64.124.12.162 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 64.124.12.162 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

• Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1005 - Data from Local System, T1007 - System Service Discovery, T1012 - Query Registry, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1047 - Windows Management Instrumentation, T1055.003 - Thread Execution Hijacking, T1055 - Process Injection, T1056.004 - Credential API Hooking, T1057 - Process Discovery, T1059.005 - Visual Basic, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1074.001 - Local Data Staging, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1102 - Web Service, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.004 - Credential Stuffing, T1112 - Modify Registry, T1114 - Email Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1212 - Exploitation for Credential Access, T1428 - Exploit Enterprise Resources, T1445 - Abuse of iOS Enterprise App Signing Key, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1546.015 - Component Object Model Hijacking, T1547.009 - Shortcut Modification, T1547 - Boot or Logon Autostart Execution, T1553.002 - Code Signing, T1553 - Subvert Trust Controls, T1555 - Credentials from Password Stores, T1560.002 - Archive via Library, T1560 - Archive Collected Data, T1562.001 - Disable or Modify Tools, T1566 - Phishing, T1568 - Dynamic Resolution, T1573.001 - Symmetric Cryptography, T1573 - Encrypted Channel, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1614 - System Location Discovery, TA0011 - Command and Control

• Tags: 1602192580242, 1602192586217, 1602192588844, 1602192624796, 303300, 320700, 368600, 83500, aaaa, abba, abcd, accept, accept expiry, acid, acint, active threat, address, adload, a domains, adonis, aeon, afrodita, agent, akira, alabama, aldebaran, aleph, alex, alexa, alexa top, alfa, algorithm, alien, alina, alisa, all scoreblue, all search, alma, alpha, america, amigo, amos, analysis, anarchy, android, andromeda, angela, anhth, anime, anis, anna, anubis, a nxdomain, apache, api key, apollo, apple, applenoc, applicunwnt, april, apt, arch, archie, argos, argus, aria, aris, armageddon, artemis, as13414 twitter, as136907 huawei, as15133 verizon, as16625 akamai, as20940, as22612, as2914 ntt, as35994 akamai, as396982 google, as4230 claro, as6461 zayo, as714 apple, as7843 charter, asahi, ascii text, ashley, assassin, assembly, assembly common, assembly name, astra, asyncrat, atlassian2, atom, atomic, attack, attacker, august, auriga, aurora, austin, authentihash, author, autorun, avalanche, avalon, avast avg, avenger, aviator, avril, azrael, baba, babe, baby, babylon, bach, baidu, bambernek, bandung, bank, banner, baobab, bara, baran, baron, barry, bart, basket, batman, bazar, b cms, beer, beginstring, behav, belarus, belka, belle, benchmark, benjamin, benny, bill, bingo, bitminer, blackbox, blackcat, blackhole, blacklist, blacklist http, blacklist https, blacksun, blaze, blizzard, blog, blondie, blood, bluesky, bnet, bobo, body, bomb, bomber, boom, boosthasfacet, boostnocwchar, boost software, boostusefacet, borg, bot, bounce, bouncer, boxer, bradesco, brain sabey, brazil, brian sabey, bridge, brief returns, brontok, b server, buddy, bullet, bumblebee, bunny, burn, buttons, caca, caesar, ca id, calendar, calgary, camel, candle, canvas, cardinal, cargo, carpediem, carrier, casino, casper, cassini, cdn2, celine, cerberus, certificate, cetus, chacha, chantal, cheap, chester, chewbacca, chi2, chin, china, cins active, cisco, cisco umbrella, citadel, city, clarity, class, cleaner, click, clock, clr version, cluster, cname, cnapple ist, cnapple public, cobalt, cobalt strike, cobra, coco, coconut, code, code signing, coke, collections, combo, comet, com laude, comment, communicating, comp, conan, conduit, config, connector, contact, contacted, contained, control panel, cookie, cool, copyright, corona, count blacklist, country, cowrie, cp, crack, cracker, crash, crawl, crazy, creation date, crew, crime, crimson, critical, crypton, crystal, cuba, cve201711882, cyber, cybercrime, cyber threat, cyrus, dada, dani, daniel, dapato, dark, darkman, darkness, darknet service, darkside, darkstar, date, date