93.115.28.104 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 93.115.28.104 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 80/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Lithuania
• Noticed: 41 times
• Protocols Attacked: SSH
• Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Netherlands, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Tor Node: No
• Associated Malware Samples: 433

Tags

• aaaa
• accept
• access ta0001
• active related
• added active
• address
• adobe portable
• a domains
• adversaries
• adware
• aig
• akamai rank
• alerts
• alexa
• alexa top
• alf features
• algorithm
• all scoreblue
• amazon 02
• america flag
• analysis date
• analyzer paste
• analyzer threat
• android device
• a nxdomain
• apple
• apple ios
• apple notepad
• artemis
• as16552 tiggee
• as29789
• as397240
• as397241
• as62597 nsone
• as9009 m247
• ascii
• ascii text
• asnone united
• asyncrat
• august
• australia
• autodesk
• avast avg
• av detections
• awful
• azure tls
• bambernek
• bank
• banker
• basic
• b body
• best targets
• betabot
• blacklist
• blacklist http
• blacklist https
• blocklist
• body
• body doctype
• body length
• boot
• bootkits
• brent kimball
• brian sabey
• cachecontrol
• capture
• catalog tree
• centerchecks
• certificate
• china
• ch ua
• cisco umbrella
• ck id
• ck matrix
• ck techniques
• class
• classname
• click
• clickjacking
• clipper dos
• close
• cname
• cnc beacon
• cnc feodo
• cnc server
• coalition et
• cobalt strike
• code
• command
• command decode
• communications
• compiler
• connect azurepc
• connection
• contact
• contacted
• contacted hosts
• contact phone
• contained
• control ta0011
• cookie
• copy
• copy md5
• copyright
• copy sha1
• copy sha256
• core
• country
• covid19
• crash
• create
• create c
• created
• create new
• creation date
• critical risk
• cronup threat
• crossrider
• csc corporate
• cus cnmicrosoft
• cyber attack
• cyber security
• cyberstalking
• cyber threat
• dan.com
• dangeroussig
• dark consultants
• darkgate
• date
• date hash
• date mon
• dded active
• december
• ded active
• default
• defense evasion
• delete
• delete c
• denver co
• detecting
• detection list
• detections dns
• discovery
• dll sideloading
• dns resolutions
• dock
• document format
• domain
• domain address
• domain name
• domains
• domain tracker
• dos borland
• dos com
• download
• downloader
• dridex
• drivertalent
• dynamicloader
• e1082 impact
• e1203 data
• e1564 discovery
• emails
• emotet
• emotet ip
• encrypt
• engineering
• entries
• erase
• error
• et info
• etpro malware
• evasion ob0006
• evil
• evil c
• exe32
• executable
• execution
• execution att
• expiration date
• expires thu
• exploitation
• facebook
• failure
• fakedout threat
• fancy bear
• feodo
• file
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file samples
• file score
• files domain
• files location
• files matching
• file type
• final url
• find
• findwindowa
• flag
• flag united
• flow t1574
• font format
• format
• formbook
• found
• foundry
• fuery
• fusioncore
• g2 issuer
• g2 name
• gamers
• gandi sas
• gecko
• general
• generic
• generic windos
• getdc0x2a
• get http
• get https
• global outage
• gmt cache
• gmt connection
• gmt server
• guard
• gui32
• h1 center
• hackers
• hacktool
• hashes
• header intel
• headers
• headers date
• healthy check
• heur
• hide artifacts
• high
• high level
• highly targeted
• high process
• high security
• historical ssl
• history
• hitmen
• host
• hostmaster
• hostname
• hostnames
• hstr
• html
• html info
• http
• http attacker
• http requests
• http response
• hybrid
• hyperv
• ids detections
• igmp
• indicator
• indicator role
• industry_and_commerce
• info compiler
• info header
• information
• informative
• injection t1055
• installcore
• intel
• internal
• ioc
• iocs
• ip address
• ip detections
• ip summary
• ipv4
• ireland
• issuing ca
• javascript
• jpeg image
• june
• kb body
• kb pe
• keylogger
• khtml
• kraken
• language
• learn
• life
• light dark
• linker
• local
• location united
• logon autostart
• lowfi
• mail spammer
• malicious
• malicious ids
• malicious site
• malicious url
• maltiverse
• malware
• malware site
• malware type
• manjusaka
• markmonitor
• media center
• medium
• memcommit
• memory pattern
• meta tags
• metro
• mike
• million
• mitre att
• mivast
