164.68.114.29 Threat Intelligence and Host Information

May 01, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 164.68.114.29 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

Mitre ATT&CK IDs: T1012 - Query Registry, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1049 - System Network Connections Discovery, T1055 - Process Injection, T1057 - Process Discovery, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1125 - Video Capture, T1204 - User Execution, T1486 - Data Encrypted for Impact, T1497 - Virtualization/Sandbox Evasion, T1498 - Network Denial of Service, T1499.002 - Service Exhaustion Flood, T1499 - Endpoint Denial of Service, T1566 - Phishing
Tags: alliance, apt, august, babuk, cc.py, chan, cobalt strike, crypter, DDoS, DDOS, domain, entropy, figure, filehash256, filehashmd5, filehashsha1, ghost, github account, h ansi, HEAD Floods, helloxd, HelloXD, infrastructure, int32, interface, ip address, ivan, june, Killnet, KillNet, l ansi, lockbit, malicious, malware, memoryfile scan, microbackdoor, networks, palo alto, ransomware, Ransomware, string, T1498, T1499, uint8, unicode, unit, virustotal, wildfire, windows, yunohost please, yunohost portal
View other sources: Spamhaus VirusTotal
Contained within other IP sets: socks_proxy_1d, socks_proxy_30d, socks_proxy_7d

Country: Germany
Network:
Noticed: 34 times
Protocols Attacked: Anonymous Proxy
Passive DNS Results: synapse.x4k.dev zeronet.x4k.dev ntopng.x4k.dev ntop.x4k.dev ???.com mallik.x4k.dev acp.x4k.dev mundo-telenovelas.x4k.dev oelwein-ia.x4k.dev g.1q.is git.1q.is mamba77.red registry.x4k.dev vs3.x4k.dev vs2.x4k.dev test.x4k.dev vs1.x4k.dev git.x4k.dev 1q.is fb.x4k.dev wk.x4k.dev cracker.x4k.dev cj.x4k.dev tgram.x4k.dev l.x4k.dev cve.x4k.dev arm.x4k.dev xn–90a5ai.com social.x4k.dev tg.x4k.dev sc.x4k.dev xmpp-upload.x4k.dev rengine.x4k.dev l4cky.com wp.x4k.dev drupal.x4k.dev dns.x4k.dev sf.x4k.dev theeye.x4k.dev btc.x4k.dev apk.x4k.dev x4k.sh proxypool.x4k.dev sea.x4k.dev mw.x4k.dev zero.x4k.dev nc.x4k.dev wg.x4k.dev nd.x4k.dev vc.x4k.dev vsc.x4k.dev vs.x4k.dev code.x4k.dev vscode.x4k.dev ssh.x4k.dev docker.x4k.dev tmp.x4k.dev office.x4k.dev repo.x4k.dev bw.x4k.dev cds.x4k.dev cloud.x4k.dev cp.x4k.dev vnc.x4k.dev x4k.dev

Malware Detected on Host

Count: 10 67d7cab1c9d5cd190aed310b8c75f132ea226e742faa8feaf6c7bfc66a60981c 7edb94e394135ce8a1b361317697baa3bc228fac5315c8ff49637ab7f15f79a0 a9282812ea5c5befd4aa46ae7fed6e38ada592853c5927ea05c3eb3b06e4b93f 0afad218ba4fa36baa3166ed16fb5c7588b2716cf13afc0fa86a937e7ae291f9 b7ee38385996cded731987d85c771be4fe3c370176788208ff8b2df317f39f07 7596418c84293532ad0596428a7285ac490b65f680cb836a68ac537e36e6bd52 69f40292915d779ed6dc2df3e5d1d355b38fca0832741458190587b5fc457d5e 126aece6018ffc042d85c28f081e4d44c33e7381e1f3a69969d890019ec76ce2 90a53bf04f33230a0798011161414816bc878d8e47259a293795d47b02354b51 cdb213ab22a8c04992cd123668c696335d449805f5ae0c47cfdd1d3c9f43bdd8

Map

Whois Information

NetRange: 164.68.96.0 - 164.68.127.255
CIDR: 164.68.96.0/19
NetName: RIPE
NetHandle: NET-164-68-96-0-1
Parent: NET164 (NET-164-0-0-0-0)
NetType: Early Registrations, Transferred to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2019-06-17
Updated: 2025-02-10
Ref: https://rdap.arin.net/registry/ip/164.68.96.0
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPE
OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN

Links to attack logs

Share on: