3.6.1.4 Threat Intelligence and Host Information

Jul 08, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 3.6.1.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 68/100

Host and Network Information

Mitre ATT&CK IDs: T1001.001 - Junk Data, T1001.002 - Steganography, T1001.003 - Protocol Impersonation, T1003.001 - LSASS Memory, T1003.004 - LSA Secrets, T1003.005 - Cached Domain Credentials, T1003 - OS Credential Dumping, T1007 - System Service Discovery, T1010 - Application Window Discovery, T1012 - Query Registry, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1021.006 - Windows Remote Management, T1021 - Remote Services, T1025 - Data from Removable Media, T1026 - Multiband Communication, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1053 - Scheduled Task/Job, T1055.002 - Portable Executable Injection, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1087 - Account Discovery, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1115 - Clipboard Data, T1129 - Shared Modules, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1213 - Data from Information Repositories, T1222 - File and Directory Permissions Modification, T1404 - Exploit OS Vulnerability, T1445 - Abuse of iOS Enterprise App Signing Key, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1562.004 - Disable or Modify System Firewall, T1562 - Impair Defenses, T1564 - Hide Artifacts, T1569 - System Services, T1614 - System Location Discovery
Tags: 194 Green Street, aaaa, abstract may, abstract must, access, account, addcharset, adddescription, addhandler, addiconbytype, addlanguage, addlanguage da, addlanguage pl, address, addtype, advanced server, a facility, agreement, aiff, airport, Aishah Lazim, Aishah Siti Lazim, alias, alias error, aliases, alias icons, allocation, allow, allowoverride, allow server, almost, amos gouaux, antiav, antivm, a nxdomena, apache, apache http, apache version, apple, apple computer, april, arch, arch x8664, argus, aris, arrange, array, ascii, as expressly, assistant, attcertpath, attribute, auditing, authkey, authtype, authtype digest, authuserfile, auto exit, automountdenv, automounter map, auxiliary, auxiliary may, auxiliary must, avemaria, bangat, base dcexample, bashno, bashrematch, basicblock, basic system, bcgjnuwz, begin, berkeley, beware, bezterminowo, biblioteka dll, bitcoin, blank, bnew k, body, broadcast, browsermatch, bsm event, buforowane, bugs, bypass, calendar, ca message, canonical, capa, catalan, category, ccnl asnas3333, ceidg.gov.pl - centralna ewidencja i informacja o działalności g, certenroll, cfbasichash, cfrunloop, cfrunloopmode, chacha, change, chaos, charset, Chelsea Manning Help Me, cisco, claim, class, clocal mode, closure library, cname, coast, code, co llective, collective, column, commcenter, common setup, compiler, computername, comspec, config, configure, contribution, contributor, contributors, control access, cookie, copy, copyright, corba, corba object, corporation, cosine pilot, cottbus, create, cretsiz kargo, crunch, crypt, cups, cups scheduler, custom, customlog, cybernetic, cyrus, d0 j, daemondirectory, daniel quinlan, data, date, davlockdb, davupload admin, default, defaultlanguage, default require, default user, define, definitions, dekora metal, dekoramia, deliver mail, deref, d esc, de sc, des c, desc, desc account, desc mount, desc password, desc pool, description, devnull, dict, directory, directory forum, directoryindex, documentroot, domain, dos exe, dotnet, doublepulsar, dovecot, download, duas, dynamic group, email, empty, encapsulation, encrypt, enfal, english, entry, environment, equal ity, equality, error, errordocument, errorhttp, errorlog, etcbashrc, etcirbrcloaded, europe, every, example, extendedstatus, facility, fallback, false, fancyindexed, fancyindexing, fcodes, ffffff, file, file format, files, filesystem, filesystems, filters while, find, first, fixed speed, flags, force, form, format, formats, for production, freebsd, freeze, full, function, fusion, general, generic, germany, get home, get information, greekmodern, greg roelofs, group database, group lp, groups, group value, guest, guid, gzip, headerchecks, high, histfile, histfilesize, history file, histtimeformat, hold, home autohome, host, host database, hostinteraction, hosts, html, http, https, Human Subjects, iana, icmp, id key, ifdefine, ifmodule, ignore, impact, include, indexes, indexignore, inetorgperson, info, inject, inpck, install, integer, internet, internetdrafts, ipnetmasknumber, ipv4, ipv6, ipv6 host, isis, isp mail, jabber, java, java class, java object, jelenia gra, jndi, jndi reference, jnew k, june, kame, kdc schema, keepalive, kerberos, kerberos v, kernel, keylog, kind, knew k, korean, ldap, ldap defaults, ldap directory, ldap entry, ldap server, ldif, level, level error, level info, license, limit, line, linus walleij, list, listen, lnew k, loadfile c, loadmodule, local, localnetbootdir, localonly, location, logger, lpadmin, lutz jaenicke, macho, magic, mail, mail backend, mail delivery, mail returned, main, major, make bash, maker, malware, manlocale, manpager, manpath, manpath optman, manual, many, mark, matches, matches for, matches user, match syntax, maxhistsize, maximum number, maxsparethreads, maybe, may contain, may description, maze, message, message mc, message secure, message sep, meta, metal, metal avizeler, microsoft, mime, mime type, mine, minimal, minrate500, minsparethreads, mirage, model, modern smtp, monitoring, mount, mpms, multi, multitouchhid, music, must, must contain, mx host, myvar, naikon, name, name leaf, name managedby, nazwa, nazwa hosta, netboot, netbootmount, netbootshadow, netinfo, netinfo preset, netinfo rpcs, netlicense, netscape, netwalker, networkd, networkonly, networkup, nieznany, nieznany strona, njrat, nnnbaud, no group, note, notify, not recommended, nroff, number, nxdomain, nxdomena, objectclass, obsolete, ocsp stapling, oid base, old example, olyx, oncrpcnumber, only, openbsm, openbsm kernel, open directory, opendirectoryd, openldap, openldap note, openldaporg, openldapou, openldaproot, openssl, openssl package, openssl project, options indexes, order, order deny, or even, outlook, owner, parenb istrip, parity, pass, pass8, passwd, password policy, path, pathbin, pc entry, pdf introduo, persistence, person, pidfile, pipes, pipe wall, pkcs, please, plist, plugx, pobierz plik, polish, posix, post, postfix, postfix dsn, postfix master, postfix pipe, postfix queue, postfix scsd, postfix smtp, postfix version, postscript, prior, prng, process, prod, product x, program, project, promptcommand, promptmode, prosz czeka, protocol, provide access, proxyhtmllinks, prunedirs, prunepaths, ps1h, public license, purpose, quality, quantum, ranlib, readline, readme files, recent cyrus, recipient, redirect mail, redistribution, refer, reject, reject empty, relocated, remember that, removed, removetype tr, replace user, reply, report, require, requireany, require host, require user, reserved, restrict, restrict access, result format, r etcbashrc, returnpath via, rfc1274, rfc2252, rfc2307, rfc2798, ripe ncc, risepro, RNA molecule, rn kategorileri, rolesyntax, rooter, rootkit, rpcs number, rpcsrc, rsvp, rule, rules, safenet, sample, sandbox, scanid, s checkwinsize, schema, schema mapping, searchpaths, secsrvr, sender, sepetim, sepetinizde rn, server, server admin, serveradmin, servername, serverroot, serversignature, service, session, set command, sethandler, setup, sha1, shall not, shell, shellsessiondir, sieci ip, signeddata, singlevalue, sipari takip, size, sizelimit, smime, smtp, smtp server, solaris, solaris auemac, solaris kernel, solaris umount, spaces, specification, specify, springboard, ssl engine, sslrandomseed, sslrequire, sslsessioncache, ssltls standard, start, startservers, state, status mailfrom, store, string, structural, structural may, structural must, subclass of, substr caseigno, sunnet manager, sup container, sup ipsecbase, sup name, sup person, supported, sup rpcentry, switch, synconclose no, synopsis, syntax, system, systype, t5000, tables, tcpip, teamviewer, technology, tekst, tell, term, terminal, termprogram, the program, this, thor, thread, threadid, threadsperchild, threadstacksize, tiff, tiger, time, timelimit, timeout, timestomp, tl sepetim, tl zeri, tmpdir, t option, traditionally, transport, triad, trke, troff, true, turkish, typeof c, uncomment, unicode, unix, unix password, update, uri ldap, use directory, use of, userdir, userdir sites, usereventagent, usergroup, user lp, user unknown, usrbinsudo, usrsbin, usrsbinnetbiosd, uucp, vartmp, verbose end, versionsort, virtual, virtual alias, virtualhost, virtualhost 80, virustotal, vpn socket, w3c html, wabot, waiting, warn, warp, wave, webdav, whasz, whatispager, wietse venema, wimplicit, win32, win32 certca, win32 dll, win32 exe, window, windows, with syntax, wprowadzenie, write, wyroby z, xhtml xht, xlam, xlc xlt, xlm xla, xlsb, xlsm, xltm, xtremerat, yara rule, yayih, yourincludepath, z7 z8, zasb, zobacz te
View other sources: Spamhaus VirusTotal
Contained within other IP sets: b3b0, bitcoin_blockchain_info_30d, blocklist_net_ua, haley_ssh, hphosts_emd, lashback_ubl, nixspam, nullsecure, proxylists_1d, proxylists_30d, proxylists_7d, proxyspy_30d, proxz_30d, proxz_7d, sblam, stopforumspam_180d, stopforumspam_365d, stopforumspam_90d, stopforumspam, yoyo_adservers

Country: India
Network:
Noticed: 4 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Bahrain, Canada, India, Israel, United States of America
Passive DNS Results: gst.taxvisor.in www.taxvisor.in taxvisor.in

Map

Whois Information

NetRange: 3.0.0.0 - 3.127.255.255
CIDR: 3.0.0.0/9
NetName: AT-88-Z
NetHandle: NET-3-0-0-0-1
Parent: NET3 (NET-3-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2017-12-20
Updated: 2022-05-18
Ref: https://rdap.arin.net/registry/ip/3.0.0.0
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2024-01-24
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/AT-88-Z
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgRoutingHandle: IPROU3-ARIN
OrgRoutingName: IP Routing
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
OrgRoutingHandle: ARMP-ARIN
OrgRoutingName: AWS RPKI Management POC
OrgRoutingPhone: +1-206-555-0000
OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
NetRange: 3.6.0.0 - 3.7.255.255
CIDR: 3.6.0.0/15
NetName: AMAZON-BOM
NetHandle: NET-3-6-0-0-1
Parent: AT-88-Z (NET-3-0-0-0-1)
NetType: Reallocated
OriginAS:
Organization: Amazon Data Services India (ADSI-6)
RegDate: 2019-10-29
Updated: 2019-10-29
Ref: https://rdap.arin.net/registry/ip/3.6.0.0
OrgName: Amazon Data Services India
OrgId: ADSI-6
Address: L&T Business Park, Gate No.5, Tower A
Address: Ground Floor, Sakivihar Road, Pawai
City: Mumbai
StateProv: MAHARASHTRA
PostalCode: 400072
Country: IN
RegDate: 2016-08-05
Updated: 2019-08-02
Ref: https://rdap.arin.net/registry/entity/ADSI-6
OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-555-0000
OrgTechEmail: amzn-noc-contact@amazon.com
OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-555-0000
OrgAbuseEmail: trustandsafety@support.aws.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-555-0000
OrgNOCEmail: amzn-noc-contact@amazon.com
OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN

Links to attack logs

Share on: