209.99.64.18 Threat Intelligence and Host Information

Apr 26, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 209.99.64.18 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1021.001 - Remote Desktop Protocol, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1051 - Shared Webroot, T1053 - Scheduled Task/Job, T1056.001 - Keylogging, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110 - Brute Force, T1114 - Email Collection, T1123 - Audio Capture, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1155 - AppleScript, T1184 - SSH Hijacking, T1192 - Spearphishing Link, T1194 - Spearphishing via Service, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1442 - Fake Developer Accounts, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1454 - Malicious SMS Message, T1506 - Web Session Cookie, T1512 - Capture Camera, T1543 - Create or Modify System Process, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1548 - Abuse Elevation Control Mechanism, T1553.002 - Code Signing, T1553 - Subvert Trust Controls, T1564 - Hide Artifacts, T1566 - Phishing, T1568.002 - Domain Generation Algorithms, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583.001 - Domains, T1583.006 - Web Services, T1583 - Acquire Infrastructure, T1585.001 - Social Media Accounts, T1586 - Compromise Accounts, T1587 - Develop Capabilities, T1588 - Obtain Capabilities, T1591.002 - Business Relationships, T1598 - Phishing for Information, TA0001 - Initial Access, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control

  • Tags: aaaa, abuse contact, added active, address, address domain, a div, a domains, age86400 set, all octoseek, all scoreblue, alphacrypt cnc, amazing girls, analyze, anydesk, apache, apple, apple ios, apple iphone, apple itunes, applejeus, april, arizona, artemis, as133618, as133775 xiamen, as15169 as16509, as15169 google, as16509, as19527 google, as19871 as22612, as19905, as22612, as24940 hetzner, as33387, AS33387 nocix llc, as34788, as397240, as43350 nforce, as44273 host, as47846, as49305 map, as49870 alsycon, as49870 city, as51852, as60558 phoenix, as8560, as9002, ascii text, auction, august, authentication, authority, av detections, b59bn timestamp, bashlite, bayrob, b body, beacon, blacklist, blacklist http, body, body doctype, body doubles, body length, briansabey, bundled, business email compromise, businessman, busty brunette, c2, c2 server, caas, ca issuers, canada unknown, cane, cape, cellebrite, cellerebrand, cert, certificate, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, cisco umbrella, ck id, click, cname, cnc, cobra, coco, code, colibri loader, collection, command, communicating, computer security, confirm https, contact, contacted, contacted urls, cookie, copy, core, cowboy, create, creation date, cronup threat, csirt, cvss v2, cyber attack, cyber risks, cyber security, cybersecurity, cyber threat, dark, data brokers, date, date sat, dcom port, delete c, detection list, dga domain, div div, dns replication, dnssec, domain, domains, downloader, dropped, elite, elsa jean, emails, emotet, encrypt, entries, error, et tor, et trojan, executable, execution, exit, expiration date, exploit, external, factory, fallchill, false, february, feeds ioc, ff2c217402202b, file, filehash, files, files ip, final url, florence co, formbook, for privacy, fraud, germany unknown, get http, get na, getprocaddress, gmt connection, gmt location, gmt max, gmtn, gmt server, go daddy, gopher, hackers, hacktool, headers date, high attack, high level, highly targeted, historical ssl, honeypot ips, hosting, hostname, hostnames, host sinkhole, html public, http, http response, hybrid, hybridanalysis, identifying, ietfdtd html, impact, indicator facts, info, installcore, intel, intellectual property theft, iocs, ioc search, ios, ip address, ip related, ip summary, ipv4, itunes, javascript, july, june, katrina jade, kb body, kbc510384, ki31498750, kld1061, known tor, kt339, ktd256, kupay wallet, lemon duck, limited, local, localappdata, location virgin, log id, loki password, lookups date, malicious site, malvertising, malware, malware site, mars, mercenary, meta, methodpost, metro, miles2, mirai, mirai 03042024, mirai malware, misc attack, misc http, mitre att, modify system, mohammed zourob, mommy, moved, mtb mar, mtb may, name servers, n cvss, new ioc, next, nivdort, njrat, node traffic, nubile cowgirl, nxdomain, obtain, obz4usfn0, obz4usfn0 http, obz4usfn0 url, online sat, online sun, online wed, orbiters, orgabuseref, orgid, parked domains, passive dns, paste, path, path max, pattern match, pegasus, pegasystem, phishing, phishing site, piracy, please, possible, post, process, puffy nipples, pulse pulses, pulses, pulses otx, pulse submit, putty, ransom, ransomware, react app, read c, realteck audio, record value, redacted for, redline stealer, referrer, relacionada, related nids, related pulses, related tags, relayrouter, remote, replication, resolutions, reverse ip, rexxfield, ripe ncc, ripe network, role title, sakula malware, sakula rat, sample, samples, scams, scan endpoints, scottsdale, screenshot, script script, script urls, search, service, serving ip, sfqh4dt74w0 url, sha1, sha256, show, showing, show technique, sinkhole cookie, site, slavegirl, spotify artist, ssh hijacking, ssl certificate, status, status code, stealer, strings, striven, summary, sun sep, susp, targeting, teams api, temp, threat, threat analyzer, threat roundup, thu jul, title, tls web, trace, trojan, trojanspy, tsara brashears, twitter, type, type indicator, type name, typeof e, typosquatting, ukhdaauqaaaaaac, ukraine, union crypto, unique, united, united kingdom, unknown, unknown win, updater, url analysis, url http, url https, urls, urls https, url summary, uscert, u. s. computer emergency readiness, v3 severity, value snkz, verizon feed, virgin islands, virustotal, vj87, west domains, whois, whois lookups, whois record, whois ssl, whois whois, win32, windir, window, windows, windows nt, windows version, write, write c, xorddos, xserver, zeus gameover

