65.21.94.13 Threat Intelligence and Host Information

Jun 19, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 65.21.94.13 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1497 - Virtualization/Sandbox Evasion, T1583.005 - Botnet, TA0011 - Command and Control
Tags: $RTD4NQU.exe, accept, added active, agent tesla, algorithm, am, android, apple music, apple tv, attack, authentihash, azorult, body length, botnet, bundled, chi2, class, click, collection, compiler, contact, contacted, copyright, created, critical, cve cve20170199, cyber defense, cyber security, date, dded active, detections type, dkey english, domains, dropped, ejkaej saBey k7-^Oa, english us, entries, error, et tor, executable, execution, exit, fast corporate, filehashmd5, files, file type, final url, firm collection, from, g4 code, general, generator, generic, headers, headers nel, historical ssl, http response, hybrid, imphash, indicator role, installer, ioc, ioc iocs, ioc search, ip address, kb body, known tor, learn, list for, local, logistics, lord krishna, magic pe32, malicious, malware, manager, meta, minutes ago, misc attack, ms windows, name, new ioc, Nextray, nisis, no data, node traffic, no expiration, nsis, octoseek report, open, overlay, path, pattern match, paulsmith, pe resource, phishing, problems, project, pulses url, reddit, referrer, related pulses, relayrouter, reserved, rich pe, right, root g4, runtime process, search, search otx, sections, secure, serial number, sha1, sha256, sha256 file, sha384, showing, signing rsa4096, spam author, ssdeep, ssl certificate, startpage, status code, strings, summary, tag count, teams api, thumbprint, tjprojmain, TOR, trid win64, tulach c2, type type, unknown, url http, url https, valid from, vhash, VPN, vt graph, whois record, whois whois, win32 exe, windows, xml rtmanifest
View other sources: Spamhaus VirusTotal
Contained within other IP sets: dm_tor, et_tor

Country: Finland
Network: AS24940 hetzner online gmbh
Noticed: 36 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: tor-relay.zwiebeltoralf.de

Malware Detected on Host

Count: 28 1e4631827967d5503d29362f9113d6488be770271484092d207e5a42d331587f b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 1cd04c2566689489cb7ad792b2d699b7a4f05d2d0a0be0f1dfb7072714f24f24 77ff33c51425b8254788e5fff94bd6382911fb3b934c082a0bf21ae7ea15ba70 a243e0fc096a7a65a752ae8f4e47f3f266f58a05017c6e06b281e13f9ae4c594 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 2e1cb6a2cb1b284dbdd0b8d47d53f946ca0b27a196c45600cc656889c2e57623 4e6a519bcb42aaa7c30affe7612c1447803f98dcaccfb0941f2a8dd7ac2d0ced 881dee1f2af5a4f14b36a810b46d120d3e7889d33a85638c9ab4365a1fe8de88 69b7b686dc7587f05d303c70089fb11ff1950b99a3c4611db290a9759a621156

Map

Whois Information

NetRange: 65.21.0.0 - 65.21.255.255
CIDR: 65.21.0.0/16
NetName: RIPE
NetHandle: NET-65-21-0-0-1
Parent: NET65 (NET-65-0-0-0-0)
NetType: Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2020-06-24
Updated: 2020-06-24
Ref: https://rdap.arin.net/registry/ip/65.21.0.0
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPE
OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
inetnum: 65.21.0.0 - 65.21.255.255
netname: DE-HETZNER-20010926
country: FI
org: ORG-HOA1-RIPE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: ALLOCATED PA
mnt-by: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
created: 2020-06-24T14:02:28Z
last-modified: 2021-01-31T10:00:15Z
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2022-11-22T18:32:44Z
role: Hetzner Online GmbH - Contact Role
address: Hetzner Online GmbH
address: Industriestrasse 25
address: D-91710 Gunzenhausen
address: Germany
phone: +49 9831 505-0
fax-no: +49 9831 505-3
abuse-mailbox: abuse@hetzner.com
org: ORG-HOA1-RIPE
admin-c: MH375-RIPE
tech-c: GM834-RIPE
tech-c: SK2374-RIPE
tech-c: MF1400-RIPE
tech-c: SK8441-RIPE
tech-c: DD15478-RIPE
nic-hdl: HOAC1-RIPE
mnt-by: HOS-GUN
created: 2004-08-12T09:40:20Z
last-modified: 2022-11-22T18:33:55Z
route: 65.21.0.0/16
org: ORG-HOA1-RIPE
descr: HETZNER-DC
origin: AS24940
mnt-by: HOS-GUN
created: 2020-12-28T12:19:02Z
last-modified: 2020-12-28T12:19:02Z
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2022-11-22T18:32:44Z

Links to attack logs

Share on: