46.246.12.14 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 46.246.12.14 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

  • Mitre ATT&CK IDs: T1005 - Data from Local System, T1010 - Application Window Discovery, T1012 - Query Registry, T1018 - Remote System Discovery, T1021 - Remote Services, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1041 - Exfiltration Over C2 Channel, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1091 - Replication Through Removable Media, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1113 - Screen Capture, T1120 - Peripheral Device Discovery, T1125 - Video Capture, T1132 - Data Encoding, T1547 - Boot or Logon Autostart Execution, T1555 - Credentials from Password Stores, T1562 - Impair Defenses, T1568 - Dynamic Resolution, T1571 - Non-Standard Port

  • Tags: discovery, Njrat, RedLine, remote system, st9buf0axwlbjb7, t1005, t1010, t1012, t1018, t1021, t1027, t1033

  • View other sources: Spamhaus VirusTotal

  • Country: Sweden
  • Network: AS42708 glesys ab
  • Noticed: 2 times
  • Protocols Attacked: Anonymous Proxy
  • Passive DNS Results: pradera.duckdns.org clarosecurity-com.duckdns.org nuevosecua.duckdns.org nuevosremcs.duckdns.org chupetines39999.duckdns.org patria.duckdns.org spamworzon.duckdns.org mr24251.duckdns.org matarife.duckdns.org daddy.linkpc.net tiagoodiaz.duckdns.org fortuna777.duckdns.org dubay.duckdns.org reald27.duckdns.org septiembre2022.duckdns.org diosamor27.duckdns.org banqueislamik.ddrive.online update.mcafee-endpoint.com news.banquealtantique.net personnels.bdm-sa.fr ant-ec.duckdns.org frank.anondns.net proxy21.duckdns.org ecuadordos.duckdns.org ecuado2021.duckdns.org

Malware Detected on Host

Count: 105 ab23de5f1c097be589e6802a230a24c10e07f60f13214e1f011042f4e51061cf 6dd25f1f288da8a804f41af680fda859e16b8b14b702025d1d265195f7a1bad3 3c5a733411aca498591aa177a6023984645062af02a127d3f08dc970feb27540 ef9353e2ce183d62fff967fb5d97dce26f862f35f1cfb1a512970c674953eee4 89a09e2f4971b6d329a694f88d8a3f4c09b51eaff819fb4497d63e162e4c2028 2d9425f22ff6bfac3217629cb2b724557e2431718937cef2d8ab629f32a3e92d fb0242383cc04dbaa3a81ac1947d183cad1c91f9fc77c1eddcc5e79b745c0017 7fc11ae7d7870624df39b4a18c11f95c58ff9e5856a523f108814a8d3627641b af375504ca558e9035a8bc319bbb592055bcd73bd20a6932203d252bfcae9530 beec48641e268819b654b29b10417e1c6d843c79211335bfed09b0c919f78209

Open Ports Detected

135 22 443 80 9091

Map

Links to attack logs

anonymous-proxy-ip-list-2024-01-11

Share on: