oath
  • as36647 oath
  • as397240
  • as63949 linode
  • as7018 att
  • as7922 comcast
  • ascii text
  • asnone
  • asyncrat
  • atlanta admin
  • attack
  • attacks
  • august
  • auto
  • auto-generated security
  • backdoor
  • big o
  • body
  • body length
  • bundled
  • businesseconomy
  • canada unknown
  • cfqirgdhj5
  • cfqirgdhj5 http
  • cfqirgdhj5 url
  • checkin m1
  • china as23724
  • ck id
  • ck matrix
  • click
  • cname
  • cobalt strike
  • code
  • collections
  • command decode
  • communicating
  • comodo valkyrie
  • components
  • comspec
  • contact
  • contacted
  • contacted urls
  • contact phone
  • content
  • copy
  • core
  • country
  • creation date
  • credit card
  • cre toolkit
  • crypto threat
  • csc corporate
  • cus cnentrust
  • dark power
  • dark web
  • data
  • dataadobereader
  • data c
  • date
  • default
  • destination
  • detections type
  • domain
  • domains
  • domain status
  • download
  • dropped
  • dynamicloader
  • email
  • email phishing
  • emotet
  • encrypt
  • entries
  • entrust
  • epoch
  • error
  • etpro trojan
  • execution
  • expiration date
  • expiressat
  • exploit
  • explorer
  • factory
  • falcon sandbox
  • family
  • february
  • feeds ioc
  • file
  • files
  • files location
  • final url
  • format
  • formbook
  • full name
  • ga creation
  • general
  • getprocaddress
  • globalnpf
  • global payments
  • gmt connection
  • gmt content
  • gmt report
  • gopher
  • hacktool
  • headers date
  • historical
  • historical ssl
  • home wifi
  • hostname
  • hostnames
  • html info
  • http
  • http response
  • hybrid
  • identity theft
  • indicator
  • info
  • infostealer
  • ingestion time
  • intel
  • iocs
  • ioc search
  • ip address
  • iPhone phishing
  • ipv4
  • issuer
  • japan unknown
  • json data
  • july
  • kb body
  • key identifier
  • l1m oentrust
  • localappdata
  • location united
  • logic
  • lolkek
  • lookups
  • mail spammer
  • malware
  • markmonitor
  • medium
  • meta
  • meta tags
  • mexico
  • mitre att
  • model
  • msie
  • ms windows
  • mtb aug
  • mtb dec
  • music
  • name
  • name servers
  • name verdict
  • neustar
  • new ioc
  • next
  • njrat
  • no redirect
  • nso group
  • number
  • obz4usfn0
  • obz4usfn0 http
  • obz4usfn0 url
  • open
  • o tires
  • otx octoseek
  • passive dns
  • paste
  • path
  • pe32
  • pegasus
  • port
  • post
  • postal code
  • powershell
  • prefetch1
  • prefetch8
  • pulse http
  • pulse pulses
  • putty
  • quasar
  • quasar rat
  • ranks rank
  • rank value
  • ransomware
  • rat
  • record value
  • referrer
  • registrant
  • registrar abuse
  • registrar csc
  • registrar url
  • registry admin
  • registry tech
  • related nids
  • remote
  • resolutions
  • revenge rat
  • roots
  • sample
  • samples
  • scan endpoints
  • screenshot
  • script urls
  • sea alt
  • search
  • security
  • server
  • serving ip
  • sfqh4dt74w0 url
  • sha256
  • shop tires
  • show
  • show technique
  • simda http
  • social engineering
  • sophos
  • spyware
  • ssl certificate
  • status
  • status code
  • statvoo
  • stealer
  • strings
  • subdomains
  • suricata ipv4
  • suricata udpv4
  • suspicious
  • swisyn
  • teams api
  • telecom
  • temp
  • text
  • threat
  • threat analyzer
  • threat roundup
  • time majestic
  • tires
  • tires language
  • title shop
  • trojan
  • trojanspy
  • typosquatting
  • tzw variants
  • ukhdaauqaaaaaac
  • umbrella
  • unique
  • united
  • united kingdom
  • unknown
  • unsafeeval
  • url http
  • url https
  • urls
  • urls https
  • utc alexa
  • utc cisco
  • utc statvoo
  • v3 serial
  • value ingestion
  • verdict
  • virgin islands
  • vj87
  • wheels online
  • whois record
  • whois ssl
  • whois whois
  • win32
  • win32 exe
  • windir
  • windows nt
  • wiper
  • worm
  • write
  • x509v3 subject
  • xserver
  • x ua

