46.8.8.100 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 46.8.8.100 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: Czechia
Network: AS60592 gransy s.r.o.
Noticed: 50 times
Protocols Attacked: SSH
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Italy, Korea Republic of, Latvia, Lithuania, Netherlands, Norway, Poland, Romania, Singapore, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Open Ports: 123, 179, 22, 443, 4949, 53, 80
Tor Node: No
Associated Malware Samples: 2321

MITRE ATT&CK TTPs

T1003.008 - /etc/passwd and /etc/shadow
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1012 - Query Registry
T1027 - Obfuscated Files or Information
T1031 - Modify Existing Service
T1036.004 - Masquerade Task or Service
T1036 - Masquerading
T1041 - Exfiltration Over C2 Channel
T1055 - Process Injection
T1056.001 - Keylogging
T1057 - Process Discovery
T1059.007 - JavaScript
T1059 - Command and Scripting Interpreter
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1071.001 - Web Protocols
T1071.002 - File Transfer Protocols
T1071.003 - Mail Protocols
T1071.004 - DNS
T1071 - Application Layer Protocol
T1081 - Credentials in Files
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1088 - Bypass User Account Control
T1098 - Account Manipulation
T1100 - Web Shell
T1105 - Ingress Tool Transfer
T1106 - Native API
T1107 - File Deletion
T1110 - Brute Force
T1114.002 - Remote Email Collection
T1114 - Email Collection
T1119 - Automated Collection
T1122 - Component Object Model Hijacking
T1129 - Shared Modules
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1210 - Exploitation of Remote Services
T1415 - URL Scheme Hijacking
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1459 - Device Unlock Code Guessing or Brute Force
T1496 - Resource Hijacking
T1534 - Internal Spearphishing
T1546.015 - Component Object Model Hijacking
T1546 - Event Triggered Execution
T1547 - Boot or Logon Autostart Execution
T1560 - Archive Collected Data
T1566 - Phishing
T1578.003 - Delete Cloud Instance
T1583.005 - Botnet
T1588.004 - Digital Certificates
T1588 - Obtain Capabilities
T1598 - Phishing for Information
TA0001 - Initial Access
TA0002 - Execution
TA0003 - Persistence
TA0004 - Privilege Escalation
TA0005 - Defense Evasion
TA0006 - Credential Access
TA0007 - Discovery
TA0008 - Lateral Movement
TA0009 - Collection
TA0010 - Exfiltration
TA0011 - Command and Control
TA0034 - Impact
TA0040 - Impact

Passive DNS

whispershelf.com