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_pha, hphosts_psh

  • Country: United States
  • Network:
  • Noticed: 19 times
  • Protocols Attacked: SSH
  • Countries Attacked: Germany, Netherlands, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: woxiangwanbaijiale.myledong.com ippodamo-dev.rekee.com zhibingjiurenxiaoyouxi.myledong.com xiadaoluobinhan.myledong.com www.reactorpress.com bk.amerantbk.com xinpujingguojiyulechengwang.myledong.com xiusidunhuojian.myledong.com xinyukfxx.com wdngroup.com warplevel.com astair.com alaskasecurity.com agency24.com acesuperstores.com tycpj.com tweedspub.com tridef.com tajweez.com threadsytee.com dqyclmzm.com dingxicst.com dxpdigital.com desir.com challengersoccer.com zhongguotaiguobocai.myledong.com critiquemag.com corazonverde.com cibfinance.com champproperty.com canhovietreal.com virtualeduca.com steztogo.com spinningcomposter.com safewire.com streamsespn.com solarmissiontechnologies.com smileright.com smileimplants.com shuttlecocksheds.com samanthaarcephotography.com selectaroom.com schoolofbeing.com huinongnongyekeji.com hvacbase.com huaweifirmwares.com handmadegame.com moodyweb.com lmdingxi.com iwantcheese.com inteliverse.com pipipay.com beamanbrand.com bandofoutsiders.com bonnieisaac.com ge-spark.com baluxcafe.com gwkgroup.com grumpyelder.com grisdugabon.com globaleducationleaders.com gastroresource.com jorgemartin.com jbonnel.com gastbuch.com joeyhines.com jtksyb.com oneadriaticoplace.com usapr.com experimentx.com nectarcollectors.com nickandamy.com 116kan.com 13throot.com 4everyoungbocaraton.com 31520.com karvydigikonnect.com kopfstand.com kishproperties.com rasema.com rxl66.com rkkgroup.com ftlauderdaleelectric.com fuda-lock.com fanchatbot.com fnmbvcsadr.fmbt.com www.bahrainbookings.com xinbaoyulecheng.myledong.com www.dequeenchamberofcommerce.com zhongchaoyaguan.myledong.com twittertwat.com zaihanguokanxinlangzhibo.myledong.com www.businessprocessors.com www.ioworlds.com zixingcheduiqisheji.myledong.com xinyuzuihaodebaijiale.myledong.com www.testspiele.com youbowangzhi.myledong.com wanbaoluyule.myledong.com zhongguoduqiukuangchao.myledong.com forum.thaidvd.net www.desir.com retailprofile.com youbou2bet.myledong.com www.ruffdogs.com zhanshenzhenrenbaijialedubo.myledong.com xin2xitongkaihu.myledong.com xinzexiwang.myledong.com yinhetiyuzaixianbocaiwang.myledong.com www.black-march.com zaixiandailiwangzhi.myledong.com wenyingbaijialejiqiao.myledong.com www.glennbushford.com intdc.karvydigikonnect.com wildfirenews.com whatdao.com willowgrovegroup.com wfcxjc.com amarillolimon.com asprion.com antibloggies.com torchbank.com torpen.com tlctattoo.com tenseflow.com dappdev.com dronegalaxy.com dzsyjz.com carolinaferraz.com coastalcarolinarifleclub.com chemtoky.com dataffirm.com clickblocker.com curryvault.com heesoo.com scenerie.com hempfence.com houstoncleaningservice.com metaaverse.com loanwiser.com zhuozhaozhanlan.com infosecuritytraining.com immozen.com iloveyouback.com portlandaddiction.com itllhappen.com permitguy.com bjdcqwl.com booksbunker.com basions.com bestmedicalschools.com bretstephens.com black24tv.com gongshanglaw.com godiscock.com gulfcoastcustomhomes.com greenmarathon.com gelongke.com gu2gu.com onlysolars.com uchaoting.com jschenhua.com escorts-in.com notreesharmed.com nrwgroup.com effectu.com nerdfirst.com rmlelectric.com kmgaokao.com rrngroup.com fastdeliverysolutions.com fs-wushi.com flipnfts.com fsxgroup.com fsbybz.com fcxgroup.com www.cobent.com zhenrenlonghupojie.myledong.com allcasinoneeds.com zhengqijiqiren.myledong.com zhenrenheguanbocai.myledong.com xcxc.qiye-fw.com yongwangguojiyulecheng.myledong.com xinyuleguanwang.myledong.com www.bricodepotfr.com wap.157866.com xuanmen.myledong.com xinlangyingchaozhibojian.myledong.com xinqiuyulechengbaijialexianjin.myledong.com xingguangzhizunshougeji.myledong.com zhourunfajianghulonghudou.myledong.com helwigtechnik.com www.rochesterautoinjuryattorneys.com zhongchaoqiuduiyaguansaicheng.myledong.com yingheguoji.myledong.com xinjiapoyouduchangma.myledong.com yiboguojitouzhuzhan.myledong.com www.ph-defense.com xinpujingcaipiao.myledong.com zhongqinghongyanzuqiujulebu.myledong.com xianhezhuangyulecheng.myledong.com vwinyulecheng.myledong.com 2009yidalichaojibei.myledong.com yuyaosiminghudujiacun.myledong.com www.bluestonenm.com xtsdsplx.com xtcclx.com welshco.com webmonkeydd.com astroverde.com adultatwork.com twitter-followers.com travelchase.com thewounded.com takipcihome.com takungart.com dashunedu.com cruisedesign.com sonyers.com stopmontagnedor.com sdzg.com catchexpired.com spankbanb.com stepuptek.com songsofireland.com sdtnb120.com happycanada.com healthynutritionconference.com mykidswork.com security-solution.com mdworld.com linux-hardcore.com mengleji.com luxconcept.com lf-shengtai.com zuidafrika.com ideasqueinspiran.com instacamper.com littlenorthern.com ihaveagirl.com zy2hz.com itsacatthing.com ibilaldia.com phygitalawards.com qyqxyh.com phxarena.com bynrgsl.com buyminiskirts.com boardwalkagencies.com bdtkek.com grim.com guomagroup.com bikersleather.com bbccountryfilemagazine.com golvar117.com jingdongdress.com jiaogucha.com universityplacement.com elmawahiba.com eaglecontainers.com elkon.com nutrisocietyindia.com nbordstrom.com kartixparc.com karaokebay.com rothschildtoken.com rusconsult.com ravelers.com forexprogram.com fortunetent.com earnknowledge.com yongliwangshangyule.myledong.com zhenqianyouxizuqiuyule.myledong.com kuaichuanvsmaciquanchanghuifang.myledong.com xinhengxingyulecheng.myledong.com www.pokergalaxy.com yinghuangjiudian.myledong.com xueyuanyuanziliaoku.myledong.com zuqiuwanglaozhibo.myledong.com xinzexiwangduilaoban.myledong.com www.dognoses.com pingpangqiuchenjianannianling.myledong.com zhongchaokeyiyoujigewaiyuan.myledong.com xinlangwuchajianzhibohenka.myledong.com zhenrenbocaipingtai.myledong.com www.wave2013.com zenmaanzhuangshanxun.myledong.com ip-135-40.zaplpos.com zuidabocai.myledong.com yulezhizunbaijiale.myledong.com www.lusteens.com xinxianjinwang.myledong.com xianshangyulecheng.myledong.com zhonghuayishugong.myledong.com www.newliteitsolutions.com zhongguogundongxinwen.myledong.com www.buffalobistro.com www.588437.com zuijinxinwenredian.myledong.com whiskeydao.com weldingautomation.com apkinch.com asesorestributarios.com telepsychiatric.com adycloud.com tvhaberler.com thisdao.com debman.com cometogetherpetition.com coinfinder.com carebills.com speechtotextonline.com sk-zx.com sxhaitongzb.com siaentertainment.com survivaldigital.com holtapparel.com hillsmereshores.com helltv.com hljjdcm.com mightynursemegan.com metrobuying.com miramarbeachvacationrentals.com longvideo.com lp-roinvesting.com laceypanties.com leaninchina.com zhencaozi.com leedstravel.com zhongxinzhibao.com itbalm.com qianjinfoods.com imageoutdoors.com yumurtaliekmek.com intelligentguru.com yinji-media.com pythonxs.com baudtherapy.com postagestamps.com bootboohook.com parkrex.com bowwowtimes.com burchfiel.com ggwidlund.com genietvanitalie.com givenoground.com giftcards2day.com justinfong.com jianfangdc.com javaelite.com omotesando-garo.com offwot.com uaeone.com unredundant.com everydayleader.com nbyyqf.com 111982.com 912111.com redheadpornstars.com