IOC Radar
IPMediumSignal 71/100

216.198.54.1

Location
United StatesUnited States
San Francisco, California
ASN
AS209242
Zendesk, Inc.
First Seen
Jan 7, 2025
Last Seen
May 7, 2026
Jan 7
First Seen
529d ago
May 7
Last Seen
45d ago
8
Reports
source reports
71%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

86 techniques

Network Information

CountryUSUnited States
RegionSan Francisco, California
ASNAS209242
OrganizationZendesk, Inc.

Feed Intelligence Summary

8 reports71% confidence
8
Source reports
71%
Confidence score
Category tags
9ba h2aaaaaaaa nxdomainacceptaccept acceptaccount securityactive scanactivity dnsaddressaddress googleag daagentalf featuresall scoreblueall searchallocates_rwxamazonamazon-02america asnamerica flaganalysis tipanalyzer pasteandroidanomalous fileantisandbox_restartapkarial helveticaascii textasiaasnone countryasnone unitedasyncratattackavast avgbabybackdoorbad reputationbad trafficbestbest buybiosbios infectionbios malwarebluetooth attackbluetooth propagationbodybotnetbotnet activitybranches tagsbrazilbrian sabeybrian sabey.brute forcebuycalls-wmicapecapturecheckincheckschecks-gpschecks-network-adapterschecks-user-inputchinachina unknownchromecicadacityck idck matrixclassclick-based attackcloud infrastructurecloud providercloudfrontcnamecnccnc checkincode executioncode injectioncode issuescode obfuscationcolor valuecommandcommand & controlcommand and controlcommand executioncommon upatrecommunication protocolcompany limitedcontacted hostscontains-elfcookiecoupcreation datecredential accesscredential stuffingcrypcryptocryptocurrencycryptocurrency threatscryptojackingcryptominercryptominingcts execurrentpasswordczechia unknowndasherdata accessdata copyingdata exfiltrationdata store exposuredata transferdata uploaddbatloaderddosdead connectdeletedelete cdelphideployment notdetect-debug-environmentdigital signaturedigital stalkingdistributed attacksdiv divdj aidnsdns attackdnssecdockdocxdomainabusedomains topdongjun jeongdownloaderdynamicdynamic loadingdynamicloadereb e2ed b8ee fcelementemailsencryptencrypt httpsencryptionentityentrieserrorerror maret dnset infoeuifeuropeeurope/asiaexcelexe uploadexecutable fileexpiration dateexpiroexpiro malwareexploitexploitation activityf0 fffadokfailurefakedout threatfe ffff d5ff fffileless malwarefilesfiles domainfiles ipfiles locationfiles matchingfiles relatedfinanceflagflag unitedfooterformformatformbook cncforms webfreemang2 tlsgeckogeekgeneral fullgeneric httpgermanyget updatesgh0stcringegithubgithub copilotgithub pagesgoing darkgoogle safegrouphacker forcehashhighhostilehostname addhostname enumerationhstrhtmlhttp attackhttp scannerhttpshunt operationsidentity & access exploitationider dataids detectionsieedge chrome1india unknownindonesiainfiltrateinformation gatheringinformation technologyinfosec journeyinfostealerinfostealer_keyloggerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinjection_resumethreadinput validation bypassinteliociocsiot securityipv4ipv4 addit infrastructureitem tilejanelaratjapan unknownjpn writejs_evalkeyloggerkhtmlkmsautolateral movementlearnlevellocallog idlog operatorlong-sleepslooklowfilummamakemake suremalicious activitymalicious linksmalicious