134.209.128.47 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 134.209.128.47 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution

• Tags: aber zuerst, address, alles sehr, all octoseek, analyze, ascii text, august, blondine, body length, brnette, bundled, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, ck id, code, communicating, contact, contacted, contacted urls, dropped, empr.online, es wre, execution, factory, february, feeds ioc, file, final url, formbook, getprocaddress, gmt connection, gopher, headers date, historical ssl, hostnames, http, http response, hybrid, iocs, ioc search, july, kb body, localappdata, malware, mitre att, naser rony, new ioc, njrat, nummern, obz4usfn0, obz4usfn0 http, obz4usfn0 url, parker lisa, passive dns, paste, path, post, putty, ransomware, referrer, reply lisa, resolutions, sample, scan endpoints, screenshot, serving ip, sfqh4dt74w0 url, sha256, show technique, ssl certificate, status code, teams api, temp, threat, threat analyzer, threat roundup, ukhdaauqaaaaaac, unique, urls, urls https, vj87, whois record, whois ssl, whois whois, windir, zusammen

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS14061 digitalocean llc
• Noticed: 7 times
• Protocols Attacked: SSH
• Passive DNS Results: surveys4members.com couponcartdaily.us couponcartdaily.us nextmil4u.com nextmil4u.com thesurveyguide1.com couponcartdaily1.com creditguideusa3.com usaassistance1.com omgsweeps2.com financetips1.com financetips1.com foundmoneyguide3.com ledpersonal.com ledpersonal.com creditguideusa2.com creditguideusa2.com couponcartdaily2.com couponcartdaily2.com freesamplesguide2.com freesamplesguide2.com juumph3r31su13.cc juumph3r31su13.cc samplesnet.tips samplesnet.tips chance-sweeps.info chance-sweeps.info area-jobs.info area-jobs.info c2w-sweeps.club c2w-sweeps.club chancesweeps.com chancesweeps.com c4r-sweeps.com c4r-sweeps.com c4rsweeps.com c4rsweeps.com acg-openings.club acg-openings.club c2w-today.club c2w-today.club c4r-chances.club c4r-chances.club readyforc2w.club readyforc2w.club acg-openings.com acg-openings.com c4r-chances.com c4r-chances.com casability-info.com casability-info.com 923author1z4u11.com 923author1z4u11.com 923dr34mj0b-onl1ne21.com 923dr34mj0b-onl1ne21.com 923onlinesh0pp1ng20.com 923onlinesh0pp1ng20.com 923j0bgu1de20.com 923j0bgu1de20.com 923g023ur5-n0w11.com 923g023ur5-n0w11.com 923employm3nt-4u11.com 923employm3nt-4u11.com 923g11ftz-t0d4y21.com 923g11ftz-t0d4y21.com 923v3r1fy3ntryy21.com 923v3r1fy3ntryy21.com 923urg0ld3nc4rd11.com 923urg0ld3nc4rd11.com 923gr4ndpr11zez22.com 923gr4ndpr11zez22.com 923w1nnerz-pl4y20.com 923w1nnerz-pl4y20.com 923samples-cla1m11.com 923samples-cla1m11.com 923g1ftz-t0d4y20.com 923g1ftz-t0d4y20.com 923t0d4ys-l00kr20.com 923t0d4ys-l00kr20.com 923b11g-g1ftzz21.com 923b11g-g1ftzz21.com 923w1nner4nn0unc3d21.com 923w1nner4nn0unc3d21.com 923da1ly-w1nnr20.com 923da1ly-w1nnr20.com 923yes-sw33ps21.com 923yes-sw33ps21.com 923w1nn3r2day11.com 923w1nn3r2day11.com 923h1-p4y1ngjob20.com 923h1-p4y1ngjob20.com 923omg-winn3r11.com 923omg-winn3r11.com 923omg-winner19.com 923omg-winner19.com 923j0bgu1des11.com 923j0bgu1des11.com 923b1g-g1ftzz20.com 923b1g-g1ftzz20.com 92310-4cc3pt11.com 92310-4cc3pt11.com 923samples-claim19.com 923samples-claim19.com surveyguide1.com surveyguide1.com homemoneyguide4.com homemoneyguide4.com acg-newcareer.club acg-newcareer.club acg-grocareer.club acg-grocareer.club realestatetips1.com realestatetips1.com w1nn3rz-play21.com w1nn3rz-play21.com accept-ur-money10.com accept-ur-money10.com author1zee9.com author1zee9.com try-1t2daysa10.com try-1t2daysa10.com try-it2d4ysa10.com try-it2d4ysa10.com t4p2y0urs17.com t4p2y0urs17.com tapngetpgs14.com tapngetpgs14.com t4ptole4rns18.com t4ptole4rns18.com tak3a1ooksu18.com tak3a1ooksu18.com try-1t2d4ysa10.com try-1t2d4ysa10.com tap-fr1end12.com tap-fr1end12.com t4k3at0urs10.com t4k3at0urs10.com tapsr3adr14.com tapsr3adr14.com drawing-2night10.com drawing-2night10.com dr34mj0b-onl1ne21.com dr34mj0b-onl1ne21.com dr34mj0b-online20.com dr34mj0b-online20.com c3sh-ass1st19.com c3sh-ass1st19.com ch4nc3atg0ld07.com ch4nc3atg0ld07.com ch4nce4tg0ld07.com ch4nce4tg0ld07.com clk2verify10.com clk2verify10.com vi3wnn0w1j10.com vi3wnn0w1j10.com visit0r15.com visit0r15.com summer-50grand9.com summer-50grand9.com supportfunds9.com supportfunds9.com s34rchf0r17.com s34rchf0r17.com sw33ps-noww07.com sw33ps-noww07.com summ3r-c4sh07.com summ3r-c4sh07.com s3emore141.com s3emore141.com surplus-funds4u10.com surplus-funds4u10.com samplepackage10.com samplepackage10.com subm1t-inf021.com subm1t-inf021.com s4mpl3sgu1de20.com s4mpl3sgu1de20.com summer-prize50k9.com summer-prize50k9.com sweeps4-50grand9.com sweeps4-50grand9.com surv3y-r3ward19.com surv3y-r3ward19.com may9accept18.com