MITRE ATT&CK TTPs

  • T1003 - OS Credential Dumping
  • T1012 - Query Registry
  • T1027 - Obfuscated Files or Information
  • T1036 - Masquerading
  • T1056 - Input Capture
  • T1057 - Process Discovery
  • T1059.007 - JavaScript
  • T1059 - Command and Scripting Interpreter
  • T1060 - Registry Run Keys / Startup Folder
  • T1068 - Exploitation for Privilege Escalation
  • T1071.003 - Mail Protocols
  • T1071.004 - DNS
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1105 - Ingress Tool Transfer
  • T1106 - Native API
  • T1119 - Automated Collection
  • T1129 - Shared Modules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS
  • T1546.015 - Component Object Model Hijacking
  • T1546 - Event Triggered Execution
  • T1548 - Abuse Elevation Control Mechanism
  • T1583.005 - Botnet
  • TA0011 - Command and Control

Passive DNS

  • qabrands1.sdlcdn.com

Attack Log References

Whois Information

NetRange: 204.74.99.0 - 204.74.115.255 CIDR: 204.74.104.0/21, 204.74.99.0/24, 204.74.100.0/22, 204.74.112.0/22 NetName: SECURITYSERVICES NetHandle: NET-204-74-99-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Allocation OriginAS: AS12008 Organization: Vercara, LLC (SSL-1134) RegDate: 2022-01-28 Updated: 2022-05-26 Ref: https://rdap.arin.net/registry/ip/204.74.99.0 OrgName: Vercara, LLC OrgId: SSL-1134 Address: 2201 Cooperative Way, Suite 350 City: Herndon StateProv: VA PostalCode: 20171 Country: US RegDate: 2022-04-07 Updated: 2025-02-12 Ref: https://rdap.arin.net/registry/entity/SSL-1134 OrgTechHandle: PUNAT1-ARIN OrgTechName: Punati, Gireesh OrgTechPhone: +1-860-748-5685 OrgTechEmail: gireesh.punati@digicert.com OrgTechRef: https://rdap.arin.net/registry/entity/PUNAT1-ARIN OrgRoutingHandle: NETWO336-ARIN OrgRoutingName: Network Engineering OrgRoutingPhone: +1-703-887-4284 OrgRoutingEmail: wan.engineering@neustar.biz OrgRoutingRef: https://rdap.arin.net/registry/entity/NETWO336-ARIN OrgTechHandle: AH678-ARIN OrgTechName: Herrmann, Andrew OrgTechPhone: +1-844-929-0808 OrgTechEmail: andrew.herrmann@vercara.com OrgTechRef: https://rdap.arin.net/registry/entity/AH678-ARIN OrgTechHandle: NETWO336-ARIN OrgTechName: Network Engineering OrgTechPhone: +1-703-887-4284 OrgTechEmail: wan.engineering@neustar.biz OrgTechRef: https://rdap.arin.net/registry/entity/NETWO336-ARIN OrgNOCHandle: NETWO336-ARIN OrgNOCName: Network Engineering OrgNOCPhone: +1-703-887-4284 OrgNOCEmail: wan.engineering@neustar.biz OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO336-ARIN OrgDNSHandle: NETWO336-ARIN OrgDNSName: Network Engineering OrgDNSPhone: +1-703-887-4284 OrgDNSEmail: wan.engineering@neustar.biz OrgDNSRef: https://rdap.arin.net/registry/entity/NETWO336-ARIN OrgTechHandle: KASTJ-ARIN OrgTechName: Kast, Jeremy OrgTechPhone: +1-844-929-0808 OrgTechEmail: jeremy.kast@vercara.com OrgTechRef: https://rdap.arin.net/registry/entity/KASTJ-ARIN OrgAbuseHandle: NETWO336-ARIN OrgAbuseName: Network Engineering OrgAbusePhone: +1-703-887-4284 OrgAbuseEmail: wan.engineering@neustar.biz OrgAbuseRef: https://rdap.arin.net/registry/entity/NETWO336-ARIN