• modify system
• mon jul
• moved
• mozilla
• mr windows
• msclkidn
• msie
• ms visual
• ms windows
• murderers
• my boy dan
• name md5
• name server
• name servers
• name tactics
• nanocore rat
• nemucod
• next
• Nextray
• no data
• no entries
• no expiration
• nxdomain
• ob0005 defense
• ob0007 system
• ob0012 hide
• oc0006 http
• oc0008
• october
• ollydbg
• open
• openioc
• os2 executable
• overlay
• panda
• panda banker
• panel item
• pass
• passive dns
• path
• pattern match
• pcap
• pcidump rasman
• pdf document
• pdf report
• pe32
• pe32 compiler
• pe32 executable
• pe32 packer
• persistence
• phishing
• phishing site
• phishtank
• plasma
• please
• pony
• porkbun llc
• post
• post http
• pragma
• present apr
• present feb
• present mar
• privacy badger
• process32nextw
• processes tree
• process t1543
• products id
• protocol
• proxy
• pulse pulses
• pulses
• pulse submit
• pulses url
• quasi
• query
• ransom
• ransomware
• raspberry robin
• read c
• redline stealer
• redrum
• referrer
• regbinary
• regdword
• registrar abuse
• registrar url
• registry keys
• regsetvalueexa
• related nids
• related pulses
• remote
• remote keylogger
• remote system
• replacement
• report spam
• reputation
• request
• resolved ips
• response
• reverse dns
• review
• rgba
• riskware
• roboto
• role title
• safe site
• sakula
• sakula rat
• sale
• sameorigin
• sample
• samplepath
• samples
• samuel
• samuel tulach
• sandbox
• san rafael
• scan endpoints
• script urls
• search
• sec ch
• september
• serial number
• server
• servers
• service
• services
• serving ip
• sha1
• sha256
• shell commands
• shelltraywnd
• show
• showing
• show technique
• siendownloader
• signing ca
• site
• sites
• size
• slcc2
• slug
• snanning_host
• snatch
• sneaky server
• source domain
• spawns
• spotify artist
• sqli dumper
• ssl bypass
• ssl certificate
• stamping
• startpage
• start service
• status
• status code
• stealer
• steganography
• stix
• stop service
• strings
• sub domain
• summary
• suppobox
• suricata ipv4
• suricata udpv4
• suspicious
• suspicioussectioname
• suspicious ua
• symantec time
• t1027
• t1057
• t1063
• t1071
• t1105
• t1119
• t1129
• t1189 found
• ta0004 process
• ta0007 command
• tag count
• tag manager
• team
• team phishing
• team top
• telefonica co
• threat roundup
• threats et
• thumbprint
• title
• title added
• title error
• tls handshake
• tls sni
• tmobile
• tool transfer
• tor role
• tracker
• tre att
• trojan
• trojanclicker
• trojan.crypted
• trojanspy
• tsara brashears
• tulach
• twitter
• type
• type indicator
• ua platform
• unauthorized
• united
• united kingdom
• unknown
• url analysis
• url http
• url https
• urls
• urls http
• urls https
• url summary
• ursnif
• usd twitter
• user
• utc google
• utc gtmsxrf
• vadokrist
• ver2
• vids0
• vipre
• virustotal
• vmware
• vs2003
• w11 pc
• web open
• wewatta
• whitelisted
• win16 ne
• win32
• win324shared
• win32 exe
• win32mediadrug
• win32spigot
• win64
• windows
• windows control
• windows nt
• windows service
• wininet c0005
• workers compensation
• world
• worm
• wow64
• write
• write c
• writeconsolew
• writing gui
• x8bxe5
• xport
• yara detections
• yara rule
• youtube
• zbot
• zeus
• zusy

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1012 - Query Registry
• T1021 - Remote Services
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1070 - Indicator Removal on Host
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1133 - External Remote Services
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1158 - Hidden Files and Directories
• T1189 - Drive-by Compromise
• T1203 - Exploitation for Client Execution
• T1210 - Exploitation of Remote Services
• T1222 - File and Directory Permissions Modification
• T1457 - Malicious Media Content
• T1480 - Execution Guardrails
• T1485 - Data Destruction
• T1496 - Resource Hijacking
• T1497 - Virtualization/Sandbox Evasion
• T1498 - Network Denial of Service
• T1518 - Software Discovery
• T1543 - Create or Modify System Process
• T1547 - Boot or Logon Autostart Execution
• T1552 - Unsecured Credentials
• T1553 - Subvert Trust Controls
• T1555 - Credentials from Password Stores
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1583 - Acquire Infrastructure
• T1590 - Gather Victim Network Information

Attack Log References

Whois Information