128.14.151.195 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 128.14.151.195 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 62/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1114 - Email Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1155 - AppleScript, T1158 - Hidden Files and Directories, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution, T1588 - Obtain Capabilities, TA0011 - Command and Control

• Tags: aaaa, africa, afrinic, all scoreblue, all search, america asn, apnic, apple, apple ios, applenoc, apple phone, arin, as20940, as44273 host, as54113, as54252, ascii text, asia pacific, asnone united, body, capture, collections, communicating, contacted, contacted urls, copy, core, creation date, customer, date, dga, dns replication, domain, dynamic dns, elf collection, elf executable, elf wgetboat, entries, execution, expiration date, factory, fakedout threat, file, files, for privacy, general, gp practice, hacktool, high, historical ssl, hostname, hostnames, hybrid, iana, indicator, iocs, ipv4, ipv4 address, json data, kgs0, kls0, lacnic, linux, llwn, localappdata, location united, malicious, malware, medium, memcommit, mirai, mitre att, name servers, next, oracle, otx scoreblue, passive dns, password, paste, path, pattern match, ph elf, privacy inc, probe, pulse pulses, ratel, redacted for, red team, referrer, regbinary, regdword, regsetvalueexa, regsetvalueexw, regsz, resolutions, ripe ncc, samples, scan endpoints, search, servers, showing, ssl certificate, status, stealer, suspicious, sysv, t1055, telefonica de, text, threat, threat network, tsara brashears, type name, unicode text, united, unknown, unlocker, urls, urls https, whois lookup, whois record, whois whois, win32, windir

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS21859 zenlayer inc
• Noticed: 3 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America

Malware Detected on Host

Count: 22 6ee557fcb02723a7f48a8bf68bef275a468d6d6eb876113ace5a02d1a6b331ab 2324e31eadfad37254d5de54cbf4c59ecaeff906c454c6f2ebcf08e89cd7ed6f 4085f15df3dd42deef0c1b50696f96cb9c476b405be384790e20eea7c97eab4d ee4a4120b2d92d994e0901acd3c9e63e871a34639435e9dd61d856a0612433f5 b1bd2f3dae6efd6861cc8b9a1604230407dc037218047083c117cca8717d16b0 59f5e3801a854d15b39ac6e84470a37fcbd3174cb95f277a66e2fe5213a98dd9 7e986aec4415db0810b68f64be49786c146c9f019521c3c43cd31df90947d3d3 506065fbd39b344d74e3bf263ea8f1f62d27dc1791c5c68a80708538268a6efd 678dfdd73d66a0edcae557456245ada609037959546f6e63d401dd604ad4a534 d8b0eb7ef66f0df09f3a03ee3c774de652723d4db9b0ba72bf2561b3d50fa965

Open Ports Detected

80

CVEs Detected

CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

• NetRange: 128.14.0.0 - 128.14.255.255
• CIDR: 128.14.0.0/16
• NetName: ZL-LAX3-004
• NetHandle: NET-128-14-0-0-1
• Parent: NET128 (NET-128-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS21859
• Organization: Zenlayer Inc (ZENLA-7)
• RegDate: 2016-09-07
• Updated: 2018-01-12
• Ref: https://rdap.arin.net/registry/ip/128.14.0.0
• OrgName: Zenlayer Inc
• OrgId: ZENLA-7
• Address: 21680 Gateway Center Dr. Suite 350
• City: Diamond Bar
• StateProv: CA
• PostalCode: 91765
• Country: US
• RegDate: 2017-12-27
• Updated: 2023-07-06
• Ref: https://rdap.arin.net/registry/entity/ZENLA-7
• OrgTechHandle: ZENLA2-ARIN
• OrgTechName: Zenlayer GNOC
• OrgTechPhone: +1-909-718-3558
• OrgTechEmail: gfs-gnoc@zenlayer.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ZENLA2-ARIN
• OrgAbuseHandle: SOCOP-ARIN
• OrgAbuseName: SOC Ops
• OrgAbusePhone: +1-909-718-3558
• OrgAbuseEmail: abuse@zenlayer.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/SOCOP-ARIN
• OrgNOCHandle: IPADM641-ARIN
• OrgNOCName: IP ADMIN
• OrgNOCPhone: +1-909-718-3558
• OrgNOCEmail: ipadmin@zenlayer.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/IPADM641-ARIN
• OrgTechHandle: IPADM641-ARIN
• OrgTechName: IP ADMIN
• OrgTechPhone: +1-909-718-3558
• OrgTechEmail: ipadmin@zenlayer.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPADM641-ARIN
• OrgTechHandle: LIYAN11-ARIN
• OrgTechName: Li, Yang
• OrgTechPhone: +1-626-412-0833
• OrgTechEmail: GlobalNetworkOperationsCenter@zenlayer.com
• OrgTechRef: https://rdap.arin.net/registry/entity/LIYAN11-ARIN
• NetRange: 128.14.151.0 - 128.14.151.255
• CIDR: 128.14.151.0/24
• NetName: ZL-LAX-ZENWORKS-0065
• NetHandle: NET-128-14-151-0-1
• Parent: ZL-LAX3-004 (NET-128-14-0-0-1)
• NetType: Reassigned
• OriginAS: AS21859
• Organization: ZENLA-1 (ZENLA-8)
• RegDate: 2019-07-31
• Updated: 2019-07-31
• Comment: Abuse please contact: abuse@zenlayer.com
• Ref: https://rdap.arin.net/registry/ip/128.14.151.0
• OrgName: ZENLA-1
• OrgId: ZENLA-8
• Address: 21680 Gateway Center Dr.
• Address: Suite 350
• Address: Diamond Bar, CA 91765
• Address: U.S. Headquarters
• City: Los Angeles
• StateProv: CA
• PostalCode: 91765
• Country: US
• RegDate: 2019-07-30
• Updated: 2019-07-30
• Ref: https://rdap.arin.net/registry/entity/ZENLA-8
• OrgAbuseHandle: ZENLA-ARIN
• OrgAbuseName: zenlayer-1
• OrgAbusePhone: +1-626-412-0049
• OrgAbuseEmail: abuse@zenlayer.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ZENLA-ARIN
• OrgTechHandle: ZENLA-ARIN
• OrgTechName: zenlayer-1
• OrgTechPhone: +1-626-412-0049
• OrgTechEmail: abuse@zenlayer.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ZENLA-ARIN

Links to attack logs

****** ****** ******