hash, daum, david, davis, dbase, dc1542721039132, death, deimos, delphi, delta, demo, democracy, dennis, depot, derek, description, designer, desktop, details module, detection list, devadmin, dexter, dharma, diablo, dialer, diego, diesel, digi, digicert inc, dima, dino, dionaea, direct, divine, django, dllinject, dnssec, dns server, dock, dodo, dolphin, domain, domain name, domino, donald, doom, dora, dot net, dotnet, dotnet_encrypted, downldr, download, downloader, dracula, dragon, driverpack, drop, dropper, drweb, dude, dukapinoreturn, dukcompileeval, dukcompilesafe, duke, dukexternaldecl, dukfilemacro, duklinemacro, duktape, dummy, dump, dune, dust, duster, easy, echelon, eclipse, ecmascript, ec oid, eddie, eddy, elaine, eleanor, elisa, elite, email, emilia, emma, emotet, empire, encirca, encpk, encrypt, energy, engineering, entries, entropy chi2, epsilon, equinox, eris, error, esmeralda, esupport, et cins, eternal, eternity, et tor, euclid, evil, excalibur, exit, exodus, experiment, expiresthu, exploit, explorer, express, face, facebook, factory, faisal, fakealert, fakeinstaller, false, fareit, fastcash, feedme, fenrir, feri, fiesta, file, file samples, files matching, filetour, file type, file version, final, finger, firebird, firefly, first, flag, flamingo, flash, flex, floxif, floyd, flux, format, formbook, fortune, foryou, found https, foxy, framing, freddy, freedom, freeweb, fri nov, frodo, frog, front, frozen, fruit, funky, fury, fusioncore, g1 validity, gaga, galaxy, galileo, gamma, gate, gauss, general, generator, generic, genkryptik, genome, giga, gigi, ginger, girls, glacier, globe, gloria, gmt perf, gmt pragma, goblin, gogo, golf, gollum, gondor, gotcha, graphite, gregor, groove, group, guard, guid, habbo, hair, hale, hamster, happytime, happywifehappylife, haproxy3, harmony, harrier, havoc, hawk, hawkeye, header target, hehe, hell, hello, helpme, heodo, hermit, heur, hino, hippo, historical, historical ssl, honeytrap, hook, horror, host, hoster, hostname, hostnames, hotmail, http attacker, http response, http spammer, http traffic, hunter, hybrid, hybrid analysis, hydra, ibank, icarus, ident, identity search, id logged, iframe, igloo, ilike search, iloveyou, immortal, impact, import, incom, incubator, indeterminate, indicator, indra, inex, inferno, infinity, info, infra, insane, inside, installcore, installpack, intel, inter, internal, internal name, invalid url, iobit, ionos se, iowa, ipaddr, ip address, ip detections, ip security, ip summary, ip tcp, ipv4, ireland unknown, iron, iservice, issuer criteria, istanbul, ist ca, ivan, jackson, jaka, jason, jedi, jeff, jeffrey reimer, jigsaw, jimmy, jinx, john, johnny, joker, joshi, jquery, judy, julia, juliet, julius, jul jan, july, june, juno, justin, kaiser, kala, kali, kami, kamikaze, kamil, kappa, karin, karina, karma, kato, katy, keeper, kevin, key algorithm, keybase, keygen, key identifier, kiev, killer, kilo, kiwi, known tor, koko, kraddare, kraken, krasnodar, krypton, kurgan, LAMP, lana, landmark, lapis, larry, lazarus, lazy, leda, legacy, lenovo tablet, leon, levelblue, levi, leviathan, license, light, lilith, lilo, lime, limited, little, liza, lizard, loadmoney, local, logger, logic, login, loke, loki, lola, loli, lolita, lolol, look, loulou, love, lsalford, lucia, lucky, lucy, luna, lust, machine intel, madmax, mafia, magazine, magento, maggie, magic, magic pe32, magnum, mailto, maker, malicious, malicious site, malicious url, malware, malware site, malware_win_zgrat, mamba, mami, mandrake, mania, manuel, marina, mario, mark, markus, marlboro, martin, maru, mask, massmail, matrix, maverick, maximus, maya, mayak, maze, media, mediaget, medusa, memory checks, mensa, mercurial, mercury, merlin, meta, metal, metallica, meteor, metro, metroby, metro t-mobile, mexico, michael, mikey, million, mine, mini, minotaur, minsk, mint, mira, mirai, misc attack, miso, mission, mitre att, model, mon sep, monster, moran, mordor, moved, mozart, mozilla, ms windows, multi, multi family rat detection, murphy, mylove, name servers, name verdict, nanjing, nanocore, NativeAPI, nazgul, nebula, neko, netmail, networm, neuro, neuron, nevada, next, nexus, night, nightmare, nikita, niko, nina, ninja, nircmd, nirvana, nitro, no data, node tcp, node traffic, nomad, no na, noname057, no no, nono, noob, northstar, nova, nuke, null, number, nxdomain, nymaim, oblivion, occamy, ocomodo ca, octopus, ogre, olga, olivia, omni, online, ontario, open, opencandy, organization, original name, orinoco, oscar, otto, outside, overwrite, ozzy, p155-fmfmobile.icloud.com, pacman, pamela, panama, panda, pandora, panic, paradox, paraguay, paranoia, paris, pass, passive dns, passmark, patcher, path, pattern match, payment, pedro, pepe, pepper, perseus, phantom, philadelphia, phishing, phishing site, phishtank, phoenix, phpbb, picasso, pigeon, pikachu, pinger, pingpong, pinky, pioneer, pirate, piter, pixel, pixelrz, pizza, plasma, please, please note, pluto, point, police, pony, poor reputation, porno, portscan, posta, prague, predator, presenoker, prestige, primus, priority, prism, privacy admin, privacy tech, privat, probe, problem, product, proj, project, prometheus, prophet, protect, proteus, proton, psexec, public key, puma, punk, push, python, qbot, quake, quartz, quasar, qwest, r2d2, race, ragnarok, raid, rainbow, rambo, rana, ranger, ransomware, rape, rapid, raptor, ravi, razor, reboot, recon, record value, rector, reda, redacted for, redir, redirector, redline, redline stealer, red team, referrer, refresh, registrar, reklam, related pulses, relax, relayrouter, reputation ip, rescue, resolutions, retro, returns, rhino, rigel, riot, riskware, robin, robinhood, robo, rock, rocket, rogue, roma, rosebud, roxy, rticon neutral, ruby, runner, runtime process, rush, rva entry, sadmin, safe site, saigon, sailor, sakura, salsa, sample, samples, samurai, sanctuary, sandbox, sandra, sandy, sapphire, sara, sarah, satan, saturn, sauron, savenow, scan endpoints, scanner, school, script, script domains, script urls, search, secrisk, secure, security risk, seeker, self, sentinel, seraph, serena, serg, server, server rsa, servers, server tsa, server tsa b, service, servidor, sexy, sftp, sha1, sha256, sha256 hash, shadow, shaggy, shaman, shane, sharepoint, shark, shell, sherlock, show, showing, siblings, silent, simba, simplex, singapore, sirius, site, size, skinner, skipper, skynet, slash, slice, slim, smash, smog, snake, sniper, snow, snowflake, sochi, social engineering, softcnapp, softonic, solid, sonic, sora, soul, spammer, span, spark, sparkle, sparta, spartacus, spawn, spectre, sphinx, spice, spin, spirit, splash, spooky, sport, spyrixkeylogger, spyware, squirrel, ssdeep, ssh, SSH, ssl certificate, star, stark, startpage, status, stcalifornia, stealer, stealth, steel, stop, story, strange, streams size, striker, strings, stub, styx, subdomains, submit, sugar, summary, sunny, sunset, super, super hentai, supernova, supervisor, suppobox, supra, suri, survey, svg scalable, sweet, sword, swrort, sysadmin, systweak, tag count, tag tag, target, tarot, taurus, team, team alexa, teamo, techno, telecom, Telnet, template, terminal, terra, terre, testapi, tetris, thebe, theta, thor, threat report, threats et, tibia, tick, ticker, tiger, tigger, tiggre, tinba, tiny, titan, titanic, tld count, t-mobile, tokyo, toolbar, tools, tor known, tor relayrouter, torun, trace, traffic, trailer, trash, trident, trid windows, trigger, trinity, tripoli, triton, trojan, trojan features, troll, tron, troy, tsara brashears, tsunami, tula, twister, twitter, type, typelib id, ultimate, union, unis, united, united kingdom, unknown, unruy, unsafe, uranus, urls, urls http, url summary, uruguay, usage, utc entry, v3 serial, vaargs, valencia, valentine, valeria, valid, value, vampire, vanguard, venus, version, version id, vetting process, vhash, victor, vidar, vienna, viper, virtool, virut, voice, voodoo, voronezh, vortex, voyager, vulcano, vxstream, wacatac, waffle, wagner, walker, wallpaper, walrus, wanderer, warrior, webadmin, web application, webdav, websearch, webview, wed apr, wedge, westnet, whitelisted, whiterose, whois record, wide, widget, willow, win32 exe, win4, win64, window, windows nt, winnie, winnt, wolf, wraith, write, wuhan, xanadu, xena, xenon, xmail, xpress, xtrat, yandex, yang, youth, yoyo, yume, zbot, zeppelin, zero, zeus, zhang, zimbra, zion, zombie, zona, zorro, zpevdo, zulu

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Belgium, Ireland, Poland, Sweden, United States of America

Malware Detected on Host

Count: 2 38ee4d40f92658c81faccc9da4464e7eb1bd535dd50e08c6c383adbd0d884eff aef0d48d47dd013a9bfdf2e008e9a85d720d2f8f1ecdaba04483cc8890398e28

Map

Whois Information

• NetRange: 64.124.0.0 - 64.124.187.255
• CIDR: 64.124.128.0/19, 64.124.0.0/17, 64.124.160.0/20, 64.124.176.0/21, 64.124.184.0/22
• NetName: ABOVENET
• NetHandle: NET-64-124-0-0-1
• Parent: NET64 (NET-64-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS17025, AS6461
• Organization: Zayo Bandwidth (ZAYOB)
• RegDate: 2000-07-06
• Updated: 2021-02-25
• Ref: https://rdap.arin.net/registry/ip/64.124.0.0
• OrgName: Zayo Bandwidth
• OrgId: ZAYOB
• Address: 1401 Wynkoop St.
• City: Denver
• StateProv: CO
• PostalCode: 80202
• Country: US
• RegDate: 2007-10-12
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/ZAYOB
• OrgNOCHandle: ZIE-ARIN
• OrgNOCName: Zayo IP Engineering
• OrgNOCPhone: +1-866-236-2824
• OrgNOCEmail: ipeng@zayo.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/ZIE-ARIN
• OrgTechHandle: ZIE-ARIN
• OrgTechName: Zayo IP Engineering
• OrgTechPhone: +1-866-236-2824
• OrgTechEmail: ipeng@zayo.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ZIE-ARIN
• OrgAbuseHandle: ABUSE5675-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-866-236-2824
• OrgAbuseEmail: abuse@zayo.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5675-ARIN
• NetRange: 64.124.12.160 - 64.124.12.175
• CIDR: 64.124.12.160/28
• NetName: NET-0-64-124-12-160-28
• NetHandle: NET-64-124-12-160-1
• Parent: ABOVENET (NET-64-124-0-0-1)
• NetType: Reassigned
• OriginAS: AS6461
• Customer: Private Customer (C10772179)
• RegDate: 2024-03-19
• Updated: 2024-03-19
• Comment: 1
• Ref: https://rdap.arin.net/registry/ip/64.124.12.160
• CustName: Private Customer
• Address: Private Residence
• City: Santa Clara
• StateProv: CA
• PostalCode: 95050
• Country: US
• RegDate: 2024-03-19
• Updated: 2024-03-19
• Ref: https://rdap.arin.net/registry/entity/C10772179
• OrgNOCHandle: ZIE-ARIN
• OrgNOCName: Zayo IP Engineering
• OrgNOCPhone: +1-866-236-2824
• OrgNOCEmail: ipeng@zayo.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/ZIE-ARIN
• OrgTechHandle: ZIE-ARIN
• OrgTechName: Zayo IP Engineering
• OrgTechPhone: +1-866-236-2824
• OrgTechEmail: ipeng@zayo.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ZIE-ARIN
• OrgAbuseHandle: ABUSE5675-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-866-236-2824
• OrgAbuseEmail: abuse@zayo.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5675-ARIN

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2024-11-30