powershell activitymalicious softwaremalwaremalware signingmark monitormathismedia centermediummeta namemetadata analysismitre attmobilemobile securitymobile threatmonitored targetmovedmozimozi linkmpressmsiename serversname tacticsnet104net1040000netherlandsnetsupportratnetworknetwork cncnetwork communicationnetwork scanningnetwork spreadnetwork trafficnetwork wormnetwork_httpnetwork_icmpnextnext associatednext httpniniteninite sepno helpnorth americanumberobserved dnsollydbgopenopenurl coperating systemoperating system securityorgidotx telemetryover watchoverview ipp2p zeuspassive dnspasswordpath traversalpattern matchpdfpegasuspentest peoplepersistence mechanismphishphishingplay buttonpolcertpre-boot executionpreboot executionpreboot infectionpresent aprpresent augpresent decpresent junpresent marpresent novpresent sepprimary textprocess injectionprocess32nextwproess_martianproject cicadaprotocol h2proxypullpulse pulsespulsespulses nonepushpythonqualified immunityquasi governmentqueryr61afinrabusehandleransomransomwarerarread creconnaissancerecord valueredacted forrefreshrelated nidsrelated pulsesrelated tagsremote accessremote servicesresearchedresource hijackingrestartresults marresults novreverse dnsrnocnamerobots contentrootkitroutersa sha256rtechemailruntime-modulesrussiarussia unknownsabotagesafarisafe browsingsamplessan franciscoscams & fraudscan endpointsscans recordscriptscript scriptscript urlsscripting attackssearchsearch barsearch criteriasearch otxsectigo httpssecurity tlssegoe uiserver responseserverssetupshellshowshow processshow techniqueshowingsimdasingaporeslcc2social engineeringsocial media securitysoftware developmentsoftware exploitationsoftware integritysouth americaspanspan pspawnsspecial forcessquadstackstarstarsstate of coloradostatusstealcstopstringssu liaosuckysummary leafsupply chain attacksurvives reformatt1005t1010t1011t1016t1018t1021t1021.001t1021.004t1027t1027.002t1030t1036t1041t1045t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.007t1060t1064t1068t1069t1069.001t1069.002t1071t1071.001t1071.004t1078t1078.001t1082t1086t1095t1105t1112t1113t1115t1119t1129t1133t1140t1143t1158t1189t1190t1202t1203t1204.001t1204.002t1480t1480 executiont1486t1496t1497t1499.002t1499.003t1518t1542t1542.001t1542.003t1543t1547t1547.001t1554.001t1554.003t1555t1555.003t1562t1565t1566t1566.001t1568t1568.002t1571t1573t1574t1574.001t1583t1583.001t1583.005t1587.001t1589.001t1590.001tailored accesstaotao operationstargeted intelligencetelpertempetesla hackerstexttext colorthreat actortimestamp entrytitletitle errortlstls handshaketoolstor analysistor nodetrojan featurestrojan malwaretrojandroppertrustasia httpstwitteruefiuefi malwareukraineunique tldsunitedunited kingdomunited statesunknown nsuploading exeupx packerurlsurls httpusus noteuser executionvaluevalue domainvercelverdictverifyvietnamvietnam unknownviewvirtoolvirusvulnerability scanwarzoneratweb application attackweb application exploitationweb exploitationweb securityweb trafficwebkitweekwhinywin32 malwarewin32cve sepwin32mydoom sepwin32upatre decwin32upatre novwin32upatre octwin32upatre sepwindirwindows malwarewindows ntwordwormwritewrite cwriteupsx vercelxlsxyara detectionsyara rulezeus

Activity Timeline

1 total obs
May 7May 7

Threat Activity Heatmap

· Peak: 2026-05-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
8
Reports
First seenJan 7, 2025
Last seenMay 7, 2026
GeolocationUS
CountryUnited States
LocationSan Francisco, California
ASNAS209242
OrgZendesk, Inc.
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
CC=US ASN=ASNone
raw
NetRange: 216.198.0.0 - 216.198.63.255 CIDR: 216.198.0.0/18 NetName: ZENDESK-NETWORK NetHandle: NET-216-198-0-0-1 Parent: NET216 (NET-216-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Zendesk, Inc. (ZENDE-3) RegDate: 2015-05-29 Updated: 2024-03-20 Comment: -----BEGIN CERTIFICATE-----MIIDrTCCApWgAwIBAgIUb2kE6UuyvVS6Ogv1Gl16uR/hByUwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRAwDgYDVQQKDAdaZW5kZXNrMRQwEgYDVQQDDAt6ZW5kZXNrLmNvbTEiMCAGCSqGSIb3DQEJARYTbmV0d29ya0B6ZW5kZXNrLmNvbTAeFw0yNDAzMjAxODA3MjlaFw0yNTAzMjAxODA3MjlaMGYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UECgwHWmVuZGVzazEUMBIGA1UEAwwLemVuZGVzay5jb20xIjAgBgkqhkiG9w0BCQEWE25ldHdvcmtAemVuZGVzay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh/RDULKQAoGRnK27qp2qWq9ocelBqq4auQ18xmHXS2FLMIstkjrKd9+hVc9fltpumcKenohftmxrVFCDF+dZHpdE8NlI4i3bxsWJmFEPxnYIANG02Zzr1LpbfbQr9l1FKF5DZKvaSy76ZkMFrdsDeugkFwgjyyGuzNriikN2F4Uvs3SPx1LtkSo4fYW7XQOtE9AdlKShXZJnD68w4Be5ovqkumkzLRH4SwjHaoU5PBwtH1U1KZzltAUtaR50GUCKsP0ZhXdLDUBDOZOvhN30hAxn1FzKNoAt/o6DMEFdtjS+Ztju1Drv2di9xYXclwRLPbi/ERay4O3i60FZEkCHLAgMBAAGjUzBRMB0GA1UdDgQWBBR1CpJAhT1SV9jb7/IAiWF1TaEoGDAfBgNVHSMEGDAWgBR1CpJAhT1SV9jb7/IAiWF1TaEoGDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAAKxCseygRx1uCz9o9S2PPREA+Z5ubqPPmqsazbzk7kIhMKJyyPJY9GDy2KgUSK/2SXyeC5lsek+9R9KzJYR5wwxVOdlAjo7PXeAjwV+2xZKfKQPS8phnYsxChE9vYvqdNiKB9QF9inKtVyczCSkwCqn/PTPbsQnkvTfvyRLOHeTzsctfmRYTMuDoRS2gfHcWyJZ1Pl3f2q6zAOgfi91EUAb0QYTOF8Q0RTrxNHZ9s6rTornwIaFPFRnewiua7c3UT2NkvUZausm1ykiy7ATruol3YzWH5oCzXBWsAsXyPZVgbitMqCADjxVeYKKZLJz3yq6WPqaVAoyPyMKnI4bsG-----END CERTIFICATE----- Ref: https://rdap.arin.net/registry/ip/216.198.0.0 OrgName: Zendesk, Inc. OrgId: ZENDE-3 Address: 989 Market St City: San Francisco StateProv: CA PostalCode: 94103 Country: US RegDate: 2012-10-04 Updated: 2024-02-12 Ref: https://rdap.arin.net/registry/entity/ZENDE-3 OrgNOCHandle: NETWO5465-ARIN OrgNOCName: Network Operations OrgNOCPhone: +1-415-418-7506 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO5465-ARIN OrgTechHandle: NETWO5465-ARIN OrgTechName: Network Operations OrgTechPhone: +1-415-418-7506 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NETWO5465-ARIN OrgAbuseHandle: NETWO5465-ARIN OrgAbuseName: Network Operations OrgAbusePhone: +1-415-418-7506 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NETWO5465-ARIN OrgRoutingHandle: NETWO5465-ARIN OrgRoutingName: Network Operations OrgRoutingPhone: +1-415-418-7506 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/NETWO5465-ARIN
references
https://www.tiktok.com/@jeffersonultra/video/7404142059327687942?is_from_webapp=1&sender_device=pc&web_id=7408601050825868806, https://www.tiktok.com/@jeffersonultra/video/7401970649561894150, Https://BiosVir.us, Https://BluetoothVirus.com, https://www.virustotal.com/gui/collection/f3bb0fe192a7a669edd061, https://www.virustotal.com/graph/embed/g1313cfcd67d34e9c8d8438d6, https://any.run/malware-trends/, https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time, https://virustotal.zendesk.com/frontendevents/dl?client=1B752747-5778-429A-A0E0-83861AF69088, GitHub - peeringdb/peeringdb-py: PeeringDB python client, 00-skillsetparadesarrollo.zendesk.com, https://github.com/peeringdb/peeringdb-py, From the lovely Cyber Folks .PL Cover

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports