209.99.64.51 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.99.64.51 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 9 times
• Protocols Attacked: SSH
• Countries Attacked: United Kingdom of Great Britain and Northern Ireland, United States of America
• Tor Node: No
• Associated Malware Samples: 84

Tags

• aaaa
• abuse contact
• accept
• access ta0001
• address
• adobe portable
• a domains
• adversaries
• adware
• aig
• alexa
• alexa top
• alf features
• algorithm
• all scoreblue
• amazon 02
• analyzer paste
• analyzer threat
• apple
• apple ios
• apple notepad
• apple phone
• asnone united
• asyncrat
• august
• available from
• awful
• azure tls
• bambernek
• bank
• basic
• b body
• best targets
• betabot
• blacklist
• blacklist http
• blacklist https
• blocklist
• body doctype
• body length
• boot
• botnet command and control
• brent kimball
• brian sabey
• catalog tree
• ca tech
• centerchecks
• china
• cisco umbrella
• classname
• clickjacking
• clipper dos
• close
• cnc feodo
• cnc server
• coalition et
• cobalt strike
• code
• communicating
• compiler
• connect azurepc
• connection
• contacted
• contacted urls
• contact phone
• contact privacy
• contained
• copy
• core
• country
• covid19
• create
• created
• creation date
• critical risk
• cronup threat
• crypto
• cus cnmicrosoft
• customer
• cyber attack
• cyberstalking
• cyber threat
• dan.com
• dangeroussig
• dark consultants
• darkgate
• data
• date
• date hash
• date mon
• december
• defense evasion
• delete
• detection list
• detections type
• diamondfox
• discovery
• dll sideloading
• dns
• dns records
• dns resolutions
• dnssec
• document format
• dofoil
• domains
• domains inc
• domain status
• dos com
• download
• downloader
• dreamhost
• dridex
• drivertalent
• e1082 impact
• e1203 data
• e1564 discovery
• el0kpmhlfz
• emotet
• emotet ip
• engineering
• entries
• erase
• etpro malware
• evasion ob0006
• evil
• evil c
• exe32
• executable
• execution
• expires thu
• exploitation
• facebook
• fakedout threat
• february
• feodo
• files
• file samples
• files matching
• file type
• final url
• find
• findwindowa
• first
• flow t1574
• font format
• formbook
• fuery
• fusioncore
• gamers
• gecko
• generic
• generic windos
• get http
• gmt server
• go montenegro
• graph summary
• group
• guard
• gui32
• hacked by phone call
• hackers
• hacktool
• hashes
• header intel
• headers
• headers date
• heur
• hide artifacts
• high
• high level
• highly targeted
• high process
• high security
• historical ssl
• history
• hitmen
• host
• hostname
• hostnames
• html
• html info
• http attacker
• http requests
• http response
• iana id
• iframe
• industry_and_commerce
• info
• info compiler
• info header
• information
• injection t1055
• installcore
• installer
• intel
• internal
• iocs
• ip address
• ip detections
• ip summary
• ipv4
• issuing ca
• january
• javascript
• july
• june
• kb body
• key identifier
• kgs0
• khtml
• kls0
• kraken
• language
• life
• linker
• llc creation
• llc domain
• llc registrar
• logon autostart
• lookups
• lumma stealer
• mail spammer
• malicious
• malicious site
• malicious url
• maltiverse
• malware
• malware site
• manjusaka
• march
• media center
• medium
• memcommit
• memory pattern
• meta tags
• metro
• million
• mitre att
• modify system
• monitoring
• mon jul
• mr windows
• msie
• ms visual
• ms windows
• murderers
• my boy dan
• name
• namecheap
• namecheap inc
• name md5
• nanocore rat
• network
• next
• nginx
• no data
• ob0005 defense
• ob0007 system
• ob0012 hide
• oc0008
• october
• ollydbg
• open
• os2 executable
• overlay
• passive dns
• password
• password bypass
• pcidump rasman
• pdf document
• pe32
• pe32 compiler
• pe32 packer
• phi
• phishing
• phishing site
• phishtank
• phone hacking
• pii
• plasma
• please
• pony
• post
• postal code
• post http
• pragma
• probe
• processes tree
• process t1543
• products id
• proxy
• pulse submit
• python connection
• q0gpyr1balpdgpo
• qakbot
• qdkxgr24yz
• quasi
• raccoonstealer
• ransomexx
• ransomware
• raspberry robin
• rat
• record type
• redline stealer
• redlinestealer
• redrum
• referrer
• regbinary
• regdword
• registrant
• registrant fax
• registrar
• registrar abuse
• registrar go
• registrar url
• registrar whois
• registry keys
• registry tech
• regsetvalueexa
• relacionada
• related pulses
• relic
• remote
• remote system
• replacement
• request
• resolutions
• response
• review
• riskware
• safe site
• sale
• sample
• samplepath
• samples
• sandbox
• scan endpoints
• script urls
• search
• september
• server
• service
• services
• serving ip
• sha256
• shell commands
• shelltraywnd
• show
• showing
• site
• sites
• slcc2
• smoke loader
• snatch
• sneaky server
• solutions
• spawns
• spotify artist
• sqli dumper
• ssl certificate
• start service
• status code
• stealer
• steganography
• stop service
• subdomains
• summary
• suppobox
• t1063
• t1189 found
• ta0004 process
• tag count
• tag manager
• team
• team phishing
• team top
• tech email
• technology
• telefonica co
• threat report
• threat roundup
• threats et
• thu apr
• title
• title error
• tls sni
• tmobile
• tofsee
• tracker
• trojan
• tsara brashears
• ttl value
• tucows
• tucows domains
• tulach
• type
• unauthorized
• united
• unknown
• url analysis
• url https
• urls
• urls http
• urls https
• url summary
• usd twitter
• user
• utc google
• utc gtmsxrf
• v3 serial
• virustotal
• vs2003
• web open
• whois lookups
• whois record
• whois whois
• win16 ne
• win32
• win32 exe
• win64
• windows nt
• windows service
• workers compensation
• worn
• wow64
• write
• x509v3 subject
• x8bxe5
• yara rule
• zbot
• zeus
• zfglddkl58a url

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1012 - Query Registry
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1053 - Scheduled Task/Job
• T1055.012 - Process Hollowing
• T1055 - Process Injection
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.005 - Visual Basic
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1070 - Indicator Removal on Host
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1105 - Ingress Tool Transfer
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1111 - Two-Factor Authentication Interception
• T1112 - Modify Registry
• T1114 - Email Collection
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1189 - Drive-by Compromise
• T1203 - Exploitation for Client Execution
• T1222 - File and Directory Permissions Modification
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1485 - Data Destruction
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497.001 - System Checks
• T1497 - Virtualization/Sandbox Evasion
• T1543 - Create or Modify System Process
• T1547.001 - Registry Run Keys / Startup Folder
• T1547 - Boot or Logon Autostart Execution
• T1552.001 - Credentials In Files
• T1552 - Unsecured Credentials
• T1555.003 - Credentials from Web Browsers
• T1555 - Credentials from Password Stores
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1583.005 - Botnet
• TA0011 - Command and Control

Passive DNS

• mtlra.org

Attack Log References

Whois Information