may9accept18.com money2locate10.com money2locate10.com inputshere15.com inputshere15.com instant50k-winner9.com instant50k-winner9.com qu1k-sh0pp1ng07.com qu1k-sh0pp1ng07.com yourop1n1on10.com yourop1n1on10.com y3s2-joinnow21.com y3s2-joinnow21.com yes4t4pp11.com yes4t4pp11.com p3rk4m3mb3rs19.com p3rk4m3mb3rs19.com place2sh1pp14.com place2sh1pp14.com b1gsp3nd1ng07.com b1gsp3nd1ng07.com b11g-g1ftzz21.com b11g-g1ftzz21.com g04urs32.com g04urs32.com g3turs4mpl3s20.com g3turs4mpl3s20.com g0t0linksu17.com g0t0linksu17.com gr4ndpr1ze09.com gr4ndpr1ze09.com grandprize-eligible10.com grandprize-eligible10.com gr4ndpr11zez22.com gr4ndpr11zez22.com gr4ndpr11ze20.com gr4ndpr11ze20.com goodie4u10.com goodie4u10.com g04urntry14.com g04urntry14.com onlinesh0pp1ng20.com onlinesh0pp1ng20.com omg-instant-win12.com omg-instant-win12.com ursupportfunds9.com ursupportfunds9.com ur-b3std4y19.com ur-b3std4y19.com urs3ttlement19.com urs3ttlement19.com eligible4funds10.com eligible4funds10.com nof33s41u16.com nof33s41u16.com 3see-m0r3s26.com 3see-m0r3s26.com 4uthoriz4u10.com 4uthoriz4u10.com 2days-sw33ps07.com 2days-sw33ps07.com 1submit-fst12.com 1submit-fst12.com 1visit116.com 1visit116.com 3c1ickforurs10.com 3c1ickforurs10.com 1perkst4tuz-13.com 1perkst4tuz-13.com 50k-finalist10.com 50k-finalist10.com 50kprize-4u9.com 50kprize-4u9.com 9-accept10.com 9-accept10.com 1takesite16.com 1takesite16.com 2adsites25.com 2adsites25.com 4urclk12.com 4urclk12.com 5ign-upsa19.com 5ign-upsa19.com funds4settlement9.com funds4settlement9.com fr3sh3sts4mples19.com fr3sh3sts4mples19.com f1ndsrv3y19.com f1ndsrv3y19.com finalist4prize10.com finalist4prize10.com acg-today1.club acg-today1.club acgtoday.club acgtoday.club acg-today-1.club acg-today-1.club submitinf0.cc submitinf0.cc todayc4r1.com todayc4r1.com acn-option1.com acn-option1.com tap2pg.work tap2pg.work profpursuit2.com profpursuit2.com profpursuit1.com profpursuit1.com shoppersamples.com shoppersamples.com samplesguide2.com samplesguide2.com homemoneyguide2.com homemoneyguide2.com joinsweeps1.com joinsweeps1.com bestdaysweeps.com bestdaysweeps.com samplegeo.com dailytipjar3.com dailytipjar3.com dailytipjar2.com dailytipjar2.com samplesnetwork2.com samplesnetwork2.com sampleoftoday.com sampleoftoday.com professionalpursuit1.com samplesnetwork1.com samplesnetwork1.com profpursuit.com profpursuit.com wdy-text.com wdy-text.com aiq-enter.com aiq-enter.com aiq-offers.com aiq-offers.com tulverify.com tulverify.com tummobile.com tummobile.com tuminfo.com tuminfo.com tcmattn.com tcmattn.com taw-join.com taw-join.com tul-verify.com tul-verify.com tcm-goto.com tcm-goto.com taminvite.com taminvite.com talpromo.com talpromo.com tc5info.com tc5info.com tad-site.com tad-site.com tadjoin.com tadjoin.com dh5goto.com dh5goto.com c2wsms.com c2wsms.com caf-offers.com caf-offers.com cadenter.com cadenter.com cfg-reply.com cfg-reply.com cfmtxt.com cfmtxt.com c2p-reply.com c2p-reply.com c2m-follow.com c2m-follow.com sdtinfo.com sdtinfo.com hmgpromo.com hmgpromo.com hml-info.com hml-info.com hmp-confirm.com hmp-confirm.com hmgtxt.com hmgtxt.com hmgconfirm.com hmgconfirm.com mwpmobile.com mwpmobile.com pff-sms.com pff-sms.com pfa-text.com pfa-text.com bdl-join.com bdl-join.com ommsite.com ommsite.com omg-sms.com omg-sms.com ubf-promos.com ubf-promos.com uam-promos.com uam-promos.com usl-site.com usl-site.com ubs-mobile.com ubs-mobile.com ubsreply.com ubsreply.com ualsms.com ualsms.com rbl-sms.com rbl-sms.com fsi-offers.com fsi-offers.com fsltext.com fsltext.com fmfreply.com fmfreply.com aiq-invite.com aiq-invite.com asf-site.com asf-site.com acn-sms.com acn-sms.com acmconfirm.com acmconfirm.com acl-goto.com acl-goto.com aiq-promos.com aiq-promos.com acmsubmit.com acmsubmit.com actpromos.com actpromos.com acm-attn.com acm-attn.com afc-mobile.com afc-mobile.com aiq-attn.com aiq-attn.com acm-site.com acm-site.com acd-text.com acd-text.com acm-promo.com acm-promo.com acfconfirm.com acfconfirm.com acnoffers.com acnoffers.com tcl-attn.com tcl-attn.com tam-invite.com tam-invite.com tufgoto.com tufgoto.com tu5sms.com tu5sms.com tul-join.com tul-join.com tc5follow.com tc5follow.com tam-txt.com tam-txt.com ta5-submit.com ta5-submit.com tcw-submit.com tcw-submit.com ta5confirm.com ta5confirm.com tad-txt.com tad-txt.com tai-enter.com tai-enter.com tum-txt.com tum-txt.com ta5invite.com ta5invite.com tumpromos.com tumpromos.com tugjoin.com tugjoin.com tuf-attn.com tuf-attn.com tug-confirm.com tug-confirm.com ta5-txt.com ta5-txt.com tad-join.com tad-join.com tdb-txt.com tdb-txt.com tdbtext.com tdbtext.com tal-follow.com tal-follow.com tdbsms.com tdbsms.com tcm-enter.com tcm-enter.com tao-attn.com tao-attn.com tam-mobile.com tam-mobile.com tdbsite.com tdbsite.com tap-info.com tap-info.com taftxt.com taftxt.com taf-reply.com

