199.34.228.66 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 199.34.228.66 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Noticed: 11 times
  • Protocols Attacked: SSH
  • Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, China, Costa Rica, Curaçao, Georgia, Guatemala, Hong Kong, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 443, 80, 8080, 8443, 8880
  • Tor Node: No
  • Associated Malware Samples: 52

Tags

  • 2nd corintnthians 4:8-9
  • 707713
  • acceptencoding
  • activity dns
  • a domains
  • aes256gcm
  • agent tesla
  • akamaias
  • akamaiasn1
  • algorithm
  • all octoseek
  • all scoreblue
  • all txt
  • amadey
  • amazon02
  • america asn
  • analyze
  • anchor hrefs
  • anomalous_deletefile
  • anomalous file
  • antidebug_guardpages
  • antivm_generic_disk
  • a nxdomain
  • anyone else
  • apple
  • apple ios
  • april
  • arizona
  • as133618
  • as134175 unit
  • as13768 aptum
  • as15169
  • as16509
  • as20940
  • as29066 host
  • as30148 sucuri
  • as3359
  • as38365 beijing
  • as393601 state
  • as397241
  • as47846
  • as4837 china
  • as63949 linode
  • as6461 zayo
  • as8075
  • as852
  • asnone
  • asyncrat
  • attack
  • august
  • authority
  • auto-generated security
  • awful
  • azorult
  • back
  • backdoor
  • banker
  • bazar
  • beta version
  • blacklist
  • body
  • body length
  • brian sabey
  • brontok
  • builder
  • bypass_firewall
  • ca1 odigicert
  • ca issuers
  • callback phishing
  • catherine daisy coleman
  • cellbrite
  • certificate
  • certsentry
  • chaos
  • check in
  • china unknown
  • click
  • cmstp
  • cname
  • cnc
  • cobalt strike
  • code
  • communicating
  • components
  • contacted
  • contact phone
  • control
  • cookie
  • copy
  • core
  • count blacklist
  • creation date
  • critical
  • crlf line
  • crypto
  • cryptowall
  • csc corporate
  • cuba
  • cus cndigicert
  • daisy coleman
  • dalles
  • dark
  • data
  • date
  • dcom
  • default
  • delete
  • delete c
  • delphi
  • detection list
  • disables_windowsupdate
  • dns
  • dns lookup
  • dns replication
  • domain
  • domain privacy
  • domains
  • download
  • dynamic
  • dynamic_function_loading
  • dynamicloader
  • emails
  • emotet
  • encrypt
  • entries
  • error
  • eternalblue
  • eva reimer
  • evilnum
  • execution
  • expiration date
  • exploit
  • facebook
  • false
  • february
  • fexp24007246
  • file execution
  • files
  • files ip
  • final url
  • floxif
  • full name
  • gecko
  • general full
  • geoip
  • germany unknown
  • get na
  • ghost
  • global g2
  • gmt content
  • gmtn
  • go daddy
  • google
  • guard
  • hacking
  • hacktool
  • hallrender
  • headers xcache
  • high
  • historical
  • historical ssl
  • hong kong
  • hostname
  • hostnames
  • house.mo.gov
  • html document
  • html info
  • html internet
  • http
  • http_request
  • http response
  • https://lawlink.com/documents/10935/blackbag-technologies-announ
  • ieudinit
  • indonesia
  • info
  • injection_create_remote_thread
  • injection_inter_process
  • installer
  • iocs
  • ip address
  • ipv4
  • january
  • june
  • kb body
  • kb document
  • kb font
  • keepaliveyes
  • keylogger
  • khtml
  • level3
  • linux mint
  • local
  • location united
  • lockbit
  • log id
  • low risk
  • low security
  • malicious
  • malware
  • malware found
  • malware infection
  • maze
  • media
  • media center
  • medium
  • meta tags
  • metro
  • mexico
  • mhkz
  • midia-4
  • mini
  • missouri
  • modify_proxy infostealer_cookies
  • moved
  • msie
  • mtb feb
  • mvi2
  • name servers
  • nat32
  • network
  • network_http
  • next
  • njrat
  • no data
  • november
  • nso
  • nsyt
  • number
  • nxdomain
  • observed dns
  • october
  • open ports
  • parallax rat
  • parent domain
  • passive dns
  • paste
  • pegasus
  • persistence_autorun
  • playgame
  • powershell
  • powershell_download
  • powershell_request
  • primary request
  • privateloader
  • probe ms17010
  • problems
  • procmem_yara
  • protect
  • proton
  • public url
  • pulse pulses
  • pulse submit
  • push
  • qakbot
  • qbot
  • quasar
  • query
  • ransom
  • ransomexx
  • ransomware
  • record type
  • record value
  • redir
  • referrer
  • registrar
  • registrar abuse
  • registrar iana
  • registrar url
  • registry domain
  • related pulses
  • remcos
  • remcos rat
  • resolutions
  • resource path
  • rgba
  • risk
  • roundup
  • safebae
  • sample
  • samples
  • sample summary
  • scan endpoints
  • scottsdale
  • script tags
  • search
  • security no
  • september
  • server
  • servers
  • service
  • seznam
  • sha256
  • show
  • showing
  • simda
  • site
  • size
  • slcc2
  • slider plugin
  • ssl certificate
  • staging
  • startpage
  • state
  • status
  • status code
  • sucuri firewall
  • tactics
  • tag count
  • tag tag
  • target
  • taskscheduler
  • team
  • telecom
  • threat
  • threat network
  • threat roundup
  • title safebae
  • tls rsa
  • tls web
  • tracking
  • trojan
  • trojandropper
  • tsara brashears
  • ttl value
  • twitter
  • type mimetype
  • type name
  • typosquatting
  • ukraine
  • unicode text
  • united
  • unknown
  • url analysis
  • url http
  • urls
  • urls http
  • urls https
  • ursnif
  • utf8
  • utf8 text
  • v3 serial
  • veryhigh
  • virgin islands
  • wannacry
  • wc3 rpg
  • website malware
  • whois record
  • win32
  • win32 exe
  • win64
  • windows nt
  • wininit
  • win.trojan
  • wordpress
  • wow64
  • wpbakery page
  • wp engine
  • write
  • xpcegvo2adsnq
  • yara detections
  • yara rule

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1029 - Scheduled Transfer
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1059.007 - JavaScript
  • T1060 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1071.004 - DNS
  • T1071 - Application Layer Protocol
  • T1105 - Ingress Tool Transfer
  • T1140 - Deobfuscate/Decode Files or Information
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS

Passive DNS

  • jctheshepherd.com

Attack Log References

Whois Information

NetRange: 199.34.228.0 - 199.34.231.255 CIDR: 199.34.228.0/22 NetName: WEEBLYNET1 NetHandle: NET-199-34-228-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Weebly, Inc. (WEEBL-1) RegDate: 2009-02-18 Updated: 2022-12-15 Comment: For customer support please visit https://hc.weebly.com/ Comment: Comment: To report phishing and other malware please contact weebly-abuse@squareup.com Comment: Comment: To report copyright complaints please visit https://www.weebly.com/dmca or contact weebly-abuse@squareup.com Comment: Comment: Please, only use Org, Tech, and NOC POCs below to report network abuse Ref: https://rdap.arin.net/registry/ip/199.34.228.0 OrgName: Weebly, Inc. OrgId: WEEBL-1 Address: 1955 Broadway Address: Ste. 600 City: Oakland StateProv: CA PostalCode: 94612 Country: US RegDate: 2009-02-03 Updated: 2023-06-08 Ref: https://rdap.arin.net/registry/entity/WEEBL-1 OrgAbuseHandle: ABUSE2536-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-415-375-3268 OrgAbuseEmail: weebly-abuse@squareup.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2536-ARIN OrgNOCHandle: WEEBL2-ARIN OrgNOCName: Weebly NOC OrgNOCPhone: +1-415-375-3268 OrgNOCEmail: w-netops@squareup.com OrgNOCRef: https://rdap.arin.net/registry/entity/WEEBL2-ARIN OrgTechHandle: WEEBL2-ARIN OrgTechName: Weebly NOC OrgTechPhone: +1-415-375-3268 OrgTechEmail: w-netops@squareup.com OrgTechRef: https://rdap.arin.net/registry/entity/WEEBL2-ARIN RNOCHandle: WEEBL2-ARIN RNOCName: Weebly NOC RNOCPhone: +1-415-375-3268 RNOCEmail: w-netops@squareup.com RNOCRef: https://rdap.arin.net/registry/entity/WEEBL2-ARIN RTechHandle: WEEBL2-ARIN RTechName: Weebly NOC RTechPhone: +1-415-375-3268 RTechEmail: w-netops@squareup.com RTechRef: https://rdap.arin.net/registry/entity/WEEBL2-ARIN