realitycontrol.com retromag.com freshfitnutrition.com fonetglobal.com nvmingxingxinwen.myledong.com yunboguojibocaitouzhuwang.myledong.com zuqiushengyan.myledong.com securepop.ardeabio.com xianjinqipaidubowangzhan.myledong.com ziyoulanqiuzhongwenzhan.myledong.com sandlong.xianyuyingzuofushiqijiandian.sunyining.com zhongguopingpangqiuzongjiaolian.myledong.com fistan.com xianggangyouxiandianshiyuletai.myledong.com xinlangtiyuzhongchao.myledong.com xiusiduntianqi.myledong.com zhenrenqipai.myledong.com s22.collabop.global.fujtsu.com zaixianguankancctv5.myledong.com yapanbocaigongsicaopantedian.myledong.com xinbao.myledong.com xinpujingxianshangyulecheng.myledong.com teatroquintero.com www.heatherfloralstudio.com www.ronaldknoxsociety.com boyinbeiyongwang.myledong.com yingchaowangshangzhibo.myledong.com xinlangzhiboshoujikehuduan.myledong.com xianxuezi.com wugusa.com accessxr.com a1b1.com aulen.com armcompany.com affug.com aiz5.com topvision-cv.com tianjiz.com tcm-education.com china4u.com delawarestatepolicefederalcreditunion.com delicateconstruction.com dealtimewatches.com cicinternationalb.com corpuschristihomesecurity.com cheeze-magazine.com vango-app.com carymortgages.com cdentaire.com videosquirrel.com szjzbl.com viesbuciai.com viasi.com speakway.com scalehosting.com sandaaltjes.com srt-me.com sqjms.com szmentalhospital.com sznmzt.com share3althakafa.com smart-factory.com smithcountyhomes.com simplestroke.com service-piano.com hyundairewardcard.com hbhelp.com hirecut.com myminicity.com marcelhotel.com mac-gamer.com myusland.com lifealdente.com leoag.com insurancegenie.com qizanjiaotong.com yuanxue315.com portlandheritage.com pattersonnewhomes.com pincuidianzi.com bwcxy.com bookprotection.com brewsandbuds.com bsr3d.com gulaal.com jinyuzhixing.com openreg.com emirairlines.com nextlevelmetaverse.com nnslsxx.com nbhsyn.com nahane.com 808c.com 111725.com 81540.com kidj.com realbeautiful.com runnermatch.com redlineparis.com dabojinyulecheng.myledong.com zhongshengzhiwangpaiheike318.myledong.com wangshangdubobaijialeweifa.myledong.com yulexianchangguanwang.myledong.com wanglaoqipaikaifa.myledong.com www.pythonxs.com www.oraltrials.com yingchaopaiming.myledong.com www.wonderfulweddingstory.com grondrom.com dgmeilun.com xianggangyinghuangzhuangshijituan.myledong.com mg312.clubtrades.com xinpujingguanwang.myledong.com www.pinnaclepallets.com www.atlantictomorrowsoffice.com www.digitaldiscipline.com www.mixeduperic.com www.colomacapital.com www.carmeloart.com xjrsfy.com whiskyfriends.com awayfair.com arkv1.com apxcoin.com agencedecom-balthazar.com a4consulting.com toslog.com thickblackass.com tierralucida.com diyadai.com dynahedge.com corsanautica.com cheapsnowboards.com corneliahomes.com clady.com canaltestdrive.com vanderglas.com suburbanhomerecords.com sjzkqzjzx.com smallbackhoe.com hbgzcx.com

Malware Detected on Host

Count: 138 a3362713ed611c952c3248e474ca44639f16e9ab87beecb473b7f534212f7fc3 9f4cb0e7ea9813fe21d7714f153bca497ed49319ae87bbb523912414799b1894 5816b8889a298f92433619fba35b52dac54955b9eb9a779cbe133b48affd8bff 521df23d33d0ce7aa48c961cf1a92c25f5d42ef42987091585d73b63efc874e9 1d8af371e3dcf0ef636f3f2932cefe035a6c570fb3848754628880d9e5bf54a6 15c5c6f00b7321c900f527f03a198857bdc6d22ab93ff21f458d4a7e51f7d290 5d3ed000262e61c7521dc9e7b704e1ecb29c7e01bd8ca2e940693adc3ffcfac7 48b5b28b3a6cf2cb9122d5b66540f9181cbed083ed1d1ad94ab8ea3325bce91e 24e7115a6d70fa670da63526c8657c597fc21b5f27c8dc264927783c57f0efb8 388e35803e0f17589db637e76357692f4a5479ec72b73d7216b2c18c54d8c463

Map

Whois Information

Links to attack logs

****** ****** ******

Share on: