216.131.75.53 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 216.131.75.53 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: United States
Noticed: 15 times
Protocols Attacked: spam
Tor Node: No

MITRE ATT&CK TTPs

T1059 - Command and Scripting Interpreter
T1068 - Exploitation for Privilege Escalation
T1071.001 - Web Protocols
T1071 - Application Layer Protocol
T1140 - Deobfuscate/Decode Files or Information
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1505.003 - Web Shell
T1505 - Server Software Component
T1548.003 - Sudo and Sudo Caching
T1548 - Abuse Elevation Control Mechanism
T1552.001 - Credentials In Files
T1552 - Unsecured Credentials
T1556 - Modify Authentication Process
T1564.002 - Hidden Users
T1564 - Hide Artifacts
T1595.002 - Vulnerability Scanning
T1595 - Active Scanning

Passive DNS

str-sfo201.strongconnectivity.com

Attack Log References

forum-spam-ip-list-2023-04-08

Whois Information

NetRange: 216.131.64.0 - 216.131.127.255 CIDR: 216.131.64.0/18 NetName: STRTECH NetHandle: NET-216-131-64-0-1 Parent: NET216 (NET-216-0-0-0-0) NetType: Direct Allocation OriginAS: AS22781, AS62651, AS9009, AS53340, AS174, AS54203 Organization: Strong Technology, LLC. (STL-172) RegDate: 2001-06-29 Updated: 2023-05-18 Ref: https://rdap.arin.net/registry/ip/216.131.64.0 OrgName: Strong Technology, LLC. OrgId: STL-172 Address: 114 5th Avenue Address: 15th Floor City: New York StateProv: NY PostalCode: 10011 Country: US RegDate: 2016-02-19 Updated: 2023-04-17 Ref: https://rdap.arin.net/registry/entity/STL-172 OrgAbuseHandle: ABUSE2369-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-415-255-5711 OrgAbuseEmail: abuse@strongtechnology.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2369-ARIN OrgTechHandle: IPADM341-ARIN OrgTechName: IP Admin OrgTechPhone: +1-323-297-1541 OrgTechEmail: ipadmin@strongtechnology.net OrgTechRef: https://rdap.arin.net/registry/entity/IPADM341-ARIN NetRange: 216.131.74.0 - 216.131.75.255 CIDR: 216.131.74.0/23 NetName: NETPROTECT-ATL-DP NetHandle: NET-216-131-74-0-1 Parent: STRTECH (NET-216-131-64-0-1) NetType: Reassigned OriginAS: AS62651 Customer: Netprotect (C07867423) RegDate: 2021-04-23 Updated: 2021-04-23 Ref: https://rdap.arin.net/registry/ip/216.131.74.0 CustName: Netprotect Address: 56 Marietta Street City: Atlanta StateProv: GA PostalCode: 30303 Country: US RegDate: 2021-04-23 Updated: 2021-04-23 Ref: https://rdap.arin.net/registry/entity/C07867423 OrgAbuseHandle: ABUSE2369-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-415-255-5711 OrgAbuseEmail: abuse@strongtechnology.net OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2369-ARIN OrgTechHandle: IPADM341-ARIN OrgTechName: IP Admin OrgTechPhone: +1-323-297-1541 OrgTechEmail: ipadmin@strongtechnology.net OrgTechRef: https://rdap.arin.net/registry/entity/IPADM341-ARIN