Malware Detected on Host

Count: 1 1d9dac6b15fa419c286080c7325580dad0afd0234aab8eec1b06523048570df2

Open Ports Detected

25 53 80

CVEs Detected

CVE-2022-22707

Map

Whois Information

• NetRange: 134.209.0.0 - 134.209.255.255
• CIDR: 134.209.0.0/16
• NetName: DIGITALOCEAN-134-209-0-0
• NetHandle: NET-134-209-0-0-1
• Parent: NET134 (NET-134-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS14061
• Organization: DigitalOcean, LLC (DO-13)
• RegDate: 2018-10-18
• Updated: 2020-04-03
• Comment: Routing and Peering Policy can be found at https://www.as14061.net
• Comment:
• Ref: https://rdap.arin.net/registry/ip/134.209.0.0
• OrgName: DigitalOcean, LLC
• OrgId: DO-13
• Address: 101 Ave of the Americas
• Address: FL2
• City: New York
• StateProv: NY
• PostalCode: 10013
• Country: US
• RegDate: 2012-05-14
• Updated: 2023-10-23
• Ref: https://rdap.arin.net/registry/entity/DO-13
• OrgTechHandle: NOC32014-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-347-875-6044
• OrgTechEmail: noc@digitalocean.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
• OrgNOCHandle: NOC32014-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-347-875-6044
• OrgNOCEmail: noc@digitalocean.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
• OrgAbuseHandle: ABUSE5232-ARIN
• OrgAbuseName: Abuse, DigitalOcean
• OrgAbusePhone: +1-347-875-6044
• OrgAbuseEmail: abuse@digitalocean.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN

Links to attack logs

****** ****** ******