76.76.21.22 Threat Intelligence and Host Information

Dec 14, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 76.76.21.22 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

  • Mitre ATT&CK IDs: T1012 - Query Registry, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1046 - Network Service Scanning, T1055 - Process Injection, T1064 - Scripting, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1105 - Ingress Tool Transfer, T1189 - Drive-by Compromise, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1562 - Impair Defenses, T1571 - Non-Standard Port, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow

  • Tags: anna paula, associated, currc3adculo, cyber security, from email, headers, ioc, malicious, malspam email, malware, msi file, Nextray, phishing, tuesday, utf8, zip archive

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts

Malware Detected on Host

Count: 21 07d88194859da0eb828f49944a12325e31ff748d5ae72bed621494788a5b1567 76e93093d4684a6e72580ff8f4bf810fab0aa8a23485c8e41c4b0cb2b35bc4b9 ddcfb1ba424e8b10bc83301942845f50a4e5ada39250ba706a9ecbc7ee9e63e3 506fb03ab1f8bcf6cd459291fac15f2853a2b178adf0eeae03421b06b2c27c7e 6a319a7f0d7cea222d82ad1aa53f2565108f3cf33feb4a4fb31cc3a333dec90b d4274c5c788d70cb2425819b903139d657cd3d511bebc1469fc34f453a002451 25e489dbb967bc5f324c5b13e8e695170e77a2eeae69978e0010425a2e13caee c78ecc96ee3b01bb3e99e1466f2328bd84a2af4e2dfe2b34280c9fa261930748 c0d6d0159c0100bcf9748782b32e737a8a85769c03ae06056353d1931e6b5885 a756dc21b286bf6ca714be08c458b786f34d2befb18b93cf503f71478d9e5c6e

Open Ports Detected

443 80

Map

Whois Information

  • NetRange: 76.76.21.0 - 76.76.21.255
  • CIDR: 76.76.21.0/24
  • NetName: VERCEL-01
  • NetHandle: NET-76-76-21-0-1
  • Parent: NET76 (NET-76-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Vercel, Inc (ZEITI)
  • RegDate: 2020-05-08
  • Updated: 2020-06-05
  • Comment: —–BEGIN CERTIFICATE—–MIIDmzCCAoOgAwIBAgIUYqxVc6t5udbMz0Ys6xC4VTX4NDgwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQHDAZXYWxudXQxEzARBgNVBAoMClZlcmNlbCBJbmMxGzAZBgkqhkiG9w0BCQEWDG1AdmVyY2VsLmNvbTAeFw0yMDA1MTExMzIxMDJaFw0yMjA1MTExMzIxMDJaMF0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UEBwwGV2FsbnV0MRMwEQYDVQQKDApWZXJjZWwgSW5jMRswGQYJKoZIhvcNAQkBFgxtQHZlcmNlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZNRvQYOIYbBJHiZAs3VUPlT9OxU3S+zg5gFgEogAM5sCuQC+jOAfTY/RLgy9RFyfqeqrAtggW7AcSxVbywKaoPUrSeO0leksfVIWnUUpvuZvZJeoArlzrw7CjZ2AZirHkbgZpkpoPDOyR6D9nt5pY1uWiP2CF1vV2XIX7lJEwrzgu1Ki0O4a9UXRCHx818OHEJzF9OJfg5iwGuHmSwAQ0tVfOtvHCKMuFRb6wQzzdcI+4GmKIkfYKSQsTEAndDXcI8nDVEJ3lEt1mFA0x/vrFm5u4fzos9nogPGLaoQ1cUqnwFcoTckM0ic2GAuEUUnhLLr3kC+remuVMGN1HuZ/AgMBAAGjUzBRMB0GA1UdDgQWBBS8RvrS4Dyk7FAMmz+ldKyIPsITGzAfBgNVHSMEGDAWgBS8RvrS4Dyk7FAMmz+ldKyIPsITGzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC5JPZscR5+q3YMgwLsjCAFY/AbUDJvavT3oy8fyO597Xa9fzBJFXY6qG7b+KYQ8TfEgNGY/AUNU3+h8YG5VyRgaIzC0FANQc2EpxnmBBW+grvLIn+BlKAaFH2LvpG+hc8fUUgGicCKUvKxCyuRZMYxzpnTn4A6PzojbALdVAG1CuicfYvD91yvsBzDimniUehSG7dyWJklwsssT6sHFjqOv/1PLej2NWcE92M1Il27IZwZfOV8urG6yd6FZlGBG+8KZP8IEsMf6OropTRKlikHSvKzsOhAnmE/1J45HDjVFNeco+bZW5iOZiHu2Ov1FMTENrMe0xgjPjI7Ri2rdcU8—–END CERTIFICATE—–
  • Ref: https://rdap.arin.net/registry/ip/76.76.21.0
  • OrgName: Vercel, Inc
  • OrgId: ZEITI
  • City: Walnut
  • StateProv: CA
  • PostalCode: 91789
  • Country: US
  • RegDate: 2020-03-26
  • Updated: 2020-06-05
  • Comment: https://vercel.com
  • Ref: https://rdap.arin.net/registry/entity/ZEITI
  • OrgTechHandle: MFV2-ARIN
  • OrgTechName: Vieira, Matheus Fernandez
  • OrgTechPhone: +1-415-980-8007
  • OrgTechEmail: m@vercel.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/MFV2-ARIN
  • OrgAbuseHandle: ABUSE7926-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-415-980-8007
  • OrgAbuseEmail: abuse@vercel.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7926-ARIN

Links to attack logs

****** ****** ******

Share on: